Skip to main content

aws_rds_snapshot_attributes Resource

Use the aws_rds_snapshotattributes InSpec audit resource to test the detailed properties of an individual RDS snapshot attrbutes.

For additional information, including details on parameters and properties, see the AWS documentation on RDS.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

An aws_rds_snapshot_attributes resource block uses resource parameters to search for an RDS snapshot and test the respective RDS snapshot attributes.

No error is raised if no RDS snapshots match. However, the exists matcher will return false, and all properties will be nil.

An error is raised if more than one RDS snapshot matches (due to vague search parameters).

describe aws_rds_snapshot_attributes('TEST-SNAPSHOT-ID') do
  it { should exist }
end
# Can also use hash syntax
describe aws_rds_snapshot_attributes(db_snapshot_identifier: 'TEST-SNAPSHOT-ID') do
  it { should exist }
end

Parameters

db_snapshot_identifier

This resource accepts a single parameter either as a string or a db_snapshot_identifier: 'value' key-value entry in a hash. This parameter is user-supplied DB snapshot identifier. This parameter isn’t case-sensitive and is a required parameter.

Properties

db_snapshot_identifier
The unique ID of the RDS snapshot returned.
attribute_name
The name of the attribute returned for a RDS snapshot.
attribute_values
The attribute values associated with the attribute_name.

Examples

Tests the attribute name of RDS snapshot.

describe aws_rds_snapshot-attributes(db_snapshot_identifier: 'AWSRDS123') do
  its ('attribute_name') { should eq 'restore' }
end

Tests the attribute value of attribute name for a RDS snapshot.

describe aws_rds_snapshot_attributes(db_snapshot_identifier: 'AWSRDS123').where('attribute_name' == 'restore') do
  its('attribute_values') { should_not include 'all' }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_rds_snapshot_attributes(db_snapshot_identifier: 'AnExistingRDS') do
  it { should exist }
end
describe aws_rds_snapshot_attributes(db_snapshot_identifier: 'ANonExistentRDS') do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the RDS:Client:DescribeDBSnapshotAttributesResult action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon RDS.

Edit this page on GitHub

Thank you for your feedback!

×