Skip to main content

aws_cloudformation_stack resource

[edit on GitHub]

Use the aws_cloudformation_stack InSpec audit resource to test properties of a single AWS Cloud Formation Stack.


Ensure that an aws_cloudformation_stack exists

describe aws_cloudformation_stack('stack-name') do
  it { should exist }

describe aws_cloudformation_stack(stack_name: 'stack-name') do
  it { should exist }


stack_name (required)

This resource accepts a single parameter, the CloudFormation Stack name which uniquely identifies the stack. This can be passed either as a string or as a stack_name: 'value' key-value entry in a hash.

See also the AWS documentation on Cloud Formation.


stack_idUnique identifier of the stack.
stack_nameThe name associated with the stack.
change_set_idThe unique ID of the change set.
descriptionA user-defined description associated with the stack.
parametersA list of Parameter structures.
creation_timeThe time at which the stack was created.
deletion_timeThe time the stack was deleted.
last_updated_timeThe time the stack was last updated.
rollback_configurationThe rollback triggers for AWS CloudFormation to monitor during stack creation and updating operations, and for the specified monitoring period afterwards.
stack_statusCurrent status of the stack.
stack_status_reasonSuccess/failure message associated with the stack status.
drift_informationInformation on whether a stack’s actual configuration differs, or has drifted, from it’s expected configuration, as defined in the stack template and any values specified as template parameters.
disable_rollbackBoolean to enable or disable rollback on stack creation failures:
notification_arnsSNS topic ARNs to which stack related events are published.
timeout_in_minutesThe amount of time within which stack creation should complete.
capabilitiesThe capabilities allowed in the stack.
outputsA list of output structures.
role_arnThe Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that is associated with the stack.
tagsA list of Tags that specify information about the stack.
enable_termination_protectionWhether termination protection is enabled for the stack.
parent_idFor nested stacks–stacks created as resources for another stack–the stack ID of the direct parent of this stack.
root_idFor nested stacks–stacks created as resources for another stack–the stack ID of the the top-level stack to which the nested stack ultimately belongs.


Test that a CloudFormation Stack has its stack_status configured correctly

describe aws_cloudformation_stack('stack_name') do
its ('stack_status')  { should eq 'CREATE_COMPLETE' }


This InSpec audit resource has no special matchers. For a full list of available matchers, please visit our Universal Matchers page.


The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_cloudformation_stack('AnExistingStack') do
  it { should exist }

describe aws_cloudformation_stack('ANonExistentStack') do
  it { should_not exist }

AWS Permissions

Your Principal will need the cloudformation:DescribeStacks action set to Allow.

You can find detailed documentation at Authentication and Access Control for CloudFormation