Multi-account experiments for AWS FIS
With a multi-account experiment, you can set up and run real-world failure scenarios on an application that spans multiple AWS accounts within a Region. You run multi-account experiments from an orchestrator account that impacts resources in multiple target accounts.
When you run a multi-account experiment, target accounts with affected resources will be notified via their AWS Health dashboards, providing awareness to users in the target accounts. With multi-account experiments, you can:
-
Run real world failure scenarios on applications that span multiple accounts with the central controls and guardrails that AWS FIS provides.
-
Control the effects of a multi-account experiment using IAM roles with fine-grained permissions and tags to define the scope of each target.
-
Centrally view the actions AWS FIS takes in each account from the AWS Management Console and through AWS FIS logs.
-
Monitor and audit API calls AWS FIS makes in each account with AWS CloudTrail.
This section helps you get started with multi-account experiments.
Topics
Concepts for multi-account experiments
The following are the key concepts for multi-account experiments:
Orchestrator account
The orchestrator account acts as a central account to configure and manage the experiment in the AWS FIS Console, as well as to centralize logging. The orchestrator account owns the AWS FIS experiment template and experiment.
Target accounts
A target account is an individual AWS account with resources that can be affected by an AWS FIS multi-account experiment.
Target account configurations
You define the target accounts that are part of an experiment by adding target account configurations to the experiment template. A target account configuration is an element of the experiment template that is required for multi-account experiments. You define one for each target account by setting an AWS account ID, IAM role, and an optional description.
