Skip to content

Latest commit

 

History

History
87 lines (63 loc) · 4.3 KB

aws_cloudformation_stack.md

File metadata and controls

87 lines (63 loc) · 4.3 KB
title platform
About the aws_cloudformation_stack Resource
aws

aws_cloudformation_stack

Use the aws_cloudformation_stack InSpec audit resource to test properties of a single AWS Cloud Formation Stack.

Syntax

Ensure that an aws_cloudformation_stack exists

describe aws_cloudformation_stack('stack-name') do
  it { should exist }
end

describe aws_cloudformation_stack(stack_name: 'stack-name') do
  it { should exist }
end

Parameters

stack_name (required)

This resource accepts a single parameter, the CloudFormation Stack name which uniquely identifies the stack. This can be passed either as a string or as a stack_name: 'value' key-value entry in a hash.

See also the AWS documentation on Cloud Formation.

Properties

Property Description
stack_id Unique identifier of the stack.
stack_name The name associated with the stack.
change_set_id The unique ID of the change set.
description A user-defined description associated with the stack.
parameters A list of Parameter structures.
creation_time The time at which the stack was created.
deletion_time The time the stack was deleted.
last_updated_time The time the stack was last updated.
rollback_configuration The rollback triggers for AWS CloudFormation to monitor during stack creation and updating operations, and for the specified monitoring period afterwards.
stack_status Current status of the stack.
stack_status_reason Success/failure message associated with the stack status.
drift_information Information on whether a stack's actual configuration differs, or has drifted, from it's expected configuration, as defined in the stack template and any values specified as template parameters.
disable_rollback Boolean to enable or disable rollback on stack creation failures:
notification_arns SNS topic ARNs to which stack related events are published.
timeout_in_minutes The amount of time within which stack creation should complete.
capabilities The capabilities allowed in the stack.
outputs A list of output structures.
role_arn The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that is associated with the stack.
tags A list of Tags that specify information about the stack.
enable_termination_protection Whether termination protection is enabled for the stack.
parent_id For nested stacks--stacks created as resources for another stack--the stack ID of the direct parent of this stack.
root_id For nested stacks--stacks created as resources for another stack--the stack ID of the the top-level stack to which the nested stack ultimately belongs.

Examples

Test that a CloudFormation Stack has its stack_status configured correctly
describe aws_cloudformation_stack('stack_name') do
its ('stack_status')  { should eq 'CREATE_COMPLETE' }
end

Matchers

This InSpec audit resource has no special matchers. For a full list of available matchers, please visit our Universal Matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_cloudformation_stack('AnExistingStack') do
  it { should exist }
end

describe aws_cloudformation_stack('ANonExistentStack') do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the CloudFormation:Client:DescribeStacksOutput action set to Allow.

You can find detailed documentation at Authentication and Access Control for CloudFormation