Skip to main content

aws_cloudwatch_alarm resource

Use the aws_cloudwatch_alarm InSpec audit resource to test properties of a single CloudWatch alarm.

If more than one alarm matches, an error will be raised.

Syntax

Ensure an alarm exists:

aws_cloudwatch_alarm(metric_name: 'my-metric-name', metric_namespace: 'my-metric-namespace') do
  it { should exist }
end

Parameters

metric_name (required)

The metric name used by this alarm. This must be passed as a metric_name: 'value' key-value entry in a hash.

metric_namespace (required)

The metric namespace used by this alarm. This must be passed as a metric_namespace: 'value' key-value entry in a hash.

dimensions (optional)

The dimensions associated with this alarm. This must be passed as an array of hashes dimensions: [{key:'value'}] .

Properties

alarm_actions
The actions to execute when this alarm transitions to the ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN).
alarm_name
The name of the alarm.
metric_name
The name of the metric.
metric_namespace
The namespace of the metric.

Examples

Ensure an Alarm has at least one alarm action:

describe aws_cloudwatch_alarm(metric_name: 'my-metric-name', metric_namespace: 'my-metric-namespace') do
  its('alarm_actions') { should_not be_empty }
end

Ensure an Alarm with Dimensions exists:

describe aws_cloudwatch_alarm(metric_name: 'my-metric-name', metric_namespace: 'my-metric-namespace', dimensions: [{key: 'value'}]) do
  it { should exist }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_cloudwatch_alarm(metric_name: 'good-metric', metric_namespace: 'my-metric-namespace') do
  it { should exist }
end

describe aws_cloudwatch_alarm(metric_name: 'bed-metric', metric_namespace: 'my-metric-namespace') do
  it { should_not exist }
end

AWS Permissions

Your AWS principal will need the CloudWatch:Client:DescribeAlarmsForMetricOutput action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon CloudWatch.

Thank you for your feedback!

×