aws_internet_gateway Resource
Use the aws_internet_gateway
InSpec audit resource to test the properties of a single AWS internet gateway.
Install
This resource is available in the Chef InSpec AWS resource pack.
For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.
Syntax
An aws_internet_gateway
resource block declares the tests for a single AWS internet gateway by id or name.
describe aws_internet_gateway(id: 'igw-abc0123456789deff') do
it { should exist }
end
describe aws_internet_gateway(name: 'my-igw') do
it { should exist }
end
Parameters
Either the id or the name must be provided.
id
(required ifname
not provided)The value of the
internet_gateway_id
assigned by the AWS after the resource has been created. This should be in the format ofigw-
followed by 8 or 17 hexadecimal characters and passed as anid: 'value'
key-value entry in a hash.name
(required ifid
not provided)If a
Name
tag is applied to the internet gateway, this can be used to lookup the resource. This must be passed as aname: 'value'
key-value entry in a hash. If there are multiple internet gateways with the same name, this resource will raise an error.
Properties
id
- The ID of the internet gateway.
name
- The value of the
Name
tag. It isnil
if not defined. vpc_id
- The ID of the attached VPC. It is
nil
if the resource is in adetached
state. tags
- A hash, with each key-value pair corresponding to an internet gateway tag.
attached?
- Indicates whether the internet gateway is attached to a VPC or not (
true
orfalse
). detached?
- Indicates whether the internet gateway is in a detached state or not (
true
orfalse
). owner_id
- The ID of the AWS account that owns the internet gateway.
There are also additional properties available. For a comprehensive list, see the API reference documentation
Examples
Test that the internet gateway is attached.
describe aws_internet_gateway(name: 'my-igw') do
it { should be_attached }
end
Test that the ID of the attached VPC is vpc-1234567890abcdef1
.
describe aws_internet_gateway(id: 'igw-abc0123456789deff') do
its('vpc_id') { should eq `vpc-1234567890abcdef1` }
end
Test that the internet gateway has a certain tag.
describe aws_internet_gateway(name: 'my-igw') do
its('tags') { should include('environment' => 'dev') }
**Regardless of the value.**
end
Matchers
This InSpec audit resource has the following special matcher. For a full list of available matchers, visit the InSpec matchers page.
exist
describe aws_internet_gateway(name: 'my-igw') do
it { should exist }
end
AWS Permissions
Your Principal will need the EC2:Client:DescribeInternetGatewaysResult
action with Effect
set to Allow
.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EC2, and Actions, Resources, and Condition Keys for Identity And Access Management.