Skip to main content

EC2

Enterprise Edition Required

This check connects to an AWS account with the specified credentials, launch an EC2 instance with an option for userData. This test can be used to check the availability of an ami, account service limits, run backup & restore operations, etc.

apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: ec2-check
spec:
interval: 30
ec2:
- name: ec2-check
ami: ami-04f7efe62f419d9f5
description: test instance
accessKeyID:
valueFrom:
secretKeyRef:
name: aws-credentials
key: AWS_ACCESS_KEY_ID
secretKey:
valueFrom:
secretKeyRef:
name: aws-credentials
key: AWS_SECRET_ACCESS_KEY
region: eu-west-1
userData: |
#!/bin/bash
yum install -y httpd
systemctl start httpd
systemctl enable httpd
usermod -a -G apache ec2-user
chown -R ec2-user:apache /var/www
chmod 2775 /var/www
find /var/www -type d -exec chmod 2775 {} \;
find /var/www -type f -exec chmod 0664 {} \;
securityGroup: default
FieldDescriptionSchemeRequired
amiMaster image to create EC2 instance fromstringYes
canaryRefReference Canary object[]v1.LocalObjectReference
keepAliveToggle keepalive with true or falsebool
securityGroupSecurity groups to attach to the EC2 instancestring
timeoutSet keep-alive timeoutint
userDataConfigure EC2 instance with user datastring
waitTimeSet wait-time for EC2 instance launchint
nameName of the check, must be unique within the canarystringYes
descriptionDescription for the checkstring
iconIcon for overwriting default icon on the dashboardstring
labelsLabels for checkmap[string]string
testEvaluate whether a check is healthyExpression
displayExpression to change the formatting of the displayExpression
transformTransform data from a check into multiple individual checksExpression
metricsMetrics to export from[]Metrics
Connection
connectionPath of existing connection e.g. connection://aws/instance
Mutually exclusive with accessKey and secretKey
Connection
accessKey Mutually exclusive with connection EnvVar
secretKey Mutually exclusive with connection EnvVar
endpointCustom AWS endpointstring
regionAWS regionstring
skipTLSVerifySkip TLS verify when connecting to awsbool

Connecting to AWS

There are 3 options when connecting to AWS:

  1. An AWS instance profile or pod identity (the default if no connection or accessKey is specified)

  2. connection, this is the recommended method, connections are reusable and secure

    aws-connection.yaml
    apiVersion: canaries.flanksource.com/v1
    kind: Canary
    metadata:
    name: ec2-check
    spec:
    interval: 30
    ec2:
    - name: ec2-check
    ami: ami-04f7efe62f419d9f5
    description: test instance
    connection: connection://aws/internal
    region: eu-west-1
    userData: |
    #!/bin/bash
    yum install -y httpd
    systemctl start httpd
    systemctl enable httpd
    usermod -a -G apache ec2-user
    chown -R ec2-user:apache /var/www
    chmod 2775 /var/www
    find /var/www -type d -exec chmod 2775 {} \;
    find /var/www -type f -exec chmod 0664 {} \;
    securityGroup: default
  3. accessKey and secretKey EnvVar with the credentials stored in a secret.

    aws.yaml
    apiVersion: canaries.flanksource.com/v1
    kind: Canary
    metadata:
    name: ec2-check
    spec:
    interval: 30
    ec2:
    - name: ec2-check
    ami: ami-04f7efe62f419d9f5
    description: test instance
    accessKeyID:
    valueFrom:
    secretKeyRef:
    name: aws-credentials
    key: AWS_ACCESS_KEY_ID
    secretKey:
    valueFrom:
    secretKeyRef:
    name: aws-credentials
    key: AWS_SECRET_ACCESS_KEY
    region: eu-west-1
    userData: |
    #!/bin/bash
    yum install -y httpd
    systemctl start httpd
    systemctl enable httpd
    usermod -a -G apache ec2-user
    chown -R ec2-user:apache /var/www
    chmod 2775 /var/www
    find /var/www -type d -exec chmod 2775 {} \;
    find /var/www -type f -exec chmod 0664 {} \;
    securityGroup: default