Skip to main content

aws_cloud_formation_stack_sets Resource

Use the aws_cloud_formation_stack_sets InSpec audit resource to test properties of multiple AWS Cloud Formation stack sets.

For additional information, including details on parameters and properties, see the AWS documentation on AWS CloudFormation Stack Set..

Installation

This resource is available in the Chef InSpec AWS resource pack.

See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.

Syntax

Ensure that the stack set exists.

describe aws_cloud_formation_stack_sets do
  it { should exist }
end

Parameters

This resource does not require any parameters.

Properties

stack_set_names
The name of the stack set.

Field: stack_set_name

stack_set_ids
The ID of the stack set.

Field: stack_set_ids

descriptions
A description of the stack set that you specify when the stack set is created or updated.

Field: description

status
The status of the stack set.

Field: status

auto_deployments
Describes whether StackSets automatically deploys to Organizations accounts that are added to a target organizational unit (OU).

Field: auto_deployment

permission_models
Describes how the IAM roles required for stack set operations are created.

Field: permission_model

drift_statuses
Status of the stack set’s actual configuration compared to its expected template and parameter configuration.

Field: drift_status

last_drift_check_timestamps
Most recent time when CloudFormation performed a drift detection operation on the stack set.

Field: last_drift_check_timestamp

Examples

Verify that a stack set ID is available.

describe aws_cloud_formation_stack_sets do
  its('stack_set_ids') { should include 'STACK_SET_ID' }
end

Verify the descriptions of the stack set.

describe aws_cloud_formation_stack_sets do
    its('descriptions') { should include 'DESCRIPTION_STRING'}
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.

The controls will pass if the list method returns at least one result.

exist

Use should to test that the entity exists.

describe aws_cloud_formation_stack_sets do
  it { should exist }
end

Use should_not to test the entity does not exist.

describe aws_cloud_formation_stack_sets do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the CloudFormation:Client:ListStackSetsOutput action with Effect set to Allow.

Edit this page on GitHub

Thank you for your feedback!

×









Search Results