aws_cloudformation_stacks Resource
Use the aws_cloudformation_stacks
InSpec audit resource to test properties of an AWS CloudFormation stack in bulk.
Install
This resource is available in the Chef InSpec AWS resource pack.
For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.
Syntax
Ensure that aws_cloudformation_stacks
exists
describe aws_cloudformation_stacks do
it { should exist }
end
See the AWS documentation on CloudFormation for additional information.
Parameters
This resource does not require any parameters.
Properties
stack_name
- The name associated with the stack.
stack_id
- Unique identifier of the stack.
creation_time
- The time at which the stack was created.
notification_arns
- SNS topic ARNs to which stack related events are published.
role_arn
- The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that is associated with the stack.
parent_id
- For nested stacks–stacks created as resources for another stack–the stack ID of the direct parent of this stack.
root_id
- For nested stacks–stacks created as resources for another stack–the stack ID of the top-level stack to which the nested stack ultimately belongs.
Examples
Request the names of all CloudFormation stacks, then test in-depth using the aws_cloudformation_stack resource.
aws_cloudformation_stacks.names.each do |stack|
describe aws_cloudformation_stack(stack_name: stack) do
it { should exist }
its ('notification_arns') { should_not be_empty}
its ('stack_status') { should eq 'CREATE_COMPLETE' }
end
end
Request the names of all CloudFormation stacks created at a certain time, then test in-depth using the aws_cloudformation_stack resource.
aws_cloudformation_stacks.where(creation_time: 'creation time') do |stack|
describe aws_cloudformation_stack(stack) do
it { should exist }
end
end
Matchers
For a full list of available matchers, see our Universal Matchers page.This resource has the following special matchers.
exist
The control will pass if the describe returns at least one result.
describe aws_cloudformation_stacks do
it { should exist }
end
Use should_not
to test that an entity should not exist.
describe aws_cloudformation_stacks do
it { should_not exist }
end
AWS Permissions
Your Principal will need the CloudFormation:Client:DescribeStacksOutput
action with Effect
set to Allow
.
You can find detailed documentation at Authentication and Access Control for CloudFormation