aws_ec2_vpc_peering_connections Resource
Use the aws_ec2_vpc_peering_connections
InSpec audit resource to test properties of a plural AWS EC2 Network Interface Attachment.
The AWS::EC2::VPCPeeringConnection resource requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection.
For additional information, including details on parameters and properties, see the AWS documentation on AWS EC2 VPC Peering Connection..
Installation
This resource is available in the Chef InSpec AWS resource pack.
See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.
Syntax
Ensure that VPC Peering Connection ID exists.
describe aws_ec2_vpc_peering_connections do
it { should exist }
end
Parameters
This resource does not require any parameters.
Properties
accepter_vpc_infos
- Information about the accepter VPC. CIDR block information is only returned when describing an active VPC peering connection.
Field:
accepter_vpc_info
expiration_times
- The time that an unaccepted VPC peering connection will expire.
Field:
expiration_time
requester_vpc_infos
- Information about the requester VPC. CIDR block information is only returned when describing an active VPC peering connection.
Field:
requester_vpc_info
statuses
- The status of the VPC peering connection.
Field:
status
tags
- Any tags assigned to the resource.
Field:
tags
vpc_peering_connection_ids
- The ID of the VPC peering connection.
Field:
vpc_peering_connection_id
Examples
Ensure a VPC Peering Connection ID is available.
describe aws_ec2_vpc_peering_connections do
its('vpc_peering_connection_ids') { should include 'VPCPeeringConnectionID' }
end
Ensure that the status is available
.
describe aws_ec2_vpc_peering_connections do
its('statuses') { should_not be_empty }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.
The controls will pass if the describe
method returns at least one result.
exist
Use should
to test that the entity exists.
describe aws_ec2_vpc_peering_connections do
it { should exist }
end
Use should_not
to test the entity does not exist.
describe aws_ec2_vpc_peering_connections do
it { should_not exist }
end
AWS Permissions
Your Principal will need the EC2:Client:DescribeVpcPeeringConnectionsResult
action with Effect
set to Allow
.