Skip to main content

aws_synthetics_canary Resource

Use the aws_synthetics_canary Chef InSpec audit resource to test properties of a single AWS Synthetics Canary.

For additional information, including details on parameters and properties, see the AWS documentation on the AWS::Synthetics::Canary resource.

Installation

This resource is available in the Chef InSpec AWS resource pack.

See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.

Syntax

Ensure that the canary exists.

describe aws_synthetics_canary(name: 'CANARY_NAME') do
  it { should exist }
end

Parameters

name (required)

The name of the canary.

Properties

id
The unique ID of this canary.
name
The name of the canary.
code.source_location_arn
The ARN of the Lambda layer where Synthetics stores the canary script code.
code.handler
The entry point to use for the source code when running the canary.
execution_role_arn
The ARN of the IAM role used to run the canary.
schedule.expression
A rate expression or a cron expression that defines how often the canary is to run.
schedule.duration_in_seconds
How long, in seconds, for the canary to continue making regular runs after it was created. The runs are performed according to the schedule in the Expression value.
run_config.timeout_in_seconds
How long the canary is allowed to run before it must stop.
run_config.memory_in_mb
The maximum amount of memory available to the canary while it is running, in MB. This value must be a multiple of 64.
run_config.active_tracing
Displays whether this canary run used active X-Ray tracing.
success_retention_period_in_days
The number of days to retain data about successful runs of this canary.
failure_retention_period_in_days
The number of days to retain data about failed runs of this canary.
status.state
The current state of the canary.
status.state_reason
If the canary has insufficient permissions to run, this field provides more details.
status.state_reason_code
If the canary cannot run or has failed, this field displays the reason.
timeline.created
The date and time the canary was created.
timeline.last_modified
The date and time the canary was most recently modified.
timeline.last_started
The date and time that the canary’s most recent run started.
timeline.last_stopped
The date and time that the canary’s most recent run ended.
artifact_s3_location
The location in Amazon S3 where Synthetics stores artifacts from the runs of this canary.
engine_arn
The ARN of the Lambda function that is used as your canary’s engine.
runtime_version
Specifies the runtime version to use for the canary.
vpc_config.vpc_id
The IDs of the VPC where this canary is to run.
vpc_config.subnet_ids
The IDs of the subnets where this canary is to run.
vpc_config.security_group_ids
The IDs of the security groups for this canary.
visual_reference.base_screenshots
An array of screenshots that are used as the baseline for comparisons during visual monitoring.
visual_reference.base_canary_run_id
The ID of the canary run that produced the screenshots that are used as the baseline for visual monitoring comparisons during future runs of this canary.
tags
The list of key-value pairs that are associated with the canary.
artifact_config.s3_encryption.encryption_mode
The encryption method to use for artifacts created by this canary.
artifact_config.s3_encryption.kms_key_arn
The ARN of the customer-managed KMS key to use, if you specify SSE-KMS for EncryptionMode.

Examples

Ensure a canary name is available.

describe aws_synthetics_canary(name: 'CANARY_NAME') do
  its('name') { should eq 'CANARY_NAME' }
end

Ensure a state is READY.

describe aws_synthetics_canary(name: 'CANARY_NAME') do
  its('status.state') { should eq 'READY' }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.

The controls will pass if the get method returns at least one result.

exist

Use should to test that the entity exists.

describe aws_synthetics_canary(name: 'CANARY_NAME') do
  it { should exist }
end

Use should_not to test the entity does not exist.

describe aws_synthetics_canary(name: 'CANARY_NAME') do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the Synthetics:Client:GetCanaryResponse action with Effect set to Allow.

Edit this page on GitHub.

Thank you for your feedback!

×









Search Results