Skip to main content

S3 Bucket

Checks the contents of a S3 bucket for size, age and count.

See Folder for a full description.

info

This check looks at the contents of an S3 bucket, to verify that an S3 compatible object storage endpoint is functioning correctly use: S3 Protocol

folder-check.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: folder-check
spec:
interval: 30
folder:
- path: s3://some-bucket/folder
name: folder-check-min
description: Checks if there are at least 10 files in the folder
minCount: 10
FieldDescriptionSchemeRequired
nameName of the checkstringYes
pathA path to a S3 bucket and folder e.g. s3://bucket/folderstringYes
awsConnectionAWS Access credentialsAWSConnection
*All other fields available in the folder checkFolder

Connecting to AWS

There are 3 options when connecting to AWS:

  1. An AWS instance profile or pod identity (the default if no connection or accessKey is specified)

  2. connection, this is the recommended method, connections are reusable and secure

    aws-connection.yaml
    apiVersion: canaries.flanksource.com/v1
    kind: Canary
    metadata:
    name: aws-config-rule
    spec:
    interval: 30
    folder:
    - path: s3://some-bucket/folder
    awsConnection:
    connection: connection://aws/s3
    name: folder-check-min
    minCount: 10
    description: Checks if there are at least 10 files in the folder

  3. accessKey and secretKey EnvVar with the credentials stored in a secret.

    aws.yaml
    apiVersion: canaries.flanksource.com/v1
    kind: Canary
    metadata:
    name: s3-bucket
    spec:
    interval: 30
    folder:
    - path: s3://some-bucket/folder
    name: folder-check-min
    minCount: 10
    description: Checks if there are at least 10 files in the folder
    awsConnection:
    accessKey:
    valueFrom:
    secretKeyRef:
    name: aws-credentials
    key: AWS_ACCESS_KEY_ID
    secretKey:
    valueFrom:
    secretKeyRef:
    name: aws-credentials
    key: AWS_SECRET_ACCESS_KEY
    region: us-east-1

AWS connection fields

FieldDescriptionSchemeRequired
connectionPath of existing connection e.g. connection://aws/instance
Mutually exclusive with accessKey and secretKey
Connection
accessKey Mutually exclusive with connection EnvVarYes
secretKey Mutually exclusive with connection EnvVarYes
endpointCustom AWS endpointstring
regionAWS regionstringYes
skipTLSVerifySkip TLS verify when connecting to awsbool