Skip to main content

aws_vpc_endpoint_connection_notifications Resource

Use the aws_vpc_endpoint_connection_notifications InSpec audit resource to test the properties of multiple AWS VPC endpoint connection notification.

Installation

This resource is available in the Chef InSpec AWS resource pack.

See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.

Syntax

Ensure that an AWS VPC endpoint connection notification exists.

describe aws_vpc_endpoint_connection_notifications do
  it { should exist }
end

See also the AWS VPC endpoint connection notification documentation.

Parameters

This resource does not require any parameters.

Properties

vpc_endpoint_id
The ID of the endpoint.
connection_notification_id
The ID of the AWS VPC endpoint connection notification.
service_id
The ID of the endpoint service.
connection_notification_type
The type of notification.
connection_notification_arn
The ARN of the SNS topic for the notifications.
connection_events
The endpoint events to receive a notification about. Valid values: Accept, Connect, Delete, and Reject.
connection_notification_state
The state of the AWS VPC endpoint connection notification. Valid values: Enabled, Disabled.

Examples

Verify an AWS VPC endpoint connection notification exists using the VPC endpoint ID.

describe aws_vpc_endpoint_connection_notifications.where( vpc_endpoint_id: vpc-12345678 )
  it { should exist }
end

Ensure a AWS VPC endpoint connection notification exists.

describe aws_vpc_endpoint_connection_notifications.where( connection_notification_id: 'VPCE-NFN-03AD3532A5C71F8AF' ) do
  it { should exist }
end

Confirm that the AWS VPC endpoint connection notification ARN is as expected.

describe aws_vpc_endpoint_connection_notifications do
  its('CONNECTION_NOTIFICATION_ARNS') { should include 'ARN:AWS:SNS:US-EAST-2:112758395563:AWS-SNS-TOPIC-ENCRYPTION-BLOIXLVRSNFYBLZXNBGCBVHJU' }
end

Confirm that the type of AWS VPC endpoint connection notification is as expected.

describe aws_vpc_endpoint_connection_notifications do
  its('CONNECTION_NOTIFICATION_TYPES') { should include 'TOPIC' }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of the available matchers, please visit our Universal Matchers page.

The controls will pass if the describe returns at least one result.

exist

Use should_not to test the entity should not exist.

describe aws_vpc_endpoint_connection_notifications(connection-notification-id: 'VPCE-NFN-12345678987654321') do
  it { should exist }
end

Use should to test the entity should not exists.

describe aws_vpc_endpoint_connection_notifications(connection-notification-id: 'VPCE-NFN-12345678987654321') do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the EC2:Client:DescribeVpcEndpointConnectionNotificationsResult action with Effect set to Allow.

You can find the detailed documentation at Actions, Resources, and Condition Keys for Amazon EC2.

Edit this page on GitHub.

Thank you for your feedback!

×









Search Results