title | platform |
---|---|
About the aws_cloudwatch_alarm Resource |
aws |
Use the aws_cloudwatch_alarm
InSpec audit resource to test properties of a single CloudWatch Alarm.
If more than one Alarm matches, an error will be raised.
aws_cloudwatch_alarm(metric_name: 'my-metric-name', metric_namespace: 'my-metric-namespace') do
it { should exist }
end
The metric name used by this alarm. This must be passed as a metric_name: 'value'
key-value entry in a hash.
The metric namespace used by this alarm. This must be passed as a metric_namespace: 'value'
key-value entry in a hash.
The dimensions associated with this alarm. This must be passed as an array of hashes dimensions: [{key:'value'}]
.
Property | Description |
---|---|
alarm_actions | The actions to execute when this alarm transitions to the ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). |
alarm_name | The name of the alarm. |
metric_name | The name of the metric. |
metric_namespace | The namespace of the metric. |
describe aws_cloudwatch_alarm(metric_name: 'my-metric-name', metric_namespace: 'my-metric-namespace') do
its('alarm_actions') { should_not be_empty }
end
describe aws_cloudwatch_alarm(metric_name: 'my-metric-name', metric_namespace: 'my-metric-namespace', dimensions: [{key: 'value'}]) do
it { should exist }
end
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.
The control will pass if the describe returns at least one result.
Use should_not
to test the entity should not exist.
describe aws_cloudwatch_alarm(metric_name: 'good-metric', metric_namespace: 'my-metric-namespace') do
it { should exist }
end
describe aws_cloudwatch_alarm(metric_name: 'bed-metric', metric_namespace: 'my-metric-namespace') do
it { should_not exist }
end
Your Principal will need the CloudWatch:Client:DescribeAlarmsForMetricOutput
action with Effect set to Allow.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon CloudWatch.