aws_rds_db_cluster_snapshots resource
Use the aws_rds_db_cluster_snapshots InSpec audit resource to test the properties of a single specific AWS RDS Cluster snapshot.
For additional information, including details on parameters and properties, see the AWS documentation on AWS RDS Cluster Snapshot..
Syntax
Ensure that the cluster snapshot exists.
describe aws_rds_db_cluster_snapshots do
it { should exist }
end
Parameters
This resource does not require any parameters.
Properties
availability_zones- Provides the list of EC2 Availability Zones instances in the DB cluster snapshot that can be restored.
Field:
availability_zonedb_cluster_snapshot_identifiers- Specifies the identifier for the DB cluster snapshot.
Field:
db_cluster_snapshot_identifierdb_cluster_identifiers- Specifies the identifier of the DB cluster from which the DB cluster snapshot is created.
Field:
db_cluster_identifiersnapshot_create_times- Provides the time when the snapshot is taken, in Universal Coordinated Time (UTC).
Field:
snapshot_create_timeengines- Specifies the name of the database engine.
Field:
engineallocated_storages- Specifies the allocated storage size in Gibibytes (GiB).
Field:
allocated_storagestatuses- Specifies the status of this DB cluster snapshot.
Field:
statusports- Specifies the port where the DB cluster is listening at the time of the snapshot.
Field:
portvpc_ids- Provides the VPC ID associated with the DB cluster snapshot.
Field:
vpc_idcluster_create_times- Specifies the time when the DB cluster is created, in Universal Coordinated Time (UTC).
Field:
cluster_create_timemaster_usernames- Provides the master username for the DB cluster snapshot.
Field:
master_usernameengine_versions- Provides the database engine version for the DB cluster snapshot.
Field:
engine_versionlicense_models- Provides the license model information for the DB cluster snapshot.
Field:
license_modelsnapshot_types- Provides the DB cluster snapshot type.
Field:
snapshot_typepercent_progresses- Specifies the percentage of the estimated data that is transferred.
Field:
percent_progressstorage_encrypted- Specifies whether the DB cluster snapshot is encrypted.
Field:
storage_encryptedkms_key_ids- If
StorageEncryptedis true, the AWS Key Management Service (AWS KMS) identifier for the encrypted DB cluster snapshot is set to protect the data. Field:
kms_key_iddb_cluster_snapshot_arns- The Amazon Resource Name (ARN) for the DB cluster snapshot.
Field:
db_cluster_snapshot_arnsource_db_cluster_snapshot_arns- If the DB cluster snapshot is copied from a source DB cluster snapshot, the Amazon Resource Name (ARN) for the source DB cluster snapshot is associated, otherwise a null value is stored for the source DB cluster snapsot ARN.
Field:
source_db_cluster_snapshot_arniam_database_authentication_enabledTrue, if the mapping of the AWS Identity and Access Management (IAM) corresponds to database accounts are enabled, and otherwiseFalse.Field:
iam_database_authentication_enabledtag_lists- The related tags.
Field:
tag_list
Examples
Ensure a cluster snapshot id is available:
describe aws_rds_db_cluster_snapshots do
its('db_cluster_snapshot_ids') { should include 'CLUSTER_ID' }
end
Ensure that the state is available:
describe aws_rds_db_cluster_snapshots do
its('statuses') { should include 'available' }
end
Matchers
For a full list of available matchers, see our Universal Matchers page.The control passes if the describe method returns at least one result.
exist
Use should to test that the entity exists.
describe aws_rds_db_cluster_snapshots do
it { should exist }
end
Use should_not to test the entity does not exist.
describe aws_rds_db_cluster_snapshots do
it { should_not exist }
end
be_available
Use should to check if the entity is available.
describe aws_rds_db_cluster_snapshots do
it { should be_available }
end
AWS Permissions
Your AWS principal will need the RDS:Client:DBClusterSnapshotMessage action with Effect set to Allow.