Skip to main content

aws_cloudwatch_log_group Resource

[edit on GitHub]

Use the aws_cloudwatch_log_group InSpec audit resource to test properties of a single AWS CloudWatch Log Group.

For additional information, including details on parameters and properties, see the AWS documentation on CloudWatch Logs.

Installation

This resource is available in the Chef InSpec AWS resource pack.

See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.

Syntax

Ensure that an aws_cloudwatch_log_group exists

describe aws_cloudwatch_log_group('my_log_group') do
  it { should exist }
end
describe aws_cloudwatch_log_group(log_group_name: 'my_log_group') do
  it { should exist }
end

Parameters

log_group_name (required)

This resource accepts a single parameter, the log group name which uniquely identifies the CloudWatch Log Group. This can be passed either as a string or as a log_group_name: 'value' key-value entry in a hash.

Properties

retention_in_days
The number of days to retain the log events in the specified log group.
kms_key_id
The Amazon Resource Name (ARN) of the CMK to use when encrypting log data.
tags
The tags for the log group.

Examples

Test tags on the CloudWatch Log Group.

describe aws_cloudwatch_log_group('my_log_group') do
  its('tags') { should include(:Environment => 'env-name',
                               :Name => 'my_log_group')}
end

AWS Permissions

Your Principal will need the CloudWatchLogs:Client:DescribeLogGroupsResponse and CloudWatchLogs:Client:ListTagsLogGroupResponse actions with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon CloudWatch Logs.

Was this page helpful?

×









Search Results