As an example, here is a canary that it not in a stable state. This should be causing CloudFormation updates to fail, but it is not:
% aws synthetics get-canary --name <REDACTED>
{
"Canary": {
"Id": <REDACTED>,
"Name": <REDACTED>,
"Code": {
"SourceLocationArn": <REDACTED>,
"Handler": <REDACTED>
},
"ExecutionRoleArn": <REDACTED>,
"Schedule": {
"Expression": "rate(5 minutes)",
"DurationInSeconds": 0
},
"RunConfig": {
"TimeoutInSeconds": 300,
"MemoryInMB": 960
},
"SuccessRetentionPeriodInDays": 31,
"FailureRetentionPeriodInDays": 31,
"Status": {
"State": "RUNNING",
"StateReason": "Error occurred while DescribeSecurityGroups. EC2 Error Code: InvalidGroup.NotFound. EC2 Error Message: The security group <REDACTED> does not exist (Service: AWSLambda; Status Code: 400; Error Code: InvalidParameterValueException; Request ID :<REDACTED>; Proxy: null)"
},
"Timeline": {
"Created": 1593634958.304,
"LastModified": 1598909334.057,
"LastStarted": 1598909344.0
},
"ArtifactS3Location": <REDACTED>,
"EngineArn": <REDACTED>,
"RuntimeVersion": "syn-1.0",
"Tags": {}
}
}
It looks like the model JSON also needs to be updated to be able to support this, see here where it only has State
.
When performing the Update (and most likely in the Create handler as well), the handler needs to check that there is no StateReason
returned before considering the request successful, see here.