Skip to main content

aws_cloudwatch_composite_alarms Resource

Use the aws_cloudwatch_composite_alarms InSpec audit resource to test properties of multiple AWS CloudWatch composite alarms.

The AWS::CloudWatch::CompositeAlarm resource type creates or updates a composite alarm. When you create a composite alarm, you specify a rule expression for the alarm that takes into account the alarm states of other alarms that you have created. The composite alarm goes into ALARM state only if all conditions of the rule are met.

For additional information, including details on parameters and properties, see the AWS documentation on AWS CloudWatch composite alarm..

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

Ensure that the alarms exists.

describe aws_cloudwatch_composite_alarms do
  it { should exist }
end

Parameters

This resource does not require any parameters.

Properties

actions_enabled
Indicates whether actions should be executed during any changes to the alarm state.

Field: actions_enabled

alarm_actions
The actions to execute when this alarm transitions to the ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN).

Field: alarm_actions

alarm_arns
The Amazon Resource Name (ARN) of the alarm.

Field: alarm_arn

alarm_configuration_updated_timestamp
The time stamp of the last update to the alarm configuration.

Field: alarm_configuration_updated_timestamp

alarm_descriptions
The description of the alarm.

Field: alarm_description

alarm_names
The name of the alarm.

Field: alarm_name

alarm_rules
The rule that this alarm uses to evaluate its alarm state.

Field: alarm_rule

insufficient_data_actions
The actions to execute when this alarm transitions to the INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN).

Field: insufficient_data_actions

ok_actions
The actions to execute when this alarm transitions to the OK state from any other state. Each action is specified as an Amazon Resource Name (ARN).

Field: ok_actions

state_reasons
An explanation for the alarm state, in text format.

Field: state_reason

state_reason_data
An explanation for the alarm state, in JSON format.

Field: state_reason_data

state_updated_timestamp
The time stamp of the last update to the alarm state.

Field: state_updated_timestamp

state_values
The state value for the alarm.

Field: state_value

Examples

Ensure an actions is enabled.

describe aws_cloudwatch_composite_alarms do
  its('actions_enabled') { should include true }
end

Ensure an alarm arn is available.

describe aws_cloudwatch_composite_alarms do
    its('alarm_arns') { should include 'ALARM_ARN' }
end

Ensure an alarm name is available.

describe aws_cloudwatch_composite_alarms do
    its('alarm_names') { should include 'ALARM_NAME' }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

The controls will pass if the describe method returns at least one result.

exist

Use should to test that the entity exists.

describe aws_cloudwatch_composite_alarms do
  it { should exist }
end

Use should_not to test that an entity does not exist.

describe aws_cloudwatch_composite_alarms do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the CloudWatch:Client:DescribeAlarmsOutput action with Effect set to Allow.

Edit this page on GitHub

Thank you for your feedback!

×