aws_subnet Resource
Use the aws_subnet
InSpec audit resource to test properties of a vpc subnet.
For additional information, including details on parameters and properties, see the AWS documentation on Subnets.
Install
This resource is available in the Chef InSpec AWS resource pack.
For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.
Syntax
An aws_subnet
resource block uses the parameter to select a VPC and a subnet in the VPC.
describe aws_subnet(subnet_id: 'subnet-1234567') do
it { should exist }
end
Parameters
subnet_id
(required)This resource accepts a single parameter, the Subnet ID. This can be passed either as a string or as a
subnet_id: 'value'
key-value entry in a hash.
Properties
subnet_id
- Provides the ID of the Subnet.
vpc_id
- Provides the ID of the VPC the subnet is in.
availability_zone
- Provides the Availability Zone of the subnet.
cidr_block
- Provides the block of ip addresses specified to the subnet.
available_ip_address_count
- Provides the number of available IPv4 addresses on the subnet.
Examples
Check availability zone of a subnet.
describe aws_subnet(subnet_id: 'subnet-12345678') do
its('availability_zone') { should eq 'us-east-1c' }
end
Check the number of available IP addresses.
describe aws_subnet(subnet_id: 'subnet-12345678') do
its('available_ip_address_count') { should eq 251 }
end
Test the block of ip addresses specified to the subnet.
describe aws_subnet(subnet_id: 'subnet-12345678') do
its('cidr_block') { should eq '10.0.1.0/24' }
end
Ensure the subnet is in the right VPC.
describe aws_subnet(subnet_id: 'subnet-12345678') do
its('vpc_id') { should eq 'vpc-12345678' }
end
Matchers
For a full list of available matchers, see our Universal Matchers page.This resource has the following special matchers.
assigning_ipv_6_address_on_creation
Detects if the network interface on the subnet accepts IPv6 addresses.
describe aws_subnet(subnet_id: 'subnet-12345678') do
it { should be_assigning_ipv_6_address_on_creation }
end
available
Provides the current state of the subnet.
describe aws_subnet(subnet_id: 'subnet-12345678') do
it { should be_available }
end
default_for_az
Detects if the subnet is the default subnet for the Availability Zone.
describe aws_subnet(subnet_id: 'subnet-12345678') do
it { should be_default_for_az }
end
mapping_public_ip_on_launch
Provides the VPC ID for the subnet.
describe aws_subnet(subnet_id: 'subnet-12345678') do
it { should be_mapping_public_ip_on_launch }
end
exist
The exist
matcher indicates that a subnet exists for the specified vpc.
describe aws_subnet(subnet_id: 'subnet-12345678') do
it { should exist }
end
AWS Permissions
Your Principal will need the EC2:Client:DescribeSubnetsResult
action with Effect
set to Allow
.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EC2.