Skip to content

Commit 89c5350

Browse files
badmintoncryerbadmintoncryer
authored
feat(synthetics): safe canary update (#34608)
### Issue # (if applicable) None ### Reason for this change AWS CloudWatch synthetics supports for [performing safe canary update](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/performing-safe-canary-upgrades.html#performing-safe-canary-upgrades-limitations). This feature cannot be configurable from AWS CDK L2 construct. ### Description of changes - Add `dryRunAndUpdate` prop to `canaryProps` - Add runtime validation - syn-nodejs-puppeteer-10.0+ - syn-nodejs-playwright-2.0+ - syn-python-selenium-5.1+ ### Describe any new or updated permissions being added None ### Description of how you validated changes Add both unit and integ tets. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
1 parent a77c9cf commit 89c5350

File tree

17 files changed

+974
-0
lines changed

17 files changed

+974
-0
lines changed

packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.canary-dryrun-update.js.snapshot/SyntheticsCanaryDryRunAndUpdateDefaultTestDeployAssertAF68FFC6.assets.json

Lines changed: 20 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.canary-dryrun-update.js.snapshot/SyntheticsCanaryDryRunAndUpdateDefaultTestDeployAssertAF68FFC6.template.json

Lines changed: 36 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.canary-dryrun-update.js.snapshot/SyntheticsCanaryDryRunAndUpdateStack.assets.json

Lines changed: 34 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-synthetics/test/integ.canary-dryrun-update.js.snapshot/SyntheticsCanaryDryRunAndUpdateStack.template.json

Lines changed: 240 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,240 @@
1+
{
2+
"Resources": {
3+
"DryRunCanaryArtifactsBucketC5395CB9": {
4+
"Type": "AWS::S3::Bucket",
5+
"Properties": {
6+
"BucketEncryption": {
7+
"ServerSideEncryptionConfiguration": [
8+
{
9+
"ServerSideEncryptionByDefault": {
10+
"SSEAlgorithm": "aws:kms"
11+
}
12+
}
13+
]
14+
}
15+
},
16+
"UpdateReplacePolicy": "Retain",
17+
"DeletionPolicy": "Retain"
18+
},
19+
"DryRunCanaryArtifactsBucketPolicyCEE0B66A": {
20+
"Type": "AWS::S3::BucketPolicy",
21+
"Properties": {
22+
"Bucket": {
23+
"Ref": "DryRunCanaryArtifactsBucketC5395CB9"
24+
},
25+
"PolicyDocument": {
26+
"Statement": [
27+
{
28+
"Action": "s3:*",
29+
"Condition": {
30+
"Bool": {
31+
"aws:SecureTransport": "false"
32+
}
33+
},
34+
"Effect": "Deny",
35+
"Principal": {
36+
"AWS": "*"
37+
},
38+
"Resource": [
39+
{
40+
"Fn::GetAtt": [
41+
"DryRunCanaryArtifactsBucketC5395CB9",
42+
"Arn"
43+
]
44+
},
45+
{
46+
"Fn::Join": [
47+
"",
48+
[
49+
{
50+
"Fn::GetAtt": [
51+
"DryRunCanaryArtifactsBucketC5395CB9",
52+
"Arn"
53+
]
54+
},
55+
"/*"
56+
]
57+
]
58+
}
59+
]
60+
}
61+
],
62+
"Version": "2012-10-17"
63+
}
64+
}
65+
},
66+
"DryRunCanaryServiceRoleC0E4F3DB": {
67+
"Type": "AWS::IAM::Role",
68+
"Properties": {
69+
"AssumeRolePolicyDocument": {
70+
"Statement": [
71+
{
72+
"Action": "sts:AssumeRole",
73+
"Effect": "Allow",
74+
"Principal": {
75+
"Service": "lambda.amazonaws.com"
76+
}
77+
}
78+
],
79+
"Version": "2012-10-17"
80+
},
81+
"Policies": [
82+
{
83+
"PolicyDocument": {
84+
"Statement": [
85+
{
86+
"Action": "s3:ListAllMyBuckets",
87+
"Effect": "Allow",
88+
"Resource": "*"
89+
},
90+
{
91+
"Action": "s3:GetBucketLocation",
92+
"Effect": "Allow",
93+
"Resource": {
94+
"Fn::GetAtt": [
95+
"DryRunCanaryArtifactsBucketC5395CB9",
96+
"Arn"
97+
]
98+
}
99+
},
100+
{
101+
"Action": "s3:PutObject",
102+
"Effect": "Allow",
103+
"Resource": {
104+
"Fn::Join": [
105+
"",
106+
[
107+
{
108+
"Fn::GetAtt": [
109+
"DryRunCanaryArtifactsBucketC5395CB9",
110+
"Arn"
111+
]
112+
},
113+
"/*"
114+
]
115+
]
116+
}
117+
},
118+
{
119+
"Action": "cloudwatch:PutMetricData",
120+
"Condition": {
121+
"StringEquals": {
122+
"cloudwatch:namespace": "CloudWatchSynthetics"
123+
}
124+
},
125+
"Effect": "Allow",
126+
"Resource": "*"
127+
},
128+
{
129+
"Action": [
130+
"logs:CreateLogGroup",
131+
"logs:CreateLogStream",
132+
"logs:PutLogEvents"
133+
],
134+
"Effect": "Allow",
135+
"Resource": {
136+
"Fn::Join": [
137+
"",
138+
[
139+
"arn:",
140+
{
141+
"Ref": "AWS::Partition"
142+
},
143+
":logs:",
144+
{
145+
"Ref": "AWS::Region"
146+
},
147+
":",
148+
{
149+
"Ref": "AWS::AccountId"
150+
},
151+
":log-group:/aws/lambda/cwsyn-*"
152+
]
153+
]
154+
}
155+
}
156+
],
157+
"Version": "2012-10-17"
158+
},
159+
"PolicyName": "canaryPolicy"
160+
}
161+
]
162+
}
163+
},
164+
"DryRunCanary4A247609": {
165+
"Type": "AWS::Synthetics::Canary",
166+
"Properties": {
167+
"ArtifactS3Location": {
168+
"Fn::Join": [
169+
"",
170+
[
171+
"s3://",
172+
{
173+
"Ref": "DryRunCanaryArtifactsBucketC5395CB9"
174+
}
175+
]
176+
]
177+
},
178+
"Code": {
179+
"Handler": "canary.handler",
180+
"S3Bucket": {
181+
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
182+
},
183+
"S3Key": "5178413cfe8db00b2d5dcfa9be417e934c64601d0da3031d88c145c8293bc27f.zip"
184+
},
185+
"DryRunAndUpdate": true,
186+
"ExecutionRoleArn": {
187+
"Fn::GetAtt": [
188+
"DryRunCanaryServiceRoleC0E4F3DB",
189+
"Arn"
190+
]
191+
},
192+
"Name": "dryrun",
193+
"RunConfig": {
194+
"MemoryInMB": 2048,
195+
"TimeoutInSeconds": 240
196+
},
197+
"RuntimeVersion": "syn-python-selenium-5.1",
198+
"Schedule": {
199+
"DurationInSeconds": "0",
200+
"Expression": "rate(5 minutes)"
201+
},
202+
"StartCanaryAfterCreation": true
203+
}
204+
}
205+
},
206+
"Parameters": {
207+
"BootstrapVersion": {
208+
"Type": "AWS::SSM::Parameter::Value<String>",
209+
"Default": "/cdk-bootstrap/hnb659fds/version",
210+
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
211+
}
212+
},
213+
"Rules": {
214+
"CheckBootstrapVersion": {
215+
"Assertions": [
216+
{
217+
"Assert": {
218+
"Fn::Not": [
219+
{
220+
"Fn::Contains": [
221+
[
222+
"1",
223+
"2",
224+
"3",
225+
"4",
226+
"5"
227+
],
228+
{
229+
"Ref": "BootstrapVersion"
230+
}
231+
]
232+
}
233+
]
234+
},
235+
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
236+
}
237+
]
238+
}
239+
}
240+
}

0 commit comments

Comments
 (0)