AWSTemplateFormatVersion: "2010-09-09" # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: MIT-0 Description: > This template adds CloudWatch Synthetics canary monitors. Parameters: ProjectTag: Type: String Default: "rddb" ApiName: Type: String Bucket: Type: String ApiStageName: Type: String Default: "test" SampleProduct: Type: String SampleOrder: Type: String Resources: CanaryRole: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: - "lambda.amazonaws.com" Action: - "sts:AssumeRole" Policies: - PolicyName: CanaryExecutionPolicy PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - execute-api:Invoke Resource: "*" - Effect: Allow Action: - s3:PutObject - s3:GetObject Resource: - !Join ["", ["arn:aws:s3:::", !Ref Bucket, "/canary/", !Ref AWS::Region, "/"]] - !Join ["", ["arn:aws:s3:::", !Ref Bucket, "/canary/", !Ref AWS::Region, "/*"]] - Effect: Allow Action: - s3:GetBucketLocation Resource: !Join ["", ["arn:aws:s3:::", !Ref Bucket]] - Effect: Allow Action: - logs:CreateLogStream - logs:PutLogEvents - logs:CreateLogGroup Resource: !Join ["", ["arn:aws:logs:", !Ref AWS::Region, ":", !Ref AWS::AccountId, ":log-group:/aws/lambda/cwsyn-", !Ref ProjectTag, "canary", !Ref AWS::Region, "-*"]] - Effect: Allow Action: - s3:ListAllMyBuckets - xray:PutTraceSegments Resource: "*" - Effect: Allow Action: - cloudwatch:PutMetricData Resource: "*" Condition: StringEquals: cloudwatch:namespace: CloudWatchSynthetics SyntheticsCanary: Type: 'AWS::Synthetics::Canary' Properties: Tags: [{Key: Project, Value: !Ref ProjectTag}] StartCanaryAfterCreation: true Schedule: {Expression: 'rate(1 minute)', DurationInSeconds: 3600} RuntimeVersion: syn-python-selenium-1.2 RunConfig: {TimeoutInSeconds: 60, EnvironmentVariables: {"ApiName": !Ref ApiName, "ApiRegion": !Ref AWS::Region, "ApiStage": !Ref ApiStageName, "ProductId": !Ref SampleProduct, "OrderId": !Ref SampleOrder}} Name: !Join ["-", [!Ref ProjectTag, "canary", !Ref AWS::Region]] ExecutionRoleArn: !GetAtt CanaryRole.Arn Code: {Handler: canary.handler, S3Bucket: !Ref Bucket, S3Key: "canary/canary.zip"} ArtifactS3Location: !Join ["", ["s3://", !Ref Bucket, "/canary/", !Ref AWS::Region]] CanaryDashboard: Type: AWS::CloudWatch::Dashboard Properties: DashboardName: !Join ["-", ["Canary","Metrics",!Ref AWS::Region]] DashboardBody: !Sub | { "widgets": [ { "type": "text", "x": 0, "y": 0, "width": 18, "height": 2, "properties": { "markdown": "# Canary Metrics" } }, { "type": "metric", "x": 0, "y": 2, "width": 6, "height": 7, "properties": { "metrics": [ [ "CloudWatchSynthetics", "SuccessPercent", "CanaryName", "${SyntheticsCanary}" ] ], "view": "timeSeries", "stacked": false, "region": "${AWS::Region}", "period": 300, "stat": "Average", "title": "Synthetic Metric - Success Rate" } }, { "type": "metric", "x": 7, "y": 2, "width": 6, "height": 7, "properties": { "metrics": [ [ "CloudWatchSynthetics", "Duration", "CanaryName", "${SyntheticsCanary}" ] ], "view": "timeSeries", "stacked": false, "region": "${AWS::Region}", "period": 300, "stat": "Average", "title": "Synthetic Metric - Duration" } } ] }