Skip to main content

aws_sqs_queue resource

[edit on GitHub]

Use the aws_sqs_queue InSpec audit resource to test properties of a single AWS Simple Queue Service queue.


describe aws_sqs_queue(queue_url: '') do
  it { should exist }


queue_url (required)

This resource accepts a single parameter, the SQS Queue URL. This can be passed either as a string or as a queue_url: 'value' key-value entry in a hash.

See also the AWS documentation on SQS.


Property Description
arn The ARN of the SQS Queue.
is_fifo_queue A boolean value indicating if this queue is a FIFO queue
visibility_timeout An integer indicating the visibility timeout of the message in seconds
maximum_message_size An integer indicating the maximum message size in bytes
message_retention_period An integer indicating the maximum retention period for a message in seconds
delay_seconds An integer indicating the delay in seconds for the queue
receive_message_wait_timeout_seconds An integer indicating the number of seconds an attempt to receive a message will wait before returning
content_based_deduplication A boolean value indicating if content based dedcuplication is enabled or not
redrive_policy A string indicating the redrive policy


Ensure that a queue exists and has a visibility timeout of 300 seconds

describe aws_sqs_queue('') do
  it { should exist }
  its('visibility_timeout') { should be 300 }

Ensure maximum message size is set

describe aws_sqs_queue('') do
    its('maximum_message_size') { should be 262144 } # 256 KB

Test the delay time

describe aws_sqs_queue('') do
    its('delay_seconds') { should be 0 }

Ensure messages are retained for 4 days

describe aws_sqs_queue('') do
    its('message_retention_period') { should be 345600 } # 4 days

Check if queue is fifo

describe aws_sqs_queue('') do
    its('is_fifo_queue') { should be false }


This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.


The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_sqs_queue('') do
  it { should exist }

describe aws_sqs_queue('') do
  it { should_not exist }

AWS Permissions

Your Principal will need the sqs:GetQueueAttributes action with Effect set to Allow. You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon SQS.

Was this page helpful?


Search Results