Skip to main content

aws_cloudfront_realtime_log_config resource

Use the aws_cloudfront_realtime_log_config InSpec audit resource to test properties of a single specific AWS CloudFront real-time log configuration.

The AWS::CloudFront::RealtimeLogConfig resource creates a real-time log configuration.

For additional information, including details on parameters and properties, see the AWS documentation on AWS CloudFront RealtimeLogConfig..

Syntax

Ensure that the config exists.

describe aws_cloudfront_realtime_log_config(name: 'CONFIG_NAME') do
  it { should exist }
end

Parameters

name (required)

The unique name of this real-time log configuration.

Properties

arn
The Amazon Resource Name (ARN) of this real-time log configuration.
name
The unique name of this real-time log configuration.
sampling_rate
The sampling rate for this real-time log configuration.
end_points
Contains information about the Amazon Kinesis data stream where you are sending real-time log data for this real-time log configuration.
end_points_stream_types
The type of data stream where you are sending real-time log data. The only valid value is Kinesis.
end_points_kinesis_stream_config_role_arns
The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that CloudFront can use to send real-time log data to your Kinesis data stream.
end_points_kinesis_stream_config_stream_arns
The Amazon Resource Name (ARN) of the Kinesis data stream where you are sending real-time log data.
fields
A list of fields that are included in each real-time log record.

Examples

Ensure an ARN is available:

describe aws_cloudfront_realtime_log_config(name: 'CONFIG_NAME') do
  its('arn') { should eq 'ARN' }
end

Ensure a name is available:

describe aws_cloudfront_realtime_log_config(name: 'CONFIG_NAME') do
    its('name') { should eq 'CONFIG_NAME' }
end

Ensure a stream type is Kinesis:

describe aws_cloudfront_realtime_log_config(name: 'CONFIG_NAME') do
    its('end_points_stream_types') { should include 'Kinesis' }
end

Ensure a stream ARN is available:

describe aws_cloudfront_realtime_log_config(name: 'CONFIG_NAME') do
    its('end_points_kinesis_stream_config_stream_arns') { should include 'STREAM_ARN' }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exist

Use should to test that the entity exists.

describe aws_cloudfront_realtime_log_config(name: 'CONFIG_NAME') do
  it { should exist }
end

Use should_not to test the entity does not exist.

describe aws_cloudfront_realtime_log_config(name: 'CONFIG_NAME') do
  it { should_not exist }
end

be_available

Use should to check if the entity is available.

describe aws_cloudfront_realtime_log_config(name: 'CONFIG_NAME') do
  it { should be_available }
end

AWS Permissions

Your AWS principal will need the CloudFront:Client:GetRealtimeLogConfigResult action with Effect set to Allow.

Thank you for your feedback!

×