Merge pull request #3 from adhorn/ParameterStoreFis

add support for direct parameter store integration
adhorn · Feb 8, 2022 · e84bdcc · e84bdcc
2 parents c33323d + 92d4b32
commit e84bdcc
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 22 deletions.
diff --git a/lib/fis-experiments/lambda-faults/experiments-stack.ts b/lib/fis-experiments/lambda-faults/experiments-stack.ts
@@ -34,13 +34,24 @@ export class LambdaChaosExperiments extends Stack {
           DurationMinutes: "PT1M",
           AutomationAssumeRole: importedSSMAPutParameterStoreRoleArn.toString(),
           ParameterName: importedParameterName.toString(),
-          ParameterValue: "{ \"delay\": 500, \"is_enabled\": true, \"error_code\": 404, \"exception_msg\": \"This is chaos\", \"rate\": 1, \"fault_type\": \"exception\"}",
-          RollbackValue: "{ \"delay\": 500, \"is_enabled\": false, \"error_code\": 404, \"exception_msg\": \"This is chaos\", \"rate\": 1, \"fault_type\": \"exception\"}"
+          ParameterValue: '{ "delay": 1000, "is_enabled": true, "error_code": 404, "exception_msg": "This is chaos", "rate": 1, "fault_type": "exception"}',
+          RollbackValue: '{ "delay": 1000, "is_enabled": false, "error_code": 404, "exception_msg": "This is chaos", "rate": 1, "fault_type": "exception"}'
         }),
         maxDuration: "PT5M",
       },
     };
 
+    const putParameter = {
+      actionId: "aws:ssm:put-parameter",
+      description: "Put config into parameter store to enable Lambda Chaos.",
+      parameters: {
+          duration: "PT10M",
+          name: importedParameterName.toString(),
+          value: '{ "delay": 1000, "is_enabled": true, "error_code": 404, "exception_msg": "This is chaos", "rate": 1, "fault_type": "exception"}',
+          rollbackValue: '{ "delay": 1000, "is_enabled": false, "error_code": 404, "exception_msg": "This is chaos", "rate": 1, "fault_type": "exception"}'
+        }
+    };
+
     // Experiments
     const templateInjectS3AccessDenied = new fis.CfnExperimentTemplate(
       this,
@@ -59,7 +70,7 @@ export class LambdaChaosExperiments extends Stack {
           Stackname: this.stackName,
         },
         actions: {
-          ssmaAction: startAutomation,
+          ssmaAction: putParameter,
         },
         targets: {},
       }

diff --git a/lib/fis-role/iam-role-stack.ts b/lib/fis-role/iam-role-stack.ts
@@ -139,6 +139,7 @@ export class FisRole extends Stack {
           "ec2:DescribeInstances",
           "ssm:ListCommands",
           "ssm:CancelCommand",
+          "ssm:PutParameter"
         ],
       })
     );

diff --git a/lib/fis-upload-ssm-docs/ssm-upload-stack.ts b/lib/fis-upload-ssm-docs/ssm-upload-stack.ts
@@ -13,9 +13,9 @@ export class FisSsmDocs extends Stack {
     super(scope, id, props);
 
     // Deploy the SSMA document to inject the Nacl faults
-    let nacl_file = path.join(__dirname, "documents/ssma-nacl-faults.yml");
+    let file = path.join(__dirname, "documents/ssma-nacl-faults.yml");
 
-    const nacl_content = fs.readFileSync(nacl_file).toString();
+    const nacl_content = fs.readFileSync(file, "utf8");
 
     const nacl_cfnDocument = new ssm.CfnDocument(this, `Nacl-SSM-Document`, {
       content: yaml.load(nacl_content),
@@ -24,12 +24,9 @@ export class FisSsmDocs extends Stack {
     });
 
     // Deploy the SSMA document to inject the security group faults
-    let secgroup_file = path.join(
-      __dirname,
-      "documents/security-groups-faults.yml"
-    );
+    file = path.join(__dirname, "documents/security-groups-faults.yml");
 
-    const secgroup_content = fs.readFileSync(secgroup_file).toString();
+    const secgroup_content = fs.readFileSync(file, "utf8");
 
     const secgroup_cfnDocument = new ssm.CfnDocument(
       this,
@@ -42,12 +39,9 @@ export class FisSsmDocs extends Stack {
     );
 
     // Deploy the SSMA document to inject the Iam Access faults
-    let iamaccess_file = path.join(
-      __dirname,
-      "documents/iam-access-faults.yml"
-    );
+    file = path.join(__dirname, "documents/iam-access-faults.yml");
 
-    const iamaccess_content = fs.readFileSync(iamaccess_file).toString();
+    const iamaccess_content = fs.readFileSync(file, "utf8");
 
     const iamaccess_cfnDocument = new ssm.CfnDocument(
       this,
@@ -60,14 +54,9 @@ export class FisSsmDocs extends Stack {
     );
 
     // Deploy the SSMA document to modify a parameter store value
-    let parameterstore_file = path.join(
-      __dirname,
-      "documents/ssma-put-config-parameterstore.yml"
-    );
+    file = path.join(__dirname, "documents/ssma-put-config-parameterstore.yml");
 
-    const parameterstore_content = fs
-      .readFileSync(parameterstore_file)
-      .toString();
+    const parameterstore_content = fs.readFileSync(file, "utf8");
 
     const parameterstore_cfnDocument = new ssm.CfnDocument(
       this,