Skip to main content

aws_cloudwatch_log_group Resource

Use the aws_cloudwatch_log_group InSpec audit resource to test properties of a single AWS CloudWatch Log Group.

For additional information, including details on parameters and properties, see the AWS documentation on CloudWatch Logs.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

Ensure that an aws_cloudwatch_log_group exists

describe aws_cloudwatch_log_group('my_log_group') do
  it { should exist }
end
describe aws_cloudwatch_log_group(log_group_name: 'my_log_group') do
  it { should exist }
end

Parameters

log_group_name (required)

This resource accepts a single parameter, the log group name which uniquely identifies the CloudWatch Log Group. This can be passed either as a string or as a log_group_name: 'value' key-value entry in a hash.

limit (optional)

This resource accepts a single parameter, an integer representing the number of results allowed to return. If not passed, in, this defaults to 1, which will only return the first match to the log_group_name. This can be passed as a limit: 'value' key-value entry in a hash.

Properties

retention_in_days
The number of days to retain the log events in the specified log group.
kms_key_id
The Amazon Resource Name (ARN) of the CMK to use when encrypting log data.
tags
The tags for the log group.

Examples

Test tags on the CloudWatch Log Group.

describe aws_cloudwatch_log_group('my_log_group') do
  its('tags') { should include(:Environment => 'env-name',
                               :Name => 'my_log_group')}
end

AWS Permissions

Your Principal will need the CloudWatchLogs:Client:DescribeLogGroupsResponse and CloudWatchLogs:Client:ListTagsLogGroupResponse actions with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon CloudWatch Logs.

Edit this page on GitHub

Thank you for your feedback!

×









Search Results