aws_cloudwatch_log_group resource
Use the aws_cloudwatch_log_group InSpec audit resource to test properties of a single AWS CloudWatch Log Group.
Syntax
Ensure that an aws_cloudwatch_log_group exists
describe aws_cloudwatch_log_group('my_log_group') do
it { should exist }
end
describe aws_cloudwatch_log_group(log_group_name: 'my_log_group') do
it { should exist }
end
Parameters
log_group_name (required)
This resource accepts a single parameter, the log group name which uniquely identifies the CloudWatch Log Group.
This can be passed either as a string or as a log_group_name: 'value' key-value entry in a hash.
See also the AWS documentation on CloudWatch Logs.
Properties
| Property | Description |
|---|---|
| retention_in_days | The number of days to retain the log events in the specified log group |
| kms_key_id | The Amazon Resource Name (ARN) of the CMK to use when encrypting log data |
| tags | The tags for the log group. |
Test tags on the CloudWatch Log Group
describe aws_cloudwatch_log_group('my_log_group') do
its('tags') { should include(:Environment => 'env-name',
:Name => 'my_log_group')}
end
AWS Permissions
Your Principal will need the logs:DescribeLogGroups and logs:ListTagsLogGroup actions with Effect set to Allow.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon CloudWatch Logs.
Was this page helpful?