Posted On: Oct 20, 2021

CloudWatch Synthetics now supports using an AWS Key Management Service (AWS KMS) key that you provide to encrypt the canary run data that CloudWatch Synthetics stores in your Amazon Simple Storage Service (Amazon S3) bucket. By default, these artifacts are encrypted at rest using an AWS managed key.

Canaries are modular, lightweight scripts that you can configure to run on a schedule to monitor your endpoints and APIs from the outside in. Canaries simulate the same actions as a user, which makes it possible for you to monitor your user experience nearly continuously. With the new runtime version syn-nodejs-3.3, you can choose to provide CloudWatch Synthetics with your own KMS key. Alternatively, you can choose SSE-S3 encryption mode when creating or updating the canary to encrypt the canary run data at rest. Then, CloudWatch Synthetics uses the specified encryption option instead of the default AWS managed key to encrypt the artifacts. CloudWatch Synthetics now also supports updating the S3 bucket location used for storing artifacts for a canary.

This feature is available in all Regions where CloudWatch Synthetics is available, except China Regions.

To learn more about this feature, see the CloudWatch Synthetics documentation. For pricing, refer to Amazon CloudWatch pricing.