title | platform |
---|---|
About the aws_rds_global_cluster Resource |
aws |
Use the aws_rds_global_cluster
InSpec audit resource to test properties of a single Amazon Aurora global database cluster.
The AWS::RDS::GlobalCluster
resource creates or updates an Amazon Aurora global database spread across multiple AWS Regions.
Ensure that the global cluster exists.
describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER') do
it { should exist }
end
global_cluster_identifier
(required)
The cluster identifier of the global database cluster.
For additional information, see the AWS documentation on the AWS::RDS::GlobalCluster
resource type.
Property | Description |
---|---|
global_cluster_identifier | The list of global clusters returned by this request. |
global_cluster_resource_id | Contains a user-supplied global database cluster identifier. This identifier is the unique key that identifies a global database cluster. |
global_cluster_arn | The Amazon Web Services Region-unique, immutable identifier for the global database cluster. |
status | Specifies the current state of this global database cluster. |
engine | The Aurora database engine used by the global database cluster. |
engine_version | Indicates the database engine version. |
database_name | The default database name within the new global database cluster. |
storage_encrypted | The storage encryption setting for the global database cluster. |
deletion_protection | The deletion protection setting for the new global database cluster. |
failover_state.status | The current status of the Aurora global database ( GlobalCluster ). |
failover_state.from_db_cluster_arn | The Amazon Resource Name (ARN) of the Aurora DB cluster that is currently being demoted, and which is associated with this state. |
failover_state.to_db_cluster_arn | The Amazon Resource Name (ARN) of the Aurora DB cluster that is currently being promoted, and which is associated with this state. |
global_cluster_members.db_cluster_arn | The Amazon Resource Name (ARN) for each Aurora cluster. |
global_cluster_members.readers | The Amazon Resource Name (ARN) for each read-only secondary cluster associated with the Aurora global database. |
global_cluster_members.is_writer | Specifies whether the Aurora cluster is the primary cluster (that is, has read-write capability) for the Aurora global database with which it is associated. |
global_cluster_members.global_write_forwarding_status | Specifies whether a secondary cluster in an Aurora global database has write forwarding enabled, not enabled, or is in the process of enabling it. |
describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER'') do
its('global_cluster_resource_id') { should eq 'GLOBAL_CLUSTER_ID' }
end
describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER'') do
its('engine') { should eq 'ENGINE' }
end
describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER'') do
its('status') { should eq 'available' }
end
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.
The controls will pass if the describe
method returns at least one result.
Use should
to test that the entity exists.
describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER'') do
it { should exist }
end
Use should_not
to test the entity does not exist.
describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER'') do
it { should_not exist }
end
Use should
to check if the entity is available.
describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER') do
it { should be_available }
end
Your Principal will need the RDS:Client:DescribeGlobalClustersMessage
action with Effect
set to Allow
.