Automation
This page shows an example configuration to integrate the alarm-craft with your deployment pipeline.
Suppose you have several CodePipelines deploying resources and you want to automatically update alarms to monitor them every time resources are created and/or deleted.
Here is an steps to implement this architecture.
- Create a CodeCommit repository having the below files.
-
config.json: your alarm configuration. See Configuration. -
buildspec.yml: runsalarm-craft- Ensure passing
-foption so thatalarm-craftwill update alarms without asking. -
${topic}`` is an environment variable set ARN of SNS Topic. With-n` option to notify the alarms to the topic.
version: 0.2 phases: build: commands: - python -m pip install alarm-craft - alarm-craft -f -c config.json -n ${topic}
- Ensure passing
-
- Setup a CodeBuild Project. Below is a snippet of a CloudFormation template.
BuildProject: Type: AWS::CodeBuild::Project Properties: Name: "alarm-craft" ServiceRole: !Ref CodeBuildRoleArn Artifacts: Type: NO_ARTIFACTS Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/amazonlinux2-x86_64-standard:4.0 EnvironmentVariables: - Name: topic Type: PLAINTEXT Value: !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:${SNSTopicNameAlarmConfig}" Source: Type: CODECOMMIT Location: !GetAtt CodeCommit.CloneUrlHttp SourceVersion: main
-
ServiceRole: Set an ARN of IAM Role for this CodeBuild. For permissions ofalarm-craft, see Permissions & Credentials -
Environment-
Type,ComputeType: See compute types -
Image: See docker images. Ensure the installed python version is 3.9 or above. -
EnvironmentVariables: Configure some necessary variables. In this example, set a SNS Topic ARN forbuildspec.ymlabovementioned.
-
-
Source-
Location: CodeCommit Clone URL
-
-
- Setup an EventBridge rule. Below is a snippet of a CloudFormation template.
EventRule: Type: AWS::Events::Rule Properties: Name: "event-invoke-alarm-craft" EventPattern: source: - aws.codepipeline detail-type: - CodePipeline Pipeline Execution State Change detail: pipeline: !Ref EventSourcePipelineNames state: - "SUCCEEDED" Targets: - Arn: !Sub "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:project/${BuildProject}" Id: codebuild_alarm RoleArn: !GetAtt EventBridgeRole.Arn
-
EventPattern>detail>pipeline: A list of pipeline names in comma separated. -
Targets-
Arn: An ARN of the CodeBuild Project above. -
RoleArn: A role to allow the eventBridge to invoke the CodeBuild project. Below is an example.
EventBridgeRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: events.amazonaws.com Path: / Policies: - PolicyName: EventBridgeAccess PolicyDocument: Version: 2012-10-17 Statement: - Sid: CodeBuild Effect: Allow Action: - codebuild:* Resource: "*"
-
-
- Now the
alarm-craftautomatically runs at every time your CodePipeline completes successfully. Thealarm-craftworks idempotent. It updates alarms eventually consistent with your AWS resources created or deleted by the CodePipeline.
- Maintain config.json and buildspec.yml: May use Github repositories, S3 or other repos supported in CodeBuild, instead of CodeCommit.
-
Trigger the
alarm-craft: May use events from CloudFormation Stack, CodeDeploy or other deploy tools supported in EventBridge, instead of CodePipelines events.