Skip to content

Latest commit

 

History

History
2049 lines (1436 loc) · 43.2 KB

resource_types.md

File metadata and controls

2049 lines (1436 loc) · 43.2 KB

Resource Types

ami | autoscaling_group | cloudtrail | cloudwatch_alarm | cloudwatch_event | directconnect_virtual_interface | ebs | ec2 | ecr_repository | ecs_cluster | ecs_container_instance | ecs_service | ecs_task_definition | elasticache | elasticache_cache_parameter_group | elasticsearch | elb | iam_group | iam_policy | iam_role | iam_user | kms | lambda | launch_configuration | nat_gateway | network_acl | network_interface | rds | rds_db_cluster_parameter_group | rds_db_parameter_group | route53_hosted_zone | route_table | s3_bucket | security_group | ses_identity | subnet | vpc | cloudfront_distribution | elastictranscoder_pipeline | waf_web_acl | customer_gateway | vpn_gateway | vpn_connection

ami

AMI resource type.

exist

describe ami('my-ami') do
  it { should exist }
end

be_pending, be_available, be_invalid, be_deregistered, be_transient, be_failed, be_error

describe ami('my-ami') do
  it { should be_available }
end

its(:image_id), its(:image_location), its(:state), its(:owner_id), its(:creation_date), its(:public), its(:architecture), its(:image_type), its(:kernel_id), its(:ramdisk_id), its(:platform), its(:sriov_net_support), its(:ena_support), its(:state_reason), its(:image_owner_alias), its(:name), its(:description), its(:root_device_type), its(:root_device_name), its(:virtualization_type), its(:hypervisor)

🔓 Advanced use

ami can use Aws::EC2::Image resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Image.html).

autoscaling_group

AutoscalingGroup resource type.

exist

describe autoscaling_group('my-auto-scaling-group') do
  it { should exist }
end

have_ec2

describe autoscaling_group('my-auto-scaling-group') do
  it { should have_ec2('my-ec2') }
end

have_elb

describe autoscaling_group('my-auto-scaling-group') do
  it { should have_elb('my-elb') }
end

have_tag

describe autoscaling_group('my-auto-scaling-group') do
  it { should have_tag('Name').value('my-group') }
end

its(:auto_scaling_group_name), its(:auto_scaling_group_arn), its(:launch_configuration_name), its(:min_size), its(:max_size), its(:desired_capacity), its(:default_cooldown), its(:health_check_type), its(:health_check_grace_period), its(:created_time), its(:placement_group), its(:vpc_zone_identifier), its(:status), its(:new_instances_protected_from_scale_in)

cloudtrail

Cloudtrail resource type.

exist

describe cloudtrail('my-trail') do
  it { should exist }
end

be_logging

describe cloudtrail('my-trail') do
  it { should be_logging }
end

be_multi_region_trail

describe cloudtrail('my-trail') do
  it { should be_multi_region_trail }
end

have_global_service_events_included

describe cloudtrail('my-trail') do
  it { should have_global_service_events_included }
end

have_log_file_validation_enabled

describe cloudtrail('my-trail') do
  it { should have_log_file_validation_enabled }
end

its(:name), its(:s3_bucket_name), its(:s3_key_prefix), its(:sns_topic_name), its(:sns_topic_arn), its(:include_global_service_events), its(:is_multi_region_trail), its(:home_region), its(:trail_arn), its(:log_file_validation_enabled), its(:cloud_watch_logs_log_group_arn), its(:cloud_watch_logs_role_arn), its(:kms_key_id), its(:has_custom_event_selectors)

cloudwatch_alarm

CloudwatchAlarm resource type.

exist

describe cloudwatch_alarm('my-cloudwatch-alarm') do
  it { should exist }
end

have_alarm_action

describe cloudwatch_alarm('my-cloudwatch-alarm') do
  it { should have_alarm_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
end

have_insufficient_data_action

describe cloudwatch_alarm('my-cloudwatch-alarm') do
  it { should have_insufficient_data_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
end

have_ok_action

describe cloudwatch_alarm('my-cloudwatch-alarm') do
  it { should have_ok_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
end

belong_to_metric

describe cloudwatch_alarm('my-cloudwatch-alarm') do
  it { should belong_to_metric('NumberOfProcesses').namespace('my-cloudwatch-namespace') }
end

its(:alarm_name), its(:alarm_arn), its(:alarm_description), its(:alarm_configuration_updated_timestamp), its(:actions_enabled), its(:state_value), its(:state_reason), its(:state_reason_data), its(:state_updated_timestamp), its(:metric_name), its(:namespace), its(:statistic), its(:extended_statistic), its(:period), its(:unit), its(:evaluation_periods), its(:threshold), its(:comparison_operator)

cloudwatch_event

CloudwatchEvent resource type.

exist

be_enable

be_scheduled

its(:name), its(:arn), its(:event_pattern), its(:state), its(:description), its(:schedule_expression), its(:role_arn)

directconnect_virtual_interface

DirectconnectVirtualInterface resource type.

describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
  it { should exist }
  it { should be_available }
  its(:connection_id) { should eq 'dxcon-abcd5fgh' }
  its(:virtual_interface_id) { should eq 'dxvif-aabbccdd' }
  its(:amazon_address) { should eq '170.252.252.1/30' }
  its(:customer_address) { should eq '123.456.789.2/30' }
  its(:virtual_gateway_id) { should eq 'vgw-d234e5f6' }
end

exist

describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
  it { should exist }
end

be_confirming, be_verifying, be_pending, be_available, be_deleting, be_deleted, be_rejected

describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
  it { should exist }
  it { should be_available }
end

its(:owner_account), its(:virtual_interface_id), its(:location), its(:connection_id), its(:virtual_interface_type), its(:virtual_interface_name), its(:vlan), its(:asn), its(:auth_key), its(:amazon_address), its(:customer_address), its(:address_family), its(:virtual_interface_state), its(:customer_router_config), its(:virtual_gateway_id), its(:bgp_peers)

ebs

EBS resource type.

exist

describe ebs('my-volume') do
  it { should exist }
end

be_attached_to

describe ebs('my-volume') do
  it { should be_attached_to('my-ec2') }
end

be_creating, be_available, be_in_use, be_deleting, be_deleted, be_error

describe ebs('my-volume') do
  it { should be_in_use }
end

have_tag

describe ebs('my-volume') do
  it { should have_tag('Name').value('my-volume') }
end

its(:volume_id), its(:size), its(:snapshot_id), its(:availability_zone), its(:state), its(:create_time), its(:volume_type), its(:iops), its(:encrypted), its(:kms_key_id)

🔓 Advanced use

ebs can use Aws::EC2::Volume resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Volume.html).

describe ebs('my-volume') do
  its('attachments.first.instance_id') { should eq 'i-ec12345a' }
end

or

describe ebs('my-volume') do
  its('resource.attachments.first.instance_id') { should eq 'i-ec12345a' }
end

ec2

EC2 resource type.

exist

describe ec2('my-ec2') do
  it { should exist }
end

be_disabled_api_termination

describe ec2('my-ec2') do
  it { should be_disabled_api_termination }
end

be_pending, be_running, be_shutting_down, be_terminated, be_stopping, be_stopped

describe ec2('my-ec2') do
  it { should be_running }
end

have_classiclink

describe ec2('my-ec2-classic') do
  it { should have_classiclink('my-vpc') }
end

have_classiclink_security_group

describe ec2('my-ec2-classic') do
  it { should have_classiclink_security_group('sg-2a3b4cd5') }
  it { should have_classiclink_security_group('my-vpc-security-group-name') }
end

have_ebs

describe ec2('my-ec2') do
  it { should have_ebs('vol-123a123b') }
  it { should have_ebs('my-volume') }
end

have_eip

describe ec2('my-ec2') do
  it { should have_eip('123.0.456.789') }
end

have_event

describe ec2('my-ec2') do
  it { should have_event('system-reboot') }
end

have_events

describe ec2('my-ec2') do
  it { should_not have_events }
end

have_security_group

describe ec2('my-ec2') do
  it { should have_security_group('my-security-group-name') }
  it { should have_security_group('sg-1a2b3cd4') }
end

have_tag

describe ec2('my-ec2') do
  it { should have_tag('Name').value('my-ec2') }
end

belong_to_subnet

describe ec2('my-ec2') do
  it { should belong_to_subnet('subnet-1234a567') }
  it { should belong_to_subnet('my-subnet') }
end

belong_to_vpc

describe ec2('my-ec2') do
  it { should belong_to_vpc('vpc-ab123cde') }
  it { should belong_to_vpc('my-vpc') }
end

its(:instance_id), its(:image_id), its(:private_dns_name), its(:public_dns_name), its(:state_transition_reason), its(:key_name), its(:ami_launch_index), its(:instance_type), its(:launch_time), its(:placement), its(:kernel_id), its(:ramdisk_id), its(:platform), its(:monitoring), its(:subnet_id), its(:vpc_id), its(:private_ip_address), its(:public_ip_address), its(:state_reason), its(:architecture), its(:root_device_type), its(:root_device_name), its(:virtualization_type), its(:instance_lifecycle), its(:spot_instance_request_id), its(:client_token), its(:source_dest_check), its(:hypervisor), its(:iam_instance_profile), its(:ebs_optimized), its(:sriov_net_support), its(:ena_support)

🔓 Advanced use

ec2 can use Aws::EC2::Instance resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Instance.html).

describe ec2('my-ec2') do
  its('vpc.id') { should eq 'vpc-ab123cde' }
end

or

describe ec2('my-ec2') do
  its('resource.vpc.id') { should eq 'vpc-ab123cde' }
end

ecr_repository

EcrRepository resource type.

exist

ecs_cluster

EcsCluster resource type.

exist

be_active

be_inactive

ecs_container_instance

EcsContainerInstance resource type.

exist

be_active

be_inactive

ecs_service

EcsService resource type.

exist

be_active

be_draining

be_inactive

ecs_task_definition

EcsTaskDefinition resource type.

exist

be_active

be_inactive

elasticache

Elasticache resource type.

exist

describe elasticache('my-rep-group-001') do
  it { should exist }
end

be_available, be_creating, be_deleted, be_deleting, be_incompatible_network, be_modifying, be_rebooting_cache_cluster_nodes, be_restore_failed, be_snapshotting

describe elasticache('my-rep-group-001') do
  it { should be_available }
end

have_cache_parameter_group

describe elasticache('my-rep-group-001') do
  it { should have_cache_parameter_group('my-cache-parameter-group') }
end

belong_to_cache_subnet_group

describe elasticache('my-rep-group-001') do
  it { should belong_to_cache_subnet_group('my-cache-subnet-group') }
end

belong_to_replication_group

describe elasticache('my-rep-group-001') do
  it { should belong_to_replication_group('my-rep-group') }
end

belong_to_vpc

describe elasticache('my-rep-group-001') do
  it { should belong_to_vpc('my-vpc') }
end

its(:cache_cluster_id), its(:configuration_endpoint), its(:client_download_landing_page), its(:cache_node_type), its(:engine), its(:engine_version), its(:cache_cluster_status), its(:num_cache_nodes), its(:preferred_availability_zone), its(:cache_cluster_create_time), its(:preferred_maintenance_window), its(:notification_configuration), its(:cache_subnet_group_name), its(:auto_minor_version_upgrade), its(:replication_group_id), its(:snapshot_retention_limit), its(:snapshot_window)

elasticache_cache_parameter_group

ElasticacheCacheParameterGroup resource type.

describe elasticache_cache_parameter_group('my-cache-parameter-group') do
  it { should exist }
  its(:activerehashing) { should eq 'yes' }
  its(:client_output_buffer_limit_pubsub_hard_limit) { should eq '33554432' }
end

exist

describe elasticache_cache_parameter_group('my-cache-parameter-group') do
  it { should exist }
end

elasticsearch

Elasticsearch resource type.

exist

describe elasticsearch('my-elasticsearch') do
  it { should exist }
end

be_created

describe elasticsearch('my-elasticsearch') do
  it { should be_created }
end

be_deleted

describe elasticsearch('my-elasticsearch') do
  it { should be_deleted }
end

have_access_policies

describe elasticsearch('my-elasticsearch') do
 it do
    should have_access_policies <<-policy
{
  "version": "2012-10-17",
  "statement": [
    {
      "effect": "allow",
      "principal": "*",
      "action": [
        "es:*"
      ],
      "resource": "arn:aws:es:ap-northeast-1:1234567890:domain/my-elasticsearch/*"
    }
  ]
}
  policy
  end
end

its(:domain_id), its(:domain_name), its(:arn), its(:created), its(:deleted), its(:endpoint), its(:processing), its(:elasticsearch_version), its(:access_policies), its(:snapshot_options), its(:advanced_options)

elb

ELB resource type.

exist

describe elb('my-elb') do
  it { should exist }
end

have_ec2

describe elb('my-elb') do
  it { should have_ec2('my-ec2') }
end

have_listener

http://docs.aws.amazon.com/en_us/ElasticLoadBalancing/latest/DeveloperGuide/elb-listener-config.html

describe elb('my-elb') do
  it { should have_listener(protocol: 'HTTPS', port: 443, instance_protocol: 'HTTP', instance_port: 80) }
end

have_security_group

describe elb('my-elb') do
  it { should have_security_group('my-lb-security-group-tag-name') }
end

have_subnet

describe elb('my-elb') do
  it { should have_subnet('my-subnet') }
end

belong_to_vpc

describe elb('my-elb') do
  it { should belong_to_vpc('my-vpc') }
end

its(:health_check_target), its(:health_check_interval), its(:health_check_timeout), its(:health_check_unhealthy_threshold), its(:health_check_healthy_threshold), its(:load_balancer_name), its(:dns_name), its(:canonical_hosted_zone_name), its(:canonical_hosted_zone_name_id), its(:vpc_id), its(:created_time), its(:scheme)

iam_group

IamGroup resource type.

exist

describe iam_group('my-iam-group') do
  it { should exist }
end

be_allowed_action

describe iam_group('my-iam-group') do
  it { should be_allowed_action('ec2:DescribeInstances') }
  it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
end

have_iam_policy

describe iam_group('my-iam-group') do
  it { should have_iam_policy('ReadOnlyAccess') }
end

have_iam_user

describe iam_group('my-iam-group') do
  it { should have_iam_user('my-iam-user') }
end

have_inline_policy

its(:path), its(:group_name), its(:group_id), its(:arn), its(:create_date)

🔓 Advanced use

iam_group can use Aws::IAM::Group resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Group.html).

describe iam_group('my-iam-group') do
  its('users.count) { should eq 5 }
end

or

describe iam_group('my-iam-group') do
  its('resource.users.count') { should eq 5 }
end

iam_policy

IamPolicy resource type.

exist

describe iam_policy('my-iam-policy') do
  it { should exist }
end

be_attachable

describe iam_policy('my-iam-policy') do
  it { should be_attachable }
end

be_attached_to_group

describe iam_policy('my-iam-policy') do
  it { should be_attached_to_group('my-iam-group') }
end

be_attached_to_role

describe iam_policy('my-iam-policy') do
  it { should be_attached_to_role('HelloIAmGodRole') }
end

be_attached_to_user

describe iam_policy('my-iam-user') do
  it { should be_attached_to_user('my-iam-user') }
end

its(:policy_name), its(:policy_id), its(:arn), its(:path), its(:default_version_id), its(:attachment_count), its(:is_attachable), its(:description), its(:create_date), its(:update_date)

iam_role

IamRole resource type.

exist

describe iam_role('my-iam-role') do
  it { should exist }
end

be_allowed_action

describe iam_role('my-iam-role') do
  it { should be_allowed_action('ec2:DescribeInstances') }
  it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
end

have_iam_policy

describe iam_role('my-iam-role') do
  it { should have_iam_policy('ReadOnlyAccess') }
end

have_inline_policy

describe iam_role('my-iam-role') do
  it { should have_inline_policy('AllowS3BucketAccess') }
  it do
    should have_inline_policy('AllowS3BucketAccess').policy_document(<<-'DOC')
{
"Statement": [
    {
     "Action": [
        "s3:ListAllMyBuckets"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::*"
    },
    {
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]
    }
  ]
}
DOC
  end
end

its(:path), its(:role_name), its(:role_id), its(:arn), its(:create_date), its(:assume_role_policy_document)

🔓 Advanced use

iam_role can use Aws::IAM::Role resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Role.html).

describe iam_role('my-iam-role') do
  its('attached_policies.count') { should eq 5 }
end

or

describe iam_role('my-iam-role') do
  its('resource.attached_policies.count') { should eq 5 }
end

iam_user

IamUser resource type.

exist

describe iam_user('my-iam-user') do
  it { should exist }
end

be_allowed_action

describe iam_user('my-iam-user') do
  it { should be_allowed_action('ec2:DescribeInstances') }
  it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
end

have_iam_policy

describe iam_user('my-iam-user') do
  it { should have_iam_policy('ReadOnlyAccess') }
end

have_inline_policy

describe iam_user('my-iam-user') do
  it { should have_inline_policy('AllowS3BucketAccess') }
  it do
    should have_inline_policy('AllowS3BucketAccess').policy_document(<<-'DOC')
{
"Statement": [
    {
     "Action": [
        "s3:ListAllMyBuckets"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::*"
    },
    {
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]
    }
  ]
}
DOC
  end
end

belong_to_iam_group

describe iam_user('my-iam-user') do
  it { should belong_to_iam_group('my-iam-group') }
end

its(:path), its(:user_name), its(:user_id), its(:arn), its(:create_date), its(:password_last_used)

🔓 Advanced use

iam_user can use Aws::IAM::User resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/User.html).

describe iam_user('my-iam-user') do
  its('login_profile.password_reset_required') { should eq false }
end

or

describe iam_user('my-iam-user') do
  its('resource.login_profile.password_reset_required') { should eq false }
end

kms

Kms resource type.

exist

describe kms('my-kms-key') do
  it { should exist }
end

be_enabled

describe kms('my-kms-key') do
  it { should be_enabled }
end

have_key_policy

describe kms('my-kms-key') do
  it { should exist }
  it { should be_enabled }
  it do
    should have_key_policy('default').policy_document(<<-'DOC')
{
  "Version" : "2012-10-17",
  "Id" : "key-consolepolicy-2",
  "Statement" : [ {
    "Sid" : "Enable IAM User Permissions",
    "Effect" : "Allow",
    "Principal" : {
      "AWS" : "arn:aws:iam::1234567890:root"
    },
    "Action" : "kms:*",
    "Resource" : "*"
  }, {
    "Sid" : "Allow access for Key Administrators",
    "Effect" : "Allow",
    "Principal" : {
      "AWS" : "arn:aws:iam::1234567890:user/test-user"
    },
    "Action" : [ "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*", "kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion" ],
    "Resource" : "*"
  }, {
    "Sid" : "Allow use of the key",
    "Effect" : "Allow",
    "Principal" : {
      "AWS" : [ "arn:aws:iam::1234567890:user/test-user", "arn:aws:iam::1234567890:role/test-role" ]
    },
    "Action" : [ "kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:DescribeKey" ],
    "Resource" : "*"
  }, {
    "Sid" : "Allow attachment of persistent resources",
    "Effect" : "Allow",
    "Principal" : {
      "AWS" : [ "arn:aws:iam::1234567890:user/test-user", "arn:aws:iam::1234567890:role/test-role" ]
    },
    "Action" : [ "kms:CreateGrant", "kms:ListGrants", "kms:RevokeGrant" ],
    "Resource" : "*",
    "Condition" : {
      "Bool" : {
        "kms:GrantIsForAWSResource" : "true"
      }
    }
  } ]
}
DOC
  end
end

its(:aws_account_id), its(:key_id), its(:arn), its(:creation_date), its(:enabled), its(:description), its(:key_usage), its(:key_state), its(:deletion_date), its(:valid_to), its(:origin), its(:expiration_model)

lambda

Lambda resource type.

exist

describe lambda('my-lambda-function-name') do
  it { should exist }
end

have_event_source

This matcher does not support Amazon S3 event sources. ( See SDK doc )

its(:function_name), its(:function_arn), its(:runtime), its(:role), its(:handler), its(:code_size), its(:description), its(:timeout), its(:memory_size), its(:last_modified), its(:code_sha_256), its(:version), its(:vpc_config), its(:dead_letter_config), its(:environment), its(:kms_key_arn)

launch_configuration

LaunchConfiguration resource type.

exist

describe launch_configuration('my-lc') do
  it { should exist }
end

have_security_group

describe launch_configuration('my-lc') do
  it { should have_security_group('my-security-group-name') }
end

its(:launch_configuration_name), its(:launch_configuration_arn), its(:image_id), its(:key_name), its(:classic_link_vpc_id), its(:user_data), its(:instance_type), its(:kernel_id), its(:ramdisk_id), its(:spot_price), its(:iam_instance_profile), its(:created_time), its(:ebs_optimized), its(:associate_public_ip_address), its(:placement_tenancy)

nat_gateway

NatGateway resource type.

exist

describe nat_gateway('nat-7ff7777f') do
  it { should exist }
end

be_pending, be_failed, be_available, be_deleting, be_deleted

describe nat_gateway('nat-7ff7777f') do
  it { should be_available }
end

have_eip

describe nat_gateway('nat-7ff7777f') do
  it { should have_eip('123.0.456.789') }
end

belong_to_vpc

describe nat_gateway('nat-7ff7777f') do
  it { should belong_to_vpc('my-vpc') }
end

its(:vpc_id), its(:subnet_id), its(:nat_gateway_id), its(:create_time), its(:delete_time), its(:state), its(:failure_code), its(:failure_message), its(:provisioned_bandwidth)

network_acl

NetworkAcl resource type.

exist

describe network_acl('my-network-acl') do
  it { should exist }
end

have_subnet

describe network_acl('my-network-acl') do
  it { should have_subnet('my-subnet') }
end

have_tag

describe network_acl('my-network-acl') do
  it { should have_tag('Name').value('my-network-acl') }
end

belong_to_vpc

describe network_acl('my-network-acl') do
  it { should belong_to_vpc('my-vpc') }
end

its(:inbound), its(:outbound), its(:inbound_entries_count), its(:outbound_entries_count)

describe network_acl('my-network-acl') do
  its(:inbound) { should be_allowed(80).protocol('tcp').source('123.0.456.789/32') }
  its(:inbound) { should be_denied.rule_number('*').source('0.0.0.0/0') }
  its(:outbound) { should be_allowed.protocol('ALL').source('0.0.0.0/0') }
  its(:inbound_entries_count) { should eq 3 }
  its(:outbound_entries_count) { should eq 2 }
end

its(:inbound_entries_count), its(:outbound_entries_count), its(:network_acl_id), its(:vpc_id), its(:is_default)

🔓 Advanced use

network_acl can use Aws::EC2::NetworkAcl resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/NetworkAcl.html).

describe network_acl('my-network-acl') do
  its('vpc.id') { should eq 'vpc-ab123cde' }
end

or

describe network_acl('my-network-acl') do
  its('resource.vpc.id') { should eq 'vpc-ab123cde' }
end

network_interface

NetworkInterface resource type.

exist

describe network_interface('eni-12ab3cde') do
  it { should exist }
end

be_attached_to

describe network_interface('eni-12ab3cde') do
  it { should be_attached_to('my-ec2') }
  it { should be_attached_to('my-ec2').as_eth0 }
end

be_available, be_attaching, be_in_use, be_detaching

describe network_interface('eni-12ab3cde') do
  it { should be_in_use }
end

have_private_ip_address

describe network_interface('eni-12ab3cde') do
  it { should have_private_ip_address('10.0.1.1').primary }
  it { should have_private_ip_address('10.0.1.2') }
  its(:private_ip_addresses_count) { should eq 2 }
end

have_security_group

describe network_interface('eni-12ab3cde') do
  it { should have_security_group('my-security-group-name') }
end

have_tag

describe network_interface('eni-12ab3cde') do
  it { should have_tag('Name').value('my-eni') }
end

belong_to_subnet

describe network_interface('eni-12ab3cde') do
  it { should belong_to_subnet('my-subnet') }
end

belong_to_vpc

describe network_interface('eni-12ab3cde') do
  it { should belong_to_vpc('my-vpc') }
end

its(:network_interface_id), its(:subnet_id), its(:vpc_id), its(:availability_zone), its(:description), its(:owner_id), its(:requester_id), its(:requester_managed), its(:status), its(:mac_address), its(:private_ip_address), its(:private_dns_name), its(:source_dest_check), its(:association), its(:interface_type)

rds

RDS resource type.

exist

describe rds('my-rds') do
  it { should exist }
end

be_available, be_backing_up, be_creating, be_deleting, be_failed, be_inaccessible_encryption_credentials, be_incompatible_credentials, be_incompatible_network, be_incompatible_option_group, be_incompatible_parameters, be_incompatible_restore, be_maintenance, be_modifying, be_rebooting, be_renaming, be_resetting_master_credentials, be_restore_error, be_storage_full, be_upgrading

describe rds('my-rds') do
  it { should be_available }
end

have_db_parameter_group

describe rds('my-rds') do
  it { should have_db_parameter_group('my-db-parameter-group') }
end

have_option_group

describe rds('my-rds') do
  it { should have_option_group('default:mysql-5-6') }
end

have_security_group

describe rds('my-rds') do
  it { should have_security_group('sg-5a6b7cd8') }
  it { should have_security_group('my-db-sg') }
end

belong_to_db_subnet_group

describe rds('my-rds') do
  it { should belong_to_db_subnet_group('my-db-subnet-group') }
end

belong_to_subnet

describe rds('my-rds') do
  it { should belong_to_subnet('subnet-8901b123') }
  it { should belong_to_subnet('db-subnet-a') }
end

belong_to_vpc

describe rds('my-rds') do
  it { should belong_to_vpc('vpc-ab123cde') }
  it { should belong_to_vpc('my-vpc') }
end

its(:vpc_id), its(:db_instance_identifier), its(:db_instance_class), its(:engine), its(:db_instance_status), its(:master_username), its(:db_name), its(:endpoint), its(:allocated_storage), its(:instance_create_time), its(:preferred_backup_window), its(:backup_retention_period), its(:availability_zone), its(:preferred_maintenance_window), its(:pending_modified_values), its(:latest_restorable_time), its(:multi_az), its(:engine_version), its(:auto_minor_version_upgrade), its(:read_replica_source_db_instance_identifier), its(:license_model), its(:iops), its(:character_set_name), its(:secondary_availability_zone), its(:publicly_accessible), its(:storage_type), its(:tde_credential_arn), its(:db_instance_port), its(:db_cluster_identifier), its(:storage_encrypted), its(:kms_key_id), its(:dbi_resource_id), its(:ca_certificate_identifier), its(:copy_tags_to_snapshot), its(:monitoring_interval), its(:enhanced_monitoring_resource_arn), its(:monitoring_role_arn), its(:promotion_tier), its(:db_instance_arn), its(:timezone)

🔓 Advanced use

rds can use Aws::RDS::DBInstance resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/RDS/DBInstance.html).

describe rds('my-rds') do
  its('db_subnet_group.db_subnet_group_name') { should eq 'my-db-subnet-group' }
end

or

describe rds('my-rds') do
  its('resource.db_subnet_group.db_subnet_group_name') { should eq 'my-db-subnet-group' }
end

rds_db_cluster_parameter_group

RdsDbClusterParameterGroup resource type.

describe rds_db_cluster_parameter_group('my-rds-db-cluster-parameter-group') do
  its(:time_zone) { should eq 'US/Central' }
  its(:binlog_format) { should eq 'ROW' }
  its(:character_set_server) { should eq 'utf8mb4' }
end

exist

describe rds_db_cluster_parameter_group('my-rds-db-cluster-parameter-group') do
  it { should exist }
end

rds_db_parameter_group

RdsDbParameterGroup resource type.

describe rds_db_parameter_group('my-rds-db-parameter-group') do
  its(:basedir) { should eq '/rdsdbbin/mysql' }
  its(:innodb_buffer_pool_size) { '{DBInstanceClassMemory*3/4}' }
end

exist

describe rds_db_parameter_group('my-rds-db-parameter-group') do
  it { should exist }
end

route53_hosted_zone

Route53HostedZone resource type.

exist

describe route53_hosted_zone('example.com.') do
  it { should exist }
end

have_record_set

describe route53_hosted_zone('example.com.') do
  its(:resource_record_set_count) { should eq 6 }
  it { should have_record_set('example.com.').a('123.456.7.890') }
  it { should have_record_set('*.example.com.').cname('example.com') }
  it { should have_record_set('example.com.').mx('10 mail.example.com') }
  it { should have_record_set('mail.example.com.').a('123.456.7.890').ttl(3600) }
  ns = 'ns-123.awsdns-45.net.
ns-6789.awsdns-01.org.
ns-2345.awsdns-67.co.uk.
ns-890.awsdns-12.com.'
  it { should have_record_set('example.com.').ns(ns) }
  it { should have_record_set('s3.example.com.').alias('s3-website-us-east-1.amazonaws.com.', 'Z2ABCDEFGHIJKL') }
end

its(:id), its(:name), its(:caller_reference), its(:config), its(:resource_record_set_count)

route_table

RouteTable resource type.

exist

describe route_table('my-route-table') do
  it { should exist }
end

have_route

describe route_table('my-route-table') do
  it { should have_route('10.0.0.0/16').target(gateway: 'local') }
  it { should have_route('0.0.0.0/0').target(gateway: 'igw-1ab2345c') }
  it { should have_route('192.168.1.0/24').target(instance: 'my-ec2') }
  it { should have_route('192.168.2.0/24').target(vpc_peering_connection: 'my-pcx') }
  it { should have_route('192.168.3.0/24').target(nat: 'nat-7ff7777f') }
end

have_subnet

describe route_table('my-route-table') do
  it { should have_subnet('my-subnet') }
end

have_tag

describe route_table('my-route-table') do
  it { should have_tag('Name').value('my-route-table') }
end

its(:route_table_id), its(:vpc_id)

🔓 Advanced use

route_table can use Aws::EC2::RouteTable resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/RouteTable.html).

describe route_table('my-route-table') do
  its('vpc.id') { should eq 'vpc-ab123cde' }
end

or

describe s3_bucket('my-bucket') do
  its('resource.vpc.id') { should eq 'vpc-ab123cde' }
end

s3_bucket

S3Bucket resource type.

exist

describe s3_bucket('my-bucket') do
  it { should exist }
end

have_acl_grant

describe s3_bucket('my-bucket') do
  its(:acl_owner) { should eq 'my-bucket-owner' }
  its(:acl_grants_count) { should eq 3 }
  it { should have_acl_grant(grantee: 'my-bucket-owner', permission: 'FULL_CONTROL') }
  it { should have_acl_grant(grantee: 'http://acs.amazonaws.com/groups/s3/LogDelivery', permission: 'WRITE') }
  it { should have_acl_grant(grantee: '68f4bb06b094152df53893bfba57760e', permission: 'READ') }
end

have_cors_rule

describe s3_bucket('my-bucket') do
  it do
    should have_cors_rule(
      allowed_methods: ['GET'],
      allowed_origins: ['*']
    )
  end
  it do
    should have_cors_rule(
      allowed_headers: ['*'],
      allowed_methods: ['GET'],
      allowed_origins: ['https://example.org', 'https://example.com'],
      expose_headers:  ['X-Custom-Header'],
      max_age_seconds: 3600
    )
  end
end

have_logging_enabled

describe s3_bucket('my-bucket') do
  it { should have_logging_enabled(target_bucket: 'my-log-bucket', target_prefix: 'logs/') }
end

have_mfa_delete_enabled

describe s3_bucket('my-bucket') do
  it { should have_mfa_delete_enabled }
end

have_object

describe s3_bucket('my-bucket') do
  it { should have_object('path/to/object') }
end

have_policy

describe s3_bucket('my-bucket') do
  it do
    should have_policy <<-POLICY
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowPublicRead",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::my-bucket/*"
    }
  ]
}
    POLICY
  end
end

have_versioning_enabled

describe s3_bucket('my-bucket') do
  it { should have_versioning_enabled }
end

its(:acl_grants_count), its(:acl_owner), its(:cors_rules_count), its(:name), its(:creation_date)

🔓 Advanced use

s3_bucket can use Aws::S3::Bucket resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/S3/Bucket.html).

describe s3_bucket('my-bucket') do
  its('acl.owner.display_name') { should eq 'my-bucket-owner' }
end

or

describe s3_bucket('my-bucket') do
  its('resource.acl.owner.display_name') { should eq 'my-bucket-owner' }
end

security_group

SecurityGroup resource type.

exist

describe security_group('my-security-group-name') do
  it { should exist }
end

be_inbound_opened_only

be_opened_only

be_outbound_opened_only

have_tag

describe security_group('my-security-group-name') do
  it { should have_tag('env').value('dev') }
end

its(:inbound), its(:outbound)

describe security_group('my-security-group-name') do
  its(:outbound) { should be_opened }
  its(:inbound) { should be_opened(80) }
  its(:inbound) { should be_opened(80).protocol('tcp').for('203.0.113.1/32') }
  its(:inbound) { should be_opened(22).protocol('tcp').for('sg-5a6b7cd8') }
end

its(:inbound_rule_count), its(:outbound_rule_count), its(:inbound_permissions_count), its(:outbound_permissions_count), its(:owner_id), its(:group_name), its(:group_id), its(:description), its(:vpc_id)

🔓 Advanced use

security_group can use Aws::EC2::SecurityGroup resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/SecurityGroup.html).

describe security_group('my-security-group-name') do
  its('group_name') { should eq 'my-security-group-name' }
end

or

describe security_group('my-security-group-name') do
  its('resource.group_name') { should eq 'my-security-group-name' }
end

ses_identity

SesIdentity resource type.

exist

describe ses_identity('example.com') do
  it { should exist }
end

have_dkim_tokens

have_identity_policy

describe ses_identity('example.com') do
  it { should have_identity_policy('my-identity-policy-name') }
end

its(:dkim_enabled), its(:dkim_verification_status), its(:bounce_topic), its(:complaint_topic), its(:delivery_topic), its(:forwarding_enabled), its(:verification_status), its(:verification_token)

subnet

Subnet resource type.

exist

describe subnet('my-subnet') do
  it { should exist }
end

be_available, be_pending

describe subnet('my-subnet') do
  it { should be_available }
end

have_tag

describe subnet('my-subnet') do
  it { should have_tag('Environment').value('QA') }
end

its(:subnet_id), its(:state), its(:vpc_id), its(:cidr_block), its(:assign_ipv_6_address_on_creation), its(:available_ip_address_count), its(:availability_zone), its(:default_for_az), its(:map_public_ip_on_launch)

🔓 Advanced use

subnet can use Aws::EC2::Subnet resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Subnet.html).

describe subnet('my-subnet') do
  its('vpc.id') { should eq 'vpc-ab123cde' }
end

or

describe subnet('my-subnet') do
  its('resource.vpc.id') { should eq 'vpc-ab123cde' }
end

vpc

VPC resource type.

exist

describe vpc('my-vpc') do
  it { should exist }
end

be_available, be_pending

describe vpc('vpc-ab123cde') do
  it { should be_available }
end

have_network_acl

describe vpc('vpc-ab123cde') do
  it { should have_network_acl('acl-1abc2d3e') }
  it { should have_network_acl('my-network-acl') }
end

have_route_table

describe vpc('vpc-ab123cde') do
  it { should have_route_table('rtb-ab123cde') }
  it { should have_route_table('my-route-table') }
end

have_tag

describe vpc('vpc-ab123cde') do
  it { should have_tag('Stack').value('Networking') }
end

its(:vpc_id), its(:state), its(:cidr_block), its(:dhcp_options_id), its(:instance_tenancy), its(:is_default)

🔓 Advanced use

vpc can use Aws::EC2::Vpc resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Vpc.html).

describe vpc('my-vpc') do
  its('route_tables.first.route_table_id') { should eq 'rtb-a12bcd34' }
end

or

describe vpc('my-vpc') do
  its('resource.route_tables.first.route_table_id') { should eq 'rtb-a12bcd34' }
end

cloudfront_distribution

CloudfrontDistribution resource type.

exist

describe cloudfront_distribution('123456789zyxw.cloudfront.net') do
  it { should exist }
end

be_in_progress, be_deployed

describe cloudfront_distribution('123456789zyxw.cloudfront.net') do
  it { should be_deployed }
end

have_origin

describe cloudfront_distribution('E2CLOUDFRONTXX') do
  it do
    should have_origin('cf-s3-origin-hosting.dev.example.com')
      .domain_name('cf-s3-origin-hosting.dev.example.com.s3.amazonaws.com')
      .origin_path('/img')
      .origin_access_identity('origin-access-identity/cloudfront/E2VVVVVVVVVVVV')
  end
end

have_origin_domain_name

describe cloudfront_distribution('123456789zyxw.cloudfront.net') do
  it { should have_origin_domain_name('cf-s3-origin-hosting.dev.example.com.s3.amazonaws.com') }
end

have_origin_domain_name_and_path

describe cloudfront_distribution('123456789zyxw.cloudfront.net') do
  it { should have_origin_domain_name_and_path('cf-s3-origin-hosting.dev.example.com.s3.amazonaws.com/img') }
end

its(:id), its(:arn), its(:status), its(:last_modified_time), its(:domain_name), its(:comment), its(:price_class), its(:enabled), its(:web_acl_id), its(:http_version), its(:is_ipv6_enabled)

elastictranscoder_pipeline

ElastictranscoderPipeline resource type.

exist

be_active, be_paused

describe elastictranscoder_pipeline('my-elastictranscoder-pipeline') do
  it { should be_active }
end

waf_web_acl

WafWebAcl resource type.

exist

have_rule

describe waf_web_acl('my-waf-web-acl') do
  it { should have_rule('my-waf-web-acl-allowed-ips') }
  it { should have_rule('my-waf-web-acl-allowed-ips').order(2).action('BLOCK') }
end

its(:default_action), its(:web_acl_id), its(:name), its(:metric_name)

customer_gateway

CustomerGateway resource type.

exist

describe customer_gateway('my-customer-gateway') do
  it { should exist }
end

be_pending, be_available, be_deleting, be_deleted

describe customer_gateway('my-customer-gateway') do
  it { should be_running }
end

have_tag

describe customer_gateway('my-customer-gateway') do
  it { should have_tag('Name').value('my-customer-gateway') }
end

its(:customer_gateway_id), its(:state), its(:type), its(:ip_address), its(:bgp_asn)

vpn_gateway

VpnGateway resource type.

exist

describe vpn_gateway('my-vpn-gateway') do
  it { should exist }
end

be_pending, be_available, be_deleting, be_deleted

describe vpn_gateway('my-vpn-gateway') do
  it { should be_running }
end

have_tag

describe vpn_gateway('my-vpn-gateway') do
  it { should have_tag('Name').value('my-vpn-gateway') }
end

its(:vpn_gateway_id), its(:state), its(:type), its(:availability_zone)

vpn_connection

VpnConnection resource type.

exist

describe vpn_connection('my-vpn-connection') do
  it { should exist }
end

be_pending, be_available, be_deleting, be_deleted

describe vpn_connection('my-vpn-connection') do
  it { should be_running }
end

have_tag

describe vpn_connection('my-vpn-connection') do
  it { should have_tag('Name').value('my-vpn-connection') }
end

its(:vpn_connection_id), its(:state), its(:customer_gateway_configuration), its(:type), its(:customer_gateway_id), its(:vpn_gateway_id), its(:options)