Skip to content

Module Banner

terraform-aws-arc-synthetic-monitoring

Module: sourcefuse/arc-synthetic-monitoring/aws

Registry: https://registry.terraform.io/modules/sourcefuse/arc-synthetic-monitoring/aws

Category: Observability / Monitoring

Source: https://github.com/sourcefuse/terraform-aws-arc-synthetic-monitoring

Latest Release Last Updated Terraform GitHub Actions

Quality gate

Tip

🤖 New: Use this module with AI assistants via the ARC IaC MCP Server — search, scaffold, and security-scan ARC modules from natural language. Quick setup ↓

Overview

Creates CloudWatch Synthetics canaries for endpoint availability and performance monitoring with SNS alerting.

What It Does

  • CloudWatch Synthetics canaries for HTTP endpoint monitoring
  • Configurable canary schedule and runtime
  • VPC-enabled canaries for private endpoint testing
  • S3 bucket for canary artifacts
  • SNS topic for canary failure alerts
  • KMS encryption for artifacts

Quickstart

module "synthetic-monitoring" {
  source            = "sourcefuse/arc-synthetic-monitoring/aws"
  version           = "0.0.1"
  sns_topic_name    = var.sns_topic_name
  endpoint          = var.endpoint
  kms_key_alias     = var.kms_key_alias
  canaries_with_vpc = local.canaries_with_vpc
  bucket_name       = var.bucket_name
  tags              = module.tags.tags
}

Required Inputs

Name Type Description
endpoint string URL to monitor
bucket_name string S3 bucket for canary artifacts
sns_topic_name string SNS topic name for alerts
## Key Outputs
Name Description
canary_arns Map of canary name to ARN
## Full Variable & Output Reference

The complete inputs/outputs reference is auto-generated below.

Requirements

Name Version
terraform ~> 1.7
archive 2.4.2
aws >= 4.0, < 6.0
random 3.6.2

Providers

Name Version
aws 4.67.0
random 3.6.2

Modules

Name Source Version
kms sourcefuse/arc-kms/aws 0.0.4

Resources

Name Type
aws_cloudwatch_metric_alarm.fail_alarm resource
aws_cloudwatch_metric_alarm.success_alarm resource
aws_iam_policy.canary_execution_policy resource
aws_iam_role.canary_execution_role resource
aws_iam_role_policy_attachment.canary_execution_attachment resource
aws_s3_bucket.artifcats_bucket resource
aws_s3_bucket_cors_configuration.cors resource
aws_s3_bucket_public_access_block.public_access_block resource
aws_s3_bucket_server_side_encryption_configuration.ssm resource
aws_s3_bucket_versioning.versioning resource
aws_sns_topic.this resource
aws_sns_topic_policy.this resource
aws_sns_topic_subscription.this resource
aws_synthetics_canary.dynamic_canaries_with_vpc resource
random_pet.iam_role_name resource
aws_caller_identity.current data source
aws_iam_policy_document.sns_topic_policy data source
aws_iam_role.execution_role data source

Inputs

Name Description Type Default Required
block_public_acls Whether Amazon S3 should block public ACLs for this bucket. bool true no
block_public_policy Whether Amazon S3 should block public bucket policies for this bucket. bool true no
bucket_key_enabled Specifies whether bucket key is enabled. bool false no
bucket_name The name of the S3 bucket. string n/a yes
canaries_with_vpc List of canaries with VPC configuration
map(object({
name = string
handler = string
zip_file = string
s3_details = optional(object({
s3_bucket = string
s3_key = string
s3_version = string
}), null)
runtime_version = string
start_canary = bool
failure_retention_period = number
success_retention_period = number
schedule_expression = string
environment_variables = map(string)
}))
n/a yes
cloudwatch_metric_alarms_enabled Boolean flag to enable/disable CloudWatch metrics alarms bool false no
cors_configuration The CORS configuration for the S3 bucket.
list(object({
allowed_headers = list(string)
allowed_methods = list(string)
allowed_origins = list(string)
expose_headers = list(string)
max_age_seconds = number
}))
[
{
"allowed_headers": [
"Authorization"
],
"allowed_methods": [
"GET",
"POST"
],
"allowed_origins": [
"*"
],
"expose_headers": [
"x-amz-server-side-encryption"
],
"max_age_seconds": 3000
}
]
no
custom_kms_policy Custom KMS policy to apply if enabled. If not provided, a default policy will be used. string "" no
deletion_window_in_days Duration in days after which the key is deleted after destruction of the resource number 10 no
enable_key_rotation Specifies whether key rotation is enabled bool true no
enabled Whether the KMS module is enabled. If true, a custom KMS key will be used for encryption. If false, the default AWS managed KMS key will be used. bool true no
endpoint The endpoint for the SNS subscription. string n/a yes
force_destroy Specifies whether to force destroy the bucket (and all objects) when the bucket is removed. bool true no
ignore_public_acls Whether Amazon S3 should ignore public ACLs for this bucket. bool true no
kms_key_alias Alias for the custom KMS key (if enabled). string n/a yes
protocol The protocol for the SNS subscription endpoint. string "email" no
region AWS region string "us-east-1" no
restrict_public_buckets Whether Amazon S3 should restrict public bucket policies for this bucket. bool true no
security_group_ids List of security group IDs for the canary list(string)
[
""
]
no
sns_topic_name Name for the SNS topic. string n/a yes
sse_algorithm The server-side encryption algorithm to use. Valid values are AES256 and aws:kms string "aws:kms" no
subnet_ids List of subnet IDs where the canary will run list(string)
[
""
]
no
tags Tags to apply to the canary map(string) n/a yes
versioning_enabled Enable versioning for the S3 bucket. bool false no

Outputs

Name Description
canary_arns ARNs of all canaries created

Versioning

This project uses a .version file at the root of the repo which the pipeline reads from and does a git tag.

When you intend to commit to main, you will need to increment this version. Once the project is merged, the pipeline will kick off and tag the latest git commit.

Development

Prerequisites

Configurations

  • Configure pre-commit hooks
    pre-commit install
    

Versioning

while Contributing or doing git commit please specify the breaking change in your commit message whether its major,minor or patch

For Example

git commit -m "your commit message #major"
By specifying this , it will bump the version and if you don't specify this in your commit message then by default it will consider patch and will bump that accordingly

Tests

  • Tests are available in test directory
  • Configure the dependencies
    1
    2
    3
    cd test/
    go mod init github.com/sourcefuse/terraform-aws-refarch-<module_name>
    go get github.com/gruntwork-io/terratest/modules/terraform
    
  • Now execute the test
    go test -timeout  30m
    

AI Assistant Integration (ARC IaC MCP)

The ARC IaC MCP Server is a hosted Model Context Protocol service that lets AI assistants browse, search, scaffold, compare, and security-scan any of the SourceFuse ARC Terraform modules — directly from natural language.

What you can do with it:

  • Discover — search and filter modules by keyword or AWS resource type.
  • Understand — get inputs, outputs, and resources for any module without leaving your editor.
  • Scaffold — generate production-ready, multi-file Terraform with cross-module wiring already done.
  • Secure — scan generated or existing HCL for misconfigurations before it hits a PR.
  • Compare — diff modules side-by-side to make informed architectural decisions.

Setup (one minute)

The MCP endpoint is https://arc-iac-mcp.sourcef.us/mcp. Pick your client:

Claude Code CLI:

claude mcp add arc-iac --transport http https://arc-iac-mcp.sourcef.us/mcp

Claude Desktop — edit ~/Library/Application Support/Claude/claude_desktop_config.json:

1
2
3
4
5
6
7
{
  "mcpServers": {
    "arc-iac": {
      "url": "https://arc-iac-mcp.sourcef.us/mcp"
    }
  }
}

Cursor / Windsurf / Kiro — add the same block to .cursor/mcp.json (or the equivalent for your client).

Example prompts to try

  • "List all ARC modules sorted by downloads"
  • "What inputs does arc-ecs require?"
  • "Scaffold a production-ready arc-db Aurora setup with Secrets Manager"
  • "Compare arc-eks and arc-ecs for running 10 microservices"
  • "Scan this Terraform before I raise a PR: <paste HCL>"

See the ARC IaC MCP repo for the full tool reference, troubleshooting tips, and local-development instructions.

Contributing

See CONTRIBUTING.md for commit conventions and development setup.

Authors

This project is authored by: - SourceFuse ARC Team