Remove secret and run test on the canary

.github/workflows/appsignals-e2e-ec2-test.yml

@@ -26,7 +26,6 @@ env:
   APP_SIGNALS_ADOT_JAR: "https://github.com/aws-observability/aws-otel-java-instrumentation/releases/latest/download/aws-opentelemetry-agent.jar"
   METRIC_NAMESPACE: AppSignals
   LOG_GROUP_NAME: /aws/appsignals/generic
-  APP_SIGNALS_E2E_EC2_TEST_ROLE: ${{ secrets.APP_SIGNALS_E2E_EC2_TEST_ROLE }}
 
 jobs:
   e2e-ec2-test:
@@ -85,7 +84,6 @@ jobs:
               -var="sample_remote_app_jar=${{ env.SAMPLE_APP_REMOTE_SERVICE_JAR }}" \
               -var="cw_agent_rpm=${{ env.APP_SIGNALS_CW_AGENT_RPM }}" \
               -var="adot_jar=${{ env.APP_SIGNALS_ADOT_JAR }}" \
-              -var="test_role=${{ env.APP_SIGNALS_E2E_EC2_TEST_ROLE }}" \
             || deployment_failed=$?
           
             if [ $deployment_failed -eq 1 ]; then

testing/README.md

@@ -31,9 +31,10 @@ This step is needed to allow Github Action to have access to resources in the AW
 
 Additional Resource: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
 
-### 2. Create an EKS Cluster 
-The E2E EKS test uses an EKS cluster to deploy the sample apps.
+### 2. Create EKS Clusters
+The E2E EKS test uses an EKS cluster to deploy the sample apps. 
 #### Setup Environment with the Appropriate Roles and Permissions.
+Note: Make sure to replace <AccountID> with the correct value.
 - First, assume Admin role from the test account by running `ada credentials update --account=<AccountID> --role=Admin --provider=isengard --once`
 - Assume the e2e test role by running 
   - `output=$(aws sts assume-role --role-arn arn:aws:iam::<AccountID>:role/<E2ETestRole> --role-session-name AWSCLI-Session)`
@@ -42,30 +43,32 @@ The E2E EKS test uses an EKS cluster to deploy the sample apps.
   - `export AWS_SESSION_TOKEN=$(echo $output | jq -r .Credentials.SessionToken)`
 - Run `aws sts get-caller-identity` to check if you are in the correct role
 #### Create a new Cluster
-Make sure to replace <ClusterName> with the desired cluster name.
-- Next, create the cluster by running `eksctl create cluster --name <ClusterName> --region us-east-1 --zones us-east-1a,us-east-1b`. This will take around ~10 minutes. 
+Note: Make sure to replace <Region> with the correct value (e.g. us-east-1)
+- Next, create the cluster by running `eksctl create cluster --name e2e-canary-test --region <Region> --zones <Region>a,<Region>b`. This will take around ~10 minutes. 
 #### Install AWS Load Balancer Controller Add-on
 - Finally, install the AWS Load Balancer Controller add-on by running the following commands. Make sure to replace the `<ClusterName>` and `<AccountID>` with the correct value.
   ```
-  eksctl utils associate-iam-oidc-provider --cluster <ClusterName> --region us-east-1 --approve
+  eksctl utils associate-iam-oidc-provider --cluster e2e-canary-test --region <Region> --approve
   curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.7/docs/install/iam_policy.json
-  aws iam create-policy --policy-name AWSLoadBalancerControllerIAMPolicy --policy-document file://iam_policy.json --region us-east-1
-  eksctl create iamserviceaccount --cluster=<ClusterName> --namespace=kube-system --name=aws-load-balancer-controller --attach-policy-arn=arn:aws:iam::<AccountID>:policy/AWSLoadBalancerControllerIAMPolicy --region us-east-1 --approve
+  aws iam create-policy --policy-name AWSLoadBalancerControllerIAMPolicy --policy-document file://iam_policy.json --region <Region>
+  eksctl create iamserviceaccount --cluster=e2e-canary-test --namespace=kube-system --name=aws-load-balancer-controller --attach-policy-arn=arn:aws:iam::<AccountID>:policy/AWSLoadBalancerControllerIAMPolicy --region <Region> --approve
   kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.5.4/cert-manager.yaml
   curl -Lo v2_4_7_full.yaml https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases/download/v2.4.7/v2_4_7_full.yaml
   sed -i.bak -e '561,569d' ./v2_4_7_full.yaml
-  sed -i.bak -e 's|your-cluster-name|<ClusterName>|' ./v2_4_7_full.yaml
+  sed -i.bak -e 's|your-cluster-name|e2e-canary-test|' ./v2_4_7_full.yaml
   kubectl apply -f v2_4_7_full.yaml
   curl -Lo v2_4_7_ingclass.yaml https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases/download/v2.4.7/v2_4_7_ingclass.yaml
   kubectl apply -f v2_4_7_ingclass.yaml```
+#### Create a New Cluster and Install the AWS Load Balancer Controller Add-on for All Regions
+Repeat the previous two steps for all 5 regions. (us-east-1, us-east-2, eu-west-1, ap-northeast-1, ap-southeast-2)
 
 ### 3. Setting up Environment for EC2 Tests
 #### Create IAM Role for EC2 Instance
 - Login to AWS, go to the IAM console and click on the Roles tab. Click Create role.
 - Choose AWS service, and choose EC2 as the use case. Click Next.
 - Choose AmazonS3ReadOnlyAccess, AWSXrayWriteOnlyAccess, and CloudWatchAgentServerPolicy as the permission. 
-- Type the role name and click "Create role".
-- 
+- Type the role name as `APP_SIGNALS_EC2_TEST_ROLE` and click "Create role".
+
 #### Setting Up Default VPC
 - Go to the VPC console and on the routing table for the default VPC, click Edit routes. (The default VPC should have the `-` name if it hasn't been assigned to another VPC before)
 - Click add routes, for destination add `0.0.0.0/0`, for target add Internet Gateway and save changes.
@@ -85,16 +88,19 @@ Follow the instructions under [here](./sample-apps/README.md) to build the sampl
 - Add the following secrets to the repository
   - APP_SIGNALS_E2E_TEST_ACC: `<AccountID>`
   - E2E_TEST_ROLE_ARN: `arn:aws:iam::<AccountID>:role/<RoleName>`
-  - APP_SIGNALS_E2E_EC2_TEST_ROLE: <EC2_IAM_ROLE_NAME>
   - APP_SIGNALS_E2E_FE_SA_IMG: `<AccountID>.dkr.ecr.us-east-1.amazonaws.com/<Path to Sample App Image>`
   - APP_SIGNALS_E2E_RE_SA_IMG: `<AccountID>.dkr.ecr.us-east-1.amazonaws.com/<Path to Remote Sample App Image>`
   - APP_SIGNALS_E2E_FE_SA_JAR: s3://<BucketName>/<FileName.jar>
   - APP_SIGNALS_E2E_RE_SA_JAR: s3://<BucketName>/<FileName.jar>
 
 
 ### 7. Running the tests
-Copy paste the test.yml into `../.github/workflows` and replace the cluster name with the one generated in step 2. 
-Push the code changes and there should be a test running on the forked repo in the Action tab
+Go to the Actions tab on the forked repository.
+
+- To run the EKS test, go to `App Signals Enablement - E2E EKS Canary Testing`, and click `Enable Workflow`, then `Run Workflow`.
+- To run the EC2 test, go to `App Signals Enablement - E2E EC2 Canary Testing`, and click `Enable Workflow`, then `Run Workflow`.
+
+If you don't want the canaries to run every 15 minutes on the forked repository, click the `...` button on the top right and choose `Disable Workflow`
 
 ### E2E Testing Resources
 - `./.github/workflows/appsignals-e2e-*`: workflow files for running e2e tests

testing/sample-apps/README.md

@@ -23,8 +23,16 @@ the backup image, push the update to the main image and revert the addresses on
 4. Change the `tasks.named("jib").enabled` value on the `build.gradle.kts` file from false to true
 4. Run `gradle jib` under the respective directory.
 
-## [WIP] EC2 Use Case: Building the JAR Files
+## EC2 Use Case: Building the JAR Files
 To build the JAR files of the sample application, simply `cd` into each application, e.g. `cd testing/sample-apps/springboot`, and run `gradle build`.
-This will create a JAR file in the `build/libs/` folder. To update the JAR file in the testing account:
+This will create JAR files in the `build/libs/` folder with the format:
+- springboot-*-SNAPSHOT-javadoc.jar
+- springboot-*-SNAPSHOT-plain.jar
+- springboot-*-SNAPSHOT-sources.jar
+- springboot-*-SNAPSHOT.jar. 
+
+To update the JAR file in the testing account:
 - Use `ada` commands to authenticate into the testing account
-- Only after you're sure of your changes and if they do not break the tests running in other repos, use `aws s3api put-object --bucket <BUCKET_NAME> --body build/libs/<JAR_FILE_NAME>.jar --key <SERVICE_NAME>.jar` to push the JAR to S3
+- Only after you're sure of your changes and if they do not break the tests running in other repos, use `aws s3api put-object --bucket <BUCKET_NAME> --body build/libs/springboot-*-SNAPSHOT.jar --key <SERVICE_NAME>.jar`
+
+Note: Replace * with the version number and `<SERVICE_NAME>.jar` is the desired name of the .jar file once in the s3 bucket. e.g. `sample-app-main-service.jar`

testing/terraform/ec2/main.tf

@@ -66,7 +66,7 @@ resource "aws_instance" "main_service_instance" {
   ami                                   = data.aws_ami.ami.id # Amazon Linux 2 (free tier)
   instance_type                         = "t2.micro"
   key_name                              = local.ssh_key_name
-  iam_instance_profile                  = var.test_role
+  iam_instance_profile                  = "APP_SIGNALS_EC2_TEST_ROLE"
   vpc_security_group_ids                = [aws_default_vpc.default.default_security_group_id]
   associate_public_ip_address           = true
   instance_initiated_shutdown_behavior  = "terminate"
@@ -127,7 +127,7 @@ resource "aws_instance" "remote_service_instance" {
   ami                                   = data.aws_ami.ami.id # Amazon Linux 2 (free tier)
   instance_type                         = "t2.micro"
   key_name                              = local.ssh_key_name
-  iam_instance_profile                  = var.test_role
+  iam_instance_profile                  = "APP_SIGNALS_EC2_TEST_ROLE"
   vpc_security_group_ids                = [aws_default_vpc.default.default_security_group_id]
   associate_public_ip_address           = true
   instance_initiated_shutdown_behavior  = "terminate"

testing/terraform/ec2/variables.tf

@@ -39,8 +39,4 @@ variable "cw_agent_rpm" {
 
 variable "adot_jar" {
   default = "s3://<bucket-name>/<jar>"
-}
-
-variable "test_role" {
-   default = "<role-name>"
 }