Skip to main content


[edit on GitHub]

Use the aws_sqs_queues InSpec audit resource to test properties of some or all AWS Simple Queue Service queues.


describe aws_sqs_queues() do
  it { should exist }


This resource does not expect any parameters.

See also the AWS documentation on SQS.


arnsThe ARNs of the SQS Queues.
is_fifo_queuesA boolean value indicate if queues are a FIFO queues
visibility_timeoutsAn integer indicating the visibility timeout of the message in seconds
maximum_message_sizesAn integer indicating the maximum message size in bytes
message_retention_periodsAn integer indicating the maximum retention period for a message in seconds
delay_secondsAn integer indicating the delay in seconds for the queues
receive_message_wait_timeout_secondsAn integer indicating the number of seconds an attempt to recieve a message will wait before returning
content_based_deduplicationsA boolean value indicate if content based dedcuplication is enabled or not


Ensure that a queue exists and has a visibility timeout of 300 seconds

describe aws_sqs_queues.where(queue_url: '') do
  it { should exist }
  its('visibility_timeout') { should be 300 }


This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.


The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_sqs_queues() do
  it { should exist }

describe aws_sqs_queues() do
  it { should_not exist }

AWS Permissions

Your Principal will need the sqs:GetQueueAttributes action with Effect set to Allow. You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon SQS.

Was this page helpful?


Search Results