AWS::Synthetics::Canary
Creates or updates a canary. Canaries are scripts that monitor your endpoints and APIs from the outside-in. Canaries help you check the availability and latency of your web services and troubleshoot anomalies by investigating load time data, screenshots of the UI, logs, and metrics. You can set up a canary to run continuously or just once.
To create canaries, you must have the CloudWatchSyntheticsFullAccess
policy.
If you are creating a new IAM role for the canary, you also need the
the iam:CreateRole
, iam:CreatePolicy
and
iam:AttachRolePolicy
permissions. For more information, see Necessary
Roles and Permissions.
Do not include secrets or proprietary information in your canary names. The canary name makes up part of the Amazon Resource Name (ARN) for the canary, and the ARN is included in outbound calls over the internet. For more information, see Security Considerations for Synthetics Canaries.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::Synthetics::Canary", "Properties" : { "ArtifactConfig" :
ArtifactConfig
, "ArtifactS3Location" :String
, "Code" :Code
, "ExecutionRoleArn" :String
, "FailureRetentionPeriod" :Integer
, "Name" :String
, "ResourcesToReplicateTags" :[ String, ... ]
, "RunConfig" :RunConfig
, "RuntimeVersion" :String
, "Schedule" :Schedule
, "StartCanaryAfterCreation" :Boolean
, "SuccessRetentionPeriod" :Integer
, "Tags" :[ Tag, ... ]
, "VisualReference" :VisualReference
, "VPCConfig" :VPCConfig
} }
YAML
Type: AWS::Synthetics::Canary Properties: ArtifactConfig:
ArtifactConfig
ArtifactS3Location:String
Code:Code
ExecutionRoleArn:String
FailureRetentionPeriod:Integer
Name:String
ResourcesToReplicateTags:- String
RunConfig:RunConfig
RuntimeVersion:String
Schedule:Schedule
StartCanaryAfterCreation:Boolean
SuccessRetentionPeriod:Integer
Tags:- Tag
VisualReference:VisualReference
VPCConfig:VPCConfig
Properties
ArtifactConfig
-
A structure that contains the configuration for canary artifacts, including the encryption-at-rest settings for artifacts that the canary uploads to Amazon S3.
Required: No
Type: ArtifactConfig
Update requires: No interruption
ArtifactS3Location
-
The location in Amazon S3 where Synthetics stores artifacts from the runs of this canary. Artifacts include the log file, screenshots, and HAR files. Specify the full location path, including
s3://
at the beginning of the path.Required: Yes
Type: String
Pattern:
^(s3|S3)://
Update requires: No interruption
Code
-
Use this structure to input your script code for the canary. This structure contains the Lambda handler with the location where the canary should start running the script. If the script is stored in an S3 bucket, the bucket name, key, and version are also included. If the script is passed into the canary directly, the script code is contained in the value of
Script
.Required: Yes
Type: Code
Update requires: No interruption
ExecutionRoleArn
-
The ARN of the IAM role to be used to run the canary. This role must already exist, and must include
lambda.amazonaws.com
as a principal in the trust policy. The role must also have the following permissions:-
s3:PutObject
-
s3:GetBucketLocation
-
s3:ListAllMyBuckets
-
cloudwatch:PutMetricData
-
logs:CreateLogGroup
-
logs:CreateLogStream
-
logs:PutLogEvents
Required: Yes
Type: String
Pattern:
arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+
Minimum:
1
Maximum:
2048
Update requires: No interruption
-
FailureRetentionPeriod
-
The number of days to retain data about failed runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.
Required: No
Type: Integer
Minimum:
1
Maximum:
1024
Update requires: No interruption
Name
-
The name for this canary. Be sure to give it a descriptive name that distinguishes it from other canaries in your account.
Do not include secrets or proprietary information in your canary names. The canary name makes up part of the canary ARN, and the ARN is included in outbound calls over the internet. For more information, see Security Considerations for Synthetics Canaries.
Required: Yes
Type: String
Pattern:
^[0-9a-z_\-]{1,255}$
Update requires: Replacement
-
To have the tags that you apply to this canary also be applied to the Lambda function that the canary uses, specify this property with the value
lambda-function
. If you do this, CloudWatch Synthetics will keep the tags of the canary and the Lambda function synchronized. Any future changes you make to the canary's tags will also be applied to the function.Required: No
Type: Array of String
Update requires: No interruption
RunConfig
-
A structure that contains input information for a canary run. If you omit this structure, the frequency of the canary is used as canary's timeout value, up to a maximum of 900 seconds.
Required: No
Type: RunConfig
Update requires: No interruption
RuntimeVersion
-
Specifies the runtime version to use for the canary. For more information about runtime versions, see Canary Runtime Versions.
Required: Yes
Type: String
Minimum:
1
Maximum:
1024
Update requires: No interruption
Schedule
-
A structure that contains information about how often the canary is to run, and when these runs are to stop.
Required: Yes
Type: Schedule
Update requires: No interruption
StartCanaryAfterCreation
-
Specify TRUE to have the canary start making runs immediately after it is created.
A canary that you create using CloudFormation can't be used to monitor the CloudFormation stack that creates the canary or to roll back that stack if there is a failure.
Required: No
Type: Boolean
Update requires: No interruption
SuccessRetentionPeriod
-
The number of days to retain data about successful runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.
Required: No
Type: Integer
Minimum:
1
Maximum:
1024
Update requires: No interruption
-
The list of key-value pairs that are associated with the canary.
Required: No
Type: Array of Tag
Update requires: No interruption
VisualReference
-
If this canary performs visual monitoring by comparing screenshots, this structure contains the ID of the canary run to use as the baseline for screenshots, and the coordinates of any parts of the screen to ignore during the visual monitoring comparison.
Required: No
Type: VisualReference
Update requires: No interruption
VPCConfig
-
If this canary is to test an endpoint in a VPC, this structure contains information about the subnet and security groups of the VPC endpoint. For more information, see Running a Canary in a VPC.
Required: No
Type: VPCConfig
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the name of the canary, such as MyCanary
.
For more information about using the Ref
function, see Ref
.
Fn::GetAtt
The Fn::GetAtt
intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt
intrinsic function, see Fn::GetAtt
.
Code.SourceLocationArn
-
When you pass the logical ID of this resource to the intrinsic
Ref
function,Ref
returns the ARN of the Lambda layer where Synthetics stores the canary script code.For more information about using the
Ref
function, seeRef
. Id
-
The ID of the canary.
State
-
The state of the canary. For example,
RUNNING
.
Examples
Canary with script stored in an Amazon S3 bucket
This example creates a canary that uses an existing script stored in an S3 bucket. The canary is started as soon as it is created.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "CloudFormation Sample Template for CloudWatch Synthetics: Create a Canary using this template", "Resources": { "SyntheticsCanary": { "Type": "AWS::Synthetics::Canary", "Properties": { "Name": { "Ref": "samplecanary" }, "ExecutionRoleArn": { "Ref": "arn:aws:iam::123456789012:role/my-lambda-execution-role-to-run-canary" }, "Code": { "Handler": "pageLoadBlueprint.handler", "S3Bucket": "aws-synthetics-code-myaccount-canary1", "S3Key": "my-script-location" }, "ArtifactS3Location": "s3://my-results-bucket", "RuntimeVersion": "syn-nodejs-puppeteer-6.2", "Schedule": { "Expression": "rate(1 minute)", "DurationInSeconds": 3600 }, "RunConfig": { "TimeoutInSeconds": 60 }, "FailureRetentionPeriod": 30, "SuccessRetentionPeriod": 30, "StartCanaryAfterCreation": true, "Tags": [ { "Key": "key00AtCreate", "Value": "value001AtCreate" } ] } } } }
YAML
Resources: SyntheticsCanary: Type: 'AWS::Synthetics::Canary' Properties: Name: samplecanary ExecutionRoleArn: 'arn:aws:iam::123456789012:role/my-lambda-execution-role-to-run-canary' Code: {Handler: pageLoadBlueprint.handler, S3Bucket: aws-synthetics-code-myaccount-canary1, S3Key: my-script-location} ArtifactS3Location: s3://my-results-bucket RuntimeVersion: syn-nodejs-puppeteer-6.2 Schedule: {Expression: 'rate(1 minute)', DurationInSeconds: 3600} RunConfig: {TimeoutInSeconds: 60} FailureRetentionPeriod: 30 SuccessRetentionPeriod: 30 Tags: [{Key: key00AtCreate, Value: value001AtCreate}] StartCanaryAfterCreation: true
Canary with script passed through CloudFormation
This example creates a canary and passes the script code directly into the canary.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "CloudFormation Sample Template for CloudWatch Synthetics: Create a Canary using this template", "Resources": { "SyntheticsCanary": { "Type": "AWS::Synthetics::Canary", "Properties": { "Name": { "Ref": "samplecanary" }, "ExecutionRoleArn": { "Ref": "arn:aws:iam::123456789012:role/my-lambda-execution-role-to-run-canary" }, "Code": { "Handler": "pageLoadBlueprint.handler", "Script": "var synthetics = require('Synthetics');\nconst log = require('SyntheticsLogger');\n\nconst pageLoadBlueprint = async function () {\n\n // INSERT URL here\n const URL = \"https://amazon.com\";\n\n let page = await synthetics.getPage();\n const response = await page.goto(URL, {waitUntil: 'domcontentloaded', timeout: 30000});\n //Wait for page to render.\n //Increase or decrease wait time based on endpoint being monitored.\n await page.waitFor(15000);\n await synthetics.takeScreenshot('loaded', 'loaded');\n let pageTitle = await page.title();\n log.info('Page title: ' + pageTitle);\n if (response.status() !== 200) {\n throw \"Failed to load page!\";\n }\n};\n\nexports.handler = async () => {\n return await pageLoadBlueprint();\n};\n" }, "ArtifactS3Location": "s3://my-results-bucket", "RuntimeVersion": "syn-nodejs-puppeteer-6.2", "Schedule": { "Expression": "rate(1 minute)", "DurationInSeconds": 3600 }, "RunConfig": { "TimeoutInSeconds": 60 }, "FailureRetentionPeriod": 30, "SuccessRetentionPeriod": 30, "StartCanaryAfterCreation": false, "Tags": [ { "Id": "key00AtCreate", "Value": "value001AtCreate" } ] } } } }
YAML
Resources: SyntheticsCanary: Type: 'AWS::Synthetics::Canary' Properties: Name: samplecanary ExecutionRoleArn: 'arn:aws:iam::123456789012:role/my-lambda-execution-role-to-run-canary' Code: {Handler: pageLoadBlueprint.handler, Script: "var synthetics = require('Synthetics');\nconst log = require('SyntheticsLogger');\nconst pageLoadBlueprint = async function () {\n// INSERT URL here\nconst URL = \"https://amazon.com\";\n\nlet page = await synthetics.getPage();\nconst response = await page.goto(URL, {waitUntil: 'domcontentloaded', timeout: 30000});\n//Wait for page to render.\n//Increase or decrease wait time based on endpoint being monitored.\nawait page.waitFor(15000);\nawait synthetics.takeScreenshot('loaded', 'loaded');\nlet pageTitle = await page.title();\nlog.info('Page title: ' + pageTitle);\nif (response.status() !== 200) {\n throw \"Failed to load page!\";\n}\n};\n\nexports.handler = async () => {\nreturn await pageLoadBlueprint();\n};\n"} ArtifactS3Location: s3://my-results-bucket RuntimeVersion: syn-nodejs-puppeteer-6.2 Schedule: {Expression: 'rate(1 minute)', DurationInSeconds: 3600} RunConfig: {TimeoutInSeconds: 60} FailureRetentionPeriod: 30 SuccessRetentionPeriod: 30 Tags: [{Key: key00AtCreate, Value: value001AtCreate}] StartCanaryAfterCreation: false