aws_rds_db_cluster_snapshots Resource
Use the aws_rds_db_cluster_snapshots
InSpec audit resource to test the properties of a single specific AWS RDS Cluster snapshot.
For additional information, including details on parameters and properties, see the AWS documentation on AWS RDS Cluster Snapshot..
Installation
This resource is available in the Chef InSpec AWS resource pack.
See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.
Syntax
Ensure that the cluster snapshot exists.
describe aws_rds_db_cluster_snapshots do
it { should exist }
end
Parameters
This resource does not require any parameters.
Properties
availability_zones
- Provides the list of EC2 Availability Zones instances in the DB cluster snapshot that can be restored.
Field:
availability_zone
db_cluster_snapshot_identifiers
- Specifies the identifier for the DB cluster snapshot.
Field:
db_cluster_snapshot_identifier
db_cluster_identifiers
- Specifies the identifier of the DB cluster from which the DB cluster snapshot is created.
Field:
db_cluster_identifier
snapshot_create_times
- Provides the time when the snapshot is taken, in Universal Coordinated Time (UTC).
Field:
snapshot_create_time
engines
- Specifies the name of the database engine.
Field:
engine
allocated_storages
- Specifies the allocated storage size in Gibibytes (GiB).
Field:
allocated_storage
statuses
- Specifies the status of this DB cluster snapshot.
Field:
status
ports
- Specifies the port where the DB cluster is listening at the time of the snapshot.
Field:
port
vpc_ids
- Provides the VPC ID associated with the DB cluster snapshot.
Field:
vpc_id
cluster_create_times
- Specifies the time when the DB cluster is created, in Universal Coordinated Time (UTC).
Field:
cluster_create_time
master_usernames
- Provides the master username for the DB cluster snapshot.
Field:
master_username
engine_versions
- Provides the database engine version for the DB cluster snapshot.
Field:
engine_version
license_models
- Provides the license model information for the DB cluster snapshot.
Field:
license_model
snapshot_types
- Provides the DB cluster snapshot type.
Field:
snapshot_type
percent_progresses
- Specifies the percentage of the estimated data that is transferred.
Field:
percent_progress
storage_encrypted
- Specifies whether the DB cluster snapshot is encrypted.
Field:
storage_encrypted
kms_key_ids
- If
StorageEncrypted
is true, the AWS Key Management Service (AWS KMS) identifier for the encrypted DB cluster snapshot is set to protect the data. Field:
kms_key_id
db_cluster_snapshot_arns
- The Amazon Resource Name (ARN) for the DB cluster snapshot.
Field:
db_cluster_snapshot_arn
source_db_cluster_snapshot_arns
- If the DB cluster snapshot is copied from a source DB cluster snapshot, the Amazon Resource Name (ARN) for the source DB cluster snapshot is associated, otherwise a null value is stored for the source DB cluster snapsot ARN.
Field:
source_db_cluster_snapshot_arn
iam_database_authentication_enabled
True
, if the mapping of the AWS Identity and Access Management (IAM) corresponds to database accounts are enabled, and otherwiseFalse
.Field:
iam_database_authentication_enabled
tag_lists
- The related tags.
Field:
tag_list
Examples
Ensure a cluster snapshot id is available.
describe aws_rds_db_cluster_snapshots do
its('db_cluster_snapshot_ids') { should include 'CLUSTER_ID' }
end
Ensure that the state is available
.
describe aws_rds_db_cluster_snapshots do
its('statuses') { should include 'available' }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.
The control passes if the describe
method returns at least one result.
exist
Use should
to test that the entity exists.
describe aws_rds_db_cluster_snapshots do
it { should exist }
end
Use should_not
to test the entity does not exist.
describe aws_rds_db_cluster_snapshots do
it { should_not exist }
end
be_available
Use should
to check if the entity is available.
describe aws_rds_db_cluster_snapshots do
it { should be_available }
end
AWS Permissions
Your Principal will need the RDS:Client:DBClusterSnapshotMessage
action with Effect
set to Allow
.