aws_launch_configuration

Use the aws_launch_configuration InSpec audit resource to test properties of a single AWS Launch Configuration.

Syntax

# Ensure that a launch configuration exists and has the correct key name
describe aws_launch_configuration('my-config') do
  it              { should exist }
  its('key_name') { should be 'my-key-name' }
end

# You may also use hash syntax to pass the launch configuration name
describe aws_launch_configuration(launch_configuration_name: 'my-config') do
  it              { should exist }
end

Parameters

launch_configuration_name (required)

This resource expects a single parameter, the launch_configuration_name which uniquely identifies the of a Launch Configuration.

See also the AWS documentation on Launch Configurations.

Properties

Property Description
arn An string indicating the ARN of the launch configuration
image_id An string indicating the AMI of the launch configuration
instance_type A string indicating the instance type of the launch configuration
iam_instance_profile A string indicating the IAM profile for the launch configuration
key_name A string indicating the AWS key pair for the launch configuration
security_groups An array of strings of the security group IDs associated with the launch configuration
associate_public_ip_address A boolean indicating if the launch configuration is configured to set a public IP address
user_data A string containing the user data configured for the launch configuration
ebs_optimized A boolean indicating if the launch configuration is optimized for Amazon EBS
instance_monitoring A string indicating if instance monitoring is set to detailed or basic
spot_price A floating point number indicating the spot price configured

Examples

Ensure a Launch Config is using the correct AMI
describe aws_launch_configuration('my-config') do
  its('image_id') { should eq 'ami-012345'}
end
Test the instance type used in a Launch Config
describe aws_launch_configuration('my-config') do
  its('instance_type') { should eq 't3.micro'}
end
Ensure a Launch Config is associated with the right IAM Profile
describe aws_launch_configuration('my-config') do
  its('iam_instance_profile') { should eq 'iam-profile' }
end
Ensure the Launch Config does not set a public IP
describe aws_launch_configuration('my-config') do
  its('associate_public_ip_address') { should be false }
end
Ensure the correct UserData is set on launched instances.
describe aws_launch_configuration('my-config') do
  its('user_data') { should include 'user-data' }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_launch_configuration('AnExistingLC') do
  it { should exist }
end

describe aws_launch_configuration('ANonExistentLC') do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the autoscaling:Describe* action with Effect set to Allow. You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Auto Scaling Groups and launch configurations.