Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CreateServer and UpdateServer Canaries #23

Merged
merged 1 commit into from
Jun 12, 2020
Merged

Add CreateServer and UpdateServer Canaries #23

merged 1 commit into from
Jun 12, 2020

Conversation

bjollans
Copy link
Contributor

Adding the template used for the canary. We decided to have a single canary, since our code path does not depend on any of the API's parameters.

  • bootstrap.yaml contains the prerequisite IAM roles (described in opsworks-cm docs).
  • CanaryAutomate_001.yaml contains what will be used for the "CanaryAutomate" canary Create call
  • CanaryAutomate_002.yaml contains what will be used for the "CanaryAutomate" canary Update call

Using the same canary_settings as we used to. A timeout of 28 minutes and 1 canary at a time means at least 2 runs per hour. 3 DPs to alarm would mean 1.5 h until we noice a failure.

Testing Done

  • mvn package
  • pre-commit run --all-files
  • manually ran the canary flow:
aws cloudformation create-stack --stack-name bootstrap --template-body file://canary-bundle/bootstrap.yaml --region us-east-1 --capabilities CAPABILITY_NAMED_IAM
aws cloudformation create-stack --stack-name testCanary --template-body file://canary-bundle/canary/CanaryAutomate_001.yaml --region us-east-1
aws cloudformation update-stack --stack-name testCanary --template-body file://canary-bundle/canary/CanaryAutomate_002.yaml --region us-east-1

@avinash-karthik avinash-karthik changed the title Add A2 canary Add CreateServer and UpdateServer Canaries Jun 11, 2020
@bjollans bjollans merged commit 6d73224 into aws-cloudformation:master Jun 12, 2020
PatMyron
PatMyron reviewed Aug 7, 2020
View reviewed changes
aws-opsworkscm-server/canary-bundle/bootstrap.yaml
Comment on lines +10 to +36
- arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
- arn:aws:iam::aws:policy/AWSOpsWorksCMInstanceProfileRole
AssumeRolePolicyDocument:
Statement:
- Action:
- "sts:AssumeRole"
Effect: "Allow"
Principal:
Service:
- "ec2.amazonaws.com"
Version: "2012-10-17"
Path: "/service-role/"
CanaryInstanceProfile:
Type: "AWS::IAM::InstanceProfile"
Properties:
Path: "/"
Roles:
- {Ref: CanaryInstanceRole}
#Name needs "aws-opsworks-cm-" as prefix
InstanceProfileName: "aws-opsworks-cm-CanaryInstanceProfile"
CanaryServiceRole:
Type: "AWS::IAM::Role"
Properties:
#Name needs "aws-opsworks-cm-" as prefix
RoleName: "aws-opsworks-cm-CanaryServiceRole"
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSOpsWorksCMServiceRole
Copy link
Contributor

@PatMyron PatMyron Aug 7, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would un-hardcode the commercial AWS partition in these IAM ARNs in order to more easily support the other AWS partitions OpsWorks will hopefully support in the future:

https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arns-syntax
https://docs.aws.amazon.com/sdk-for-go/api/aws/endpoints/#pkg-constants
https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/

caught by running cfn validate

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PatMyron PatMyron PatMyron left review comments

@avinash-karthik avinash-karthik avinash-karthik approved these changes

@eemreavci eemreavci eemreavci approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bjollans @eemreavci @PatMyron @avinash-karthik