Skip to main content

aws_launch_configuration resource

[edit on GitHub]

Use the aws_launch_configuration InSpec audit resource to test properties of a single AWS Launch Configuration.


# Ensure that a launch configuration exists and has the correct key name
describe aws_launch_configuration('my-config') do
  it              { should exist }
  its('key_name') { should be 'my-key-name' }

# You may also use hash syntax to pass the launch configuration name
describe aws_launch_configuration(launch_configuration_name: 'my-config') do
  it              { should exist }


launch_configuration_name (required)

This resource expects a single parameter, the launch_configuration_name which uniquely identifies the of a Launch Configuration.

See also the AWS documentation on Launch Configurations.


arnAn string indicating the ARN of the launch configuration
image_idAn string indicating the AMI of the launch configuration
instance_typeA string indicating the instance type of the launch configuration
iam_instance_profileA string indicating the IAM profile for the launch configuration
key_nameA string indicating the AWS key pair for the launch configuration
security_groupsAn array of strings of the security group IDs associated with the launch configuration
associate_public_ip_addressA boolean indicating if the launch configuration is configured to set a public IP address
user_dataA string containing the user data configured for the launch configuration
ebs_optimizedA boolean indicating if the launch configuration is optimized for Amazon EBS
instance_monitoringA string indicating if instance monitoring is set to detailed or basic
spot_priceA floating point number indicating the spot price configured


Ensure a Launch Config is using the correct AMI

describe aws_launch_configuration('my-config') do
  its('image_id') { should eq 'ami-012345'}

Test the instance type used in a Launch Config

describe aws_launch_configuration('my-config') do
  its('instance_type') { should eq 't3.micro'}

Ensure a Launch Config is associated with the right IAM Profile

describe aws_launch_configuration('my-config') do
  its('iam_instance_profile') { should eq 'iam-profile' }

Ensure the Launch Config does not set a public IP

describe aws_launch_configuration('my-config') do
  its('associate_public_ip_address') { should be false }

Ensure the correct UserData is set on launched instances

describe aws_launch_configuration('my-config') do
  its('user_data') { should include 'user-data' }


This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.


The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_launch_configuration('AnExistingLC') do
  it { should exist }

describe aws_launch_configuration('ANonExistentLC') do
  it { should_not exist }

AWS Permissions

Your Principal will need the autoscaling:Describe* action with Effect set to Allow. You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Auto Scaling Groups and launch configurations.