aws_sqs_queue

Use the aws_sqs_queue Chef InSpec audit resource to test properties of a single AWS Simple Queue Service queue.


Availability

Installation

This resource is distributed along with Chef InSpec itself. You can use it automatically.

Version

This resource first became available in v3.2.5 of InSpec.

Syntax

# Ensure that a queue exists and has a visibility timeout of 300 seconds
describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
  it { should exist }
  its('visibility_timeout') { should be 300 }
end

# You may also use hash syntax to pass the URL
describe aws_sqs_queue(url: 'https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
  it { should exist }
end

Resource Parameters

URL

This resource expects a single parameter, the SQS queue URL that uniquely identifies the SQS queue.

See also the AWS documentation on SQS Queue identifiers.


Properties

visibility_timeout

An integer indicating the visibility timeout of the message in seconds

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
  its('visibility_timeout') { should be 300}
end

maximum_message_size

An integer indicating the maximum message size in bytes

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
    its('maximum_message_size') { should be 262144 } # 256 KB      
end

delay_seconds

An integer indicating the delay in seconds for the queue

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
    its('delay_seconds') { should be 0 }
end

message_retention_period

An integer indicating the maximum retention period for a message in seconds

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
    its('message_retention_period') { should be 345600 } # 4 days
end

receive_message_wait_timeout_seconds

An integer indicating the number of seconds an attempt to recieve a message will wait before returning

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
    its('receive_message_wait_timeout_seconds') { should be 2 }  
end

is_fifo_queue

A boolean value indicate if this queue is a FIFO queue

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
    its('is_fifo_queue') { should be false }
end

content_based_deduplication

A boolean value indicate if content based dedcuplication is enabled or not

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue.fifo') do
    its('is_fifo_queue') { should be true }
    its('content_based_deduplication') { should be true }
end


Matchers

This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.

exist

Indicates that the URL provided was found. Use should_not to test for SQS topics that should not exist.

# Expect good news
describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
  it { should exist }
end

# No bad news allowed
describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueueWhichDoesntExist') do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the sqs:GetQueueAttributes action with Effect set to Allow. You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon SQS.