aws_ec2_traffic_mirror_sessions Resource
Use the aws_ec2_traffic_mirror_sessions
InSpec audit resource to test properties of all AWS Traffic Mirror sessions.
Install
This resource is available in the Chef InSpec AWS resource pack.
For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.
Syntax
An aws_ec2_traffic_mirror_sessions
resource block declares the tests for all the AWS Traffic Mirror sessions.
describe aws_ec2_traffic_mirror_sessions do
it { should exist }
end
Parameters
This resource does not require any parameters.
Properties
traffic_mirror_session_ids
- The ID for the Traffic Mirror session.
Field:
traffic_mirror_session_id
traffic_mirror_target_ids
- The ID of the Traffic Mirror target.
Field:
traffic_mirror_target_id
traffic_mirror_filter_ids
- The ID of the Traffic Mirror filter.
Field:
traffic_mirror_filter_id
network_interface_ids
- The ID of the Traffic Mirror session’s network interface.
Field:
network_interface_id
owner_ids
- The ID of the account that owns the Traffic Mirror session.
Field:
owner_id
packet_lengths
- The number of bytes in each packet to mirror.
Field:
packet_length
session_numbers
- The session number determines the order in which sessions are evaluated when an interface is used by multiple sessions.
Field:
session_number
virtual_network_ids
- The virtual network ID associated with the Traffic Mirror session.
Field:
virtual_network_id
descriptions
- The description of the Traffic Mirror session.
Field:
description
tags
- The tags assigned to the Traffic Mirror session.
Field:
tags
For additional information, see the API reference documentation.
Examples
Test that an AWS Traffic Mirror session exists.
describe aws_ec2_traffic_mirror_sessions do
it { should exist }
end
Test that Traffic Mirror target includes a value.
describe aws_ec2_traffic_mirror_sessions do
its('traffic_mirror_target_ids') { should include 'TRAFFIC_MIRROR_TARGET_ID' }
end
Test the a Traffic Mirror session has a description.
describe aws_ec2_traffic_mirror_sessions do
its('description') { should include 'DESCRIPTION_TEXT' }
end
Matchers
For a full list of available matchers, see our Universal Matchers page.This resource has the following special matchers.
be_available
Check if the Traffic mirror session is available.
describe aws_ec2_traffic_mirror_sessions do
it { should be_available }
end
Use should_not
to test a Traffic mirror session that should not exist.
describe aws_ec2_traffic_mirror_sessions do
it { should_not be_available }
end
AWS Permissions
Your Principal will need the EC2:Client:DescribeTrafficMirrorSessionsResult
action with Effect
set to Allow
.