Experiment scheduler - AWS Fault Injection Service

Experiment scheduler

With AWS Fault Injection Service (FIS), you can perform fault injection experiments on your AWS workloads. These experiments run on templates that contain one or more actions to run on specified targets. You can now schedule your experiments as a one-time task or recurring tasks natively from the FIS Console. In addition to scheduled rules, FIS now offers a new scheduling capability. FIS now integrates with EventBridge Scheduler and creates rules on your behalf. EventBridge Scheduler is a serverless scheduler that allows you to create, run, and manage tasks from one central, managed service.

Important

Experiment Scheduler with AWS Fault Injection Service is not available in AWS GovCloud (US-East) and AWS GovCloud (US-West).

Getting started

An execution role is an IAM role that AWS Fault Injection Service assumes in order to interact with EventBridge scheduler and for Event Bridge scheduler to Start FIS Experiment. You attach permission policies to this role to grant EventBridge Scheduler access to invoke FIS Experiment. The following steps describe how to create a new execution role and a policy to allow EventBridge to Start an Experiment.

Create scheduler role using the AWS CLI

This is IAM role that is needed for Event Bridge to be able to schedule experiment on behalf of the customer.

  1. Copy the following assume role JSON policy and save it locally as fis-execution-role.json. This trust policy allows EventBridge Scheduler to assume the role on your behalf.

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "scheduler.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
  2. From the AWS Command Line Interface (AWS CLI), enter the following command to create a new role. Replace FisSchedulerExecutionRole with the name you want to give this role.

    aws iam create-role --role-name FisSchedulerExecutionRole --assume-role-policy-document file://fis-execution-role.json

    If successful, you'll see the following output:

    { "Role": { "Path": "/", "RoleName": "FisSchedulerExecutionRole", "RoleId": "AROAZL22PDN5A6WKRBQNU", "Arn": "arn:aws:iam::123456789012:role/FisSchedulerExecutionRole", "CreateDate": "2023-08-24T17:23:05+00:00", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "scheduler.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } } }
  3. To create a new policy that allows EventBridge Scheduler to invoke the experiment, copy the following JSON and save it locally as fis-start-experiment-permissions.json. The following policy allows EventBridge Scheduler to call the fis:StartExperiment action on all experiment templates in your account. Replace the * at the end of "arn:aws:fis:*:*:experiment-template/*" with the ID of your experiment template if you want to limit the role to a single experiment template.

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "fis:StartExperiment", "Resource": [ "arn:aws:fis:*:*:experiment-template/*", "arn:aws:fis:*:*:experiment/*" ] } ] }
  4. Run the following command to create the new permission policy. Replace FisSchedulerPolicy with the name you want to give this policy.

    aws iam create-policy --policy-name FisSchedulerPolicy --policy-document file://fis-start-experiment-permissions.json

    If successful, you'll see the following output. Note the policy ARN. You use this ARN in the next step to attach the policy to our execution role.

    { "Policy": { "PolicyName": "FisSchedulerPolicy", "PolicyId": "ANPAZL22PDN5ESVUWXLBD", "Arn": "arn:aws:iam::123456789012:policy/FisSchedulerPolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2023-08-24T17:34:45+00:00", "UpdateDate": "2023-08-24T17:34:45+00:00" } }
  5. Run the following command to attach the policy to your execution role. Replace your-policy-arn with the ARN of the policy you created in the previous step. Replace FisSchedulerExecutionRole with the name of your execution role.

    aws iam attach-role-policy --policy-arn your-policy-arn --role-name FisSchedulerExecutionRole

    The attach-role-policy operation doesn't return a response on the command line.

  6. You can restrict the scheduler to only run AWS FIS experiments that have a specific tag value. For example, the following policy grants the fis:StartExperiment permission for all AWS FIS experiment templates, but restricts the scheduler to only run experiments that are tagged Purpose=Schedule.

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "fis:StartExperiment", "Resource": "arn:aws:fis:*:*:experiment/*" }, { "Effect": "Allow", "Action": "fis:StartExperiment", "Resource": "arn:aws:fis:*:*:experiment-template/*", "Condition": { "StringEquals": { "aws:ResourceTag/Purpose": "Schedule" } } } ] }

Schedule an FIS experiment

Before you schedule an experiment, you need one or more Experiment templates for your schedule to invoke. You can use an existing AWS resource, or create a new one.

Once experiment template is created, click on Actions and select Schedule experiment. You will be redirected to schedule experiment page. The name of the schedule will be filled in for you.

Follow to the schedule pattern section and choose either one-time schedule or recurring. Fill in required input fields and navigate to permissions.

Schedule state will be enabled by default. Note: if you disable schedule state, the experiment will not be scheduled even if you create a schedule.

AWS FIS Experiment Scheduler is built on top of EventBridge Scheduler. You can refer the documentation for the various schedule types supported.

To update schedule using the console

  1. Open the AWS FIS console.

  2. In the left navigation pane, choose Experiment Templates .

  3. Choose Experiment Template for which you want to create the schedule.

  4. Click Actions, and select Schedule Experiment from the dropdown.

    1. Under Schedule name, name is auto populated.

    2. Under Schedule pattern, select Recurring schedule.

    3. Under Schedule type, you can select a Rate-based schedule, see schedule types .

    4. Under Rate expression, choose a rate that is slower than the execution time of your experiment, e.g. 5 minutes.

    5. Under Timeframe, select your Time Zone .

    6. Under Start Date and Time, specify a start date and time.

    7. Under End Date and Time, specify an end date and time

    8. Under Schedule State, toggle the Enable Schedule Option.

    9. Under Permissions, select Use existing role, and then search for FisSchedulerExecutionRole.

    10. Choose Next.

  5. Select Review and create schedule, review your scheduler details, and then choose Create schedule.

Updating the Experiment Schedule

You can update an experiment schedule so that it occurs at a specific date and time that suits you.

To update an experiment execution using the console

  1. Open the Amazon FIS console.

  2. In the navigation pane, choose Experiment Templates.

  3. Choose Resource type: Experiment Template for which a schedule is already created.

  4. Click on the Experiment ID for the template. Then navigate to schedules Tab.

  5. Check if there is a existing schedule associated with the experiment. Select the schedule associated and Click the button Update Schedule.

Disable or Delete an Experiment Execution using the console

To stop an experiment from executing or running on a schedule, you can delete or disable the rule. The following steps walk you through how to delete or disable an Experiment Execution.

To delete or disable a rule

  1. Open the Amazon FIS console.

  2. In the navigation pane, choose Experiment Templates.

  3. Choose Resource type: Experiment Template for which a schedule is already created.

  4. Click on the Experiment ID for the template. Then navigate to schedules Tab.

  5. Check if there is a existing schedule associated with the experiment. Select the schedule associated and Click the button Update Schedule.

  6. Do one of the following:

    1. To delete the schedule, select the button next to the rule Delete Schedule. Type delete and click the Delete Schedule button.

    2. To disable the schedule, select the button next to the rule Disable Schedule. Type disable and click the Disable Schedule button.