aws_ecs_clusters

Use the aws_ecs_clusters InSpec audit resource to test properties of some or all AWS ECS Clusters.

Syntax

An aws_ecs_clusters resource block returns all ECS Clusters and allows the testing of that group of Clusters.

describe aws_ecs_clusters do
  its('cluster_names') { should include 'cluster-root' }
end

Parameters

This resource does not expect any parameters.

See also the AWS documentation on ECS Clusters.

Properties

Property Description
cluster_arn The Amazon Resource Name (ARN) that identifies the cluster.
cluster_name A user-generated string that you use to identify your cluster.
status The status of the cluster.
running_tasks_count The number of tasks in the cluster that are in the RUNNING state.
pending_tasks_count The number of tasks in the cluster that are in the PENDING state.
active_services_count The number of services that are running on the cluster in an ACTIVE state.
registered_container_instances_count The number of container instances registered into the cluster. This includes container instances in both ACTIVE and DRAINING status.
statistics Additional information about your clusters that are separated by launch type.
entries Provides access to the raw results of the query, which can be treated as an array of hashes.

Examples

Ensure there are no Clusters in an undesired state.
  describe aws_ecs_clusters do
    it                   { should exist }
    its('statuses')      { should_not include 'UNDESIRED-STATUS'}
    its('cluster_names') { should include 'SQL-cluster' }
  end

Matchers

For a full list of available matchers, please visit our matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_ecs_clusters.where( <property>: <value>) do
  it { should exist }
end

describe aws_ecs_clusters.where( <property>: <value>) do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the ecs:ListClusters & ecs:DescribeClusters action set to allow.