Skip to main content

aws_sqs_queue resource

[edit on GitHub]

Use the aws_sqs_queue InSpec audit resource to test properties of a single AWS Simple Queue Service queue.

Syntax

describe aws_sqs_queue(queue_url: 'https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
  it { should exist }
end

Parameters

queue_url (required)

This resource accepts a single parameter, the SQS Queue URL. This can be passed either as a string or as a queue_url: 'value' key-value entry in a hash.

See also the AWS documentation on SQS.

Properties

PropertyDescription
arnThe ARN of the SQS Queue.
is_fifo_queueA boolean value indicate if this queue is a FIFO queue
visibility_timeoutAn integer indicating the visibility timeout of the message in seconds
maximum_message_sizeAn integer indicating the maximum message size in bytes
message_retention_periodAn integer indicating the maximum retention period for a message in seconds
delay_secondsAn integer indicating the delay in seconds for the queue
receive_message_wait_timeout_secondsAn integer indicating the number of seconds an attempt to recieve a message will wait before returning
content_based_deduplicationA boolean value indicate if content based dedcuplication is enabled or not
redrive_policyA string indicating the redrive policy

Examples

Ensure that a queue exists and has a visibility timeout of 300 seconds

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
  it { should exist }
  its('visibility_timeout') { should be 300 }
end

Ensure maximum message size is set

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
    its('maximum_message_size') { should be 262144 } # 256 KB
end

Test the delay time

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
    its('delay_seconds') { should be 0 }
end

Ensure messages are retained for 4 days

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
    its('message_retention_period') { should be 345600 } # 4 days
end

Check if queue is fifo

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
    its('is_fifo_queue') { should be false }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueue') do
  it { should exist }
end

describe aws_sqs_queue('https://sqs.ap-southeast-2.amazonaws.com/1212121/MyQueueWhichDoesntExist') do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the sqs:GetQueueAttributes action with Effect set to Allow. You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon SQS.