aws_elasticache_cluster Resource
Use the aws_elasticache_cluster
InSpec audit resource to test the properties of a single AWS ElastiCache cluster.
Installation
This resource is available in the Chef InSpec AWS resource pack.
See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.
Syntax
An aws_elasticache_cluster
resource block declares the tests for a single AWS ElastiCache cluster by cache_cluster_id
.
describe aws_elasticache_cluster(cache_cluster_id: 'my-cluster-123') do
it { should exist }
end
The value of the cache_cluster_id
can be provided as a string.
describe aws_elasticache_cluster('my-cluster-123') do
its('engine') { should cmp 'redis' }
end
Parameters
The ElastiCache cluster ID must be provided.
cache_cluster_id
(required)The ID of the ElastiCache cluster:
- contains between 1 and 50 alphanumeric characters or hyphens,
- should start with a letter,
- cannot end with a hyphen or contain two consecutive hyphens.
It can be passed either as a string or as a
cache_cluster_id: 'value'
key-value entry in a hash.
Properties
cache_cluster_id
- The user-supplied identifier of the cluster. This identifier is a unique key that identifies a cluster.
engine
- The name of the cache engine, e.g.
redis
. node_ids
- The id list of all cluster nodes.
ports
- A hash of the node ID and port number pairs.
status
- The current state of the cluster, e.g.
creating
,available
. encrypted_at_rest
- Indicates whether the content is encrypted at rest or not.
encrypted_at_transit
- Indicates whether the content is encrypted at transit or not.
There are also additional properties available. For a comprehensive list, see the API reference documentation.
Examples
Test that an ElastiCache cluster is available.
describe aws_elasticache_cluster("my-cluster-123") do
its("status") { should eq 'available' }
end
Test that an Elasticache cluster engine is listening on port 11211
.
describe aws_elasticache_cluster(cache_cluster_id: "my-cluster-123") do
its("port") { should cmp 11211 }
end
Test that an Elasticache cluster’s engine version is 1.5.16
.
describe aws_elasticache_cluster(cache_cluster_id: "my-cluster-123") do
its("engine_version") { should cmp 1.5.16 }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.
exist
describe aws_elasticache_cluster(cache_cluster_id: "my-cluster-123") do
it { should exist }
end
be_encrypted_at_rest
describe aws_elasticache_cluster(cache_cluster_id: "my-cluster-123") do
it { should be_encrypted_at_rest }
end
AWS Permissions
Your Principal will need the ElastiCache:Client:CacheClusterMessage
action with Effect
set to Allow
.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon ElastiCache, and Actions, Resources, and Condition Keys for Identity And Access Management.