AWS CloudWatch Click here for latest
Scale applications based on AWS CloudWatch.
This specification describes the
aws-cloudwatch trigger that scales based on a AWS CloudWatch.
triggers: - type: aws-cloudwatch metadata: # Required: namespace namespace: AWS/SQS # Optional: Dimension Name dimensionName: QueueName # Optional: Dimension Value dimensionValue: keda # Optional: Expression query expression: SELECT MAX("ApproximateNumberOfMessagesVisible") FROM "AWS/SQS" WHERE QueueName = 'keda' metricName: ApproximateNumberOfMessagesVisible targetMetricValue: "2" minMetricValue: "0" # Required: region awsRegion: "eu-west-1" # Optional: AWS Access Key ID, can use TriggerAuthentication as well awsAccessKeyIDFromEnv: AWS_ACCESS_KEY_ID # default AWS_ACCESS_KEY_ID # Optional: AWS Secret Access Key, can use TriggerAuthentication as well awsSecretAccessKeyFromEnv: AWS_SECRET_ACCESS_KEY # default AWS_SECRET_ACCESS_KEY identityOwner: pod | operator # Optional. Default: pod # Optional: Collection Time metricCollectionTime: "300" # default 300 # Optional: Metric Statistic metricStat: "Average" # default "Average" # Optional: Metric Statistic Period metricStatPeriod: "300" # default 300 # Optional: Metric Unit metricUnit: "Count" # default "" # Optional: Metric EndTime Offset metricEndTimeOffset: "60" # default 0
dimensionName- Supports specifying multiple dimension names by using “;” as a separator i.e. dimensionName: QueueName;QueueName (Optional, Required when
expressionis not specified)
dimensionValue- Supports specifying multiple dimension values by using “;” as a separator i.e. dimensionValue: queue1;queue2 (Optional, Required when
expressionis not specified)
expression- Supports query with expression (Optional, Required when
dimensionValueare not specified)
identityOwner- Receive permissions on the CloudWatch via Pod Identity or from the KEDA operator itself (see below). (Values:
operator- the only requirement is that the KEDA operator has the correct IAM permissions on the CloudWatch. Additional Authentication Parameters are not required.
metricCollectionTime- How long in the past (seconds) should the scaler check AWS Cloudwatch. Used to define StartTime (official documentation). The value of
metricCollectionTimemust be greater than the
metricStatPeriod, providing a value which is a multiply of the
metricStatPeriodcan improve performance on fetching data from Cloudwatch. In pratice setting
metricCollectionTime2-to-3 times more than the
metricStatPeriodvalue can make sure the scaler is able to get data points back from Cloudwatch, the scaler will always use the most up-to-date datapoint if more datapoints are returned. (Default:
metricStat- Which statistics metric is going to be used by the query. Used to define Stat (official documentation). (Default:
metricStatPeriod- Which frequency is going to be used by the related query. Used to define Period. The value cannot be an arbitrary number, that it must be supported by Cloudwatch. More details can be found from (official documentation). (Default:
metricUnit- Which unit is going to be used by the query. Used to define Unit (official documentation). (Default:
metricEndTimeOffset- How long in seconds to offset the EndTime (official documentation). Due to the eventual consistency model which is used by Cloudwatch, the latest datapoint one can get from Cloudwatch might not be accurate. The
metricEndTimeOffsetconfig provides a way to skip the most recent datapoint if needed. (Default:
These parameters are relevant only when
identityOwneris set to
You can use
TriggerAuthentication CRD to configure the authenticate by providing either a role ARN or a set of IAM credentials.
Pod identity based authentication:
podIdentity.provider- Needs to be set to either
TriggerAuthenticationand the pod/service account must be configured correctly for your pod identity provider.
Role based authentication:
awsRoleArn- Amazon Resource Names (ARNs) uniquely identify AWS resource.
Credential based authentication:
awsAccessKeyID- Id of the user.
awsSecretAccessKey- Access key for the user to authenticate with.
awsSessionToken- Session token, only required when using temporary credentials.
The user will need access to read data from AWS CloudWatch.
apiVersion: v1 kind: Secret metadata: name: test-secrets data: AWS_ACCESS_KEY_ID: <encoded-user-id> # Required. AWS_SECRET_ACCESS_KEY: <encoded-key> # Required. AWS_SESSION_TOKEN: <encoded-session-token> # Required when using temporary credentials. --- apiVersion: keda.sh/v1alpha1 kind: TriggerAuthentication metadata: name: keda-trigger-auth-aws-credentials namespace: keda-test spec: secretTargetRef: - parameter: awsAccessKeyID # Required. name: test-secrets # Required. key: AWS_ACCESS_KEY_ID # Required. - parameter: awsSecretAccessKey # Required. name: test-secrets # Required. key: AWS_SECRET_ACCESS_KEY # Required. - parameter: awsSessionToken # Required when using temporary credentials. name: test-secrets # Required when using temporary credentials. key: AWS_SESSION_TOKEN # Required when using temporary credentials. --- apiVersion: keda.sh/v1alpha1 kind: ScaledObject metadata: name: aws-cloudwatch-queue-scaledobject namespace: keda-test spec: scaleTargetRef: name: nginx-deployment triggers: - type: aws-cloudwatch metadata: namespace: AWS/SQS dimensionName: QueueName dimensionValue: keda metricName: ApproximateNumberOfMessagesVisible targetMetricValue: "2" minMetricValue: "0" awsRegion: "eu-west-1" authenticationRef: name: keda-trigger-auth-aws-credentials