aws_ec2_network_interface Resource
Use the aws_ec2_network_interface
InSpec audit resource to test properties of a single network interface in an Amazon EC2 instance for AWS CloudFormation.
The AWS::EC2::NetworkInterface
resource describes a network interface in an Elastic Compute Cloud (EC2) instance for AWS CloudFormation.
For additional information, including details on parameters and properties, see the AWS documentation on AWS EC2 network interface.
Install
This resource is available in the Chef InSpec AWS resource pack.
For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.
Syntax
Ensure that network interface ID exists.
describe aws_ec2_network_interface(network_interface_id: 'NETWORK_INTERFACE_ID') do
it { should exist }
end
Parameters
network_interface_id
(required)The ID of the network interface.
Properties
association (allocation_id)
- The allocation ID.
association (association_id)
- The association ID.
association (ip_owner_id)
- The ID of the Elastic IP address owner.
association (public_dns_name)
- The public DNS name.
association (public_ip)
- The address of the Elastic IP address bound to the network interface.
association (customer_owned_ip)
- The customer-owned IP address associated with the network interface.
association (carrier_ip)
- The carrier IP address associated with the network interface.
attachment (attach_time)
- The timestamp indicating when the attachment initiated.
attachment (attachment_id)
- The ID of the network interface attachment.
attachment (delete_on_termination)
- Indicates whether the network interface is deleted when the instance is terminated.
attachment (device_index)
- The device index of the network interface attachment on the instance.
attachment (network_card_index)
- The index of the network card.
attachment (instance_id)
- The ID of the instance.
attachment (instance_owner_id)
- The Amazon Web Services account ID of the owner of the instance.
attachment (status)
- The attachment state. Valid Values:
attaching
,attached
,detaching
,detached
. availability_zone
- The availability zone.
description
- A description.
groups
- The security group.
interface_type
- The type of network interface.
ipv_6_addresses
- The IPv6 address.
mac_address
- The MAC address.
network_interface_id
- The ID of the network interface.
outpost_arn
- The Amazon Resource Name (ARN) of the Outpost.
owner_id
- The Amazon Web Services account ID of the owner of the network interface.
private_dns_name
- The private DNS name.
private_ip_address
- The IPv4 address of the network interface within the subnet.
ipv_4_prefixes
- The IPv4 Prefix Delegation prefixes that are assigned to the network interface.
ipv_6_prefixes
- The IPv6 Prefix Delegation prefixes that are assigned to the network interface. The IPv6 Prefix Delegation prefix.
requester_id
- The alias or Amazon Web Services account ID of the principal or service that created the network interface.
requester_managed
- Indicates whether the network interface is being managed by Amazon Web Services.
source_dest_check
- Indicates whether source/destination checking is enabled.
status
- The status of the network interface.
subnet_id
- The ID of the subnet.
tag_set
- Any tags assigned to the network interface.
vpc_id
- The ID of the VPC.
Examples
Ensure a network interface ID is available.
describe aws_ec2_network_interface(network_interface_id: 'NETWORK_INTERFACE_ID') do
its('network_interface_id') { should eq 'NETWORK_INTERFACE_ID' }
end
Ensure that the interface type is ‘vpc’.
describe aws_ec2_network_interface(network_interface_id: 'NETWORK_INTERFACE_ID') do
its('interface_type') { should eq 'vpc' }
end
Matchers
For a full list of available matchers, see our Universal Matchers page.The controls will pass if the describe
method returns at least one result.
exist
Use should
to test that the entity exists.
describe aws_ec2_network_interface(network_interface_id: 'NETWORK_INTERFACE_ID') do
it { should exist }
end
Use should_not
to test the entity does not exist.
describe aws_ec2_network_interface(network_interface_id: 'NETWORK_INTERFACE_ID') do
it { should_not exist }
end
be_available
Use should
to check if the entity is available.
describe aws_ec2_network_interface(network_interface_id: 'NETWORK_INTERFACE_ID') do
it { should be_available }
end
AWS Permissions
Your Principal will need the EC2:Client:DescribeNetworkInterfacesResult
action with Effect
set to Allow
.