AWS FIS actions reference - AWS Fault Injection Simulator
Fault injection actionsWait actionCloudWatch actionsAmazon EC2 actionsAmazon ECS actionsAmazon EKS actionsAmazon RDS actionsSystems Manager actions

AWS FIS actions reference

This reference describes the common actions in AWS FIS, including information about the action parameters and the required IAM permissions. You can also list the supported AWS FIS actions using the AWS FIS console or the list-actions command from the AWS Command Line Interface (AWS CLI).

For more information, see Actions for AWS FIS and How AWS Fault Injection Simulator works with IAM.

Fault injection actions

AWS FIS supports the following fault injection actions.

aws:fis:inject-api-internal-error

Runs the AWS FIS action InjectApiInternalError on the target IAM role.

Resource type

  • aws:iam:role

Parameters

  • duration – The duration. With the AWS FIS API, the value is a string in ISO 8601 format. For example, PT1M represents one minute. With the AWS FIS console, you enter the number of minutes.

  • service – The target AWS API namespace. The supported value is ec2.

  • percentage – The percentage (1-100) of calls to inject the fault into.

  • operations – The operations to inject the fault into, separated using commas. For a list of the API actions for the ec2 namespace, see Actions in the Amazon EC2 API Reference.

Permissions

  • fis:InjectApiInternalError

aws:fis:inject-api-throttle-error

Runs the AWS FIS action InjectApiThrottleError on the target IAM role.

Resource type

  • aws:iam:role

Parameters

  • duration – The duration. With the AWS FIS API, the value is a string in ISO 8601 format. For example, PT1M represents one minute. With the AWS FIS console, you enter the number of minutes.

  • service – The target AWS API namespace. The supported value is ec2.

  • percentage – The percentage (1-100) of calls to inject the fault into.

  • operations – The operations to inject the fault into, separated using commas. For a list of the API actions for the ec2 namespace, see Actions in the Amazon EC2 API Reference.

Permissions

  • fis:InjectApiThrottleError

aws:fis:inject-api-unavailable-error

Runs the AWS FIS action InjectApiUnavailableError on the target IAM role.

Resource type

  • aws:iam:role

Parameters

  • duration – The duration. With the AWS FIS API, the value is a string in ISO 8601 format. For example, PT1M represents one minute. With the AWS FIS console, you enter the number of minutes.

  • service – The target AWS API namespace. The supported value is ec2.

  • percentage – The percentage (1-100) of calls to inject the fault into.

  • operations – The operations to inject the fault into, separated using commas. For a list of the API actions for the ec2 namespace, see Actions in the Amazon EC2 API Reference.

Permissions

  • fis:InjectApiUnavailableError

Wait action

AWS FIS supports the following wait action.

aws:fis:wait

Runs the AWS FIS wait action.

Parameters

  • duration – The duration. With the AWS FIS API, the value is a string in ISO 8601 format. For example, PT1M represents one minute. With the AWS FIS console, you enter the number of minutes.

Permissions

  • None

CloudWatch actions

AWS FIS supports the following CloudWatch action.

aws:cloudwatch:assert-alarm-state

Verifies that the specified alarms are in one of the specified alarm states.

Resource type

  • None

Parameters

  • alarmArns – The ARNs of the alarms, separated by commas. You can specify up to five alarms.

  • alarmStates – The alarm states, separated by commas. The possible alarm states are OK, ALARM, and INSUFFICIENT_DATA.

Permissions

  • cloudwatch:DescribeAlarms

Amazon EC2 actions

AWS FIS supports the following Amazon EC2 actions.

aws:ec2:reboot-instances

Runs the Amazon EC2 API action RebootInstances on the target EC2 instances.

Resource type

  • aws:ec2:instance

Parameters

  • None

Permissions

  • ec2:RebootInstances

aws:ec2:send-spot-instance-interruptions

Interrupts the target Spot Instances. Sends a Spot Instance interruption notice to target Spot Instances two minutes before interrupting them. The interruption time is determined by the specified durationBeforeInterruption parameter. Two minutes after the interruption time, the Spot Instances are terminated or stopped, depending on their interruption behavior. A Spot Instance that was stopped by AWS FIS remains stopped until you restart it.

Immediately after the action is executed, the target instance receives an EC2 instance rebalance recommendation. If you specified durationBeforeInterruption, there could be a delay between the rebalance recommendation and the interruption notice.

For more information, see Tutorial: Test Spot Instance interruptions using AWS FIS. Alternatively, to initiate the experiment using the Amazon EC2 console, see Initiate a Spot Instance interruption in the Amazon EC2 User Guide.

Resource type

  • aws:ec2:spot-instance

Parameters

  • durationBeforeInterruption – The time to wait before interrupting the instance, in minutes. The value must be between 2 and 15. With the AWS FIS API, the value is a string in ISO 8601 format. For example, PT1M represents one minute. With the AWS FIS console, you enter the number of minutes.

Permissions

  • ec2:SendSpotInstanceInterruptions

aws:ec2:stop-instances

Runs the Amazon EC2 API action StopInstances on the target EC2 instances.

Resource type

  • aws:ec2:instance

Parameters

  • startInstancesAfterDuration – Optional. The time to wait before starting the instance. With the AWS FIS API, the value is a string in ISO 8601 format. For example, PT1M represents one minute. With the AWS FIS console, you enter the number of minutes. If the instance has an encrypted EBS volume, you must grant AWS FIS permission to the KMS key used to encrypt the volume, or add the experiment role to the KMS key policy.

Permissions

  • ec2:StopInstances

  • ec2:StartInstances

  • kms:CreateGrant – Optional. Required with startInstancesAfterDuration.

aws:ec2:terminate-instances

Runs the Amazon EC2 API action TerminateInstances on the target EC2 instances.

Resource type

  • aws:ec2:instance

Parameters

  • None

Permissions

  • ec2:TerminateInstances

Amazon ECS actions

AWS FIS supports the following Amazon ECS actions.

aws:ecs:drain-container-instances

Runs the Amazon ECS API action UpdateContainerInstancesState to drain the specified percentage of underlying Amazon EC2 instances on the target clusters.

Resource type

  • aws:ecs:cluster

Parameters

  • drainagePercentage – The percentage (1-100).

  • duration – The duration. With the AWS FIS API, the value is a string in ISO 8601 format. For example, PT1M represents one minute. With the AWS FIS console, you enter the number of minutes.

Permissions

  • ecs:DescribeClusters

  • ecs:UpdateContainerInstancesState

  • ecs:ListContainerInstances

aws:ecs:stop-task

Runs the Amazon ECS API action StopTask to stop the target task.

Resource type

  • aws:ecs:task

Parameters

  • None

Permissions

  • ecs:DescribeTasks

  • ecs:ListTasks

  • ecs:StopTask

Amazon EKS actions

AWS FIS supports the following Amazon EKS actions.

aws:eks:inject-kubernetes-custom-resource

Runs a ChaosMesh or Litmus experiment on a single target cluster. You must install ChaosMesh or Litmus on the target cluster.

Note

When you create an experiment template and define a target of type aws:eks:cluster, you can only target this action to a single resource Amazon Resource Name (ARN). This action doesn’t support targeting using resource tags, filters, or parameters.

Resource type

  • aws:eks:cluster

Parameters

  • kubernetesApiVersion – The API version of the Kubernetes custom resource. The possible values are chaos-mesh.org/v1alpha1 | litmuschaos.io/v1alpha1.

  • kubernetesKind – The Kubernetes custom resource kind. The value depends on the API version.

    • chaos-mesh.org/v1alpha1 – The possible values are AWSChaos | DNSChaos | GCPChaos | HTTPChaos | IOChaos | JVMChaos | KernelChaos | NetworkChaos | PhysicalMachineChaos | PodChaos | PodHttpChaos | PodIOChaos | PodNetworkChaos | Schedule | StressChaos | TimeChaos |

    • litmuschaos.io/v1alpha1 – The possible value is ChaosEngine.

  • kubernetesNamespace – The Kubernetes namespace.

  • kubernetesSpec – The JSON representation of Kubernetes custom resource.

  • maxDuration – The maximum time allowed for the automation execution to complete. With the AWS FIS API, the value is a string in ISO 8601 format. For example, PT1M represents one minute. With the AWS FIS console, you enter the number of minutes.

Permissions

No AWS Identity and Access Management (IAM) permissions are required for this action. The permissions required to use this action are controlled by Kubernetes using RBAC authorization. For more information, see Using RBAC Authorization in the official Kubernetes documentation. For more information about Chaos Mesh, see the official Chaos Mesh documentation. For more information about Litmus, see the official Litmus documentation.

aws:eks:terminate-nodegroup-instances

Runs the Amazon EC2 API action TerminateInstances on the target node group.

Resource type

  • aws:eks:nodegroup

Parameters

  • instanceTerminationPercentage – The percentage (1-100) of instances to terminate.

Permissions

  • ec2:DescribeInstances

  • ec2:TerminateInstances

Amazon RDS actions

AWS FIS supports the following Amazon RDS actions.

aws:rds:failover-db-cluster

Runs the Amazon RDS API action FailoverDBCluster on the target Aurora DB cluster.

Resource type

  • aws:rds:cluster

Parameters

  • None

Permissions

  • rds:FailoverDBCluster

aws:rds:reboot-db-instances

Runs the Amazon RDS API action RebootDBInstance on the target DB instance.

Resource type

  • aws:rds:db

Parameters

  • forceFailover – Optional. If the value is true, and if instances are Multi-AZ, forces failover from one Availability Zone to another. The default is false.

Permissions

  • rds:RebootDBInstance

Systems Manager actions

AWS FIS supports the following Systems Manager actions.

aws:ssm:send-command

Runs the Systems Manager API action SendCommand on the target EC2 instances. For more information, see Use the aws:ssm:send-command action.

Resource type

  • aws:ec2:instance

Parameters

  • documentArn – The Amazon Resource Name (ARN) of the document. No default value.

  • documentVersion – Optional. The version of the document. If empty, the default version runs.

  • documentParameters – Conditional. The required and optional parameters that the document accepts. The format is a JSON object with keys that are strings and values that are either strings or arrays of strings.

  • duration – The duration. With the AWS FIS API, the value is a string in ISO 8601 format. For example, PT1M represents one minute. With the AWS FIS console, you enter the number of minutes.

Permissions

  • ssm:SendCommand

  • ssm:ListCommands

  • ssm:CancelCommand

aws:ssm:start-automation-execution

Runs the Systems Manager API action StartAutomationExecution.

Resource type

  • None.

Parameters

  • documentArn – The Amazon Resource Name (ARN) of the automation document. No default value.

  • documentVersion – Optional. The version of the document. If empty, the default version runs.

  • documentParameters – Conditional. The required and optional parameters that the document accepts. The format is a JSON object with keys that are strings and values that are either strings or arrays of strings.

  • maxDuration – The maximum time allowed for the automation execution to complete. With the AWS FIS API, the value is a string in ISO 8601 format. For example, PT1M represents one minute. With the AWS FIS console, you enter the number of minutes.

Permissions

  • ssm:GetAutomationExecution

  • ssm:StartAutomationExecution

  • ssm:StopAutomationExecution

  • iam:PassRole (if the automation assumes a role)