aws_cloudwatch_log_metric_filter
Use the aws_cloudwatch_log_metric_filter
InSpec audit resource to search for and test properties of individual AWS Cloudwatch Log Metric Filters.
Syntax
describe aws_cloudwatch_log_metric_filter(filter_name: 'my-filter', log_group_name: 'my-log-group') do
it { should exist }
end
describe aws_cloudwatch_log_metric_filter(log_group_name: 'my-log-group', pattern: 'my-filter') do
it { should exist }
end
Parameters
Note: While all parameters are optional, at least one must be provided. In practice, the more parameters you provide the narrower a result you will return.
filtername _(optional)
The name of the Log Metric Filter. Expected in a hash as filter_name: 'value'
.
loggroupname (optional)
The log group of the filter. Expected in a hash as log_group_name: 'value'
.
pattern (optional)
A pattern by which to narrow down the result-set, if you expect multiple results. Expected in a hash as pattern: 'value'
.
See also the AWS documentation on CloudWatch.
Properties
Property | Description |
---|---|
filter_name | The name of the metric filter. |
loggroupname | The name of the log group. |
metric_name | The name of the metric. |
metric_namespace | The namespace of the metric. |
pattern | A symbolic description of how CloudWatch Logs should interpret the data in each log event. For example, a log event may contain timestamps, IP addresses, strings, and so on. You use the filter pattern to specify what to look for in the log event message. |
Examples
Ensure a Filter exists
describe aws_cloudwatch_log_metric_filter(filter_name: 'my-filter', log_group_name: 'my-log-group') do
it { should exist }
end
Ensure a Filter exists for a specific pattern
describe aws_cloudwatch_log_metric_filter(pattern: '"ERROR" - "Exiting"') do
it { should exist }
end
Check the name of a Filter
describe aws_cloudwatch_log_metric_filter(log_group_name: 'app-log-group', pattern: 'KERBLEWIE') do
its('filter_name') { should eq 'kaboom_lmf' }
end
Check the Log Group name of a Filter
describe aws_cloudwatch_log_metric_filter(filter_name: 'error-watcher') do
its('log_group_name') { should eq 'app-log-group' }
end
Check a filter has the correct pattern
describe aws_cloudwatch_log_metric_filter(filter_name: 'error-watcher', log_group_name: 'app-log-group') do
its('pattern') { should cmp 'ERROR' }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.
exist
The control will pass if the describe returns at least one result.
Use should_not
to test the entity should not exist.
describe aws_cloudwatch_log_metric_filter(log_group_name: 'my-log-group') do
it { should exist }
end
describe aws_cloudwatch_log_metric_filter(log_group_name: 'i-dont-exist') do
it { should_not exist }
end
AWS Permissions
Your Principal will need the cloudwatch:DescribeAlarmsForMetric
action with Effect set to Allow.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon CloudWatch.