| title | platform |
|---|---|
About the aws_db_parameter_groups Resource |
aws |
Use the aws_db_parameter_groups InSpec audit resource to test properties of a collection of AWS DB parameter groups.
Ensure you have exactly three DB parameter groups:
describe aws_db_parameter_groups do
its('db_parameter_group_names.count') { should cmp 3 }
end
This resource does not expect any parameters.
See the AWS documentation on DB parameter groups for additional information.
| Property | Description |
|---|---|
| db_parameter_group_names | The name of the DB parameter group. |
| db_parameter_group_families | The name of the DB parameter group family that this DB parameter group is compatible with. |
| descriptions | Provides the customer-specified description for this DB parameter group. |
| db_parameter_group_arns | The Amazon Resource Name (ARN) for the DB parameter group. |
For a comprehensive list of properties available, see the API reference documentation
describe aws_db_parameter_groups do
its('db_parameter_group_names') { should include 'parameter-group-name' }
end
For a full list of available matchers, please visit our Universal Matchers page.
The control will pass if the describe method returns at least one result.
describe aws_db_parameter_groups.where( <property>: <value> ) do
it { should exist }
end
Use should_not to test the entity should not exist.
describe aws_db_parameter_groups.where( <property>: <value> ) do
it { should_not exist }
end
Your Principal will need the RDS:Client:DBParameterGroupsMessage action with Effect set to Allow.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon RDS.