-
Notifications
You must be signed in to change notification settings - Fork 0
Automation
ryo-murai edited this page Jan 5, 2024
·
2 revisions
This page shows an example configuration to integrate the alarm-craft
with your deployment pipeline.
Suppose you have several CodePipelines deploying resources and you want to automatically update alarms to monitor them every time resources are created and/or deleted.
Here is an steps to implement this architecture.
- Create a CodeCommit repository having the below files.
-
config.json
: your alarm configuration. See Configuration. -
buildspec.yml
: runsalarm-craft
- Ensure passing
-f
option so thatalarm-craft
will update alarms without asking. -
${topic}`` is an environment variable set ARN of SNS Topic. With
-n` option to notify the alarms to the topic.
version: 0.2 phases: build: commands: - python -m pip install alarm-craft - alarm-craft -f -c config.json -n ${topic}
- Ensure passing
-
- Setup a CodeBuild Project. Below is a snippet of a CloudFormation template.
BuildProject: Type: AWS::CodeBuild::Project Properties: Name: "alarm-craft" ServiceRole: !Ref CodeBuildRoleArn Artifacts: Type: NO_ARTIFACTS Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/amazonlinux2-x86_64-standard:4.0 EnvironmentVariables: - Name: topic Type: PLAINTEXT Value: !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:${SNSTopicNameAlarmConfig}" Source: Type: CODECOMMIT Location: !GetAtt CodeCommit.CloneUrlHttp SourceVersion: main
-
ServiceRole
: Set an ARN of IAM Role for this CodeBuild. For permissions ofalarm-craft
, see Permissions & Credentials -
Environment
-
Type
,ComputeType
: See compute types -
Image
: See docker images. Ensure the installed python version is 3.9 or above. -
EnvironmentVariables
: Configure some necessary variables. In this example, set a SNS Topic ARN forbuildspec.yml
abovementioned.
-
-
Source
-
Location
: CodeCommit Clone URL
-
-
- Setup an EventBridge rule. Below is a snippet of a CloudFormation template.
EventRule: Type: AWS::Events::Rule Properties: Name: "event-invoke-alarm-craft" EventPattern: source: - aws.codepipeline detail-type: - CodePipeline Pipeline Execution State Change detail: pipeline: !Ref EventSourcePipelineNames state: - "SUCCEEDED" Targets: - Arn: !Sub "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:project/${BuildProject}" Id: codebuild_alarm RoleArn: !GetAtt EventBridgeRole.Arn
-
EventPattern
>detail
>pipeline
: A list of pipeline names in comma separated. -
Targets
-
Arn
: An ARN of the CodeBuild Project above. -
RoleArn
: A role to allow the eventBridge to invoke the CodeBuild project. Below is an example.
EventBridgeRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: events.amazonaws.com Path: / Policies: - PolicyName: EventBridgeAccess PolicyDocument: Version: 2012-10-17 Statement: - Sid: CodeBuild Effect: Allow Action: - codebuild:* Resource: "*"
-
-
- Now the
alarm-craft
automatically runs at every time your CodePipeline completes successfully. Thealarm-craft
works idempotent. It updates alarms eventually consistent with your AWS resources created or deleted by the CodePipeline.
- Maintain config.json and buildspec.yml: May use Github repositories, S3 or other repos supported in CodeBuild, instead of CodeCommit.
-
Trigger the
alarm-craft
: May use events from CloudFormation Stack, CodeDeploy or other deploy tools supported in EventBridge, instead of CodePipelines events.