Skip to content

AWS Smoke Tests

Smoke tests answer one question: is the deployed environment basically alive? They're the first thing to run after a deployment.

Running the smoke test

scripts/aws/smoke-test.sh dev

If Terraform is installed, the script automatically reads the API base URL from Terraform outputs. To override:

API_BASE_URL=https://api.dev.vega.example.com scripts/aws/smoke-test.sh dev

What the smoke test checks

  1. API healthGET /v1/healthz returns 200. This confirms the API container is running and the process is alive.
  2. LLM proxy healthGET /healthz on the proxy returns 200. This runs only if LLM_PROXY_BASE_URL is set.

What a passing smoke test does NOT prove

A healthy /v1/healthz response means the API process is up. It does not prove:

  • Postgres is connected and migrations are applied (/v1/readyz checks this)
  • SQS is receiving and delivering messages
  • The worker is running and consuming scans
  • Runner tasks can be launched
  • The scan engine completes successfully
  • Findings persist correctly

For deeper validation, run a workflow smoke test manually: 1. Log in 2. Create a project and repository 3. Run a small scan 4. Wait for it to complete 5. Verify findings appear

This end-to-end test is currently manual. Automating it would give much higher confidence in a deployment.

Using /v1/readyz for deeper checks

GET /v1/readyz performs a readiness check that tries to reach Postgres and S3. A 503 response tells you which dependency is unreachable. Run it after a deployment:

curl -s https://api.dev.vega.example.com/v1/readyz

A 200 response with a JSON body showing all dependencies healthy means the API is fully operational.