Posted On: Nov 5, 2021

CloudWatch Synthetics now supports using an Amazon Key Management Service (Amazon KMS) key that you provide to encrypt the canary run data that CloudWatch Synthetics stores in your Amazon Simple Storage Service (Amazon S3) bucket. By default, these artifacts are encrypted at rest using an Amazon managed key.

Canaries are modular, lightweight scripts that you can configure to run on a schedule to monitor your endpoints and APIs from the outside in. Canaries simulate the same actions as a user, which makes it possible for you to monitor your user experience nearly continuously. With the new runtime version syn-nodejs-3.3, you can choose to provide CloudWatch Synthetics with your own KMS key. Alternatively, you can choose SSE-S3 encryption mode when creating or updating the canary to encrypt the canary run data at rest. Then, CloudWatch Synthetics uses the specified encryption option instead of the default key which is managed by the service to encrypt the artifacts. CloudWatch Synthetics now also supports updating the S3 bucket location used for storing artifacts for a canary.

This feature is available in Amazon Web Services China (Beijing) Region, operated by Sinnet and in Amazon Web Services China (Ningxia) Region, operated by NWCD.

To learn more about this feature, see the CloudWatch Synthetics documentation. For pricing, refer to Amazon CloudWatch pricing.