Skip to main content

CloudWatch

Cloudwatch checks for all active alarms

cloudwatch-alarms.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: cloudwatch-check
spec:
interval: 30
cloudwatch:
- name: cloudwatch-check
accessKey:
valueFrom:
secretKeyRef:
key: AWS_ACCESS_KEY_ID
name: aws-credentials
secretKey:
valueFrom:
secretKeyRef:
key: AWS_SECRET_ACCESS_KEY
name: aws-credentials
region: "us-east-1"
#skipTLSVerify: true
FieldDescriptionSchemeRequired
actionPrefixUse to filter the results of the operation to only those alarms that use a certain alarm action. For example, you could specify the ARN of an SNS topic to find all alarms that send notifications to that topic.string
alarmPrefixSpecify to receive information about all alarms that have names that start with this prefix.string
alarmsSet field to retrieve information about alarm[]string
stateSpecify to retrieve state value of alarmstring
nameName of the check, must be unique within the canarystringYes
descriptionDescription for the checkstring
iconIcon for overwriting default icon on the dashboardstring
labelsLabels for checkmap[string]string
testEvaluate whether a check is healthyExpression
displayExpression to change the formatting of the displayExpression
transformTransform data from a check into multiple individual checksExpression
metricsMetrics to export from[]Metrics
Connection
connection Path of existing connection e.g. connection://aws/instance Mutually exclusive with accessKey and secretKey Connection
accessKey Mutually exclusive with connection EnvVar
secretKey Mutually exclusive with connection EnvVar
endpointCustom AWS endpointstring
regionAWS regionstring
skipTLSVerifySkip TLS verify when connecting to awsbool

Connecting to AWS

There are 3 options when connecting to AWS:

  1. An AWS instance profile or pod identity (the default if no connection or accessKey is specified)

  2. connection, this is the recommended method, connections are reusable and secure

    aws-connection.yaml
    apiVersion: canaries.flanksource.com/v1
    kind: Canary
    metadata:
    name: cloudwatch-check
    spec:
    interval: 30
    cloudwatch:
    - connection: connection://aws/internal
    region: us-east-1 # optional if specified in the connection
  3. accessKey and secretKey EnvVar with the credentials stored in a secret.

    aws.yaml
    apiVersion: canaries.flanksource.com/v1
    kind: Canary
    metadata:
    name: cloudwatch-check
    spec:
    interval: 30
    cloudwatch:
    - accessKey:
    valueFrom:
    secretKeyRef:
    name: aws-credentials
    key: AWS_ACCESS_KEY_ID
    secretKey:
    valueFrom:
    secretKeyRef:
    name: aws-credentials
    key: AWS_SECRET_ACCESS_KEY
    region: us-east-1