Skip to main content

aws_mq_broker Resource

Use the aws_mq_broker InSpec audit resource to test the properties of a single specific AWS MQ Broker.

For additional information, including details on parameters and properties, see the AWS documentation on AWS MQ Broker.

Installation

This resource is available in the Chef InSpec AWS resource pack.

See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.

Syntax

Ensure that AWS MQ Broker exists.

describe aws_mq_broker(broker_id: 'BROKER_ID') do
  it { should exist }
end

Parameters

broker_id (required)

broker_id: The ID of the AWS MQ broker.

Properties

authentication_strategy
The authentication strategy used to secure the broker. The default is SIMPLE.

Field: authentication_strategy

auto_minor_version_upgrade
Enables automatic upgrades to new minor versions for brokers, as new versions are released and supported by Amazon MQ.

Field: auto_minor_version_upgrade

broker_arn
The broker’s Amazon Resource Name (ARN).

Field: broker_arn

broker_name
The name of the broker.

Field: broker_name

broker_state
The broker’s status.

Field: broker_state

created
Creation time of the broker’s profile.

Field: created

deployment_mode
The deployment mode of the broker.

Field: deployment_mode

engine_type
The type of broker engine. Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ..

Field: engine_type

engine_version
The version of the broker engine.

Field: engine_version

host_instance_type
The broker’s instance type.

Field: host_instance_type

pending_engine_version
The broker engine version for the upgrade.

Field: pending_engine_version

pending_host_instance_type
The broker’s host instance type for the upgrade.

Field: pending_host_instance_type

publicly_accessible
Enables connections from applications outside of the VPC that hosts the broker’s subnets.

Field: publicly_accessible

storage_type
The broker’s storage type.

Field: storage_type

subnet_ids
The list of groups defines which subnets and IP range the broker can use from different availability zones. If you specify more than one subnet, the subnets must be in different availability zones. Amazon MQ cannot create VPC endpoints for the broker with multiple subnets in the same availability zone. A SINGLE_INSTANCE deployment requires one subnet (for example, the default subnet). An ACTIVE_STANDBY_MULTI_AZ deployment (ACTIVEMQ) requires two subnets. A CLUSTER_MULTI_AZ deployment (RABBITMQ) has no subnet requirements when deployed with public accessibility, deployment without public accessibility requires at least one subnet.

Field: subnet_ids

tags
The list of all tags associated with this broker.

Field: tags

Examples

Ensure a broker ID is available.

describe aws_mq_broker(broker_id: 'BROKER_ID') do
  its('broker_id') { should eq 'BROKER_ID }
end

Ensure a broker name is available.

describe aws_mq_broker(broker_id: 'BROKER_ID') do
    its('broker_name') { should eq 'BROKER_NAME' }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.

The control pass if the describe method returns at least one result.

exist

Use should to test that the entity exists.

describe aws_mq_broker(broker_id: 'BROKER_ID') do
  it { should exist }
end

Use should_not to test the entity does not exist.

describe aws_mq_broker(broker_id: 'DUMMY') do
  it { should_not exist }
end

be_available

Use should to check if the mq broker is available.

describe aws_mq_broker(broker_id: 'BROKER_ID') do
  it { should be_available }
end

AWS Permissions

Your Principal will need the MQ:Client:DescribeBrokerResponse action with Effect set to Allow.

Edit this page on GitHub.

Thank you for your feedback!

×









Search Results