Added canary url and stepfunction monitoring with sns email and slack… #36
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #36 +/- ##
============================================
+ Coverage 73.40% 74.04% +0.63%
- Complexity 163 173 +10
============================================
Files 43 46 +3
Lines 959 1025 +66
Branches 47 49 +2
============================================
+ Hits 704 759 +55
- Misses 234 243 +9
- Partials 21 23 +2 ☔ View full report in Codecov by Sentry. |
… integration Signed-off-by: Brandon Shien <bshien@amazon.com>
| roleName: "OpenSearchSlackLambdaRole", | ||
| managedPolicies: [ | ||
| ManagedPolicy.fromAwsManagedPolicyName('SecretsManagerReadWrite'), | ||
| ] |
There was a problem hiding this comment.
Restrict this to specific secret.
| } | ||
|
|
||
| export class SnsMonitors extends Construct { | ||
| private readonly region: string; |
There was a problem hiding this comment.
NIT: Try to see if you can seperate the stepFunctionSnsAlarms and canaryAlarms into new files and extend the common methods.
| workflowComponent: openSearchMetricsWorkflowStack.workflowComponent, | ||
| lambdaPackage: Project.LAMBDA_PACKAGE | ||
| }) | ||
| openSearchMetricsMonitoringStack.node.addDependency(openSearchMetricsWorkflowStack); |
There was a problem hiding this comment.
Test with removing the addDependency, CDK should infer this.
| super(scope, id, props); | ||
|
|
||
| const secretsName = 'slack-creds'; | ||
| const slackCredsSecrets = new secretsmanager.Secret(this, 'SlackApiCreds', { |
There was a problem hiding this comment.
Seperate the secrets into a new stack, so that the same secret can be used across the project, not only just for slack etc.
| schedule: synthetics.Schedule.rate(Duration.minutes(1)), | ||
| test: synthetics.Test.custom({ | ||
| code: synthetics.Code.fromAsset(path.join(__dirname, '../../canary')), | ||
| handler: 'index.handler', |
There was a problem hiding this comment.
Please try to re-name this which is appropriate to the requirement.
| schedule: synthetics.Schedule.rate(Duration.minutes(1)), | ||
| test: synthetics.Test.custom({ | ||
| code: synthetics.Code.fromAsset(path.join(__dirname, '../../canary')), | ||
| handler: 'index.handler', |
There was a problem hiding this comment.
Just explore if this lambda can be restricted within the VPC and can be invoked restrictively.
| handler: 'index.handler', | ||
| }), | ||
| runtime: synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_6_2, | ||
| environmentVariables: { |
There was a problem hiding this comment.
Use the LTS and secure runtime for the canary lambda.
| } | ||
|
|
||
| @Test | ||
| void testGetRedshiftCredentials() throws IOException { |
|
@bshien can we close this PR in favor of #40? |
… integration
Description
Creates a Cloudwatch Synthetic Canary to monitor the metrics.opensearch.org url and monitors the step functions for failure. If either of these fail, a message will be published to SNS, and will send email and slack notifications.
Issues Resolved
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.