aws_cloudwatch_alarm Resource
Use the aws_cloudwatch_alarm
InSpec audit resource to test properties of a single CloudWatch Alarm.
If more than one Alarm matches, an error will be raised.
Installation
This resource is available in the Chef InSpec AWS resource pack.
See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.
Syntax
Ensure an Alarm exists.
aws_cloudwatch_alarm(metric_name: 'my-metric-name', metric_namespace: 'my-metric-namespace') do
it { should exist }
end
Parameters
metric_name
(required)The metric name used by this alarm. This must be passed as a
metric_name: 'value'
key-value entry in a hash.metric_namespace
(required)The metric namespace used by this alarm. This must be passed as a
metric_namespace: 'value'
key-value entry in a hash.dimensions
(optional)The dimensions associated with this alarm. This must be passed as an array of hashes
dimensions: [{key:'value'}]
.
Properties
alarm_actions
- The actions to execute when this alarm transitions to the ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN).
alarm_name
- The name of the alarm.
metric_name
- The name of the metric.
metric_namespace
- The namespace of the metric.
Examples
Ensure an Alarm has at least one alarm action.
describe aws_cloudwatch_alarm(metric_name: 'my-metric-name', metric_namespace: 'my-metric-namespace') do
its('alarm_actions') { should_not be_empty }
end
Ensure an Alarm with Dimensions exists.
describe aws_cloudwatch_alarm(metric_name: 'my-metric-name', metric_namespace: 'my-metric-namespace', dimensions: [{key: 'value'}]) do
it { should exist }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.
exist
The control will pass if the describe returns at least one result.
Use should_not
to test the entity should not exist.
describe aws_cloudwatch_alarm(metric_name: 'good-metric', metric_namespace: 'my-metric-namespace') do
it { should exist }
end
describe aws_cloudwatch_alarm(metric_name: 'bed-metric', metric_namespace: 'my-metric-namespace') do
it { should_not exist }
end
AWS Permissions
Your Principal will need the CloudWatch:Client:DescribeAlarmsForMetricOutput
action with Effect
set to Allow
.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon CloudWatch.