CloudWatch

Cloudwatch checks for all active alarms

cloudwatch-alarms.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
  name: cloudwatch-check
spec:
  interval: 30
  cloudwatch:
    - name: cloudwatch-check
      accessKey:
        valueFrom:
          secretKeyRef:
            key: AWS_ACCESS_KEY_ID
            name: aws-credentials
      secretKey:
        valueFrom:
          secretKeyRef:
            key: AWS_SECRET_ACCESS_KEY
            name: aws-credentials
      region: 'us-east-1'
      #skipTLSVerify: true

Field	Description	Scheme	Required
`actionPrefix`	Use to filter the results of the operation to only those alarms that use a certain alarm action. For example, you could specify the ARN of an SNS topic to find all alarms that send notifications to that topic.	string
`alarmPrefix`	Specify to receive information about all alarms that have names that start with this prefix.	string
`alarms`	Set field to retrieve information about alarm	[]string
`state`	Specify to retrieve state value of alarm	string
`name`	Name of the check, must be unique within the canary	`string`	Yes
`description`	Description for the check	`string`
`icon`	Icon for overwriting default icon on the dashboard	`string`
`labels`	Labels for check	`map[string]string`
`test`	Evaluate whether a check is healthy	`Expression`
`display`	Expression to change the formatting of the display	`Expression`
`transform`	Transform data from a check into multiple individual checks	`Expression`
`metrics`	Metrics to export from	`[]Metrics`
Connection
`connection`	Path of existing connection e.g. `connection://aws/instance` Mutually exclusive with `accessKey` and `secretKey`	Connections
`accessKey`	Mutually exclusive with `connection`	EnvVar
`secretKey`	Mutually exclusive with `connection`	EnvVar
`endpoint`	Custom AWS endpoint	string
`region`	AWS region	string
`skipTLSVerify`	Skip TLS verify when connecting to aws	bool

Connecting to AWS

There are 3 options when connecting to AWS:

AWS Instance or Pod Identity

By using the AWS Instance Profile or Pod Identity (the default if no connection or accessKey is specified)

Connection

Using a shared Connection

aws-connection.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
  name: cloudwatch-check
spec:
  interval: 30
  cloudwatch:
    - connection: connection://aws/internal
      region: us-east-1 # optional if specified in the connection

Inline

inline.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
  name: cloudwatch-check
spec:
  interval: 30
  cloudwatch:
    - accessKey:
        valueFrom:
          secretKeyRef:
            name: aws-credentials
            key: AWS_ACCESS_KEY_ID
      secretKey:
        valueFrom:
          secretKeyRef:
            name: aws-credentials
            key: AWS_SECRET_ACCESS_KEY
      region: us-east-1

danger

Avoid inlining secrets, use valueFrom and EnvVar

CloudWatch

Connecting to AWS​

Connecting to AWS