Injecting custom faults with AWS Fault Injection Simulator

Part 2— AWS Fault Injection Simulator series

Adrian Hornsby
Nov 24 · 9 min read
Using AWS Lambda and embedded scripts to execute custom fault injection with FIS

What is SSM Automation and how it integrates with AWS FIS?

FIS experiment using aws:ssm:start-automation-execution action

Understanding SSMA documents

Anatomy of an SSMA document
JSONPath: $.Reservations[0].Instances[0].ImageId
Type:
String
Returns:
"ami-12345678"
JSONPath: $.Reservations..Instances..State
Type:
MapList
Returns:
[
{
"Code" : 16,
"Name" : "running"
},
{
"Code" : 80,
"Name" : "stopped"
}
]

Fault injection and rollback mechanism

Step 1

Step 2

Step 3

(1) Embedding Python scripts directly within SSMA

action: "aws:executeScript"
inputs:
Runtime: "python3.6"
Handler: "script_handler"
InputPayload:
"parameter1": "parameter_value1"
"parameter2": "parameter_value2"
Script: >
def script_handler(events, context):
(script commands)
outputs:
Payload

(2) Invoke Lambda Function via SSMA

(1) Fault injection Lambda function

(2) Rollback Lambda function

name: invokeMyLambdaFunction
action:
aws:invokeLambdaFunction
maxAttempts:
3
timeoutSeconds:
120
onFailure:
Abort
inputs:
FunctionName:
MyLambdaFunction
Payload: JSON
outputs:
Payload:
JSON
StatusCode

Nuff said — Let’s demo this!

ssm:GetAutomationExecution
ssm:StartAutomationExecution
ssm:StopAutomationExecution
iam:PassRole (if the automation assumes a role)
ec2:CreateNetworkAcl
ec2:CreateNetworkAclEntry
ec2:CreateTags
ec2:DescribeSubnets
ec2:DescribeNetworkAcls
ec2:ReplaceNetworkAclAssociation
ec2:DeleteNetworkAcl

The Cloud Architect

Resilient, scalable, and highly available cloud architectures.