AWS::Synthetics::Canary - AWS CloudFormation

AWS::Synthetics::Canary

Creates or updates a canary. Canaries are scripts that monitor your endpoints and APIs from the outside-in. Canaries help you check the availability and latency of your web services and troubleshoot anomalies by investigating load time data, screenshots of the UI, logs, and metrics. You can set up a canary to run continuously or just once.

To create canaries, you must have the CloudWatchSyntheticsFullAccess policy. If you are creating a new IAM role for the canary, you also need the the iam:CreateRole, iam:CreatePolicy and iam:AttachRolePolicy permissions. For more information, see Necessary Roles and Permissions.

Do not include secrets or proprietary information in your canary names. The canary name makes up part of the Amazon Resource Name (ARN) for the canary, and the ARN is included in outbound calls over the internet. For more information, see Security Considerations for Synthetics Canaries.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::Synthetics::Canary", "Properties" : { "ArtifactConfig" : ArtifactConfig, "ArtifactS3Location" : String, "Code" : Code, "ExecutionRoleArn" : String, "FailureRetentionPeriod" : Integer, "Name" : String, "ProvisionedResourceCleanup" : String, "ResourcesToReplicateTags" : [ String, ... ], "RunConfig" : RunConfig, "RuntimeVersion" : String, "Schedule" : Schedule, "StartCanaryAfterCreation" : Boolean, "SuccessRetentionPeriod" : Integer, "Tags" : [ Tag, ... ], "VisualReference" : VisualReference, "VPCConfig" : VPCConfig } }

Properties

ArtifactConfig

A structure that contains the configuration for canary artifacts, including the encryption-at-rest settings for artifacts that the canary uploads to Amazon S3.

Required: No

Type: ArtifactConfig

Update requires: No interruption

ArtifactS3Location

The location in Amazon S3 where Synthetics stores artifacts from the runs of this canary. Artifacts include the log file, screenshots, and HAR files. Specify the full location path, including s3:// at the beginning of the path.

Required: Yes

Type: String

Pattern: ^(s3|S3)://

Update requires: No interruption

Code

Use this structure to input your script code for the canary. This structure contains the Lambda handler with the location where the canary should start running the script. If the script is stored in an S3 bucket, the bucket name, key, and version are also included. If the script is passed into the canary directly, the script code is contained in the value of Script.

Required: Yes

Type: Code

Update requires: No interruption

ExecutionRoleArn

The ARN of the IAM role to be used to run the canary. This role must already exist, and must include lambda.amazonaws.com as a principal in the trust policy. The role must also have the following permissions:

  • s3:PutObject

  • s3:GetBucketLocation

  • s3:ListAllMyBuckets

  • cloudwatch:PutMetricData

  • logs:CreateLogGroup

  • logs:CreateLogStream

  • logs:PutLogEvents

Required: Yes

Type: String

Pattern: arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+

Minimum: 1

Maximum: 2048

Update requires: No interruption

FailureRetentionPeriod

The number of days to retain data about failed runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.

Required: No

Type: Integer

Minimum: 1

Maximum: 1024

Update requires: No interruption

Name

The name for this canary. Be sure to give it a descriptive name that distinguishes it from other canaries in your account.

Do not include secrets or proprietary information in your canary names. The canary name makes up part of the canary ARN, and the ARN is included in outbound calls over the internet. For more information, see Security Considerations for Synthetics Canaries.

Required: Yes

Type: String

Pattern: ^[0-9a-z_\-]{1,255}$

Update requires: Replacement

ProvisionedResourceCleanup

Property description not available.

Required: No

Type: String

Allowed values: AUTOMATIC | OFF

Update requires: No interruption

ResourcesToReplicateTags

To have the tags that you apply to this canary also be applied to the Lambda function that the canary uses, specify this property with the value lambda-function. If you do this, CloudWatch Synthetics will keep the tags of the canary and the Lambda function synchronized. Any future changes you make to the canary's tags will also be applied to the function.

Required: No

Type: Array of String

Update requires: No interruption

RunConfig

A structure that contains input information for a canary run. If you omit this structure, the frequency of the canary is used as canary's timeout value, up to a maximum of 900 seconds.

Required: No

Type: RunConfig

Update requires: No interruption

RuntimeVersion

Specifies the runtime version to use for the canary. For more information about runtime versions, see Canary Runtime Versions.

Required: Yes

Type: String

Minimum: 1

Maximum: 1024

Update requires: No interruption

Schedule

A structure that contains information about how often the canary is to run, and when these runs are to stop.

Required: Yes

Type: Schedule

Update requires: No interruption

StartCanaryAfterCreation

Specify TRUE to have the canary start making runs immediately after it is created.

A canary that you create using CloudFormation can't be used to monitor the CloudFormation stack that creates the canary or to roll back that stack if there is a failure.

Required: No

Type: Boolean

Update requires: No interruption

SuccessRetentionPeriod

The number of days to retain data about successful runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.

Required: No

Type: Integer

Minimum: 1

Maximum: 1024

Update requires: No interruption

Tags

The list of key-value pairs that are associated with the canary.

Required: No

Type: Array of Tag

Update requires: No interruption

VisualReference

If this canary performs visual monitoring by comparing screenshots, this structure contains the ID of the canary run to use as the baseline for screenshots, and the coordinates of any parts of the screen to ignore during the visual monitoring comparison.

Required: No

Type: VisualReference

Update requires: No interruption

VPCConfig

If this canary is to test an endpoint in a VPC, this structure contains information about the subnet and security groups of the VPC endpoint. For more information, see Running a Canary in a VPC.

Required: No

Type: VPCConfig

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the name of the canary, such as MyCanary.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Code.SourceLocationArn

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ARN of the Lambda layer where Synthetics stores the canary script code.

For more information about using the Ref function, see Ref.

Id

The ID of the canary.

State

The state of the canary. For example, RUNNING.

Examples

Canary with script stored in an Amazon S3 bucket

This example creates a canary that uses an existing script stored in an S3 bucket. The canary is started as soon as it is created.

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "CloudFormation Sample Template for CloudWatch Synthetics: Create a Canary using this template", "Resources": { "SyntheticsCanary": { "Type": "AWS::Synthetics::Canary", "Properties": { "Name": { "Ref": "samplecanary" }, "ExecutionRoleArn": { "Ref": "arn:aws:iam::123456789012:role/my-lambda-execution-role-to-run-canary" }, "Code": { "Handler": "pageLoadBlueprint.handler", "S3Bucket": "aws-synthetics-code-myaccount-canary1", "S3Key": "my-script-location" }, "ArtifactS3Location": "s3://my-results-bucket", "RuntimeVersion": "syn-nodejs-puppeteer-6.2", "Schedule": { "Expression": "rate(1 minute)", "DurationInSeconds": 3600 }, "RunConfig": { "TimeoutInSeconds": 60 }, "FailureRetentionPeriod": 30, "SuccessRetentionPeriod": 30, "StartCanaryAfterCreation": true, "Tags": [ { "Key": "key00AtCreate", "Value": "value001AtCreate" } ] } } } }

YAML

Resources: SyntheticsCanary: Type: 'AWS::Synthetics::Canary' Properties: Name: samplecanary ExecutionRoleArn: 'arn:aws:iam::123456789012:role/my-lambda-execution-role-to-run-canary' Code: {Handler: pageLoadBlueprint.handler, S3Bucket: aws-synthetics-code-myaccount-canary1, S3Key: my-script-location} ArtifactS3Location: s3://my-results-bucket RuntimeVersion: syn-nodejs-puppeteer-6.2 Schedule: {Expression: 'rate(1 minute)', DurationInSeconds: 3600} RunConfig: {TimeoutInSeconds: 60} FailureRetentionPeriod: 30 SuccessRetentionPeriod: 30 Tags: [{Key: key00AtCreate, Value: value001AtCreate}] StartCanaryAfterCreation: true

Canary with script passed through CloudFormation

This example creates a canary and passes the script code directly into the canary.

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "CloudFormation Sample Template for CloudWatch Synthetics: Create a Canary using this template", "Resources": { "SyntheticsCanary": { "Type": "AWS::Synthetics::Canary", "Properties": { "Name": { "Ref": "samplecanary" }, "ExecutionRoleArn": { "Ref": "arn:aws:iam::123456789012:role/my-lambda-execution-role-to-run-canary" }, "Code": { "Handler": "pageLoadBlueprint.handler", "Script": "var synthetics = require('Synthetics');\nconst log = require('SyntheticsLogger');\n\nconst pageLoadBlueprint = async function () {\n\n // INSERT URL here\n const URL = \"https://amazon.com\";\n\n let page = await synthetics.getPage();\n const response = await page.goto(URL, {waitUntil: 'domcontentloaded', timeout: 30000});\n //Wait for page to render.\n //Increase or decrease wait time based on endpoint being monitored.\n await page.waitFor(15000);\n await synthetics.takeScreenshot('loaded', 'loaded');\n let pageTitle = await page.title();\n log.info('Page title: ' + pageTitle);\n if (response.status() !== 200) {\n throw \"Failed to load page!\";\n }\n};\n\nexports.handler = async () => {\n return await pageLoadBlueprint();\n};\n" }, "ArtifactS3Location": "s3://my-results-bucket", "RuntimeVersion": "syn-nodejs-puppeteer-6.2", "Schedule": { "Expression": "rate(1 minute)", "DurationInSeconds": 3600 }, "RunConfig": { "TimeoutInSeconds": 60 }, "FailureRetentionPeriod": 30, "SuccessRetentionPeriod": 30, "StartCanaryAfterCreation": false, "Tags": [ { "Id": "key00AtCreate", "Value": "value001AtCreate" } ] } } } }

YAML

Resources: SyntheticsCanary: Type: 'AWS::Synthetics::Canary' Properties: Name: samplecanary ExecutionRoleArn: 'arn:aws:iam::123456789012:role/my-lambda-execution-role-to-run-canary' Code: {Handler: pageLoadBlueprint.handler, Script: "var synthetics = require('Synthetics');\nconst log = require('SyntheticsLogger');\nconst pageLoadBlueprint = async function () {\n// INSERT URL here\nconst URL = \"https://amazon.com\";\n\nlet page = await synthetics.getPage();\nconst response = await page.goto(URL, {waitUntil: 'domcontentloaded', timeout: 30000});\n//Wait for page to render.\n//Increase or decrease wait time based on endpoint being monitored.\nawait page.waitFor(15000);\nawait synthetics.takeScreenshot('loaded', 'loaded');\nlet pageTitle = await page.title();\nlog.info('Page title: ' + pageTitle);\nif (response.status() !== 200) {\n throw \"Failed to load page!\";\n}\n};\n\nexports.handler = async () => {\nreturn await pageLoadBlueprint();\n};\n"} ArtifactS3Location: s3://my-results-bucket RuntimeVersion: syn-nodejs-puppeteer-6.2 Schedule: {Expression: 'rate(1 minute)', DurationInSeconds: 3600} RunConfig: {TimeoutInSeconds: 60} FailureRetentionPeriod: 30 SuccessRetentionPeriod: 30 Tags: [{Key: key00AtCreate, Value: value001AtCreate}] StartCanaryAfterCreation: false