Skip to main content

aws_launch_configuration resource

[edit on GitHub]

Use the aws_launch_configuration InSpec audit resource to test properties of a single AWS Launch Configuration.


# Ensure that a launch configuration exists and has the correct key name
describe aws_launch_configuration('my-config') do
  it              { should exist }
  its('key_name') { should be 'my-key-name' }

# You may also use hash syntax to pass the launch configuration name
describe aws_launch_configuration(launch_configuration_name: 'my-config') do
  it              { should exist }


launch_configuration_name (required)

This resource expects a single parameter, the launch_configuration_name which uniquely identifies the of a Launch Configuration.

See also the AWS documentation on Launch Configurations.


Property Description
arn An string indicating the ARN of the launch configuration
image_id An string indicating the AMI of the launch configuration
instance_type A string indicating the instance type of the launch configuration
iam_instance_profile A string indicating the IAM profile for the launch configuration
key_name A string indicating the AWS key pair for the launch configuration
security_groups An array of strings of the security group IDs associated with the launch configuration
associate_public_ip_address A boolean indicating if the launch configuration is configured to set a public IP address
user_data A string containing the user data configured for the launch configuration
ebs_optimized A boolean indicating if the launch configuration is optimized for Amazon EBS
instance_monitoring A string indicating if instance monitoring is set to detailed or basic
spot_price A floating point number indicating the spot price configured


Ensure a Launch Config is using the correct AMI

describe aws_launch_configuration('my-config') do
  its('image_id') { should eq 'ami-012345'}

Test the instance type used in a Launch Config

describe aws_launch_configuration('my-config') do
  its('instance_type') { should eq 't3.micro'}

Ensure a Launch Config is associated with the right IAM Profile

describe aws_launch_configuration('my-config') do
  its('iam_instance_profile') { should eq 'iam-profile' }

Ensure the Launch Config does not set a public IP

describe aws_launch_configuration('my-config') do
  its('associate_public_ip_address') { should be false }

Ensure the correct UserData is set on launched instances

describe aws_launch_configuration('my-config') do
  its('user_data') { should include 'user-data' }


This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.


The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_launch_configuration('AnExistingLC') do
  it { should exist }

describe aws_launch_configuration('ANonExistentLC') do
  it { should_not exist }

AWS Permissions

Your Principal will need the autoscaling:Describe* action with Effect set to Allow. You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Auto Scaling Groups and launch configurations.

Was this page helpful?


Search Results