Skip to main content

aws_cloudformation_stack resource

[edit on GitHub]

Use the aws_cloudformation_stack InSpec audit resource to test properties of a single AWS Cloud Formation Stack.


Ensure that an aws_cloudformation_stack exists

describe aws_cloudformation_stack('stack-name') do
  it { should exist }

describe aws_cloudformation_stack(stack_name: 'stack-name') do
  it { should exist }


stack_name (required)

This resource accepts a single parameter, the CloudFormation Stack name which uniquely identifies the stack. This can be passed either as a string or as a stack_name: 'value' key-value entry in a hash.

See also the AWS documentation on Cloud Formation.


Property Description
stack_id Unique identifier of the stack.
stack_name The name associated with the stack.
change_set_id The unique ID of the change set.
description A user-defined description associated with the stack.
parameters A list of Parameter structures.
creation_time The time at which the stack was created.
deletion_time The time the stack was deleted.
last_updated_time The time the stack was last updated.
rollback_configuration The rollback triggers for AWS CloudFormation to monitor during stack creation and updating operations, and for the specified monitoring period afterwards.
stack_status Current status of the stack.
stack_status_reason Success/failure message associated with the stack status.
drift_information Information on whether a stack’s actual configuration differs, or has drifted, from it’s expected configuration, as defined in the stack template and any values specified as template parameters.
disable_rollback Boolean to enable or disable rollback on stack creation failures:
notification_arns SNS topic ARNs to which stack related events are published.
timeout_in_minutes The amount of time within which stack creation should complete.
capabilities The capabilities allowed in the stack.
outputs A list of output structures.
role_arn The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that is associated with the stack.
tags A list of Tags that specify information about the stack.
enable_termination_protection Whether termination protection is enabled for the stack.
parent_id For nested stacks–stacks created as resources for another stack–the stack ID of the direct parent of this stack.
root_id For nested stacks–stacks created as resources for another stack–the stack ID of the the top-level stack to which the nested stack ultimately belongs.


Test that a CloudFormation Stack has its stack_status configured correctly

describe aws_cloudformation_stack('stack_name') do
its ('stack_status')  { should eq 'CREATE_COMPLETE' }


This InSpec audit resource has no special matchers. For a full list of available matchers, please visit our Universal Matchers page.


The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_cloudformation_stack('AnExistingStack') do
  it { should exist }

describe aws_cloudformation_stack('ANonExistentStack') do
  it { should_not exist }

AWS Permissions

Your Principal will need the cloudformation:DescribeStacks action set to Allow.

You can find detailed documentation at Authentication and Access Control for CloudFormation

Was this page helpful?


Search Results