{"id":201,"date":"2026-04-13T04:33:54","date_gmt":"2026-04-13T04:33:54","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/aws-fault-injection-service-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-developer-tools\/"},"modified":"2026-04-13T04:33:54","modified_gmt":"2026-04-13T04:33:54","slug":"aws-fault-injection-service-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-developer-tools","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/aws-fault-injection-service-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-developer-tools\/","title":{"rendered":"AWS Fault Injection Service Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Developer tools"},"content":{"rendered":"\n

Category<\/h2>\n\n\n\n

Developer tools<\/p>\n\n\n\n

1. Introduction<\/h2>\n\n\n\n

AWS Fault Injection Service is an AWS managed service for running controlled fault-injection experiments\u2014often called chaos engineering<\/em>\u2014against AWS workloads. You use it to deliberately introduce failures (for example, instance reboots, network disruptions, or other service-specific faults) to validate that your application and operations practices behave the way you expect under stress.<\/p>\n\n\n\n

In simple terms: you define an experiment, pick the resources to target, choose the fault to inject, set safety guardrails, then run it and observe what happens<\/strong>. It\u2019s like a fire drill for your cloud architecture\u2014done in a repeatable, audited, automatable way.<\/p>\n\n\n\n

Technically, AWS Fault Injection Service provides an experiment orchestration plane that integrates with AWS APIs and selected AWS services (such as Amazon EC2 and AWS Systems Manager, plus other services depending on region and current support). You define an experiment template<\/strong> containing targets<\/strong>, actions<\/strong>, and stop conditions<\/strong>. When you start an experiment, the service assumes an IAM role and issues the necessary AWS API calls (or invokes integrated mechanisms) to inject faults. Experiment progress is observable through the service console\/API and is also visible via AWS-native governance services like AWS CloudTrail and Amazon EventBridge.<\/p>\n\n\n\n

The problem it solves is straightforward: many systems appear reliable until they fail in a realistic way<\/strong>. Standard unit tests and integration tests rarely reproduce real dependency failures (latency, node loss, AZ impairment patterns, misbehaving instances). AWS Fault Injection Service helps you find resilience gaps before<\/em> customers do, and it helps teams prove that runbooks, alarms, and auto-healing actually work.<\/p>\n\n\n\n

\n

Naming note (verify in official docs for your account\/region): AWS has historically used the name \u201cAWS Fault Injection Simulator (FIS)\u201d<\/strong> in APIs, IAM policy names, and documentation paths. You may still see \u201csimulator\u201d in some places even when the console and marketing pages use AWS Fault Injection Service<\/strong>.<\/p>\n<\/blockquote>\n\n\n\n

\n\n\n\n

2. What is AWS Fault Injection Service?<\/h2>\n\n\n\n

Official purpose<\/h3>\n\n\n\n

AWS Fault Injection Service is designed to help you improve application performance, observability, and resilience<\/strong> by running fault injection experiments on AWS workloads<\/strong> in a controlled and repeatable manner.<\/p>\n\n\n\n

Core capabilities<\/h3>\n\n\n\n

At a high level, AWS Fault Injection Service enables you to:<\/p>\n\n\n\n

    \n
  • Define experiments<\/strong> as reusable templates<\/li>\n
  • Select targets<\/strong> using tags, resource IDs, or other supported selection methods<\/li>\n
  • Inject faults<\/strong> using supported actions (service-dependent)<\/li>\n
  • Set stop conditions<\/strong> (typically Amazon CloudWatch alarms) to automatically halt experiments if risk thresholds are exceeded<\/li>\n
  • Observe results<\/strong> and integrate experiment execution with operational tooling<\/li>\n<\/ul>\n\n\n\n

    Major components (conceptual model)<\/h3>\n\n\n\n

    Common constructs you\u2019ll work with:<\/p>\n\n\n\n

      \n
    • Experiment template<\/strong>: A reusable blueprint defining what to target<\/em> and what to do<\/em>.<\/li>\n
    • Experiment<\/strong>: A single run created from a template.<\/li>\n
    • Targets<\/strong>: Sets of AWS resources selected for fault injection (for example, tagged EC2 instances).<\/li>\n
    • Actions<\/strong>: The fault injection steps (for example, reboot an instance).<\/li>\n
    • Stop conditions<\/strong>: Safety controls (most commonly CloudWatch alarms) that stop the experiment when triggered.<\/li>\n
    • IAM role<\/strong>: A role that AWS Fault Injection Service assumes to execute actions against your resources.<\/li>\n<\/ul>\n\n\n\n

      Service type<\/h3>\n\n\n\n
        \n
      • Managed AWS service<\/strong> (control plane), accessed through:<\/li>\n
      • AWS Management Console<\/li>\n
      • AWS CLI \/ SDKs (where supported)<\/li>\n
      • AWS APIs<\/li>\n<\/ul>\n\n\n\n

        Scope: regional vs global<\/h3>\n\n\n\n

        AWS Fault Injection Service is regional<\/strong>: templates and experiments live in and operate within a specific AWS Region. Your targets must generally be in the same Region as the experiment. Always confirm Region support and action availability in the official documentation for your selected Region.<\/p>\n\n\n\n

        How it fits into the AWS ecosystem<\/h3>\n\n\n\n

        AWS Fault Injection Service sits in the \u201cDeveloper tools\u201d\/engineering enablement layer as a resilience testing orchestrator. It pairs naturally with:<\/p>\n\n\n\n

          \n
        • Amazon CloudWatch<\/strong> (metrics, alarms, dashboards)<\/li>\n
        • AWS CloudTrail<\/strong> (auditability of experiment actions and API calls)<\/li>\n
        • Amazon EventBridge<\/strong> (experiment state-change events routed to notifications\/automation)<\/li>\n
        • AWS Systems Manager<\/strong> (commonly used for OS-level fault injection patterns where supported)<\/li>\n
        • AWS Resilience Hub<\/strong> and AWS Well-Architected Tool<\/strong> (governance and resilience posture; not a replacement for fault injection)<\/li>\n<\/ul>\n\n\n\n
          \n\n\n\n

          3. Why use AWS Fault Injection Service?<\/h2>\n\n\n\n

          Business reasons<\/h3>\n\n\n\n
            \n
          • Reduce revenue-impacting outages<\/strong> by identifying failure modes earlier.<\/li>\n
          • Increase customer trust<\/strong> by validating resilience claims with evidence.<\/li>\n
          • Lower incident cost<\/strong> by improving MTTR through practiced responses and validated automation.<\/li>\n<\/ul>\n\n\n\n

            Technical reasons<\/h3>\n\n\n\n
              \n
            • Test assumptions<\/strong> in distributed systems (timeouts, retries, circuit breakers, fallback behavior).<\/li>\n
            • Validate redundancy<\/strong> (multi-AZ, scaling policies, self-healing) under real disruption.<\/li>\n
            • Find hidden dependencies<\/strong> (shared services, DNS behavior, credential refresh, stateful components).<\/li>\n<\/ul>\n\n\n\n

              Operational reasons<\/h3>\n\n\n\n
                \n
              • Turn \u201crunbooks\u201d into verified procedures<\/strong> by running experiments during game days.<\/li>\n
              • Improve monitoring quality<\/strong>: ensure alarms trigger when they should, and only then.<\/li>\n
              • Create repeatable, versionable tests<\/strong> (templates) that can be run on demand or during release cycles.<\/li>\n<\/ul>\n\n\n\n

                Security\/compliance reasons<\/h3>\n\n\n\n
                  \n
                • Auditability<\/strong> via CloudTrail and IAM roles used for experiments.<\/li>\n
                • Controlled access<\/strong> through least-privilege IAM and scoped targets.<\/li>\n
                • Helps demonstrate operational resilience practices for certain compliance programs (requirements vary; verify with your compliance team).<\/li>\n<\/ul>\n\n\n\n

                  Scalability\/performance reasons<\/h3>\n\n\n\n

                  Fault injection can validate scaling and performance behavior under partial failure (for example, increased latency causing request queueing). It\u2019s not a load testing tool by itself, but it often complements load testing.<\/p>\n\n\n\n

                  When teams should choose it<\/h3>\n\n\n\n

                  Choose AWS Fault Injection Service when you need:<\/p>\n\n\n\n

                    \n
                  • AWS-native fault injection orchestration<\/li>\n
                  • Repeatable experiments with safety guardrails (stop conditions)<\/li>\n
                  • Integration with AWS monitoring and governance tools<\/li>\n
                  • A managed service (no chaos platform to host\/maintain)<\/li>\n<\/ul>\n\n\n\n

                    When teams should not choose it<\/h3>\n\n\n\n

                    Avoid or defer AWS Fault Injection Service when:<\/p>\n\n\n\n

                      \n
                    • You cannot safely isolate blast radius (no staging, no canary, no strict targeting)<\/li>\n
                    • Your organization has not established basic observability (you can\u2019t measure impact)<\/li>\n
                    • You need fault types not supported by AWS Fault Injection Service (you may need third-party or self-managed chaos tooling)<\/li>\n
                    • You\u2019re looking for classic performance\/load testing\u2014use tools like distributed load generators instead<\/li>\n<\/ul>\n\n\n\n
                      \n\n\n\n

                      4. Where is AWS Fault Injection Service used?<\/h2>\n\n\n\n

                      Industries<\/h3>\n\n\n\n
                        \n
                      • SaaS and internet services<\/li>\n
                      • FinTech and payments (with strict controls and non-production emphasis)<\/li>\n
                      • Media\/streaming<\/li>\n
                      • E-commerce<\/li>\n
                      • Gaming<\/li>\n
                      • Healthcare and regulated industries (often in pre-production, with strong governance)<\/li>\n<\/ul>\n\n\n\n

                        Team types<\/h3>\n\n\n\n
                          \n
                        • SRE \/ platform engineering<\/li>\n
                        • DevOps teams running CI\/CD and operational readiness programs<\/li>\n
                        • Cloud infrastructure teams validating multi-AZ patterns<\/li>\n
                        • Application teams responsible for service reliability<\/li>\n
                        • Security and risk teams coordinating resilience and operational risk controls<\/li>\n<\/ul>\n\n\n\n

                          Workloads<\/h3>\n\n\n\n
                            \n
                          • Microservices on compute fleets<\/li>\n
                          • Containerized workloads (service support varies; verify)<\/li>\n
                          • Event-driven systems (queues, streams, workflows)<\/li>\n
                          • Tiered web applications (ALB \u2192 compute \u2192 datastore)<\/li>\n
                          • Batch pipelines and scheduled workloads<\/li>\n<\/ul>\n\n\n\n

                            Architectures<\/h3>\n\n\n\n
                              \n
                            • Multi-AZ architectures where instance-level and network-level failures are meaningful<\/li>\n
                            • Service-mesh or gateway-based architectures where failure propagation can be studied<\/li>\n
                            • Hybrid patterns (some AWS resources plus on-prem) where AWS-side failures are still important<\/li>\n<\/ul>\n\n\n\n

                              Real-world deployment contexts<\/h3>\n\n\n\n
                                \n
                              • Game days<\/strong>: planned resilience exercises with stakeholders.<\/li>\n
                              • Release readiness<\/strong>: run experiments before major launches.<\/li>\n
                              • Post-incident learning<\/strong>: validate that fixes prevent repeat incidents.<\/li>\n
                              • Continuous resilience<\/strong>: scheduled experiments in non-production (and sometimes controlled production).<\/li>\n<\/ul>\n\n\n\n

                                Production vs dev\/test usage<\/h3>\n\n\n\n
                                  \n
                                • Non-production<\/strong> is the safest place to start: replicate topology and validate behavior.<\/li>\n
                                • Production<\/strong> can be appropriate, but only with:<\/li>\n
                                • strict scoping (tags, narrow selection)<\/li>\n
                                • mature observability and on-call readiness<\/li>\n
                                • clear abort criteria via stop conditions<\/li>\n
                                • change management approvals where required<\/li>\n<\/ul>\n\n\n\n
                                  \n\n\n\n

                                  5. Top Use Cases and Scenarios<\/h2>\n\n\n\n

                                  Below are realistic, commonly implemented scenarios. Exact actions available depend on Region and service support\u2014always confirm in the Actions<\/strong> section of the official docs.<\/p>\n\n\n\n

                                  1) EC2 instance reboot resilience test<\/h3>\n\n\n\n
                                    \n
                                  • Problem<\/strong>: You don\u2019t know if an instance reboot causes customer impact.<\/li>\n
                                  • Why this service fits<\/strong>: A controlled reboot action can validate load balancer health checks, auto-healing, and graceful shutdown.<\/li>\n
                                  • Example<\/strong>: Reboot one instance in an Auto Scaling group and confirm traffic stays healthy and alarms behave.<\/li>\n<\/ul>\n\n\n\n

                                    2) Validate Auto Scaling replacement and warmup<\/h3>\n\n\n\n
                                      \n
                                    • Problem<\/strong>: After node loss, replacement capacity is slow or misconfigured.<\/li>\n
                                    • Why this service fits<\/strong>: Fault injection triggers failure while you measure replacement time and error rates.<\/li>\n
                                    • Example<\/strong>: Inject instance termination (in non-prod) to confirm lifecycle hooks and warmup scripts work.<\/li>\n<\/ul>\n\n\n\n

                                      3) Network impairment drill (latency\/packet loss) for dependency timeouts<\/h3>\n\n\n\n
                                        \n
                                      • Problem<\/strong>: Services have overly long timeouts and cause request pileups under latency.<\/li>\n
                                      • Why this service fits<\/strong>: If supported for your setup, network disruption actions can create controlled latency.<\/li>\n
                                      • Example<\/strong>: Increase latency to a subset of instances and confirm retries\/backoff are sane.<\/li>\n<\/ul>\n\n\n\n

                                        4) Validate alarms and stop conditions<\/h3>\n\n\n\n
                                          \n
                                        • Problem<\/strong>: You have alarms, but you\u2019re unsure they trigger under real failures.<\/li>\n
                                        • Why this service fits<\/strong>: You can wire CloudWatch alarms as stop conditions and verify they trigger and halt experiments.<\/li>\n
                                        • Example<\/strong>: Trigger a fault expected to raise a specific alarm and confirm the experiment stops automatically.<\/li>\n<\/ul>\n\n\n\n

                                          5) Game day for operational readiness<\/h3>\n\n\n\n
                                            \n
                                          • Problem<\/strong>: Teams don\u2019t practice responding to failures; runbooks are untested.<\/li>\n
                                          • Why this service fits<\/strong>: Repeatable experiments enable consistent drills and measurable improvements.<\/li>\n
                                          • Example<\/strong>: Monthly game day: run the same experiment template and compare MTTR and error budgets over time.<\/li>\n<\/ul>\n\n\n\n

                                            6) Validate blue\/green or canary deployment rollback behavior<\/h3>\n\n\n\n
                                              \n
                                            • Problem<\/strong>: Rollbacks are assumed to work but rarely tested under pressure.<\/li>\n
                                            • Why this service fits<\/strong>: Fault injection can introduce controlled instability during a release rehearsal.<\/li>\n
                                            • Example<\/strong>: During a canary, inject a fault in the canary fleet and verify rollback automation triggers safely.<\/li>\n<\/ul>\n\n\n\n

                                              7) Test resilience of stateful services\u2019 client behavior<\/h3>\n\n\n\n
                                                \n
                                              • Problem<\/strong>: Client libraries behave badly during partial outages (connection storms, thundering herd).<\/li>\n
                                              • Why this service fits<\/strong>: Inject faults into compute tiers and watch how clients reconnect or retry.<\/li>\n
                                              • Example<\/strong>: Reboot a percentage of API servers and validate connection pooling and retry jitter.<\/li>\n<\/ul>\n\n\n\n

                                                8) Validate multi-AZ behavior (application tier)<\/h3>\n\n\n\n
                                                  \n
                                                • Problem<\/strong>: You think the app is multi-AZ, but traffic is sticky to one AZ or capacity is uneven.<\/li>\n
                                                • Why this service fits<\/strong>: Target selection can focus on a subset (for example, instances tagged by AZ via automation).<\/li>\n
                                                • Example<\/strong>: Disrupt compute nodes in one AZ in staging and validate traffic shifts.<\/li>\n<\/ul>\n\n\n\n

                                                  9) Confirm incident response automation<\/h3>\n\n\n\n
                                                    \n
                                                  • Problem<\/strong>: Automation exists (e.g., runbooks, tickets, paging), but no one knows if it triggers correctly.<\/li>\n
                                                  • Why this service fits<\/strong>: Use EventBridge experiment events to drive automation (notifications\/tickets).<\/li>\n
                                                  • Example<\/strong>: When an experiment starts\/stops, send messages to a chat channel and create a change record.<\/li>\n<\/ul>\n\n\n\n

                                                    10) Validate queue\/stream backpressure under partial worker loss<\/h3>\n\n\n\n
                                                      \n
                                                    • Problem<\/strong>: Losing workers causes backlog and violates processing SLAs.<\/li>\n
                                                    • Why this service fits<\/strong>: Disrupt workers and measure queue depth and recovery time.<\/li>\n
                                                    • Example<\/strong>: Reboot a fraction of worker instances and confirm autoscaling catches up.<\/li>\n<\/ul>\n\n\n\n

                                                      11) Assess blast radius of misconfigurations (safely)<\/h3>\n\n\n\n
                                                        \n
                                                      • Problem<\/strong>: A bad config might take down a tier; you want a safe rehearsal.<\/li>\n
                                                      • Why this service fits<\/strong>: Fault injection in staging reveals whether your guardrails and config rollout strategies are safe.<\/li>\n
                                                      • Example<\/strong>: Inject disruption while testing feature flags and staged rollouts.<\/li>\n<\/ul>\n\n\n\n

                                                        12) Prove resilience controls for audits<\/h3>\n\n\n\n
                                                          \n
                                                        • Problem<\/strong>: Auditors ask for evidence of resilience testing and governance.<\/li>\n
                                                        • Why this service fits<\/strong>: Templates, roles, CloudTrail logs, and experiment history form a defensible evidence trail.<\/li>\n
                                                        • Example<\/strong>: Provide experiment template definitions and CloudTrail event evidence showing controlled execution.<\/li>\n<\/ul>\n\n\n\n
                                                          \n\n\n\n

                                                          6. Core Features<\/h2>\n\n\n\n

                                                          Feature availability can vary by Region and target service. For the authoritative list of supported actions and targets, use the official documentation:\nhttps:\/\/docs.aws.amazon.com\/fis\/latest\/userguide\/what-is.html<\/p>\n\n\n\n

                                                          1) Experiment templates (repeatability)<\/h3>\n\n\n\n
                                                            \n
                                                          • What it does<\/strong>: Lets you define experiments once and run them many times.<\/li>\n
                                                          • Why it matters<\/strong>: Repeatability turns chaos experiments into regression tests for resilience.<\/li>\n
                                                          • Practical benefit<\/strong>: You can run the same test after code changes, infrastructure changes, or incidents.<\/li>\n
                                                          • Caveats<\/strong>: Templates are regional; cross-region experiments typically require separate templates.<\/li>\n<\/ul>\n\n\n\n

                                                            2) Targets and resource selection (blast radius control)<\/h3>\n\n\n\n
                                                              \n
                                                            • What it does<\/strong>: Defines the scope of resources affected (often via tags).<\/li>\n
                                                            • Why it matters<\/strong>: Safe chaos engineering depends on tight targeting.<\/li>\n
                                                            • Practical benefit<\/strong>: You can select \u201conly staging\u201d resources by tag, or \u201conly one instance\u201d for a canary.<\/li>\n
                                                            • Caveats<\/strong>: Tag hygiene becomes a critical safety control; weak tagging increases risk.<\/li>\n<\/ul>\n\n\n\n

                                                              3) Actions (fault injection primitives)<\/h3>\n\n\n\n
                                                                \n
                                                              • What it does<\/strong>: Executes fault types against targets (for example, instance reboot).<\/li>\n
                                                              • Why it matters<\/strong>: Enables realistic failure injection using AWS-integrated mechanisms.<\/li>\n
                                                              • Practical benefit<\/strong>: Simulates failures that are hard to reproduce manually and consistently.<\/li>\n
                                                              • Caveats<\/strong>: Supported actions differ by service\/Region; some actions are disruptive and not easily reversible.<\/li>\n<\/ul>\n\n\n\n

                                                                4) Stop conditions (safety guardrails)<\/h3>\n\n\n\n
                                                                  \n
                                                                • What it does<\/strong>: Stops the experiment automatically when a specified condition occurs (commonly a CloudWatch alarm).<\/li>\n
                                                                • Why it matters<\/strong>: Prevents experiments from escalating into unacceptable customer impact.<\/li>\n
                                                                • Practical benefit<\/strong>: You can tie stop conditions to key SLO\/SLA signals (5xx rate, latency, queue depth).<\/li>\n
                                                                • Caveats<\/strong>: Stop conditions stop the experiment execution, but they may not automatically \u201cundo\u201d all impacts. Plan rollback steps.<\/li>\n<\/ul>\n\n\n\n

                                                                  5) Integration with Amazon CloudWatch (observability)<\/h3>\n\n\n\n
                                                                    \n
                                                                  • What it does<\/strong>: Uses CloudWatch alarms for stop conditions; you can observe metrics and dashboards during experiments.<\/li>\n
                                                                  • Why it matters<\/strong>: Without measurable signals, chaos experiments are guesswork.<\/li>\n
                                                                  • Practical benefit<\/strong>: Standardizes resilience testing around metrics that matter to users.<\/li>\n
                                                                  • Caveats<\/strong>: Ensure alarms are tuned; overly sensitive alarms can halt experiments prematurely.<\/li>\n<\/ul>\n\n\n\n

                                                                    6) Integration with AWS CloudTrail (auditing)<\/h3>\n\n\n\n
                                                                      \n
                                                                    • What it does<\/strong>: Captures API activity associated with experiments and actions.<\/li>\n
                                                                    • Why it matters<\/strong>: You need an audit trail for governance and incident review.<\/li>\n
                                                                    • Practical benefit<\/strong>: Enables security teams to verify who ran what, when, and under which role.<\/li>\n
                                                                    • Caveats<\/strong>: CloudTrail logs record API calls; interpret in combination with experiment logs and resource metrics.<\/li>\n<\/ul>\n\n\n\n

                                                                      7) Integration with Amazon EventBridge (automation hooks)<\/h3>\n\n\n\n
                                                                        \n
                                                                      • What it does<\/strong>: Emits events about experiment lifecycle state changes.<\/li>\n
                                                                      • Why it matters<\/strong>: Helps integrate experiments into ChatOps, ticketing, CI\/CD, or runbook automation.<\/li>\n
                                                                      • Practical benefit<\/strong>: Automatically notify on-call when an experiment starts\/stops.<\/li>\n
                                                                      • Caveats<\/strong>: Event schemas can evolve; validate rules in a sandbox.<\/li>\n<\/ul>\n\n\n\n

                                                                        8) IAM execution role model (least privilege)<\/h3>\n\n\n\n
                                                                          \n
                                                                        • What it does<\/strong>: Uses an IAM role that AWS Fault Injection Service assumes to perform actions.<\/li>\n
                                                                        • Why it matters<\/strong>: Separates \u201cwho can run experiments\u201d from \u201cwhat experiments can do.\u201d<\/li>\n
                                                                        • Practical benefit<\/strong>: Scope the role to only allowed actions and only allowed resources.<\/li>\n
                                                                        • Caveats<\/strong>: Misconfigured roles can either block experiments (too restrictive) or create risk (too broad).<\/li>\n<\/ul>\n\n\n\n

                                                                          9) Tagging and governance support<\/h3>\n\n\n\n
                                                                            \n
                                                                          • What it does<\/strong>: Lets you tag templates and related resources; integrates with AWS governance patterns.<\/li>\n
                                                                          • Why it matters<\/strong>: Production-grade chaos programs require inventory, ownership, and cost allocation.<\/li>\n
                                                                          • Practical benefit<\/strong>: Tag by environment, owner, application, and change ticket.<\/li>\n
                                                                          • Caveats<\/strong>: Establish naming and tagging standards early.<\/li>\n<\/ul>\n\n\n\n

                                                                            10) API\/CLI\/SDK accessibility (automation)<\/h3>\n\n\n\n
                                                                              \n
                                                                            • What it does<\/strong>: Enables infrastructure-as-code and automation workflows to create and run experiments (where supported).<\/li>\n
                                                                            • Why it matters<\/strong>: Mature teams treat experiments like code and run them regularly.<\/li>\n
                                                                            • Practical benefit<\/strong>: Integrate into pipelines and scheduled validation.<\/li>\n
                                                                            • Caveats<\/strong>: Some teams start in console, then codify later; ensure approval workflows before automation in production.<\/li>\n<\/ul>\n\n\n\n
                                                                              \n\n\n\n

                                                                              7. Architecture and How It Works<\/h2>\n\n\n\n

                                                                              High-level architecture<\/h3>\n\n\n\n

                                                                              AWS Fault Injection Service acts as a control plane<\/strong> that orchestrates fault injection by calling AWS APIs (or using integrated mechanisms) against selected targets. You define templates, then start experiments. Experiments execute actions while monitoring stop conditions. Results and activity are visible through AWS-native logging and monitoring.<\/p>\n\n\n\n

                                                                              Request \/ control flow<\/h3>\n\n\n\n
                                                                                \n
                                                                              1. User (engineer, pipeline, or automation) starts an experiment from a template.<\/li>\n
                                                                              2. AWS Fault Injection Service assumes the configured IAM role.<\/li>\n
                                                                              3. The service resolves targets (e.g., by tags) into concrete resource IDs.<\/li>\n
                                                                              4. The service executes actions against those targets.<\/li>\n
                                                                              5. Stop conditions (e.g., CloudWatch alarms) are evaluated; if triggered, the experiment stops.<\/li>\n
                                                                              6. Events are emitted (EventBridge), and API activity is logged (CloudTrail).<\/li>\n
                                                                              7. Operators observe metrics\/logs and validate application behavior.<\/li>\n<\/ol>\n\n\n\n

                                                                                Integrations with related services<\/h3>\n\n\n\n

                                                                                Common integrations include:<\/p>\n\n\n\n

                                                                                  \n
                                                                                • CloudWatch<\/strong>: alarms (stop conditions), dashboards for validation<\/li>\n
                                                                                • CloudTrail<\/strong>: audit trail for actions and template changes<\/li>\n
                                                                                • EventBridge<\/strong>: experiment lifecycle events, notifications, automation<\/li>\n
                                                                                • Systems Manager<\/strong>: used in some patterns (e.g., agent-based disruptions) depending on supported actions<\/li>\n
                                                                                • IAM<\/strong>: role assumption model, permission boundaries, SCPs<\/li>\n<\/ul>\n\n\n\n

                                                                                  Dependency services<\/h3>\n\n\n\n

                                                                                  AWS Fault Injection Service relies on the target services it interacts with (EC2, etc.) and on AWS identity\/governance services (IAM, CloudTrail). If your account is constrained by SCPs or permission boundaries, ensure experiments can still execute safely.<\/p>\n\n\n\n

                                                                                  Security\/authentication model<\/h3>\n\n\n\n
                                                                                    \n
                                                                                  • IAM users\/roles need permissions to create templates and start experiments.<\/li>\n
                                                                                  • Experiments run using an IAM execution role<\/strong> trusted by the AWS Fault Injection Service principal.<\/li>\n
                                                                                  • CloudTrail records API calls for governance.<\/li>\n<\/ul>\n\n\n\n

                                                                                    Networking model<\/h3>\n\n\n\n

                                                                                    AWS Fault Injection Service itself is managed by AWS. Your targets may be in VPCs. Some fault types (especially network impairment patterns) may rely on agent-based mechanisms and security group\/NACL routing behavior\u2014verify specific action requirements in official docs for your selected fault type.<\/p>\n\n\n\n

                                                                                    Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n
                                                                                      \n
                                                                                    • Define dashboards and alarms before experiments.<\/li>\n
                                                                                    • Use CloudTrail to audit who changed templates<\/em> and who ran experiments<\/em>.<\/li>\n
                                                                                    • Use EventBridge to notify stakeholders when experiments begin\/end.<\/li>\n
                                                                                    • Use tags for ownership, environment, and change control mapping.<\/li>\n<\/ul>\n\n\n\n

                                                                                      Simple architecture diagram (Mermaid)<\/h3>\n\n\n\n
                                                                                      flowchart LR\n  U[Engineer \/ CI Pipeline] -->|Start experiment| FIS[AWS Fault Injection Service]\n  FIS -->|Assume role| IAM[IAM Execution Role]\n  FIS -->|Execute action| T[(Target Resources\\n(e.g., EC2 instances))]\n  CW[Amazon CloudWatch Alarm] -->|Stop condition| FIS\n  FIS --> EB[Amazon EventBridge Events]\n  FIS --> CT[AWS CloudTrail Logs]\n<\/code><\/pre>\n\n\n\n
                                                                                      Production-style architecture diagram (Mermaid)<\/h3>\n\n\n\n
                                                                                      flowchart TB\n  subgraph Ops[\"Operations & Governance\"]\n    SOC[Security \/ Audit]\n    ONCALL[On-call \/ SRE]\n    CT[AWS CloudTrail]\n    EB[Amazon EventBridge]\n    CW[Amazon CloudWatch\\nDashboards + Alarms]\n  end\n\n  subgraph App[\"Workload (Multi-AZ example)\"]\n    ALB[Load Balancer]\n    ASG1[Compute Fleet AZ-A]\n    ASG2[Compute Fleet AZ-B]\n    DEP[Downstream Dependency\\n(e.g., datastore \/ API)]\n  end\n\n  subgraph Chaos[\"Chaos Engineering Control Plane\"]\n    U[Engineer \/ Pipeline]\n    FIS[AWS Fault Injection Service]\n    ROLE[IAM Experiment Execution Role]\n    TEMPLATE[Experiment Template\\nTargets + Actions + Stop Conditions]\n  end\n\n  U --> TEMPLATE --> FIS\n  FIS --> ROLE\n  FIS -->|Inject fault| ASG1\n  FIS -->|Inject fault| ASG2\n\n  ALB --> ASG1\n  ALB --> ASG2\n  ASG1 --> DEP\n  ASG2 --> DEP\n\n  CW -->|Stop condition| FIS\n  FIS --> EB --> ONCALL\n  FIS --> CT --> SOC\n  CW <-->|Metrics| ALB\n  CW <-->|Metrics| ASG1\n  CW <-->|Metrics| ASG2\n  CW <-->|Metrics| DEP\n<\/code><\/pre>\n\n\n\n
                                                                                      \n\n\n\n
                                                                                      8. Prerequisites<\/h2>\n\n\n\n
                                                                                      Account requirements<\/h3>\n\n\n\n
                                                                                        \n
                                                                                      • An AWS account with permissions to use AWS Fault Injection Service.<\/li>\n
                                                                                      • A non-production (recommended) or tightly controlled production environment.<\/li>\n<\/ul>\n\n\n\n
                                                                                        Permissions \/ IAM roles<\/h3>\n\n\n\n
                                                                                        You typically need:<\/p>\n\n\n\n
                                                                                          \n
                                                                                        1. User permissions<\/strong> (for the operator) to:\n   – Create and manage experiment templates\n   – Start\/stop experiments\n   – View experiment history\n   – Create\/read CloudWatch alarms used for stop conditions<\/li>\n
                                                                                        2. Experiment execution role<\/strong> permissions:\n   – A role that AWS Fault Injection Service can assume\n   – Permissions scoped to the specific actions and target resources you intend to use<\/li>\n<\/ol>\n\n\n\n
                                                                                          Best practice: create a dedicated role per environment (dev\/stage\/prod) and keep it narrowly scoped.<\/p>\n\n\n\n
                                                                                          Billing requirements<\/h3>\n\n\n\n
                                                                                            \n
                                                                                          • A valid payment method on the account.<\/li>\n
                                                                                          • Even if AWS Fault Injection Service usage is small, underlying targets (EC2, logs, etc.) can incur costs.<\/li>\n<\/ul>\n\n\n\n
                                                                                            Tools<\/h3>\n\n\n\n
                                                                                            For the hands-on lab you can use either:\n– AWS Management Console (recommended for beginners)\n– AWS CLI (optional, for provisioning targets)<\/p>\n\n\n\n
                                                                                            If using AWS CLI:\n– AWS CLI v2 installed and configured (aws configure<\/code>)\n– Permissions to create\/terminate EC2 instances (in the lab)<\/p>\n\n\n\n
                                                                                            Region availability<\/h3>\n\n\n\n
                                                                                              \n
                                                                                            • AWS Fault Injection Service is regional and not available in all Regions with identical features.<\/li>\n
                                                                                            • Verify Region availability and supported actions<\/strong> in the official docs for your chosen Region.<\/li>\n<\/ul>\n\n\n\n
                                                                                              Quotas \/ limits<\/h3>\n\n\n\n
                                                                                                \n
                                                                                              • Service quotas apply (templates, experiments, API rates, etc.).<\/li>\n
                                                                                              • Check:<\/li>\n
                                                                                              • AWS Service Quotas console<\/li>\n
                                                                                              • AWS Fault Injection Service documentation for quotas<\/li>\n<\/ul>\n\n\n\n
                                                                                                Prerequisite services (lab)<\/h3>\n\n\n\n
                                                                                                  \n
                                                                                                • Amazon EC2 (a small instance to target)<\/li>\n
                                                                                                • Amazon CloudWatch (an alarm to use as a stop condition)<\/li>\n<\/ul>\n\n\n\n
                                                                                                  \n\n\n\n
                                                                                                  9. Pricing \/ Cost<\/h2>\n\n\n\n
                                                                                                  AWS Fault Injection Service uses a usage-based pricing model<\/strong>. Pricing details can change and can be Region-specific.<\/p>\n\n\n\n
                                                                                                  Pricing dimensions (what you pay for)<\/h3>\n\n\n\n
                                                                                                  Common pricing dimensions include (verify on the official pricing page):<\/p>\n\n\n\n
                                                                                                    \n
                                                                                                  • Experiment\/action execution usage<\/strong>: Often measured by experiment duration or action minutes\/seconds, or per action invocation (model depends on current AWS pricing).<\/li>\n
                                                                                                  • Underlying AWS resources<\/strong> impacted by the experiment:<\/li>\n
                                                                                                  • EC2 instances (compute)<\/li>\n
                                                                                                  • EBS volumes (storage and I\/O)<\/li>\n
                                                                                                  • CloudWatch metrics\/alarms (some metrics are free; alarms typically have costs)<\/li>\n
                                                                                                  • CloudWatch Logs ingestion and retention (if you log heavily)<\/li>\n
                                                                                                  • Data transfer (if the test increases cross-AZ or cross-region traffic)<\/li>\n<\/ul>\n\n\n\n
                                                                                                    Free tier<\/h3>\n\n\n\n
                                                                                                      \n
                                                                                                    • If a free tier exists for this service, it will be listed on the pricing page. Verify in official docs\/pricing<\/strong>:\n  https:\/\/aws.amazon.com\/fis\/pricing\/<\/li>\n<\/ul>\n\n\n\n
                                                                                                      Cost drivers<\/h3>\n\n\n\n
                                                                                                        \n
                                                                                                      • How often you run experiments<\/strong> (frequency)<\/li>\n
                                                                                                      • How long experiments run<\/strong><\/li>\n
                                                                                                      • How many actions per experiment<\/strong><\/li>\n
                                                                                                      • How many targets<\/strong> are affected (and their cost profiles)<\/li>\n
                                                                                                      • Observability overhead<\/strong> (dashboards, logs, alarms, synthetic checks)<\/li>\n
                                                                                                      • Blast radius<\/strong>: larger experiments can indirectly increase infrastructure scaling and therefore costs<\/li>\n<\/ul>\n\n\n\n
                                                                                                        Hidden or indirect costs<\/h3>\n\n\n\n
                                                                                                          \n
                                                                                                        • Auto Scaling events<\/strong>: if experiments trigger scale-out, you pay for extra instances.<\/li>\n
                                                                                                        • Incident response overhead<\/strong>: game days consume engineering time (worth it, but real cost).<\/li>\n
                                                                                                        • Data transfer<\/strong>: fault injection that changes traffic patterns can increase cross-AZ charges.<\/li>\n<\/ul>\n\n\n\n
                                                                                                          Network\/data transfer implications<\/h3>\n\n\n\n
                                                                                                          AWS Fault Injection Service doesn\u2019t \u201ctransfer your data\u201d itself like a data pipeline service, but fault scenarios can change routing behavior and traffic distribution. Watch:\n– Cross-AZ traffic (commonly billed)\n– NAT Gateway processing if more traffic flows through it during the test\n– Internet egress if retries amplify outbound calls<\/p>\n\n\n\n
                                                                                                          How to optimize cost<\/h3>\n\n\n\n
                                                                                                            \n
                                                                                                          • Start with small scope<\/strong>: one instance, one action, short runtime.<\/li>\n
                                                                                                          • Use non-production<\/strong> environments with right-sized instances.<\/li>\n
                                                                                                          • Prefer reversible actions<\/strong> (like reboot) while learning.<\/li>\n
                                                                                                          • Use precise tagging<\/strong> to avoid accidentally targeting extra resources.<\/li>\n
                                                                                                          • Keep log retention short for experiment-specific logs, if appropriate.<\/li>\n<\/ul>\n\n\n\n
                                                                                                            Example low-cost starter estimate (conceptual)<\/h3>\n\n\n\n
                                                                                                            A minimal starter lab might include:\n– One small EC2 instance (e.g., a burstable instance)\n– One CloudWatch alarm\n– One short experiment run (minutes)<\/p>\n\n\n\n
                                                                                                            Your primary costs are typically the EC2 instance runtime plus the alarm and any logs. Exact totals depend on Region and current pricing<\/strong>.<\/p>\n\n\n\n
                                                                                                            Example production cost considerations<\/h3>\n\n\n\n
                                                                                                            In production, costs are less about the AWS Fault Injection Service line item and more about:\n– Additional telemetry (metrics, logs, traces)\n– Increased capacity during tests (intentional headroom)\n– Time spent by on-call and stakeholders\n– Risk mitigation steps (canary, rollback readiness)<\/p>\n\n\n\n
                                                                                                            For official pricing and to estimate costs:\n– Pricing page: https:\/\/aws.amazon.com\/fis\/pricing\/\n– AWS Pricing Calculator: https:\/\/calculator.aws\/<\/p>\n\n\n\n
                                                                                                            \n\n\n\n
                                                                                                            10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n
                                                                                                            Objective<\/h3>\n\n\n\n
                                                                                                            Run a safe, beginner-friendly AWS Fault Injection Service experiment that reboots a single EC2 instance<\/strong> selected by tag, using a CloudWatch alarm stop condition<\/strong> for safety, and then validate the impact through EC2 instance state and monitoring.<\/p>\n\n\n\n
                                                                                                            This lab is designed to be low-cost and reversible.<\/p>\n\n\n\n
                                                                                                            Lab Overview<\/h3>\n\n\n\n
                                                                                                            You will:<\/p>\n\n\n\n
                                                                                                              \n
                                                                                                            1. Create a small EC2 instance and tag it as an experiment target.<\/li>\n
                                                                                                            2. Create a CloudWatch alarm (stop condition) and a simple dashboard\/metric view to observe.<\/li>\n
                                                                                                            3. Create an AWS Fault Injection Service experiment template targeting the tagged instance and performing a reboot action.<\/li>\n
                                                                                                            4. Run the experiment and validate:\n   – experiment lifecycle (started \u2192 completed\/stopped)\n   – EC2 instance reboot behavior\n   – CloudTrail\/EventBridge visibility (basic checks)<\/li>\n
                                                                                                            5. Clean up all created resources.<\/li>\n<\/ol>\n\n\n\n
                                                                                                              \n
                                                                                                              Safety note: Run this in a non-production<\/strong> account or environment. Rebooting an instance will interrupt any sessions and can cause brief downtime for anything hosted on it.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                                              \n\n\n\n
                                                                                                              Step 1: Choose a Region and set basic naming<\/h3>\n\n\n\n
                                                                                                                \n
                                                                                                              1. Pick an AWS Region where you will run everything (EC2 + CloudWatch + AWS Fault Injection Service).<\/li>\n
                                                                                                              2. Decide a consistent prefix, for example:\n   – Project: fis-lab<\/code>\n   – Environment tag: dev<\/code><\/li>\n<\/ol>\n\n\n\n
                                                                                                                Expected outcome:<\/strong> You have a single Region selected and a naming convention to avoid confusion.<\/p>\n\n\n\n
                                                                                                                \n\n\n\n
                                                                                                                Step 2: Create a target EC2 instance (low-cost)<\/h3>\n\n\n\n
                                                                                                                You can do this via the console (recommended) or AWS CLI.<\/p>\n\n\n\n
                                                                                                                Option A: Console (recommended)<\/h4>\n\n\n\n
                                                                                                                  \n
                                                                                                                1. Open Amazon EC2<\/strong> console.<\/li>\n
                                                                                                                2. Launch an instance:\n   – AMI: Amazon Linux (or another small Linux AMI you prefer)\n   – Instance type: choose a small, low-cost type appropriate for your account (commonly a burstable instance)\n   – Network: default VPC is fine for this lab\n   – Security group: allow SSH from your IP if you want to log in (optional)<\/li>\n
                                                                                                                3. Add tags:\n   – Name = fis-lab-instance<\/code>\n   – FisTarget = true<\/code>\n   – Environment = dev<\/code><\/li>\n<\/ol>\n\n\n\n
                                                                                                                  Option B: AWS CLI (example)<\/h4>\n\n\n\n
                                                                                                                  This example assumes you already have a key pair and you know which subnet to use. If not, use the console method.<\/p>\n\n\n\n
                                                                                                                  aws ec2 run-instances \\\n  --image-id <YOUR_AMI_ID> \\\n  --instance-type <YOUR_INSTANCE_TYPE> \\\n  --subnet-id <YOUR_SUBNET_ID> \\\n  --security-group-ids <YOUR_SG_ID> \\\n  --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=fis-lab-instance},{Key=FisTarget,Value=true},{Key=Environment,Value=dev}]' \\\n  --count 1\n<\/code><\/pre>\n\n\n\n
                                                                                                                  Expected outcome:<\/strong> One running EC2 instance tagged with FisTarget=true<\/code>.<\/p>\n\n\n\n
                                                                                                                  Verification:<\/strong>\n– EC2 console \u2192 Instances \u2192 confirm instance state is Running<\/strong>\n– Confirm tags exist and are spelled exactly (case-sensitive)<\/p>\n\n\n\n
                                                                                                                  \n\n\n\n
                                                                                                                  Step 3: Create a CloudWatch alarm (stop condition)<\/h3>\n\n\n\n
                                                                                                                  This lab uses a stop condition to demonstrate guardrails. The alarm does not have to trigger; it\u2019s there to show how to wire safety controls.<\/p>\n\n\n\n
                                                                                                                    \n
                                                                                                                  1. Open Amazon CloudWatch<\/strong> console.<\/li>\n
                                                                                                                  2. Go to Alarms<\/strong> \u2192 Create alarm<\/strong>.<\/li>\n
                                                                                                                  3. Select a metric for the EC2 instance. Two common options:\n   – A metric that indicates instance health (useful for real tests), or\n   – A metric that indicates user impact (like 5xx rate on a load balancer), if you have one.<\/li>\n
                                                                                                                  4. For a simple lab on a single instance, choose an EC2 metric available for your instance and set a threshold that is unlikely to trigger accidentally.<\/li>\n
                                                                                                                  5. Name the alarm:\n   – fis-lab-stop-alarm<\/code><\/li>\n
                                                                                                                  6. (Optional) Configure notifications to an SNS topic if you already use one. For a minimal lab, you can skip notifications.<\/li>\n<\/ol>\n\n\n\n
                                                                                                                    Expected outcome:<\/strong> A CloudWatch alarm exists and is in OK<\/strong> state.<\/p>\n\n\n\n
                                                                                                                    Verification:<\/strong>\n– CloudWatch \u2192 Alarms \u2192 confirm fis-lab-stop-alarm<\/code> is present and OK.<\/p>\n\n\n\n
                                                                                                                    \n\n\n\n
                                                                                                                    Step 4: Create an AWS Fault Injection Service experiment template<\/h3>\n\n\n\n
                                                                                                                    You will now create an experiment template that:\n– Targets resources with tag FisTarget=true<\/code>\n– Performs a reboot<\/strong> action on the selected EC2 instance(s)\n– Uses the CloudWatch alarm as a stop condition<\/strong><\/p>\n\n\n\n
                                                                                                                      \n
                                                                                                                    1. Open the AWS Fault Injection Service<\/strong> console in your Region.<\/li>\n
                                                                                                                    2. Go to Experiment templates<\/strong> \u2192 Create experiment template<\/strong>.<\/li>\n
                                                                                                                    3. Template basics:\n   – Name: fis-lab-ec2-reboot<\/code>\n   – Description: Reboot a tagged EC2 instance (lab)<\/code>\n   – Tags (recommended):
                                                                                                                        \n
                                                                                                                      • Environment=dev<\/code><\/li>\n
                                                                                                                      • Owner=<your-team-or-name><\/code><\/li>\n<\/ul>\n<\/li>\n
                                                                                                                      • Define Targets<\/strong>:\n   – Target name: ec2-target<\/code>\n   – Resource type: choose the EC2 instance resource type offered in the UI\n   – Selection method: Tags<\/strong>\n   – Tag key: FisTarget<\/code>\n   – Tag value: true<\/code>\n   – (If the UI supports further constraints, keep it narrow\u2014this lab should affect only one instance.)<\/li>\n
                                                                                                                      • Define Actions<\/strong>:\n   – Action name: reboot-ec2<\/code>\n   – Action type: choose an EC2 reboot action if available (wording may differ by console version)\n   – Target: select ec2-target<\/code><\/li>\n
                                                                                                                      • Configure Stop conditions<\/strong>:\n   – Add stop condition: select CloudWatch alarm<\/strong>\n   – Choose fis-lab-stop-alarm<\/code><\/li>\n
                                                                                                                      • \n
                                                                                                                        IAM Role for experiment execution:\n   – If the console offers to create or select a role, choose the safest option:<\/p>\n
                                                                                                                          \n
                                                                                                                        • Prefer a new role<\/strong> created for this template, or<\/li>\n
                                                                                                                        • Select an existing dedicated FIS execution role that is scoped to EC2 reboot on only the tagged instance(s).<\/li>\n
                                                                                                                        • If you are unsure, follow the official docs guidance for the execution role:\n https:\/\/docs.aws.amazon.com\/fis\/latest\/userguide\/getting-started.html (navigate to IAM\/role sections)<\/li>\n<\/ul>\n<\/li>\n
                                                                                                                        • \n
                                                                                                                          Create the template.<\/p>\n<\/li>\n<\/ol>\n\n\n\n
                                                                                                                          Expected outcome:<\/strong> The experiment template fis-lab-ec2-reboot<\/code> is created successfully.<\/p>\n\n\n\n
                                                                                                                          Verification:<\/strong>\n– In AWS Fault Injection Service console, the template appears in the list.\n– The template shows:\n  – 1 target (tag-based)\n  – 1 action (reboot)\n  – 1 stop condition (CloudWatch alarm)<\/p>\n\n\n\n
                                                                                                                          \n\n\n\n
                                                                                                                          Step 5: Run the experiment<\/h3>\n\n\n\n
                                                                                                                            \n
                                                                                                                          1. In the AWS Fault Injection Service console, open the template fis-lab-ec2-reboot<\/code>.<\/li>\n
                                                                                                                          2. Click Start experiment<\/strong>.<\/li>\n
                                                                                                                          3. Confirm the prompt. Carefully review:\n   – Which resources will be targeted\n   – Which action will be executed<\/li>\n<\/ol>\n\n\n\n
                                                                                                                            Expected outcome:<\/strong> An experiment run is created and transitions to Running<\/strong>, then Completed<\/strong> (or Stopped<\/strong> if the stop condition triggers).<\/p>\n\n\n\n
                                                                                                                            Verification:<\/strong>\n– AWS Fault Injection Service \u2192 Experiments \u2192 select the running experiment and watch status changes.\n– EC2 console: the instance should show signs of reboot (for example, system status checks may reset briefly).\n– If you are connected via SSH, your session will likely drop during reboot.<\/p>\n\n\n\n
                                                                                                                            \n\n\n\n
                                                                                                                            Step 6: Observe and validate behavior<\/h3>\n\n\n\n
                                                                                                                            During and after the experiment, validate both infrastructure and operations signals.<\/p>\n\n\n\n
                                                                                                                            Infrastructure checks<\/strong>\n– EC2 instance returns to Running<\/strong> state after reboot.\n– Instance status checks return to normal.<\/p>\n\n\n\n
                                                                                                                            Operational checks<\/strong>\n– CloudWatch alarm remains OK<\/strong> (unless you intentionally tuned it otherwise).\n– CloudTrail shows relevant API activity (for audit).<\/p>\n\n\n\n
                                                                                                                            Basic CloudTrail check:\n1. Open CloudTrail<\/strong> \u2192 Event history<\/strong>.\n2. Filter by:\n   – Event source such as EC2\n   – Or by the IAM role used by the experiment\n3. Confirm the reboot-related API call is logged.<\/p>\n\n\n\n
                                                                                                                            Expected outcome:<\/strong> You can prove the experiment ran, impacted only the intended instance, and returned to a healthy state.<\/p>\n\n\n\n
                                                                                                                            \n\n\n\n
                                                                                                                            Validation<\/h3>\n\n\n\n
                                                                                                                            Use this checklist:<\/p>\n\n\n\n
                                                                                                                              \n
                                                                                                                            • [ ] Experiment status reached Completed<\/strong> (or stopped for a known reason)<\/li>\n
                                                                                                                            • [ ] Only the intended instance (tagged target) was affected<\/li>\n
                                                                                                                            • [ ] EC2 instance is healthy after the reboot<\/li>\n
                                                                                                                            • [ ] CloudWatch alarm did not unexpectedly trigger (or triggered as designed)<\/li>\n
                                                                                                                            • [ ] CloudTrail shows an audit trail of the activity<\/li>\n<\/ul>\n\n\n\n
                                                                                                                              \n\n\n\n
                                                                                                                              Troubleshooting<\/h3>\n\n\n\n
                                                                                                                              Problem: Template creation fails due to IAM permissions<\/strong>\n– Cause<\/strong>: Your user\/role lacks permissions to create\/attach roles, or your org uses SCPs.\n– Fix<\/strong>:\n  – Ask an admin to grant the minimum IAM permissions.\n  – Use a pre-approved FIS execution role.\n  – Review SCP\/permission boundary constraints.<\/p>\n\n\n\n
                                                                                                                              Problem: Experiment fails with \u201cno targets matched\u201d<\/strong>\n– Cause<\/strong>: Tags don\u2019t match exactly, or resources are in a different Region.\n– Fix<\/strong>:\n  – Confirm tag key\/value spelling and case.\n  – Confirm the instance is in the same Region as the experiment.\n  – Ensure the selection method is tag-based and points to the correct tag.<\/p>\n\n\n\n
                                                                                                                              Problem: Action not available in the console<\/strong>\n– Cause<\/strong>: Action support varies by Region and resource type.\n– Fix<\/strong>:\n  – Verify supported actions in the official docs for your Region.\n  – Try a different Region or a different supported target\/action pairing.<\/p>\n\n\n\n
                                                                                                                              Problem: Experiment stops immediately<\/strong>\n– Cause<\/strong>: Stop condition CloudWatch alarm is in ALARM state or triggers quickly.\n– Fix<\/strong>:\n  – Ensure the alarm is in OK state before starting.\n  – Adjust alarm threshold\/evaluation periods for the lab.\n  – Use a different stop condition or temporarily remove it in non-prod (not recommended for production).<\/p>\n\n\n\n
                                                                                                                              Problem: Instance does not recover after reboot<\/strong>\n– Cause<\/strong>: The instance had underlying boot issues, disk issues, or configuration drift.\n– Fix<\/strong>:\n  – Check EC2 system logs and screenshots.\n  – Confirm security group\/NACL allows required access.\n  – If this is a disposable lab instance, terminate and recreate.<\/p>\n\n\n\n
                                                                                                                              \n\n\n\n
                                                                                                                              Cleanup<\/h3>\n\n\n\n
                                                                                                                              To avoid ongoing costs:<\/p>\n\n\n\n
                                                                                                                                \n
                                                                                                                              1. Stop\/terminate the EC2 instance<\/strong>\n   – EC2 console \u2192 Instances \u2192 select instance \u2192 Terminate<\/li>\n
                                                                                                                              2. Delete CloudWatch alarm<\/strong>\n   – CloudWatch \u2192 Alarms \u2192 delete fis-lab-stop-alarm<\/code><\/li>\n
                                                                                                                              3. Delete the experiment template<\/strong>\n   – AWS Fault Injection Service \u2192 Experiment templates \u2192 delete fis-lab-ec2-reboot<\/code><\/li>\n
                                                                                                                              4. (Optional) Remove any IAM roles created specifically for this lab if they are not reused\n   – IAM console \u2192 Roles \u2192 locate the lab role \u2192 delete (ensure it\u2019s not used elsewhere)<\/li>\n<\/ol>\n\n\n\n
                                                                                                                                Expected outcome:<\/strong> No lab resources remain that could incur costs.<\/p>\n\n\n\n
                                                                                                                                \n\n\n\n
                                                                                                                                11. Best Practices<\/h2>\n\n\n\n
                                                                                                                                Architecture best practices<\/h3>\n\n\n\n
                                                                                                                                  \n
                                                                                                                                • Start small, then scale scope<\/strong>: one instance \u2192 one tier \u2192 one AZ \u2192 multi-AZ.<\/li>\n
                                                                                                                                • Test one hypothesis per experiment<\/strong>: clearer outcomes and safer rollback.<\/li>\n
                                                                                                                                • Design for blast radius<\/strong>:<\/li>\n
                                                                                                                                • Strict tag-based targeting<\/li>\n
                                                                                                                                • Separate templates per environment and per application<\/li>\n
                                                                                                                                • Make resilience measurable<\/strong>:<\/li>\n
                                                                                                                                • Tie experiments to SLO metrics (latency, error rate, backlog)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                  IAM\/security best practices<\/h3>\n\n\n\n
                                                                                                                                    \n
                                                                                                                                  • Use least-privilege execution roles<\/strong> per template\/environment.<\/li>\n
                                                                                                                                  • Separate permissions:<\/li>\n
                                                                                                                                  • \u201cTemplate authors\u201d<\/li>\n
                                                                                                                                  • \u201cExperiment runners\u201d<\/li>\n
                                                                                                                                  • \u201cApprovers\u201d<\/li>\n
                                                                                                                                  • Use permission boundaries<\/strong> and SCPs<\/strong> to restrict risky actions in production.<\/li>\n
                                                                                                                                  • Require tagging and enforce it with policy (where possible).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                    Cost best practices<\/h3>\n\n\n\n
                                                                                                                                      \n
                                                                                                                                    • Use non-prod and right-size targets.<\/li>\n
                                                                                                                                    • Keep experiment durations short.<\/li>\n
                                                                                                                                    • Avoid experiments that trigger expensive scale-out unless that is the purpose.<\/li>\n
                                                                                                                                    • Control log ingestion and retention.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                      Performance best practices<\/h3>\n\n\n\n
                                                                                                                                        \n
                                                                                                                                      • Monitor retry behavior to avoid amplification (retry storms).<\/li>\n
                                                                                                                                      • Validate connection pool behavior and client timeouts.<\/li>\n
                                                                                                                                      • Watch downstream dependencies for saturation.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                        Reliability best practices<\/h3>\n\n\n\n
                                                                                                                                          \n
                                                                                                                                        • Always include:<\/li>\n
                                                                                                                                        • Observability plan (dashboards, alarms)<\/li>\n
                                                                                                                                        • Rollback plan (how to restore normal state)<\/li>\n
                                                                                                                                        • Safety plan (stop conditions + human abort procedure)<\/li>\n
                                                                                                                                        • Schedule game days during staffed hours.<\/li>\n
                                                                                                                                        • Record results and track action items like you would for incidents.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                          Operations best practices<\/h3>\n\n\n\n
                                                                                                                                            \n
                                                                                                                                          • Integrate with EventBridge to notify:<\/li>\n
                                                                                                                                          • on-call rotations<\/li>\n
                                                                                                                                          • incident channels<\/li>\n
                                                                                                                                          • change management systems<\/li>\n
                                                                                                                                          • Keep experiment templates in source control conceptually (documented, reviewed).<\/li>\n
                                                                                                                                          • Use consistent naming:<\/li>\n
                                                                                                                                          • app-env-faulttype-v#<\/code><\/li>\n<\/ul>\n\n\n\n
                                                                                                                                            Governance\/tagging\/naming best practices<\/h3>\n\n\n\n
                                                                                                                                            Recommended tags:\n– Application<\/code>\n– Environment<\/code>\n– Owner<\/code>\n– CostCenter<\/code>\n– ChangeTicket<\/code> (if required)\n– DataClassification<\/code> (if your org uses it)<\/p>\n\n\n\n
                                                                                                                                            \n\n\n\n
                                                                                                                                            12. Security Considerations<\/h2>\n\n\n\n
                                                                                                                                            Identity and access model<\/h3>\n\n\n\n
                                                                                                                                              \n
                                                                                                                                            • Two layers of access control<\/strong>:\n  1. Who can create\/run experiments (IAM permissions for operators)\n  2. What the experiment can do (execution role permissions)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                              Key recommendations:\n– Use a dedicated role per environment.\n– Restrict role permissions to:\n  – specific actions\n  – specific resource ARNs or tag conditions where supported\n– Restrict who can pass\/assign roles (IAM PassRole<\/code> controls are crucial).<\/p>\n\n\n\n
                                                                                                                                              Encryption<\/h3>\n\n\n\n
                                                                                                                                              AWS Fault Injection Service is a control-plane service. Encryption considerations typically focus on:\n– CloudTrail logs<\/strong> (S3 encryption, KMS keys, retention)\n– CloudWatch Logs<\/strong> (if used)\n– Any affected data stores (ensure encryption at rest is already in place)<\/p>\n\n\n\n
                                                                                                                                              Network exposure<\/h3>\n\n\n\n
                                                                                                                                                \n
                                                                                                                                              • Fault injection can alter availability. Ensure:<\/li>\n
                                                                                                                                              • Bastion\/SSM access patterns are resilient if you need emergency access<\/li>\n
                                                                                                                                              • You don\u2019t depend on a single NAT gateway or single egress path during tests<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                Secrets handling<\/h3>\n\n\n\n
                                                                                                                                                  \n
                                                                                                                                                • Do not embed secrets in experiment descriptions or tags.<\/li>\n
                                                                                                                                                • If your test triggers application failover, ensure secret rotation\/refresh mechanisms behave correctly.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                  Audit\/logging<\/h3>\n\n\n\n
                                                                                                                                                    \n
                                                                                                                                                  • Enable CloudTrail across the account (org trail preferred in enterprises).<\/li>\n
                                                                                                                                                  • Review:<\/li>\n
                                                                                                                                                  • who started experiments<\/li>\n
                                                                                                                                                  • what templates were modified<\/li>\n
                                                                                                                                                  • what actions were executed<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                    Compliance considerations<\/h3>\n\n\n\n
                                                                                                                                                      \n
                                                                                                                                                    • Some compliance frameworks care about operational resilience and change control.<\/li>\n
                                                                                                                                                    • Treat experiments like changes:<\/li>\n
                                                                                                                                                    • approvals<\/li>\n
                                                                                                                                                    • maintenance windows<\/li>\n
                                                                                                                                                    • documented outcomes<\/li>\n
                                                                                                                                                    • If you test in production, ensure your change management policy allows it.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                      Common security mistakes<\/h3>\n\n\n\n
                                                                                                                                                        \n
                                                                                                                                                      • Overly broad execution roles that can disrupt too many resources<\/li>\n
                                                                                                                                                      • Poor tagging that accidentally includes production resources<\/li>\n
                                                                                                                                                      • No stop conditions and no on-call notification<\/li>\n
                                                                                                                                                      • No audit review after experiments<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                        Secure deployment recommendations<\/h3>\n\n\n\n
                                                                                                                                                          \n
                                                                                                                                                        • Use separate AWS accounts for dev\/stage\/prod (recommended).<\/li>\n
                                                                                                                                                        • Use SCPs to forbid high-risk actions except via approved roles.<\/li>\n
                                                                                                                                                        • Require explicit \u201copt-in\u201d tags for targets:<\/li>\n
                                                                                                                                                        • Example: ChaosReady=true<\/code><\/li>\n
                                                                                                                                                        • Use CloudWatch alarms tied to customer-impacting signals as stop conditions.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                          \n\n\n\n
                                                                                                                                                          13. Limitations and Gotchas<\/h2>\n\n\n\n
                                                                                                                                                          Because AWS Fault Injection Service is integrated with specific AWS APIs and mechanisms, there are practical constraints.<\/p>\n\n\n\n
                                                                                                                                                          Known limitations (general)<\/h3>\n\n\n\n
                                                                                                                                                            \n
                                                                                                                                                          • Action availability varies<\/strong> by:<\/li>\n
                                                                                                                                                          • AWS Region<\/li>\n
                                                                                                                                                          • Target service\/resource type<\/li>\n
                                                                                                                                                          • Account configuration<\/li>\n
                                                                                                                                                          • Some faults are not easily reversible<\/strong> (e.g., termination). Prefer reversible actions for early adoption.<\/li>\n
                                                                                                                                                          • Stop conditions stop the experiment<\/strong>, but may not automatically restore all changes.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                            Quotas<\/h3>\n\n\n\n
                                                                                                                                                              \n
                                                                                                                                                            • Service quotas exist for templates, experiments, and API rate limits.<\/li>\n
                                                                                                                                                            • Check the Service Quotas<\/strong> console for current limits and request increases if needed.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                              Regional constraints<\/h3>\n\n\n\n
                                                                                                                                                                \n
                                                                                                                                                              • The service is regional; cross-region testing requires separate experiments in each Region.<\/li>\n
                                                                                                                                                              • Multi-account organizations must plan account boundaries and permissions.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                Pricing surprises<\/h3>\n\n\n\n
                                                                                                                                                                  \n
                                                                                                                                                                • The major cost is often not the orchestration service, but:<\/li>\n
                                                                                                                                                                • extra capacity triggered by failure<\/li>\n
                                                                                                                                                                • logs\/metrics retention<\/li>\n
                                                                                                                                                                • data transfer increases due to retries or traffic shifts<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                  Compatibility issues<\/h3>\n\n\n\n
                                                                                                                                                                    \n
                                                                                                                                                                  • Some actions may require prerequisites on targets (for example, management agents or permissions), depending on the action type.<\/li>\n
                                                                                                                                                                  • Resources must be discoverable and selectable by the targeting method you choose (tags require consistent tag propagation).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                    Operational gotchas<\/h3>\n\n\n\n
                                                                                                                                                                      \n
                                                                                                                                                                    • Running experiments without a communication plan can trigger false incident responses.<\/li>\n
                                                                                                                                                                    • If you don\u2019t inform on-call teams, they may treat the experiment as a real outage.<\/li>\n
                                                                                                                                                                    • Experiments can interact with auto-remediation in unexpected ways (auto-scaling, health-based replacement).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                      Migration challenges \/ adoption challenges<\/h3>\n\n\n\n
                                                                                                                                                                        \n
                                                                                                                                                                      • Organizations often need to mature:<\/li>\n
                                                                                                                                                                      • tagging strategies<\/li>\n
                                                                                                                                                                      • observability standards<\/li>\n
                                                                                                                                                                      • runbook discipline\nbefore running meaningful production experiments.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                        Vendor-specific nuances<\/h3>\n\n\n\n
                                                                                                                                                                          \n
                                                                                                                                                                        • AWS Fault Injection Service is AWS-native and works best when your workload is already built on AWS primitives and governance patterns. If your environment is multi-cloud or heavily on-prem, you may need additional tooling for broader fault coverage.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                          \n\n\n\n
                                                                                                                                                                          14. Comparison with Alternatives<\/h2>\n\n\n\n
                                                                                                                                                                          AWS Fault Injection Service is one option in a broader resilience and chaos engineering ecosystem.<\/p>\n\n\n\n
                                                                                                                                                                          Key alternatives<\/h3>\n\n\n\n
                                                                                                                                                                            \n
                                                                                                                                                                          • Within AWS<\/strong><\/li>\n
                                                                                                                                                                          • AWS Systems Manager<\/strong> (Automation\/Run Command): can execute scripted disruptions but lacks the dedicated chaos experiment model and guardrails in the same way.<\/li>\n
                                                                                                                                                                          • AWS Resilience Hub<\/strong>: focuses on resilience assessment and improvement plans rather than fault injection execution (complementary, not a direct replacement).<\/li>\n
                                                                                                                                                                          • Other clouds<\/strong><\/li>\n
                                                                                                                                                                          • Azure Chaos Studio<\/strong>: Azure-native chaos engineering service (for Azure workloads).<\/li>\n
                                                                                                                                                                          • Third-party \/ open-source<\/strong><\/li>\n
                                                                                                                                                                          • Gremlin<\/strong> (commercial chaos engineering platform)<\/li>\n
                                                                                                                                                                          • Chaos Mesh<\/strong> (commonly used in Kubernetes)<\/li>\n
                                                                                                                                                                          • LitmusChaos<\/strong> (Kubernetes-focused chaos engineering)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                            Comparison table<\/h3>\n\n\n\n
                                                                                                                                                                            \n\n\n\n\n\n\n\n\n\n
                                                                                                                                                                            Option<\/th>\nBest For<\/th>\nStrengths<\/th>\nWeaknesses<\/th>\nWhen to Choose<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                            AWS Fault Injection Service<\/td>\nAWS-native chaos experiments<\/td>\nManaged service, IAM\/CloudTrail\/EventBridge integration, stop conditions, templates<\/td>\nAction coverage varies by Region; AWS-scoped; not all fault types<\/td>\nYou run primarily on AWS and want AWS-native governance and low ops overhead<\/td>\n<\/tr>\n
                                                                                                                                                                            AWS Systems Manager (scripts\/automation)<\/td>\nCustom, scripted operational tasks<\/td>\nVery flexible; can run arbitrary commands; good for remediation and ops automation<\/td>\nYou must build your own experiment orchestration, safety model, and reporting<\/td>\nYou need custom faults not supported by FIS and can invest in building guardrails<\/td>\n<\/tr>\n
                                                                                                                                                                            AWS Resilience Hub<\/td>\nResilience planning and tracking<\/td>\nAssessment and recommendations, governance view<\/td>\nNot a fault-injection runner; complements FIS<\/td>\nYou want posture management and structured resilience improvements alongside experiments<\/td>\n<\/tr>\n
                                                                                                                                                                            Azure Chaos Studio<\/td>\nAzure-native chaos engineering<\/td>\nDeep Azure integration<\/td>\nNot for AWS workloads<\/td>\nYour workloads are primarily in Azure<\/td>\n<\/tr>\n
                                                                                                                                                                            Gremlin<\/td>\nCross-platform chaos engineering<\/td>\nBroad fault library, mature UX, multi-cloud options<\/td>\nAdditional vendor\/cost; integration model differs<\/td>\nYou need broader fault types, multi-cloud\/on-prem coverage, or advanced org workflows<\/td>\n<\/tr>\n
                                                                                                                                                                            Chaos Mesh \/ LitmusChaos<\/td>\nKubernetes-native chaos<\/td>\nStrong for K8s fault scenarios; open-source<\/td>\nYou operate it yourself; governance and safety must be designed<\/td>\nYou are Kubernetes-centric and want deep cluster-level chaos patterns<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                            \n\n\n\n
                                                                                                                                                                            15. Real-World Example<\/h2>\n\n\n\n
                                                                                                                                                                            Enterprise example: Multi-team SaaS platform validating tier resilience<\/h3>\n\n\n\n
                                                                                                                                                                              \n
                                                                                                                                                                            • Problem<\/strong><\/li>\n
                                                                                                                                                                            • A SaaS provider runs hundreds of microservices on AWS. They experienced intermittent outages caused by instance-level failures and slow failover behavior. Leadership wants evidence-based resilience improvements.<\/li>\n
                                                                                                                                                                            • Proposed architecture<\/strong><\/li>\n
                                                                                                                                                                            • Standardized experiment templates per critical tier (ingress, API, workers).<\/li>\n
                                                                                                                                                                            • Tagging standard: ChaosReady=true<\/code>, App=<name><\/code>, Env=stage|prod<\/code>.<\/li>\n
                                                                                                                                                                            • CloudWatch SLO alarms (latency\/error rate) used as stop conditions.<\/li>\n
                                                                                                                                                                            • EventBridge sends experiment lifecycle events to a central operations channel and change-management system.<\/li>\n
                                                                                                                                                                            • CloudTrail logs archived to a central security account.<\/li>\n
                                                                                                                                                                            • Why AWS Fault Injection Service was chosen<\/strong><\/li>\n
                                                                                                                                                                            • AWS-native IAM controls and CloudTrail auditing fit enterprise governance.<\/li>\n
                                                                                                                                                                            • Stop conditions and scoped roles reduced risk for controlled production experiments.<\/li>\n
                                                                                                                                                                            • Expected outcomes<\/strong><\/li>\n
                                                                                                                                                                            • Measurable improvements in failover time and error budgets.<\/li>\n
                                                                                                                                                                            • Fewer \u201cunknown unknowns\u201d during real incidents.<\/li>\n
                                                                                                                                                                            • Repeatable game days with consistent metrics and postmortems.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                              Startup\/small-team example: Single web app validating basic self-healing<\/h3>\n\n\n\n
                                                                                                                                                                                \n
                                                                                                                                                                              • Problem<\/strong><\/li>\n
                                                                                                                                                                              • A startup runs a web app on EC2 behind a load balancer and uses Auto Scaling. They assume the system is resilient, but have never tested failures.<\/li>\n
                                                                                                                                                                              • Proposed architecture<\/strong><\/li>\n
                                                                                                                                                                              • One experiment template in staging:
                                                                                                                                                                                  \n
                                                                                                                                                                                • target one instance by tag<\/li>\n
                                                                                                                                                                                • reboot action<\/li>\n
                                                                                                                                                                                • stop condition on 5xx metric alarm (if using a load balancer)<\/li>\n<\/ul>\n<\/li>\n
                                                                                                                                                                                • A simple dashboard to observe latency and errors.<\/li>\n
                                                                                                                                                                                • Why AWS Fault Injection Service was chosen<\/strong><\/li>\n
                                                                                                                                                                                • Minimal operational overhead (managed service).<\/li>\n
                                                                                                                                                                                • Easy to start with a single action and small blast radius.<\/li>\n
                                                                                                                                                                                • Expected outcomes<\/strong><\/li>\n
                                                                                                                                                                                • Confidence that health checks and Auto Scaling behave correctly.<\/li>\n
                                                                                                                                                                                • Early discovery of misconfigured health checks, startup times, or missing alarms.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                  \n\n\n\n
                                                                                                                                                                                  16. FAQ<\/h2>\n\n\n\n
                                                                                                                                                                                  1) Is AWS Fault Injection Service the same as AWS Fault Injection Simulator (FIS)?<\/h3>\n\n\n\n
                                                                                                                                                                                  They refer to the same AWS service family and acronym. AWS naming may differ across console pages, IAM policies, and older documentation paths. Verify current naming in the official AWS docs for your Region.<\/p>\n\n\n\n
                                                                                                                                                                                  2) Is AWS Fault Injection Service only for chaos engineering?<\/h3>\n\n\n\n
                                                                                                                                                                                  Its primary use is chaos engineering and resilience validation, but it can also be used for operational readiness tests, game days, and controlled failure drills.<\/p>\n\n\n\n
                                                                                                                                                                                  3) Can I run experiments in production?<\/h3>\n\n\n\n
                                                                                                                                                                                  Yes, many teams do\u2014but only with strict controls: narrow targets, stop conditions, approvals, and clear rollback plans. Start in staging first.<\/p>\n\n\n\n
                                                                                                                                                                                  4) Do stop conditions automatically undo the fault?<\/h3>\n\n\n\n
                                                                                                                                                                                  Stop conditions stop experiment execution<\/em>. They do not guarantee that the impacted resources are restored to their pre-experiment state. Plan explicit rollback steps.<\/p>\n\n\n\n
                                                                                                                                                                                  5) What AWS services can be targeted?<\/h3>\n\n\n\n
                                                                                                                                                                                  It depends on current AWS support per Region and resource type. Consult the official \u201cactions and targets\u201d documentation for the definitive list:\nhttps:\/\/docs.aws.amazon.com\/fis\/latest\/userguide\/what-is.html<\/p>\n\n\n\n
                                                                                                                                                                                  6) Do I need an agent on instances?<\/h3>\n\n\n\n
                                                                                                                                                                                  Some fault types may require an agent or Systems Manager capability, while others are pure AWS API actions. It depends on the action. Verify action prerequisites in the docs.<\/p>\n\n\n\n
                                                                                                                                                                                  7) How do I prevent accidentally targeting production?<\/h3>\n\n\n\n
                                                                                                                                                                                  Use strict tags (opt-in tags like ChaosReady=true<\/code>), separate accounts for environments, and enforce controls with IAM\/SCPs.<\/p>\n\n\n\n
                                                                                                                                                                                  8) Can I integrate experiment runs into CI\/CD?<\/h3>\n\n\n\n
                                                                                                                                                                                  Yes. Use APIs\/CLI\/SDK (where supported) and EventBridge for lifecycle events. Ensure you have approvals and guardrails if any environment is customer-facing.<\/p>\n\n\n\n
                                                                                                                                                                                  9) How do I notify my team when an experiment starts?<\/h3>\n\n\n\n
                                                                                                                                                                                  Use EventBridge rules to route experiment events to SNS, chat integrations, incident tools, or ticketing workflows.<\/p>\n\n\n\n
                                                                                                                                                                                  10) Does AWS Fault Injection Service generate logs?<\/h3>\n\n\n\n
                                                                                                                                                                                  You can observe experiments in the console and via AWS governance tools like CloudTrail. Additional logs\/metrics depend on the target services and your observability tooling.<\/p>\n\n\n\n
                                                                                                                                                                                  11) What\u2019s the safest first experiment?<\/h3>\n\n\n\n
                                                                                                                                                                                  A single, reversible action with narrow targeting\u2014like rebooting one non-production EC2 instance\u2014while observing dashboards and alarms.<\/p>\n\n\n\n
                                                                                                                                                                                  12) What\u2019s the difference between fault injection and load testing?<\/h3>\n\n\n\n
                                                                                                                                                                                  Fault injection introduces failures; load testing increases traffic\/requests. They complement each other. Many reliability issues only appear when both load and failures occur.<\/p>\n\n\n\n
                                                                                                                                                                                  13) How do I measure success for an experiment?<\/h3>\n\n\n\n
                                                                                                                                                                                  Define a hypothesis and acceptance criteria:\n– SLO impact (p95 latency, error rate)\n– recovery time\n– alarm behavior\n– runbook correctness<\/p>\n\n\n\n
                                                                                                                                                                                  14) Can I test multi-AZ failover?<\/h3>\n\n\n\n
                                                                                                                                                                                  You can design experiments that target resources associated with one AZ (often by tag or selection constraints). The exact approach depends on the resource type and your architecture.<\/p>\n\n\n\n
                                                                                                                                                                                  15) Does AWS Fault Injection Service support multi-account organizations?<\/h3>\n\n\n\n
                                                                                                                                                                                  Yes, but governance is more complex. Many organizations keep experiments within an account boundary and standardize roles, tags, and guardrails across accounts using AWS Organizations patterns.<\/p>\n\n\n\n
                                                                                                                                                                                  16) What permissions do I need to run experiments?<\/h3>\n\n\n\n
                                                                                                                                                                                  You need permissions to start experiments and to pass or use the execution role. The execution role then needs permissions for the target actions. Use least privilege and verify with your IAM team.<\/p>\n\n\n\n
                                                                                                                                                                                  17) How do I keep experiments from becoming \u201crandom chaos\u201d?<\/h3>\n\n\n\n
                                                                                                                                                                                  Use disciplined experimentation:\n– one hypothesis per experiment\n– defined metrics\n– documented results\n– tracked action items\n– controlled scheduling<\/p>\n\n\n\n
                                                                                                                                                                                  \n\n\n\n
                                                                                                                                                                                  17. Top Online Resources to Learn AWS Fault Injection Service<\/h2>\n\n\n\n
                                                                                                                                                                                  \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
                                                                                                                                                                                  Resource Type<\/th>\nName<\/th>\nWhy It Is Useful<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                                  Official documentation<\/td>\nAWS Fault Injection Service User Guide \u2014 https:\/\/docs.aws.amazon.com\/fis\/latest\/userguide\/what-is.html<\/td>\nAuthoritative feature descriptions, concepts, and configuration details<\/td>\n<\/tr>\n
                                                                                                                                                                                  Official getting started<\/td>\nGetting started (AWS Fault Injection Service) \u2014 https:\/\/docs.aws.amazon.com\/fis\/latest\/userguide\/getting-started.html<\/td>\nStep-by-step onboarding guidance and prerequisites<\/td>\n<\/tr>\n
                                                                                                                                                                                  Official pricing<\/td>\nAWS Fault Injection Service Pricing \u2014 https:\/\/aws.amazon.com\/fis\/pricing\/<\/td>\nCurrent pricing model and Region considerations<\/td>\n<\/tr>\n
                                                                                                                                                                                  Pricing tool<\/td>\nAWS Pricing Calculator \u2014 https:\/\/calculator.aws\/<\/td>\nEstimate end-to-end costs including EC2\/CloudWatch and other dependencies<\/td>\n<\/tr>\n
                                                                                                                                                                                  API reference<\/td>\nAWS Fault Injection Service API Reference \u2014 https:\/\/docs.aws.amazon.com\/fis\/latest\/APIReference\/Welcome.html<\/td>\nAutomate templates\/experiments using API\/CLI\/SDK<\/td>\n<\/tr>\n
                                                                                                                                                                                  Governance<\/td>\nAWS CloudTrail \u2014 https:\/\/docs.aws.amazon.com\/awscloudtrail\/latest\/userguide\/cloudtrail-user-guide.html<\/td>\nAudit experiment execution and changes<\/td>\n<\/tr>\n
                                                                                                                                                                                  Events\/automation<\/td>\nAmazon EventBridge \u2014 https:\/\/docs.aws.amazon.com\/eventbridge\/latest\/userguide\/eb-what-is.html<\/td>\nRoute experiment lifecycle events into notifications and automation<\/td>\n<\/tr>\n
                                                                                                                                                                                  Monitoring<\/td>\nAmazon CloudWatch \u2014 https:\/\/docs.aws.amazon.com\/AmazonCloudWatch\/latest\/monitoring\/WhatIsCloudWatch.html<\/td>\nBuild dashboards\/alarms and stop conditions<\/td>\n<\/tr>\n
                                                                                                                                                                                  Architecture guidance<\/td>\nAWS Well-Architected Framework \u2014 https:\/\/docs.aws.amazon.com\/wellarchitected\/latest\/framework\/welcome.html<\/td>\nReliability pillar concepts to guide what to test and why<\/td>\n<\/tr>\n
                                                                                                                                                                                  Workshops\/labs<\/td>\nAWS Workshops (search for FIS\/chaos engineering) \u2014 https:\/\/workshops.aws\/<\/td>\nHands-on labs maintained by AWS and community contributors (verify lab freshness)<\/td>\n<\/tr>\n
                                                                                                                                                                                  Video learning<\/td>\nAWS YouTube channel \u2014 https:\/\/www.youtube.com\/@amazonwebservices<\/td>\nTalks and demos; search for \u201cFault Injection Simulator\/Service\u201d<\/td>\n<\/tr>\n
                                                                                                                                                                                  Community reference<\/td>\nAWS Compute Blog \/ Architecture Blog \u2014 https:\/\/aws.amazon.com\/blogs\/<\/td>\nPractical patterns and announcements (verify post dates)<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                                  \n\n\n\n
                                                                                                                                                                                  18. Training and Certification Providers<\/h2>\n\n\n\n
                                                                                                                                                                                  \n\n\n\n\n\n\n\n\n
                                                                                                                                                                                  Institute<\/th>\nSuitable Audience<\/th>\nLikely Learning Focus<\/th>\nMode<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                                  DevOpsSchool.com<\/td>\nDevOps engineers, SREs, platform teams<\/td>\nDevOps\/Cloud operations practices; may include resilience\/chaos topics<\/td>\nCheck website<\/td>\nhttps:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                                  ScmGalaxy.com<\/td>\nBeginners to intermediate engineers<\/td>\nSCM\/DevOps fundamentals, automation, process<\/td>\nCheck website<\/td>\nhttps:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                                  CLoudOpsNow.in<\/td>\nCloud ops practitioners<\/td>\nCloud operations and reliability practices<\/td>\nCheck website<\/td>\nhttps:\/\/www.cloudopsnow.in\/<\/td>\n<\/tr>\n
                                                                                                                                                                                  SreSchool.com<\/td>\nSREs, reliability-focused teams<\/td>\nSRE practices, incident response, reliability engineering<\/td>\nCheck website<\/td>\nhttps:\/\/www.sreschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                                  AiOpsSchool.com<\/td>\nOps teams exploring AIOps<\/td>\nMonitoring\/automation and AIOps concepts<\/td>\nCheck website<\/td>\nhttps:\/\/www.aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                                  \n\n\n\n
                                                                                                                                                                                  19. Top Trainers<\/h2>\n\n\n\n
                                                                                                                                                                                  \n\n\n\n\n\n\n\n
                                                                                                                                                                                  Platform\/Site<\/th>\nLikely Specialization<\/th>\nSuitable Audience<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                                  RajeshKumar.xyz<\/td>\nDevOps\/cloud training content<\/td>\nEngineers seeking guided learning<\/td>\nhttps:\/\/rajeshkumar.xyz\/<\/td>\n<\/tr>\n
                                                                                                                                                                                  devopstrainer.in<\/td>\nDevOps training and mentoring<\/td>\nBeginners to working professionals<\/td>\nhttps:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n
                                                                                                                                                                                  devopsfreelancer.com<\/td>\nFreelance DevOps expertise<\/td>\nTeams needing short-term coaching\/support<\/td>\nhttps:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                                  devopssupport.in<\/td>\nDevOps support services\/training<\/td>\nOps teams needing practical support<\/td>\nhttps:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                                  \n\n\n\n
                                                                                                                                                                                  20. Top Consulting Companies<\/h2>\n\n\n\n
                                                                                                                                                                                  \n\n\n\n\n\n\n
                                                                                                                                                                                  Company<\/th>\nLikely Service Area<\/th>\nWhere They May Help<\/th>\nConsulting Use Case Examples<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                                  cotocus.com<\/td>\nCloud\/DevOps consulting<\/td>\nArchitecture reviews, reliability programs, automation<\/td>\nSet up chaos engineering guardrails; implement monitoring + stop conditions; define tagging and IAM model<\/td>\nhttps:\/\/cotocus.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                                  DevOpsSchool.com<\/td>\nDevOps consulting and enablement<\/td>\nTraining + implementation support<\/td>\nEstablish game day process; create experiment templates and operational runbooks; integrate EventBridge notifications<\/td>\nhttps:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                                  DEVOPSCONSULTING.IN<\/td>\nDevOps consulting<\/td>\nCI\/CD, ops practices, cloud governance<\/td>\nBuild repeatable resilience test workflows; align with change management; cost and security reviews<\/td>\nhttps:\/\/www.devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                                  \n\n\n\n
                                                                                                                                                                                  21. Career and Learning Roadmap<\/h2>\n\n\n\n
                                                                                                                                                                                  What to learn before AWS Fault Injection Service<\/h3>\n\n\n\n
                                                                                                                                                                                  To get real value from AWS Fault Injection Service, you should already understand:<\/p>\n\n\n\n
                                                                                                                                                                                    \n
                                                                                                                                                                                  • AWS IAM basics (roles, policies, trust relationships, least privilege)<\/li>\n
                                                                                                                                                                                  • Amazon EC2 fundamentals (instances, tags, security groups, Auto Scaling)<\/li>\n
                                                                                                                                                                                  • Amazon CloudWatch basics (metrics, alarms, dashboards)<\/li>\n
                                                                                                                                                                                  • Basic reliability concepts:<\/li>\n
                                                                                                                                                                                  • health checks<\/li>\n
                                                                                                                                                                                  • retries and timeouts<\/li>\n
                                                                                                                                                                                  • multi-AZ patterns<\/li>\n
                                                                                                                                                                                  • graceful shutdown<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                    What to learn after AWS Fault Injection Service<\/h3>\n\n\n\n
                                                                                                                                                                                    Once you can run safe experiments, level up with:<\/p>\n\n\n\n
                                                                                                                                                                                      \n
                                                                                                                                                                                    • Advanced observability (logs, metrics, traces) and SLO management<\/li>\n
                                                                                                                                                                                    • Event-driven automation with EventBridge and incident tooling<\/li>\n
                                                                                                                                                                                    • Resilience engineering frameworks:<\/li>\n
                                                                                                                                                                                    • AWS Well-Architected Reliability pillar<\/li>\n
                                                                                                                                                                                    • error budgets and release policies<\/li>\n
                                                                                                                                                                                    • Infrastructure as Code for repeatable environments (Terraform\/CloudFormation\/CDK)<\/li>\n
                                                                                                                                                                                    • For containers: Kubernetes failure modes and chaos tooling (if applicable)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                      Job roles that use it<\/h3>\n\n\n\n
                                                                                                                                                                                        \n
                                                                                                                                                                                      • Site Reliability Engineer (SRE)<\/li>\n
                                                                                                                                                                                      • DevOps Engineer \/ Platform Engineer<\/li>\n
                                                                                                                                                                                      • Cloud Solutions Architect (reliability-focused)<\/li>\n
                                                                                                                                                                                      • Operations Engineer \/ Incident Manager (for game days)<\/li>\n
                                                                                                                                                                                      • Security\/GRC engineers (governance and evidence collection)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                        Certification path (AWS)<\/h3>\n\n\n\n
                                                                                                                                                                                        AWS certifications don\u2019t typically certify a single service, but AWS Fault Injection Service aligns well with:\n– AWS Certified Solutions Architect (Associate\/Professional)\n– AWS Certified DevOps Engineer (Professional)\n– AWS Certified SysOps Administrator (Associate)<\/p>\n\n\n\n
                                                                                                                                                                                        Use AWS Fault Injection Service as a practical tool to demonstrate Reliability pillar skills during certification prep.<\/p>\n\n\n\n
                                                                                                                                                                                        Project ideas for practice<\/h3>\n\n\n\n
                                                                                                                                                                                          \n
                                                                                                                                                                                        1. Build a \u201cresilience test harness\u201d in staging:\n   – dashboard + alarms + one FIS template per tier<\/li>\n
                                                                                                                                                                                        2. Implement EventBridge notifications for experiments:\n   – Slack\/Teams via SNS or webhook bridge (implementation varies)<\/li>\n
                                                                                                                                                                                        3. Create a quarterly game day program:\n   – documented hypotheses, results, and remediation backlog<\/li>\n
                                                                                                                                                                                        4. Validate autoscaling and health checks:\n   – instance reboot experiments + measurement of recovery time<\/li>\n
                                                                                                                                                                                        5. Create IAM guardrails:\n   – least-privilege execution roles and tag-based restrictions<\/li>\n<\/ol>\n\n\n\n
                                                                                                                                                                                          \n\n\n\n
                                                                                                                                                                                          22. Glossary<\/h2>\n\n\n\n
                                                                                                                                                                                            \n
                                                                                                                                                                                          • Chaos engineering<\/strong>: The practice of intentionally injecting failures into systems to learn how they behave and improve resilience.<\/li>\n
                                                                                                                                                                                          • Experiment template<\/strong>: A reusable definition of targets, actions, and stop conditions in AWS Fault Injection Service.<\/li>\n
                                                                                                                                                                                          • Experiment<\/strong>: A single run created from an experiment template.<\/li>\n
                                                                                                                                                                                          • Target<\/strong>: The AWS resources selected for fault injection (often via tags).<\/li>\n
                                                                                                                                                                                          • Action<\/strong>: The fault injection operation performed on targets (e.g., reboot an instance).<\/li>\n
                                                                                                                                                                                          • Stop condition<\/strong>: A safety rule\u2014often a CloudWatch alarm\u2014that halts an experiment if triggered.<\/li>\n
                                                                                                                                                                                          • Blast radius<\/strong>: The scope of impact from a change or failure (how many users\/resources are affected).<\/li>\n
                                                                                                                                                                                          • SLO (Service Level Objective)<\/strong>: A defined reliability target (e.g., 99.9% availability, p95 latency < 200 ms).<\/li>\n
                                                                                                                                                                                          • Error budget<\/strong>: The allowable amount of unreliability given an SLO, used to guide release and operational decisions.<\/li>\n
                                                                                                                                                                                          • CloudWatch alarm<\/strong>: A CloudWatch construct that transitions state based on metric thresholds; used as stop conditions.<\/li>\n
                                                                                                                                                                                          • EventBridge<\/strong>: AWS event bus service used to route events (including experiment lifecycle events) to targets.<\/li>\n
                                                                                                                                                                                          • CloudTrail<\/strong>: AWS service that logs API calls for auditing and security analysis.<\/li>\n
                                                                                                                                                                                          • Least privilege<\/strong>: IAM practice of granting only the permissions required to perform a task.<\/li>\n
                                                                                                                                                                                          • Game day<\/strong>: A planned operational exercise where teams simulate incidents or run failure drills to practice response.<\/li>\n
                                                                                                                                                                                          • Runbook<\/strong>: Documented operational procedures for responding to incidents or performing tasks.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                            \n\n\n\n
                                                                                                                                                                                            23. Summary<\/h2>\n\n\n\n
                                                                                                                                                                                            AWS Fault Injection Service (AWS, Developer tools category) is a managed way to run controlled fault injection experiments against AWS workloads. It matters because reliability gaps often only appear under realistic disruptions\u2014and this service makes those disruptions repeatable, auditable, and safer through targets, IAM scoping, and stop conditions.<\/p>\n\n\n\n
                                                                                                                                                                                            Architecturally, it fits as a control-plane orchestration layer integrated with CloudWatch (alarms\/metrics), CloudTrail (audit), and EventBridge (automation). Cost is usage-based and highly influenced by indirect drivers like additional capacity, metrics\/logs, and traffic shifts\u2014so start small and measure.<\/p>\n\n\n\n
                                                                                                                                                                                            From a security perspective, success depends on least-privilege execution roles, strict tagging to control blast radius, and strong governance (CloudTrail, approvals, communication). Use it when you have clear hypotheses, measurable signals, and a rollback plan\u2014then expand from simple reversible tests (like a single instance reboot) to more realistic resilience scenarios.<\/p>\n\n\n\n
                                                                                                                                                                                            Next learning step: review the official \u201cGetting started\u201d guide, then build one experiment per critical tier in staging and run a monthly game day with documented outcomes:\nhttps:\/\/docs.aws.amazon.com\/fis\/latest\/userguide\/getting-started.html<\/p>\n","protected":false},"excerpt":{"rendered":"
                                                                                                                                                                                            Developer tools<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20,18],"tags":[],"class_list":["post-201","post","type-post","status-publish","format-standard","hentry","category-aws","category-developer-tools"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/201","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=201"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/201\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=201"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=201"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=201"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}