Skip to content
This repository has been archived by the owner on Jan 8, 2024. It is now read-only.

Latest commit

 

History

History
90 lines (64 loc) · 4.04 KB

aws_sqs_queue.md

File metadata and controls

90 lines (64 loc) · 4.04 KB
title
About the aws_sqs_queue Resource

aws_sqs_queue

Use the aws_sqs_queue InSpec audit resource to test properties of a single AWS Simple Queue Service queue.

Syntax

describe aws_sqs_queue(queue_url: 'https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
  it { should exist }
end

Parameters

queue_url (required)

This resource accepts a single parameter, the SQS Queue URL. This can be passed either as a string or as a queue_url: 'value' key-value entry in a hash.

See also the AWS documentation on SQS.

Properties

Property Description
arn The ARN of the SQS Queue.
is_fifo_queue A boolean value indicate if this queue is a FIFO queue
visibility_timeout An integer indicating the visibility timeout of the message in seconds
maximum_message_size An integer indicating the maximum message size in bytes
message_retention_period An integer indicating the maximum retention period for a message in seconds
delay_seconds An integer indicating the delay in seconds for the queue
receive_message_wait_timeout_seconds An integer indicating the number of seconds an attempt to recieve a message will wait before returning
content_based_deduplication A boolean value indicate if content based deduplication is enabled or not
redrive_policy A string indicating the redrive policy
kms_master_id Provides the ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK.
kms_data_key_reuse_period_seconds Returns the length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again.

Examples

Ensure that a queue exists and has a visibility timeout of 300 seconds
describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
  it { should exist }
  its('visibility_timeout') { should be 300 }
end

Ensure maximum message size is set

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
    its('maximum_message_size') { should be 262144 } # 256 KB      
end
Test the delay time
describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
    its('delay_seconds') { should be 0 }
end
Ensure messages are retained for 4 days
describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
    its('message_retention_period') { should be 345600 } # 4 days
end
Check if queue is fifo
describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
    its('is_fifo_queue') { should be false }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
  it { should exist }
end

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueueWhichDoesntExist') do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the sqs:GetQueueAttributes action with Effect set to Allow. You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon SQS.