Skip to main content

aws_cloudwatch_alarm Resource

Use the aws_cloudwatch_alarm InSpec audit resource to test properties of a single CloudWatch Alarm.

If more than one Alarm matches, an error will be raised.


This resource is available in the Chef InSpec AWS resource pack.

See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.


Ensure an Alarm exists.

aws_cloudwatch_alarm(metric_name: 'my-metric-name', metric_namespace: 'my-metric-namespace') do
  it { should exist }


metric_name (required)

The metric name used by this alarm. This must be passed as a metric_name: 'value' key-value entry in a hash.

metric_namespace (required)

The metric namespace used by this alarm. This must be passed as a metric_namespace: 'value' key-value entry in a hash.

dimensions (optional)

The dimensions associated with this alarm. This must be passed as an array of hashes dimensions: [{key:'value'}] .


The actions to execute when this alarm transitions to the ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN).
The name of the alarm.
The name of the metric.
The namespace of the metric.


Ensure an Alarm has at least one alarm action.

describe aws_cloudwatch_alarm(metric_name: 'my-metric-name', metric_namespace: 'my-metric-namespace') do
  its('alarm_actions') { should_not be_empty }

Ensure an Alarm with Dimensions exists.

describe aws_cloudwatch_alarm(metric_name: 'my-metric-name', metric_namespace: 'my-metric-namespace', dimensions: [{key: 'value'}]) do
  it { should exist }


This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.


The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_cloudwatch_alarm(metric_name: 'good-metric', metric_namespace: 'my-metric-namespace') do
  it { should exist }
describe aws_cloudwatch_alarm(metric_name: 'bed-metric', metric_namespace: 'my-metric-namespace') do
  it { should_not exist }

AWS Permissions

Your Principal will need the CloudWatch:Client:DescribeAlarmsForMetricOutput action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon CloudWatch.

Edit this page on GitHub.

Thank you for your feedback!


Search Results