title |
---|
About the aws_sns_subscription Resource |
Use the aws_sns_subscription
InSpec audit resource to test detailed properties of a AWS SNS Subscription.
An aws_sns_subscription
resource block uses resource parameters to search for a SNS Subscription, and then tests that subscriptions properties. If no Subscriptions match, no error is raised, but the exists
matcher will return false
and all properties will be nil
.
describe aws_sns_subscription('arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6') do
it { should exist }
end
This resource accepts a single parameter, the subscription_arn.
This can be passed either as a string or as a subscription_arn: 'value'
key-value entry in a hash.
See also the AWS documentation on SNS.
Property | Description |
---|---|
arn | An integer indicating the minimum number of instances in the auto scaling group |
owner | An integer indicating the maximum number of instances in the auto scaling group |
raw_message_delivery | An integer indicating the desired number of instances in the auto scaling group |
topic_arn | The name of the auto scaling launch configuration associated with the auto scaling group |
protocol | An array of strings corresponding to the subnet IDs associated with the auto scaling group |
confirmation_was_authenticated | An hash with each key-value pair corresponding to a tag associated with the entity |
describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6' ) do
# If protocol is 'sms', this should be a phone number:
its('endpoint') { should cmp '+16105551234' }
# If protocol is 'email' or 'email-json', endpoint should be an email address
its('endpoint') { should cmp '[email protected]' }
# If protocal is 'http', endpoint should be a URL beginning with 'https://'
its('endpoint') { should cmp 'https://www.exampleurl.com' }
# If the protocol is 'lambda', its endpoint should be the ARN of a AWS Lambda function
its('endpoint') { should cmp 'rn:aws:lambda:us-east-1:account-id:function:myfunction' }
end
describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6' ) do
its('owner') { should cmp '12345678' }
end
describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::test-topic-01:b214aff5-a2c7-438f-a753-8494493f2ff6' ) do
its('protocol') { should cmp 'sqs' }
end
The control will pass if the describe returns at least one result.
Use should_not
to test the entity should not exist.
it { should exist }
it { should_not exist }
Provides whether or not the subscription confirmation request was authenticated.
describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::NOGOOD:b214aff5-a2c7-438f-a753-8494493f2ff6')
it { should be_confirmation_authenticated }
end
Provides whether or not the original message is passed as is, not formatted as a json or yaml.
describe aws_sns_subscription(subscription_arn: 'arn:aws:sns:us-east-1::NOGOOD:b214aff5-a2c7-438f-a753-8494493f2ff6')
it { should have_raw_message_delivery }
end
Your Principal will need the sns:GetSubscriptionAttributes
action with Effect set to Allow.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon SNS.