
terraform-aws-arc-synthetic-monitoring¶
Module:
sourcefuse/arc-synthetic-monitoring/awsRegistry: https://registry.terraform.io/modules/sourcefuse/arc-synthetic-monitoring/aws
Category: Observability / Monitoring
Source: https://github.com/sourcefuse/terraform-aws-arc-synthetic-monitoring
Tip
🤖 New: Use this module with AI assistants via the ARC IaC MCP Server — search, scaffold, and security-scan ARC modules from natural language. Quick setup ↓
Overview¶
Creates CloudWatch Synthetics canaries for endpoint availability and performance monitoring with SNS alerting.
What It Does¶
- CloudWatch Synthetics canaries for HTTP endpoint monitoring
- Configurable canary schedule and runtime
- VPC-enabled canaries for private endpoint testing
- S3 bucket for canary artifacts
- SNS topic for canary failure alerts
- KMS encryption for artifacts
Quickstart¶
Required Inputs¶
| Name | Type | Description |
|---|---|---|
endpoint |
string |
URL to monitor |
bucket_name |
string |
S3 bucket for canary artifacts |
sns_topic_name |
string |
SNS topic name for alerts |
| ## Key Outputs |
| Name | Description |
|---|---|
canary_arns |
Map of canary name to ARN |
| ## Full Variable & Output Reference |
The complete inputs/outputs reference is auto-generated below.
Requirements¶
| Name | Version |
|---|---|
| terraform | ~> 1.7 |
| archive | 2.4.2 |
| aws | >= 4.0, < 6.0 |
| random | 3.6.2 |
Providers¶
| Name | Version |
|---|---|
| aws | 4.67.0 |
| random | 3.6.2 |
Modules¶
| Name | Source | Version |
|---|---|---|
| kms | sourcefuse/arc-kms/aws | 0.0.4 |
Resources¶
| Name | Type |
|---|---|
| aws_cloudwatch_metric_alarm.fail_alarm | resource |
| aws_cloudwatch_metric_alarm.success_alarm | resource |
| aws_iam_policy.canary_execution_policy | resource |
| aws_iam_role.canary_execution_role | resource |
| aws_iam_role_policy_attachment.canary_execution_attachment | resource |
| aws_s3_bucket.artifcats_bucket | resource |
| aws_s3_bucket_cors_configuration.cors | resource |
| aws_s3_bucket_public_access_block.public_access_block | resource |
| aws_s3_bucket_server_side_encryption_configuration.ssm | resource |
| aws_s3_bucket_versioning.versioning | resource |
| aws_sns_topic.this | resource |
| aws_sns_topic_policy.this | resource |
| aws_sns_topic_subscription.this | resource |
| aws_synthetics_canary.dynamic_canaries_with_vpc | resource |
| random_pet.iam_role_name | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.sns_topic_policy | data source |
| aws_iam_role.execution_role | data source |
Inputs¶
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| block_public_acls | Whether Amazon S3 should block public ACLs for this bucket. | bool |
true |
no |
| block_public_policy | Whether Amazon S3 should block public bucket policies for this bucket. | bool |
true |
no |
| bucket_key_enabled | Specifies whether bucket key is enabled. | bool |
false |
no |
| bucket_name | The name of the S3 bucket. | string |
n/a | yes |
| canaries_with_vpc | List of canaries with VPC configuration | map(object({ |
n/a | yes |
| cloudwatch_metric_alarms_enabled | Boolean flag to enable/disable CloudWatch metrics alarms | bool |
false |
no |
| cors_configuration | The CORS configuration for the S3 bucket. | list(object({ |
[ |
no |
| custom_kms_policy | Custom KMS policy to apply if enabled. If not provided, a default policy will be used. | string |
"" |
no |
| deletion_window_in_days | Duration in days after which the key is deleted after destruction of the resource | number |
10 |
no |
| enable_key_rotation | Specifies whether key rotation is enabled | bool |
true |
no |
| enabled | Whether the KMS module is enabled. If true, a custom KMS key will be used for encryption. If false, the default AWS managed KMS key will be used. | bool |
true |
no |
| endpoint | The endpoint for the SNS subscription. | string |
n/a | yes |
| force_destroy | Specifies whether to force destroy the bucket (and all objects) when the bucket is removed. | bool |
true |
no |
| ignore_public_acls | Whether Amazon S3 should ignore public ACLs for this bucket. | bool |
true |
no |
| kms_key_alias | Alias for the custom KMS key (if enabled). | string |
n/a | yes |
| protocol | The protocol for the SNS subscription endpoint. | string |
"email" |
no |
| region | AWS region | string |
"us-east-1" |
no |
| restrict_public_buckets | Whether Amazon S3 should restrict public bucket policies for this bucket. | bool |
true |
no |
| security_group_ids | List of security group IDs for the canary | list(string) |
[ |
no |
| sns_topic_name | Name for the SNS topic. | string |
n/a | yes |
| sse_algorithm | The server-side encryption algorithm to use. Valid values are AES256 and aws:kms |
string |
"aws:kms" |
no |
| subnet_ids | List of subnet IDs where the canary will run | list(string) |
[ |
no |
| tags | Tags to apply to the canary | map(string) |
n/a | yes |
| versioning_enabled | Enable versioning for the S3 bucket. | bool |
false |
no |
Outputs¶
| Name | Description |
|---|---|
| canary_arns | ARNs of all canaries created |
Versioning¶
This project uses a .version file at the root of the repo which the pipeline reads from and does a git tag.
When you intend to commit to main, you will need to increment this version. Once the project is merged,
the pipeline will kick off and tag the latest git commit.
Development¶
Prerequisites¶
Configurations¶
- Configure pre-commit hooks
Versioning¶
while Contributing or doing git commit please specify the breaking change in your commit message whether its major,minor or patch
For Example
Tests¶
- Tests are available in
testdirectory - Configure the dependencies
- Now execute the test
AI Assistant Integration (ARC IaC MCP)¶
The ARC IaC MCP Server is a hosted Model Context Protocol service that lets AI assistants browse, search, scaffold, compare, and security-scan any of the SourceFuse ARC Terraform modules — directly from natural language.
What you can do with it:
- Discover — search and filter modules by keyword or AWS resource type.
- Understand — get inputs, outputs, and resources for any module without leaving your editor.
- Scaffold — generate production-ready, multi-file Terraform with cross-module wiring already done.
- Secure — scan generated or existing HCL for misconfigurations before it hits a PR.
- Compare — diff modules side-by-side to make informed architectural decisions.
Setup (one minute)¶
The MCP endpoint is https://arc-iac-mcp.sourcef.us/mcp. Pick your client:
Claude Code CLI:
Claude Desktop — edit ~/Library/Application Support/Claude/claude_desktop_config.json:
Cursor / Windsurf / Kiro — add the same block to .cursor/mcp.json (or the equivalent for your client).
Example prompts to try¶
- "List all ARC modules sorted by downloads"
- "What inputs does
arc-ecsrequire?" - "Scaffold a production-ready
arc-dbAurora setup with Secrets Manager" - "Compare
arc-eksandarc-ecsfor running 10 microservices" - "Scan this Terraform before I raise a PR:
<paste HCL>"
See the ARC IaC MCP repo for the full tool reference, troubleshooting tips, and local-development instructions.
Contributing¶
See CONTRIBUTING.md for commit conventions and development setup.
Authors¶
This project is authored by: - SourceFuse ARC Team