Skip to main content

aws_sqs_queue Resource

Use the aws_sqs_queue InSpec audit resource to test properties of a single AWS Simple Queue Service queue.

For additional information, including details on parameters and properties, see the AWS documentation on SQS.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

describe aws_sqs_queue(queue_url: 'https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
  it { should exist }
end

Parameters

queue_url (required)

This resource accepts a single parameter, the SQS Queue URL. This can be passed either as a string or as a queue_url: 'value' key-value entry in a hash.

Properties

arn
The ARN of the SQS Queue.
is_fifo_queue
A boolean value indicate if this queue is a FIFO queue.
visibility_timeout
An integer indicating the visibility timeout of the message in seconds.
maximum_message_size
An integer indicating the maximum message size in bytes.
message_retention_period
An integer indicating the maximum retention period for a message in seconds.
delay_seconds
An integer indicating the delay in seconds for the queue.
receive_message_wait_timeout_seconds
An integer indicating the number of seconds an attempt to recieve a message will wait before returning.
content_based_deduplication
A boolean value indicate if content based deduplication is enabled or not.
redrive_policy
A string indicating the redrive policy.
kms_master_id
Provides the ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK.
kms_data_key_reuse_period_seconds
Returns the length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again.
sqs_managed_enabled
Returns information about whether the queue is using SSE-SQS encryption using SQS-owned encryption keys.
policy
Returns the policy of the queue.

Examples

Ensure that a queue exists and has a visibility timeout of 300 seconds.

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
  it { should exist }
  its('visibility_timeout') { should be 300 }
end

Ensure maximum message size is set.

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
**256 KB      .**

end

Test the delay time .

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
    its('delay_seconds') { should be 0 }
end

Ensure messages are retained for 4 days.

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
**4 days.**

end

Check if queue is fifo.

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
    its('is_fifo_queue') { should be false }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exist

The control will pass if the describe returns at least one result.

Use should to test the entity should exist.

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
  it { should exist }
end

Use should_not to test the entity should not exist.

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueueWhichDoesntExist') do
  it { should_not exist }
end

policy_statement_principal_all_permissions_enabled

The control will pass if at least one Principal has all permissions enabled.

Use should to test when a Principal with all permissions should exist.

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
  it { should be_policy_statement_principal_all_permissions_enabled }
end

Use should_not to test that a Principal with all permissions should not exist.

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueueWhichDoesntExist') do
  it { should_not be_policy_statement_principal_all_permissions_enabled }
end

policy_statement_action_all_permissions_enabled

The control will pass if at least one action has all permissions enabled.

Use should to test that at least one action has all permissions enabled should exist.

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
  it { should be_policy_statement_action_all_permissions_enabled }
end
```ruby
describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueueWhichDoesntExist') do
  it { should_not be_policy_statement_action_all_permissions_enabled }
end

AWS Permissions

Your Principal will need the SQS:Client:GetQueueAttributesResult action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon SQS.

Edit this page on GitHub

Thank you for your feedback!

×