aws_sqs_queue
Use the aws_sqs_queue
InSpec audit resource to test properties of a single AWS Simple Queue Service queue.
Syntax
describe aws_sqs_queue(queue_url: 'https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
it { should exist }
end
Parameters
queue_url (required)
This resource accepts a single parameter, the SQS Queue URL.
This can be passed either as a string or as a queue_url: 'value'
key-value entry in a hash.
See also the AWS documentation on SQS.
Properties
Property | Description |
---|---|
arn | The ARN of the SQS Queue. |
is_fifo_queue | A boolean value indicate if this queue is a FIFO queue |
visibility_timeout | An integer indicating the visibility timeout of the message in seconds |
maximum_message_size | An integer indicating the maximum message size in bytes |
message_retention_period | An integer indicating the maximum retention period for a message in seconds |
delay_seconds | An integer indicating the delay in seconds for the queue |
receive_message_wait_timeout_seconds | An integer indicating the number of seconds an attempt to recieve a message will wait before returning |
content_based_deduplication | A boolean value indicate if content based dedcuplication is enabled or not |
redrive_policy | A string indicating the redrive policy |
Examples
Ensure that a queue exists and has a visibility timeout of 300 seconds
describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
it { should exist }
its('visibility_timeout') { should be 300 }
end
Ensure maximum message size is set
describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
its('maximum_message_size') { should be 262144 } # 256 KB
end
Test the delay time
describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
its('delay_seconds') { should be 0 }
end
Ensure messages are retained for 4 days
describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
its('message_retention_period') { should be 345600 } # 4 days
end
Check if queue is fifo
describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
its('is_fifo_queue') { should be false }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.
exist
The control will pass if the describe returns at least one result.
Use should_not
to test the entity should not exist.
describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
it { should exist }
end
describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueueWhichDoesntExist') do
it { should_not exist }
end
AWS Permissions
Your Principal will need the sqs:GetQueueAttributes
action with Effect set to Allow.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon SQS.