aws_ecs_cluster

Use the aws_ecs_cluster InSpec audit resource to test properties of a single AWS ECS Cluster.

Syntax

An aws_ecs_cluster resource block declares the tests for a single AWS ECS Cluster by cluster name.

describe aws_ecs_cluser(cluster_name: 'cluster-8') do
  it             { should exist }
end

Parameters

If no parameters are passed, the resource will attempt to retrieve the default ECS Cluster.

cluster_name (optional)

This resource accepts a single parameter, the Cluster Name. This can be passed either as a string or as a cluster_name: 'value' key-value entry in a hash.

See also the AWS documentation on ECS Clusters.

Properties

Property Description
cluster_arn The Amazon Resource Name (ARN) that identifies the cluster.
cluster_name A user-generated string that you use to identify your cluster.
status The status of the cluster.
running_tasks_count The number of tasks in the cluster that are in the RUNNING state.
pending_tasks_count The number of tasks in the cluster that are in the PENDING state.
active_services_count The number of services that are running on the cluster in an ACTIVE state.
registered_container_instances_count The number of container instances registered into the cluster. This includes container instances in both ACTIVE and DRAINING status.
statistics Additional information about your clusters that are separated by launch type.

Examples

Test that an ECS Cluster does not exist
describe aws_ecs_cluster(cluster_name: 'invalid-cluster') do
  it    { should_not exist }
end
Test that an ECS Cluster is active
describe aws_ecs_cluster('cluster-8') do
  its ('status') { should eq 'ACTIVE' }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_ecs_cluster('cluster-8') do
  it { should exist }
end

describe aws_ecs_cluster('cluster-9') do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the ec2:DescribeClusters action set to allow.