Skip to main content

CloudWatch

Cloudwatch checks for all active alarms

cloudwatch-alarms.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
  name: cloudwatch-check
spec:
  interval: 30
  cloudwatch:
    - name: cloudwatch-check
      accessKey:
        valueFrom:
          secretKeyRef:
            key: AWS_ACCESS_KEY_ID
            name: aws-credentials
      secretKey:
        valueFrom:
          secretKeyRef:
            key: AWS_SECRET_ACCESS_KEY
            name: aws-credentials
      region: "us-east-1"
      #skipTLSVerify: true
FieldDescriptionSchemeRequired
actionPrefixUse to filter the results of the operation to only those alarms that use a certain alarm action. For example, you could specify the ARN of an SNS topic to find all alarms that send notifications to that topic.string
alarmPrefixSpecify to receive information about all alarms that have names that start with this prefix.string
alarmsSet field to retrieve information about alarm[]string
stateSpecify to retrieve state value of alarmstring
*All other commons fieldCommon
Connection
connectionPath of existing connection e.g. connection://aws/instance/. Mutually exclusive with accessKey and secretKeyConnection
accessKeyMutually exclusive with connectionEnvVar
secretKeyMutually exclusive with connectionEnvVar
endpointCustom AWS endpointstring
regionAWS regionstring
skipTLSVerifySkip TLS verify when connecting to awsbool

Connecting to AWS

There are 3 options when connecting to AWS:

  1. An AWS instance profile or pod identity (the default if no connection or accessKey is specified)

  2. connection, this is the recommended method, connections are reusable and secure

    aws-connection.yaml
    apiVersion: canaries.flanksource.com/v1
    kind: Canary
    metadata:
      name: cloudwatch-check
    spec:
      interval: 30
      cloudwatch:
        - connection: connection://aws/internal
          region: us-east-1 # optional if specified in the connection

  3. accessKey and secretKey EnvVar with the credentials stored in a secret.

    aws.yaml
    apiVersion: canaries.flanksource.com/v1
    kind: Canary
    metadata:
      name: cloudwatch-check
    spec:
      interval: 30
      cloudwatch:
        - accessKey:
            valueFrom:
              secretKeyRef:
                name: aws-credentials
                key: AWS_ACCESS_KEY_ID
          secretKey:
            valueFrom:
              secretKeyRef:
                name: aws-credentials
                key: AWS_SECRET_ACCESS_KEY
          region: us-east-1