Skip to content

Latest commit

 

History

History
99 lines (67 loc) · 4.46 KB

aws_rds_global_cluster.md

File metadata and controls

99 lines (67 loc) · 4.46 KB
title platform
About the aws_rds_global_cluster Resource
aws

aws_rds_global_cluster

Use the aws_rds_global_cluster InSpec audit resource to test properties of a single Amazon Aurora global database cluster.

The AWS::RDS::GlobalCluster resource creates or updates an Amazon Aurora global database spread across multiple AWS Regions.

Syntax

Ensure that the global cluster exists.

describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER') do
  it { should exist }
end

Parameters

global_cluster_identifier (required)

The cluster identifier of the global database cluster.

For additional information, see the AWS documentation on the AWS::RDS::GlobalCluster resource type.

Properties

Property Description
global_cluster_identifier The list of global clusters returned by this request.
global_cluster_resource_id Contains a user-supplied global database cluster identifier. This identifier is the unique key that identifies a global database cluster.
global_cluster_arn The Amazon Web Services Region-unique, immutable identifier for the global database cluster.
status Specifies the current state of this global database cluster.
engine The Aurora database engine used by the global database cluster.
engine_version Indicates the database engine version.
database_name The default database name within the new global database cluster.
storage_encrypted The storage encryption setting for the global database cluster.
deletion_protection The deletion protection setting for the new global database cluster.
failover_state.status The current status of the Aurora global database ( GlobalCluster ).
failover_state.from_db_cluster_arn The Amazon Resource Name (ARN) of the Aurora DB cluster that is currently being demoted, and which is associated with this state.
failover_state.to_db_cluster_arn The Amazon Resource Name (ARN) of the Aurora DB cluster that is currently being promoted, and which is associated with this state.
global_cluster_members.db_cluster_arn The Amazon Resource Name (ARN) for each Aurora cluster.
global_cluster_members.readers The Amazon Resource Name (ARN) for each read-only secondary cluster associated with the Aurora global database.
global_cluster_members.is_writer Specifies whether the Aurora cluster is the primary cluster (that is, has read-write capability) for the Aurora global database with which it is associated.
global_cluster_members.global_write_forwarding_status Specifies whether a secondary cluster in an Aurora global database has write forwarding enabled, not enabled, or is in the process of enabling it.

Examples

Ensure a DB global cluster is available.

describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER'') do
  its('global_cluster_resource_id') { should eq 'GLOBAL_CLUSTER_ID' }
end

Ensure a global cluster engine is available.

describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER'') do
  its('engine') { should eq 'ENGINE' }
end

Ensure a status is available.

describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER'') do
  its('status') { should eq 'available' }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.

The controls will pass if the describe method returns at least one result.

exist

Use should to test that the entity exists.

describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER'') do
  it { should exist }
end

Use should_not to test the entity does not exist.

describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER'') do
  it { should_not exist }
end

be_available

Use should to check if the entity is available.

describe aws_rds_global_cluster(global_cluster_identifier: 'GLOBAL_CLUSTER_IDENTIFIER') do
  it { should be_available }
end

AWS Permissions

Your Principal will need the RDS:Client:DescribeGlobalClustersMessage action with Effect set to Allow.