Resource Types
acm | alb | alb_listener | alb_target_group | ami | apigateway | autoscaling_group | batch_compute_environment | batch_job_definition | batch_job_queue | cloudformation_stack | cloudfront_distribution | cloudtrail | cloudwatch_alarm | cloudwatch_event | cloudwatch_logs | codebuild | codedeploy | codedeploy_deployment_group | cognito_identity_pool | cognito_user_pool | customer_gateway | directconnect_virtual_interface | dynamodb_table | ebs | ec2 | ecr_repository | ecs_cluster | ecs_container_instance | ecs_service | ecs_task_definition | efs | eip | eks | eks_nodegroup | elasticache | elasticache_cache_parameter_group | elasticsearch | elastictranscoder_pipeline | elb | emr | firehose | iam_group | iam_policy | iam_role | iam_user | internet_gateway | kinesis | kms | lambda | launch_configuration | launch_template | mq | msk | nat_gateway | network_acl | network_interface | nlb | nlb_listener | nlb_target_group | rds | rds_db_cluster | rds_db_cluster_parameter_group | rds_db_parameter_group | rds_db_subnet_group | rds_global_cluster | rds_proxy | redshift | redshift_cluster_parameter_group | route53_hosted_zone | route_table | s3_bucket | secretsmanager | security_group | ses_identity | sns_topic | sqs | ssm_parameter | subnet | transfer_server | transit_gateway | vpc | vpc_endpoints | vpn_connection | vpn_gateway | waf_web_acl | wafregional_web_acl | account
acm
Acm resource type.
exist
describe acm('example.com') do
it { should exist }
endbe_pending_validation, be_issued, be_inactive, be_expired, be_validation_timed_out, be_revoked, be_failed
have_domain_name
have_domain_validation_option
describe acm('example.com') do
it { should have_domain_validation_option(domain_name: 'example.com', validation_method: 'DNS', validation_status: 'SUCCESS') }
it { should have_domain_validation_option(domain_name: 'mail.example.com', validation_method: 'EMAIL') }
endits(:certificate_arn), its(:domain_name), its(:subject_alternative_names), its(:serial), its(:subject), its(:issuer), its(:created_at), its(:issued_at), its(:imported_at), its(:status), its(:revoked_at), its(:revocation_reason), its(:not_before), its(:not_after), its(:key_algorithm), its(:signature_algorithm), its(:in_use_by), its(:failure_reason), its(:type), its(:renewal_summary), its(:key_usages), its(:extended_key_usages), its(:certificate_authority_arn), its(:renewal_eligibility), its(:options)
alb
ALB resource type.
exist
describe alb('my-alb') do
it { should exist }
endbe_active, be_provisioning, be_failed
describe alb('my-alb') do
it { should be_active }
endhave_security_group
describe alb('my-alb') do
it { should have_security_group('sg-1a2b3cd4') }
endhave_subnet
describe alb('my-alb') do
it { should have_subnet('subnet-1234a567') }
endhave_tag
describe alb('my-alb') do
it { should have_tag('environment').value('dev') }
endbelong_to_vpc
describe alb('my-alb') do
it { should belong_to_vpc('my-vpc') }
endits(:load_balancer_arn), its(:dns_name), its(:canonical_hosted_zone_id), its(:created_time), its(:load_balancer_name), its(:scheme), its(:vpc_id), its(:type), its(:security_groups), its(:ip_address_type), its(:customer_owned_ipv_4_pool)
alb_listener
AlbListener resource type.
exist
describe alb_listener('arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:listener/app/my-alb/1aa1bb1cc1ddee11/f2f7dc8efc522ab2') do
it { should exist }
its(:port) { should eq 80 }
its(:protocol) { should eq 'HTTP' }
endhave_rule
describe alb_listener('arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:listener/app/my-alb/1aa1bb1cc1ddee11/f2f7dc8efc522ab2') do
it { should have_rule('arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:listener-rule/app/my-alb/1aa1bb1cc1ddee11/f2f7dc8efc522ab2/9683b2d02a6cabee') }
it do
should have_rule.priority('10')
.conditions(field: 'path-pattern', values: ['/img/*'])
.actions(target_group_arn: 'arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:123456789012:targetgroup/73e2d6bc24d8a067/73e2d6bc24d8a067', type: 'forward')
end
it do
should have_rule.priority('10')
.if(field: 'path-pattern', values: ['/img/*'])
.then(target_group_arn: 'arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:123456789012:targetgroup/73e2d6bc24d8a067/73e2d6bc24d8a067', type: 'forward')
end
it { should have_rule.conditions([{ field: 'path-pattern', values: ['/admin/*'] }, { field: 'host-header', values: ['admin.example.com'] }]) }
it { should have_rule.actions(target_group_name: 'my-alb-target-group', type: 'forward') }
endits(:listener_arn), its(:load_balancer_arn), its(:port), its(:protocol), its(:certificates), its(:ssl_policy), its(:alpn_policy)
alb_target_group
AlbTargetGroup resource type.
exist
describe alb_target_group('my-alb-target-group') do
it { should exist }
its(:health_check_path) { should eq '/' }
its(:health_check_port) { should eq 'traffic-port' }
its(:health_check_protocol) { should eq 'HTTP' }
endhave_ec2
describe alb_target_group('my-alb-target-group') do
it { should have_ec2('my-ec2') }
endbelong_to_alb
describe alb_target_group('my-alb-target-group') do
it { should belong_to_alb('my-alb') }
endbelong_to_vpc
describe alb_target_group('my-alb-target-group') do
it { should belong_to_vpc('my-vpc') }
endits(:target_group_arn), its(:target_group_name), its(:protocol), its(:port), its(:vpc_id), its(:health_check_protocol), its(:health_check_port), its(:health_check_enabled), its(:health_check_interval_seconds), its(:health_check_timeout_seconds), its(:healthy_threshold_count), its(:unhealthy_threshold_count), its(:health_check_path), its(:load_balancer_arns), its(:target_type), its(:protocol_version), its(:ip_address_type)
ami
AMI resource type.
exist
describe ami('my-ami') do
it { should exist }
endbe_pending, be_available, be_invalid, be_deregistered, be_transient, be_failed, be_error
describe ami('my-ami') do
it { should be_available }
endhave_tag
its(:architecture), its(:creation_date), its(:image_id), its(:image_location), its(:image_type), its(:public), its(:kernel_id), its(:owner_id), its(:platform), its(:platform_details), its(:usage_operation), its(:ramdisk_id), its(:state), its(:description), its(:ena_support), its(:hypervisor), its(:image_owner_alias), its(:name), its(:root_device_name), its(:root_device_type), its(:sriov_net_support), its(:state_reason), its(:virtualization_type), its(:boot_mode), its(:tpm_support), its(:deprecation_time), its(:imds_support)
🔓 Advanced use
ami can use Aws::EC2::Image resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Image.html).
apigateway
Apigateway resource type.
exist
describe apigateway('my-apigateway') do
it { should exist }
endhave_integration_method
have_integration_path
have_method
have_path
its(:id), its(:name), its(:description), its(:created_date), its(:version), its(:warnings), its(:binary_media_types), its(:minimum_compression_size), its(:api_key_source), its(:policy), its(:tags), its(:disable_execute_api_endpoint)
autoscaling_group
AutoscalingGroup resource type.
exist
describe autoscaling_group('my-auto-scaling-group') do
it { should exist }
endhave_alb_target_group
describe autoscaling_group('my-auto-scaling-group') do
it { should have_alb_target_group('my-alb-target-group') }
endhave_ec2
describe autoscaling_group('my-auto-scaling-group') do
it { should have_ec2('my-ec2') }
endhave_elb
describe autoscaling_group('my-auto-scaling-group') do
it { should have_elb('my-elb') }
endhave_launch_configuration
describe autoscaling_group('my-auto-scaling-group') do
it { should have_launch_configuration('my-lc') }
endhave_nlb_target_group
have_suspended_process
have_tag
describe autoscaling_group('my-auto-scaling-group') do
it { should have_tag('Name').value('my-group') }
endits(:auto_scaling_group_name), its(:auto_scaling_group_arn), its(:launch_configuration_name), its(:launch_template), its(:mixed_instances_policy), its(:min_size), its(:max_size), its(:desired_capacity), its(:predicted_capacity), its(:default_cooldown), its(:availability_zones), its(:load_balancer_names), its(:target_group_arns), its(:health_check_type), its(:health_check_grace_period), its(:created_time), its(:placement_group), its(:vpc_zone_identifier), its(:enabled_metrics), its(:status), its(:termination_policies), its(:new_instances_protected_from_scale_in), its(:service_linked_role_arn), its(:max_instance_lifetime), its(:capacity_rebalance), its(:warm_pool_configuration), its(:warm_pool_size), its(:context), its(:desired_capacity_type), its(:default_instance_warmup), its(:traffic_sources)
batch_compute_environment
BatchComputeEnvironment resource type.
exist
describe batch_compute_environment('my-batch-compute-environment') do
it { should exist }
endbe_disabled
be_enabled
be_enabled, be_disabled
describe batch_compute_environment('my-batch-compute-environment') do
it { should be_enabled }
endbe_managed
be_managed, be_unmanaged
describe batch_compute_environment('my-batch-compute-environment') do
it { should be_managed }
endbe_unmanaged
its(:compute_environment_name), its(:compute_environment_arn), its(:unmanagedv_cpus), its(:ecs_cluster_arn), its(:tags), its(:type), its(:state), its(:status), its(:status_reason), its(:service_role), its(:update_policy), its(:eks_configuration), its(:container_orchestration_type), its(:uuid)
batch_job_definition
BatchJobDefinition resource type.
exist
describe batch_job_definition('my-batch-job-definition') do
it { should exist }
endits(:job_definition_name), its(:job_definition_arn), its(:revision), its(:status), its(:type), its(:scheduling_priority), its(:parameters), its(:retry_strategy), its(:timeout), its(:node_properties), its(:tags), its(:propagate_tags), its(:platform_capabilities), its(:eks_properties), its(:container_orchestration_type)
batch_job_queue
BatchJobQueue resource type.
exist
describe batch_job_queue('my-batch-job-queue') do
it { should exist }
endbe_disabled
be_enabled
have_compute_environment_order
describe batch_job_queue('my-batch-job-queue') do
it { should have_compute_environment_order('arn:aws:batch:us-east-1:012345678910:compute-environment/C4OnDemand', 1) }
endits(:job_queue_name), its(:job_queue_arn), its(:state), its(:scheduling_policy_arn), its(:status), its(:status_reason), its(:priority), its(:tags)
cloudformation_stack
CloudformationStack resource type.
exist
describe cloudformation_stack('my-cloudformation-stack') do
it { should exist }
its(:stack_status) { should eq 'UPDATE_COMPLETE' }
endhave_tag
describe cloudformation_stack('my-cloudformation-stack') do
it { should have_tag('env').value('dev') }
endits(:stack_id), its(:stack_name), its(:change_set_id), its(:description), its(:parameters), its(:creation_time), its(:deletion_time), its(:last_updated_time), its(:rollback_configuration), its(:stack_status), its(:stack_status_reason), its(:disable_rollback), its(:notification_arns), its(:timeout_in_minutes), its(:capabilities), its(:role_arn), its(:enable_termination_protection), its(:parent_id), its(:root_id), its(:drift_information)
cloudfront_distribution
CloudfrontDistribution resource type.
exist
describe cloudfront_distribution('123456789zyxw.cloudfront.net') do
it { should exist }
endbe_in_progress, be_deployed
describe cloudfront_distribution('123456789zyxw.cloudfront.net') do
it { should be_deployed }
endhave_custom_response_error_code
describe cloudfront_distribution('123456789zyxw.cloudfront.net') do
it do
should have_custom_response_error_code(400)
.error_caching_min_ttl(60)
.response_page_path('/path/to/400.html')
.response_code(400)
end
it do
should have_custom_response_error_code(403)
.error_caching_min_ttl(60)
.response_page_path('/path/to/403.html')
.response_code('403')
end
it do
should have_custom_response_error_code(500)
.error_caching_min_ttl(60)
end
endhave_origin
describe cloudfront_distribution('E2CLOUDFRONTXX') do
it do
should have_origin('cf-s3-origin-hosting.dev.example.com')
.domain_name('cf-s3-origin-hosting.dev.example.com.s3.amazonaws.com')
.origin_path('/img')
.origin_access_identity('origin-access-identity/cloudfront/E2VVVVVVVVVVVV')
end
endhave_origin_domain_name
describe cloudfront_distribution('123456789zyxw.cloudfront.net') do
it { should have_origin_domain_name('cf-s3-origin-hosting.dev.example.com.s3.amazonaws.com') }
endhave_origin_domain_name_and_path
describe cloudfront_distribution('123456789zyxw.cloudfront.net') do
it { should have_origin_domain_name_and_path('cf-s3-origin-hosting.dev.example.com.s3.amazonaws.com/img') }
endits(:id), its(:arn), its(:status), its(:last_modified_time), its(:domain_name), its(:origin_groups), its(:comment), its(:price_class), its(:enabled), its(:web_acl_id), its(:http_version), its(:is_ipv6_enabled), its(:alias_icp_recordals), its(:staging)
cloudtrail
Cloudtrail resource type.
exist
describe cloudtrail('my-trail') do
it { should exist }
endbe_logging
describe cloudtrail('my-trail') do
it { should be_logging }
endbe_multi_region_trail
describe cloudtrail('my-trail') do
it { should be_multi_region_trail }
endhave_global_service_events_included
describe cloudtrail('my-trail') do
it { should have_global_service_events_included }
endhave_log_file_validation_enabled
describe cloudtrail('my-trail') do
it { should have_log_file_validation_enabled }
endhave_tag
describe cloudtrail('my-trail') do
it { should have_tag('Name').value('my-trail') }
endits(:name), its(:s3_bucket_name), its(:s3_key_prefix), its(:sns_topic_name), its(:sns_topic_arn), its(:include_global_service_events), its(:is_multi_region_trail), its(:home_region), its(:trail_arn), its(:log_file_validation_enabled), its(:cloud_watch_logs_log_group_arn), its(:cloud_watch_logs_role_arn), its(:kms_key_id), its(:has_custom_event_selectors), its(:has_insight_selectors), its(:is_organization_trail)
cloudwatch_alarm
CloudwatchAlarm resource type.
exist
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should exist }
endhave_alarm_action
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should have_alarm_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
endhave_insufficient_data_action
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should have_insufficient_data_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
endhave_ok_action
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should have_ok_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
endbelong_to_metric
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should belong_to_metric('NumberOfProcesses').namespace('my-cloudwatch-namespace') }
endits(:alarm_name), its(:alarm_arn), its(:alarm_description), its(:alarm_configuration_updated_timestamp), its(:actions_enabled), its(:ok_actions), its(:alarm_actions), its(:insufficient_data_actions), its(:state_value), its(:state_reason), its(:state_reason_data), its(:state_updated_timestamp), its(:metric_name), its(:namespace), its(:statistic), its(:extended_statistic), its(:period), its(:unit), its(:evaluation_periods), its(:datapoints_to_alarm), its(:threshold), its(:comparison_operator), its(:treat_missing_data), its(:evaluate_low_sample_count_percentile), its(:metrics), its(:threshold_metric_id), its(:evaluation_state), its(:state_transitioned_timestamp)
cloudwatch_event
CloudwatchEvent resource type.
exist
be_enable
be_scheduled
its(:name), its(:arn), its(:event_pattern), its(:state), its(:description), its(:schedule_expression), its(:role_arn), its(:managed_by), its(:event_bus_name)
cloudwatch_logs
CloudwatchLogs resource type.
exist
describe cloudwatch_logs('my-cloudwatch-logs-group') do
it { should exist }
endhave_log_stream
describe cloudwatch_logs('my-cloudwatch-logs-group') do
it { should have_log_stream('my-cloudwatch-logs-stream') }
endhave_metric_filter
describe cloudwatch_logs('my-cloudwatch-logs-group') do
it { should have_metric_filter('my-cloudwatch-logs-metric-filter') }
endor
describe cloudwatch_logs('my-cloudwatch-logs-group') do
it do
should have_metric_filter('my-cloudwatch-logs-metric-filter')
.filter_pattern('[date, error]')
end
endhave_subscription_filter
describe cloudwatch_logs('my-cloudwatch-logs-group') do
it { should have_subscription_filter('my-cloudwatch-logs-subscription-filter') }
endor
describe cloudwatch_logs('my-cloudwatch-logs-group') do
it do
should have_subscription_filter('my-cloudwatch-logs-subscription-filter')\
.filter_pattern('[host, ident, authuser, date, request, status, bytes]')
end
endhave_tag
describe cloudwatch_logs('my-cloudwatch-logs-group') do
it { should have_tag('Name').value('my-cloudwatch-logs-group') }
endits(:log_group_name), its(:creation_time), its(:retention_in_days), its(:metric_filter_count), its(:arn), its(:stored_bytes), its(:kms_key_id), its(:data_protection_status)
codebuild
Codebuild resource type.
exist
codedeploy
Codedeploy resource type.
exist
its(:application_id), its(:application_name), its(:create_time), its(:linked_to_git_hub), its(:git_hub_account_name), its(:compute_platform)
codedeploy_deployment_group
CodedeployDeploymentGroup resource type.
exist
You can set the application_name (default: default).
describe codedeploy_deployment_group('my-codedeploy-deployment-group'), application_name: 'my-codedeploy-application' do
it { should exist }
endhave_autoscaling_group
describe codedeploy_deployment_group('my-codedeploy-deployment-group'), application_name: 'my-codedeploy-application' do
it { should have_autoscaling_group('my-autoscaling-group') }
endits(:application_name), its(:deployment_group_id), its(:deployment_group_name), its(:deployment_config_name), its(:on_premises_instance_tag_filters), its(:service_role_arn), its(:target_revision), its(:trigger_configurations), its(:alarm_configuration), its(:deployment_style), its(:outdated_instances_strategy), its(:load_balancer_info), its(:last_successful_deployment), its(:last_attempted_deployment), its(:ec2_tag_set), its(:on_premises_tag_set), its(:compute_platform), its(:ecs_services)
cognito_identity_pool
CognitoIdentityPool resource type.
exist
describe cognito_identity_pool('my-cognito-identity-pool') do
it { should exist }
endits(:identity_pool_id), its(:identity_pool_name)
cognito_user_pool
CognitoUserPool resource type.
exist
describe cognito_user_pool('my-cognito-user-pool') do
it { should exist }
endits(:id), its(:name), its(:status), its(:last_modified_date), its(:creation_date)
customer_gateway
CustomerGateway resource type.
exist
describe customer_gateway('my-customer-gateway') do
it { should exist }
endbe_pending, be_available, be_deleting, be_deleted
describe customer_gateway('my-customer-gateway') do
it { should be_running }
endhave_tag
describe customer_gateway('my-customer-gateway') do
it { should have_tag('Name').value('my-customer-gateway') }
endits(:bgp_asn), its(:customer_gateway_id), its(:ip_address), its(:certificate_arn), its(:state), its(:type), its(:device_name), its(:tags)
directconnect_virtual_interface
DirectconnectVirtualInterface resource type.
describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
it { should exist }
it { should be_available }
its(:connection_id) { should eq 'dxcon-abcd5fgh' }
its(:virtual_interface_id) { should eq 'dxvif-aabbccdd' }
its(:amazon_address) { should eq '170.252.252.1/30' }
its(:customer_address) { should eq '123.456.789.2/30' }
its(:virtual_gateway_id) { should eq 'vgw-d234e5f6' }
endexist
describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
it { should exist }
endbe_confirming, be_verifying, be_pending, be_available, be_deleting, be_deleted, be_rejected
describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
it { should exist }
it { should be_available }
endits(:owner_account), its(:virtual_interface_id), its(:location), its(:connection_id), its(:virtual_interface_type), its(:virtual_interface_name), its(:vlan), its(:asn), its(:amazon_side_asn), its(:auth_key), its(:amazon_address), its(:customer_address), its(:address_family), its(:virtual_interface_state), its(:customer_router_config), its(:mtu), its(:jumbo_frame_capable), its(:virtual_gateway_id), its(:direct_connect_gateway_id), its(:route_filter_prefixes), its(:bgp_peers), its(:region), its(:aws_device_v2), its(:aws_logical_device_id), its(:tags), its(:site_link_enabled)
dynamodb_table
DynamodbTable resource type.
exist
describe dynamodb_table('my-dynamodb-table') do
it { should exist }
endbe_creating, be_updating, be_deleting, be_active
have_attribute_definition
describe dynamodb_table('my-dynamodb-table') do
it { should have_attribute_definition('my-dynamodb-table-attaribute1').attribute_type('S') }
it { should have_attribute_definition('my-dynamodb-table-attaribute2').attribute_type('N') }
endhave_key_schema
describe dynamodb_table('my-dynamodb-table') do
it { should have_key_schema('my-dynamodb-table-key_schema1').key_type('HASH') }
it { should have_key_schema('my-dynamodb-table-key_schema2').key_type('RANGE') }
endits(:table_name), its(:table_status), its(:creation_date_time), its(:table_size_bytes), its(:item_count), its(:table_arn), its(:table_id), its(:billing_mode_summary), its(:local_secondary_indexes), its(:global_secondary_indexes), its(:stream_specification), its(:latest_stream_label), its(:latest_stream_arn), its(:global_table_version), its(:replicas), its(:restore_summary), its(:sse_description), its(:archival_summary), its(:table_class_summary), its(:deletion_protection_enabled)
🔓 Advanced use
dynamodb_table can use Aws::DynamoDB::Table resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/DynamoDB/Table.html).
describe dynamodb_table('my-dynamodb-table') do
its('key_schema.first.key_type') { should eq 'HASH' }
endor
describe dynamodb_table('my-dynamodb-table') do
its('resource.key_schema.first.key_type') { should eq 'HASH' }
endebs
EBS resource type.
exist
describe ebs('my-volume') do
it { should exist }
endbe_attached_to
describe ebs('my-volume') do
it { should be_attached_to('my-ec2') }
endbe_creating, be_available, be_in_use, be_deleting, be_deleted, be_error
describe ebs('my-volume') do
it { should be_in_use }
endhave_tag
describe ebs('my-volume') do
it { should have_tag('Name').value('my-volume') }
endits(:availability_zone), its(:create_time), its(:encrypted), its(:kms_key_id), its(:outpost_arn), its(:size), its(:snapshot_id), its(:state), its(:volume_id), its(:iops), its(:volume_type), its(:fast_restored), its(:multi_attach_enabled), its(:throughput)
🔓 Advanced use
ebs can use Aws::EC2::Volume resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Volume.html).
describe ebs('my-volume') do
its('attachments.first.instance_id') { should eq 'i-ec12345a' }
endor
describe ebs('my-volume') do
its('resource.attachments.first.instance_id') { should eq 'i-ec12345a' }
endec2
EC2 resource type.
exist
describe ec2('my-ec2') do
it { should exist }
endbe_disabled_api_termination
describe ec2('my-ec2') do
it { should be_disabled_api_termination }
endbe_pending, be_running, be_shutting_down, be_terminated, be_stopping, be_stopped
describe ec2('my-ec2') do
it { should be_running }
endhave_classiclink
describe ec2('my-ec2-classic') do
it { should have_classiclink('my-vpc') }
endhave_classiclink_security_group
describe ec2('my-ec2-classic') do
it { should have_classiclink_security_group('sg-2a3b4cd5') }
it { should have_classiclink_security_group('my-vpc-security-group-name') }
endhave_credit_specification
The credit option for CPU usage of T2 or T3 instance.
describe ec2('my-ec2') do
it { should have_credit_specification('unlimited') }
endhave_ebs
describe ec2('my-ec2') do
it { should have_ebs('vol-123a123b') }
it { should have_ebs('my-volume') }
endhave_eip
describe ec2('my-ec2') do
it { should have_eip('123.0.456.789') }
endhave_event
describe ec2('my-ec2') do
it { should have_event('system-reboot') }
endhave_events
describe ec2('my-ec2') do
it { should_not have_events }
endhave_iam_instance_profile
describe ec2('my-ec2') do
it { should have_iam_instance_profile('Ec2IamProfileName') }
endhave_network_interface
describe ec2('my-ec2') do
it { should have_network_interface('my-eni') }
it { should have_network_interface('eni-12ab3cde') }
it { should have_network_interface('my-eni').as_eth0 }
endhave_security_group
describe ec2('my-ec2') do
it { should have_security_group('my-security-group-name') }
it { should have_security_group('sg-1a2b3cd4') }
endhave_security_groups
describe ec2('my-ec2') do
it { should have_security_groups(['my-security-group-name-1', 'my-security-group-name-2']) }
it { should have_security_groups(['sg-1a2b3cd4', 'sg-5e6f7gh8']) }
endhave_tag
describe ec2('my-ec2') do
it { should have_tag('Name').value('my-ec2') }
endbelong_to_subnet
describe ec2('my-ec2') do
it { should belong_to_subnet('subnet-1234a567') }
it { should belong_to_subnet('my-subnet') }
endbelong_to_vpc
describe ec2('my-ec2') do
it { should belong_to_vpc('vpc-ab123cde') }
it { should belong_to_vpc('my-vpc') }
endits(:ami_launch_index), its(:image_id), its(:instance_id), its(:instance_type), its(:kernel_id), its(:key_name), its(:launch_time), its(:monitoring), its(:placement), its(:platform), its(:private_dns_name), its(:private_ip_address), its(:product_codes), its(:public_dns_name), its(:public_ip_address), its(:ramdisk_id), its(:state_transition_reason), its(:subnet_id), its(:vpc_id), its(:architecture), its(:client_token), its(:ebs_optimized), its(:ena_support), its(:hypervisor), its(:instance_lifecycle), its(:elastic_gpu_associations), its(:elastic_inference_accelerator_associations), its(:outpost_arn), its(:root_device_name), its(:root_device_type), its(:source_dest_check), its(:spot_instance_request_id), its(:sriov_net_support), its(:state_reason), its(:virtualization_type), its(:cpu_options), its(:capacity_reservation_id), its(:capacity_reservation_specification), its(:hibernation_options), its(:licenses), its(:metadata_options), its(:enclave_options), its(:boot_mode), its(:platform_details), its(:usage_operation), its(:usage_operation_update_time), its(:private_dns_name_options), its(:ipv_6_address), its(:tpm_support), its(:maintenance_options), its(:current_instance_boot_mode)
🔓 Advanced use
ec2 can use Aws::EC2::Instance resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Instance.html).
describe ec2('my-ec2') do
its('vpc.id') { should eq 'vpc-ab123cde' }
endor
describe ec2('my-ec2') do
its('resource.vpc.id') { should eq 'vpc-ab123cde' }
endAwspec::DuplicatedResourceTypeError exception
EC2 resources might have the same tag value and if you try to search for a
specific instance using that tag/tag value you might found multiples results
and receive a Awspec::DuplicatedResourceTypeError exception as result.
To avoid such situations, you will want to use EC2 instances ID's and then use those ID's to test whatever you need.
There are several different ways to provide such ID's, like using Terraform output or even the AWS SDK directly:
require 'awspec'
require 'aws-sdk-ec2'
tag_name = 'tag:Name'
tag_value = 'foobar'
servers = {}
ec2 = Aws::EC2::Resource.new
ec2.instances({filters: [{name: "#{tag_name}",
values: ["#{tag_value}"]}]}).each do |i|
servers.store(i.id, i.subnet_id)
end
if servers.size == 0
raise "Could not find any EC2 instance with #{tag_name} = #{tag_value}!"
end
servers.each_pair do |instance_id, subnet_id|
describe ec2(instance_id) do
it { should exist }
it { should be_running }
its(:image_id) { should eq 'ami-12345foobar' }
its(:instance_type) { should eq 't2.micro' }
it { should belong_to_subnet(subnet_id) }
end
endecr_repository
ECR Repository resource type.
exist
describe ecr_repository('my-ecr-repository') do
it { should exist }
endits(:repository_arn), its(:registry_id), its(:repository_name), its(:repository_uri), its(:created_at), its(:image_tag_mutability), its(:image_scanning_configuration), its(:encryption_configuration)
ecs_cluster
ECS Cluster resource type.
exist
describe ecs_cluster('my-ecs-cluster') do
it { should exist }
endbe_active, be_inactive
describe ecs_cluster('my-ecs-cluster') do
it { should be_active }
endhave_container_instance
describe ecs_cluster('my-ecs-cluster') do
it { have_container_instance('f2756532-8f13-4d53-87c9-aed50dc94cd7') }
endits(:cluster_arn), its(:cluster_name), its(:configuration), its(:status), its(:registered_container_instances_count), its(:running_tasks_count), its(:pending_tasks_count), its(:active_services_count), its(:statistics), its(:tags), its(:settings), its(:capacity_providers), its(:default_capacity_provider_strategy), its(:attachments), its(:attachments_status), its(:service_connect_defaults)
ecs_container_instance
ECS Container Instance resource type.
exist
You can set cluster ( default: default ).
describe ecs_container_instance('my-container-instance'), cluster: 'my-ecs-cluster' do
it { should exist }
endbe_active, be_inactive
describe ecs_container_instance('my-container-instance'), cluster: 'my-ecs-cluster' do
it { should be_active }
endits(:container_instance_arn), its(:ec2_instance_id), its(:capacity_provider_name), its(:version), its(:version_info), its(:status), its(:status_reason), its(:agent_connected), its(:running_tasks_count), its(:pending_tasks_count), its(:agent_update_status), its(:attributes), its(:registered_at), its(:attachments), its(:tags), its(:health_status)
ecs_service
ECS Service resource type.
exist
You can set cluster ( default: default ).
describe ecs_service('my-ecs-service'), cluster: 'my-ecs-cluster' do
it { should exist }
endbe_active, be_draining, be_inactive
describe ecs_service('my-ecs-service'), cluster: 'my-ecs-cluster' do
it { should be_active }
endits(:service_arn), its(:service_name), its(:cluster_arn), its(:load_balancers), its(:service_registries), its(:status), its(:desired_count), its(:running_count), its(:pending_count), its(:launch_type), its(:capacity_provider_strategy), its(:platform_version), its(:platform_family), its(:task_definition), its(:task_sets), its(:role_arn), its(:created_at), its(:placement_constraints), its(:placement_strategy), its(:network_configuration), its(:health_check_grace_period_seconds), its(:scheduling_strategy), its(:deployment_controller), its(:tags), its(:created_by), its(:enable_ecs_managed_tags), its(:propagate_tags), its(:enable_execute_command)
ecs_task_definition
ECS Task Definition resource type.
exist
describe ecs_task_definition('my-ecs-task-definition') do
it { should exist }
endbe_active, be_inactive
describe ecs_task_definition('my-ecs-task-definition') do
it { should be_active }
endits(:task_definition_arn), its(:family), its(:task_role_arn), its(:execution_role_arn), its(:network_mode), its(:revision), its(:volumes), its(:status), its(:requires_attributes), its(:placement_constraints), its(:compatibilities), its(:runtime_platform), its(:requires_compatibilities), its(:cpu), its(:memory), its(:inference_accelerators), its(:pid_mode), its(:ipc_mode), its(:proxy_configuration), its(:registered_at), its(:deregistered_at), its(:registered_by), its(:ephemeral_storage)
efs
EFS resource type.
exist
describe efs('my-efs') do
it { should exist }
endhave_tag
describe efs('my-efs') do
it { should have_tag('my-key').value('my-value') }
endits(:owner_id), its(:creation_token), its(:file_system_id), its(:file_system_arn), its(:creation_time), its(:life_cycle_state), its(:name), its(:number_of_mount_targets), its(:performance_mode), its(:encrypted), its(:kms_key_id), its(:throughput_mode), its(:provisioned_throughput_in_mibps), its(:availability_zone_name), its(:availability_zone_id)
elastic_ip
Elastic IP resource type.
exist
describe eip('my-eip') do
it { should exist }
endbe_associated_to
describe eip('123.0.456.789') do
it { should be_associated_to('i-ec12345a') }
endbelong_to_domain
describe eip('123.0.456.789') do
it { should belong_to_domain('vpc') }
endits(:instance_id), its(:public_ip), its(:allocation_id), its(:association_id), its(:domain), its(:network_interface_id), its(:network_interface_owner_id), its(:private_ip_address), its(:public_ipv_4_pool), its(:network_border_group), its(:customer_owned_ip), its(:customer_owned_ipv_4_pool), its(:carrier_ip)
eks
Eks resource type.
exist
describe eks('my-eks') do
it { should exist }
endbe_active, be_creating
describe eks('my-eks') do
it { should be_active }
endits(:name), its(:arn), its(:created_at), its(:version), its(:endpoint), its(:role_arn), its(:kubernetes_network_config), its(:logging), its(:identity), its(:status), its(:client_request_token), its(:platform_version), its(:tags), its(:encryption_config), its(:connector_config), its(:id), its(:health), its(:outpost_config)
eks_nodegroup
EksNodegroup resource type.
exist
describe eks_nodegroup('my-eks-nodegroup'), cluster: 'my-cluster' do
it { should exist }
endbe_active, be_inactive
be_ready
This matcher might not be exactly you are expecting: it is different from what you can see when looking at the AWS console at the Node Groups configuration and check if the nodes Status is "Ready".
What you seeing over there is
actually the same thing
you would if using kubectl.
This matcher cannot do the same because it would involve using the Kubernetes API: the AWS Ruby SDK currently doesn't expose this information.
What you can get from be_ready matcher is asserting that you have at least
the number of EC2 instances (the nodes in your EKS Node Group) are actually
in running state. It doesn't mean everything is fine, the node (EC2 instance)
can be running but without communication with the cluster or any order issue
regarding the Kubernetes configuration.
Although it might look an incomplete assertion, definitely the Node Group "Status" won't be "Active" if the EC2 instances associated with it are not running.
So, using this assertion like the sample below:
describe eks('my-eks-nodegroup'), cluster: 'my-cluster' do
it { should be_ready }
endWill pass if at least the minimum expected (see scaling_config) number of EC2
instances are running.
have_security_group
describe eks_nodegroup('my-eks-nodegroup'), cluster: 'my-cluster' do
it { should have_security_group('sg-1a2b3cd4') }
endits(:nodegroup_name), its(:nodegroup_arn), its(:cluster_name), its(:version), its(:release_version), its(:created_at), its(:modified_at), its(:status), its(:capacity_type), its(:instance_types), its(:subnets), its(:remote_access), its(:ami_type), its(:node_role), its(:labels), its(:taints), its(:resources), its(:disk_size), its(:health), its(:update_config), its(:launch_template), its(:tags)
elasticache
Elasticache resource type.
exist
describe elasticache('my-rep-group-001') do
it { should exist }
endbe_available, be_creating, be_deleted, be_deleting, be_incompatible_network, be_modifying, be_rebooting_cache_cluster_nodes, be_restore_failed, be_snapshotting
describe elasticache('my-rep-group-001') do
it { should be_available }
endhave_cache_parameter_group
describe elasticache('my-rep-group-001') do
it { should have_cache_parameter_group('my-cache-parameter-group') }
endhave_security_group
describe elasticache('my-rep-group-001') do
it { should have_security_group('sg-da1bc2ef') }
it { should have_security_group('group-name-sg') }
it { should have_security_group('my-cache-sg') }
endbelong_to_cache_subnet_group
describe elasticache('my-rep-group-001') do
it { should belong_to_cache_subnet_group('my-cache-subnet-group') }
endbelong_to_replication_group
describe elasticache('my-rep-group-001') do
it { should belong_to_replication_group('my-rep-group') }
endbelong_to_vpc
describe elasticache('my-rep-group-001') do
it { should belong_to_vpc('my-vpc') }
endits(:cache_cluster_id), its(:configuration_endpoint), its(:client_download_landing_page), its(:cache_node_type), its(:engine), its(:engine_version), its(:cache_cluster_status), its(:num_cache_nodes), its(:preferred_availability_zone), its(:preferred_outpost_arn), its(:cache_cluster_create_time), its(:preferred_maintenance_window), its(:notification_configuration), its(:cache_security_groups), its(:cache_subnet_group_name), its(:cache_nodes), its(:auto_minor_version_upgrade), its(:replication_group_id), its(:snapshot_retention_limit), its(:snapshot_window), its(:auth_token_enabled), its(:auth_token_last_modified_date), its(:transit_encryption_enabled), its(:at_rest_encryption_enabled), its(:arn), its(:replication_group_log_delivery_enabled), its(:log_delivery_configurations), its(:network_type), its(:ip_discovery), its(:transit_encryption_mode)
elasticache_cache_parameter_group
ElasticacheCacheParameterGroup resource type.
describe elasticache_cache_parameter_group('my-cache-parameter-group') do
it { should exist }
its(:activerehashing) { should eq 'yes' }
its(:client_output_buffer_limit_pubsub_hard_limit) { should eq '33554432' }
endexist
describe elasticache_cache_parameter_group('my-cache-parameter-group') do
it { should exist }
endelasticsearch
Elasticsearch resource type.
exist
describe elasticsearch('my-elasticsearch') do
it { should exist }
endbe_created
describe elasticsearch('my-elasticsearch') do
it { should be_created }
endbe_deleted
describe elasticsearch('my-elasticsearch') do
it { should be_deleted }
endhave_access_policies
describe elasticsearch('my-elasticsearch') do
it do
should have_access_policies <<-policy
{
"version": "2012-10-17",
"statement": [
{
"effect": "allow",
"principal": "*",
"action": [
"es:*"
],
"resource": "arn:aws:es:ap-northeast-1:1234567890:domain/my-elasticsearch/*"
}
]
}
policy
end
endits(:domain_id), its(:domain_name), its(:arn), its(:created), its(:deleted), its(:endpoint), its(:endpoints), its(:processing), its(:upgrade_processing), its(:elasticsearch_version), its(:access_policies), its(:snapshot_options), its(:vpc_options), its(:cognito_options), its(:encryption_at_rest_options), its(:node_to_node_encryption_options), its(:advanced_options), its(:log_publishing_options), its(:service_software_options), its(:domain_endpoint_options), its(:advanced_security_options), its(:auto_tune_options), its(:change_progress_details)
elastictranscoder_pipeline
ElastictranscoderPipeline resource type.
exist
be_active, be_paused
describe elastictranscoder_pipeline('my-elastictranscoder-pipeline') do
it { should be_active }
endelb
ELB resource type.
exist
describe elb('my-elb') do
it { should exist }
endbe_cross_zone_load_balancing_enabled
describe elb('my-elb') do
it { should be_cross_zone_load_balancing_enabled }
endhave_access_log
describe elb('my-elb') do
it { should have_access_log(s3_bucket_name: 'my-loadbalancer-logs', s3_bucket_prefix: 'my-app', emit_interval: 5) }
endhave_connection_draining
describe elb('my-elb') do
it { should have_connection_draining(timeout: 300) }
endhave_ec2
describe elb('my-elb') do
it { should have_ec2('my-ec2') }
endhave_listener
http://docs.aws.amazon.com/en_us/ElasticLoadBalancing/latest/DeveloperGuide/elb-listener-config.html
describe elb('my-elb') do
it { should have_listener(protocol: 'HTTPS', port: 443, instance_protocol: 'HTTP', instance_port: 80) }
endhave_security_group
describe elb('my-elb') do
it { should have_security_group('my-lb-security-group-tag-name') }
endhave_subnet
describe elb('my-elb') do
it { should have_subnet('my-subnet') }
endhave_tag
describe elb('my-elb') do
it { should have_tag('Name').value('my-elb') }
it { should have_tag('my-tag-key').value('my-tag-value') }
endbelong_to_vpc
describe elb('my-elb') do
it { should belong_to_vpc('my-vpc') }
endits(:health_check_target), its(:health_check_interval), its(:health_check_timeout), its(:health_check_unhealthy_threshold), its(:health_check_healthy_threshold), its(:idle_timeout), its(:load_balancer_name), its(:dns_name), its(:canonical_hosted_zone_name), its(:canonical_hosted_zone_name_id), its(:backend_server_descriptions), its(:availability_zones), its(:subnets), its(:vpc_id), its(:security_groups), its(:created_time), its(:scheme)
emr
Emr resource type.
exist
describe emr('my-emr') do
it { should exist }
endbe_healthy
describe emr('my-emr') do
it { should be_healthy }
endbe_ok
be_ready
be_running, be_waiting, be_starting, be_bootstrapping
describe emr('my-emr') do
it { should be_running }
endits(:id), its(:name), its(:instance_collection_type), its(:log_uri), its(:log_encryption_kms_key_id), its(:requested_ami_version), its(:running_ami_version), its(:release_label), its(:auto_terminate), its(:termination_protected), its(:visible_to_all_users), its(:service_role), its(:normalized_instance_hours), its(:master_public_dns_name), its(:configurations), its(:security_configuration), its(:auto_scaling_role), its(:scale_down_behavior), its(:custom_ami_id), its(:ebs_root_volume_size), its(:repo_upgrade_on_boot), its(:cluster_arn), its(:outpost_arn), its(:step_concurrency_level), its(:placement_groups), its(:os_release_label)
firehose
Firehose resource type.
exist
describe firehose('my-firehose') do
it { should exist }
endbe_active
describe firehose('my-firehose') do
it { should be_active }
endbe_creating
be_deleting
have_splunk_destination
describe firehose('my-firehose') do
it { should have_splunk_destination }
endits(:delivery_stream_name), its(:delivery_stream_arn), its(:delivery_stream_status), its(:failure_description), its(:delivery_stream_encryption_configuration), its(:delivery_stream_type), its(:version_id), its(:create_timestamp), its(:last_update_timestamp), its(:source), its(:has_more_destinations)
🔓 Advanced use
describe firehose('my-firehose') do
its(:delivery_stream_type) { should be_eql('DirectPut') }
endiam_group
IamGroup resource type.
exist
describe iam_group('my-iam-group') do
it { should exist }
endbe_allowed_action
describe iam_group('my-iam-group') do
it { should be_allowed_action('ec2:DescribeInstances') }
it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
endhave_iam_policy
describe iam_group('my-iam-group') do
it { should have_iam_policy('ReadOnlyAccess') }
endhave_iam_user
describe iam_group('my-iam-group') do
it { should have_iam_user('my-iam-user') }
endhave_inline_policy
describe iam_group('my-iam-group') do
it { should have_inline_policy('InlineEC2FullAccess') }
it do
should have_inline_policy('InlineEC2FullAccess').policy_document(<<-'DOC')
{
"Statement": [
{
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "elasticloadbalancing:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "cloudwatch:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "autoscaling:*",
"Resource": "*"
}
]
}
DOC
end
endYou can test absence of inline policies.
describe iam_group('my-iam-group') do
it { should_not have_inline_policy }
endits(:path), its(:group_name), its(:group_id), its(:arn), its(:create_date)
🔓 Advanced use
iam_group can use Aws::IAM::Group resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Group.html).
describe iam_group('my-iam-group') do
its('users.count') { should eq 5 }
endor
describe iam_group('my-iam-group') do
its('resource.users.count') { should eq 5 }
endiam_policy
IamPolicy resource type.
exist
describe iam_policy('my-iam-policy') do
it { should exist }
endbe_attachable
describe iam_policy('my-iam-policy') do
it { should be_attachable }
endbe_attached_to_group
describe iam_policy('my-iam-policy') do
it { should be_attached_to_group('my-iam-group') }
endbe_attached_to_role
describe iam_policy('my-iam-policy') do
it { should be_attached_to_role('HelloIAmGodRole') }
endbe_attached_to_user
describe iam_policy('my-iam-user') do
it { should be_attached_to_user('my-iam-user') }
endhave_policy_document
describe iam_policy('my-iam-user') do
it do
should have_policy_document(<<-'DOC')
{
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
},
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": ["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]
}
]
}
DOC
end
endits(:policy_name), its(:policy_id), its(:arn), its(:path), its(:default_version_id), its(:attachment_count), its(:permissions_boundary_usage_count), its(:is_attachable), its(:description), its(:create_date), its(:update_date), its(:tags)
iam_role
IamRole resource type.
exist
describe iam_role('my-iam-role') do
it { should exist }
endbe_allowed_action
describe iam_role('my-iam-role') do
it { should be_allowed_action('ec2:DescribeInstances') }
it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
endhave_iam_policy
describe iam_role('my-iam-role') do
it { should have_iam_policy('ReadOnlyAccess') }
endhave_inline_policy
describe iam_role('my-iam-role') do
it { should have_inline_policy('AllowS3BucketAccess') }
it do
should have_inline_policy('AllowS3BucketAccess').policy_document(<<-'DOC')
{
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
},
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": ["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]
}
]
}
DOC
end
endYou can test absence of inline policies.
describe iam_role('my-iam-role') do
it { should_not have_inline_policy }
endits(:path), its(:role_name), its(:role_id), its(:arn), its(:create_date), its(:assume_role_policy_document), its(:description), its(:max_session_duration), its(:permissions_boundary), its(:tags), its(:role_last_used)
🔓 Advanced use
iam_role can use Aws::IAM::Role resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Role.html).
describe iam_role('my-iam-role') do
its('attached_policies.count') { should eq 5 }
endor
describe iam_role('my-iam-role') do
its('resource.attached_policies.count') { should eq 5 }
endiam_user
IamUser resource type.
exist
describe iam_user('my-iam-user') do
it { should exist }
endbe_allowed_action
describe iam_user('my-iam-user') do
it { should be_allowed_action('ec2:DescribeInstances') }
it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
endhave_iam_policy
describe iam_user('my-iam-user') do
it { should have_iam_policy('ReadOnlyAccess') }
endhave_inline_policy
describe iam_user('my-iam-user') do
it { should have_inline_policy('AllowS3BucketAccess') }
it do
should have_inline_policy('AllowS3BucketAccess').policy_document(<<-'DOC')
{
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
},
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": ["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]
}
]
}
DOC
end
endYou can test absence of inline policies.
describe iam_user('my-iam-user') do
it { should_not have_inline_policy }
endbelong_to_iam_group
describe iam_user('my-iam-user') do
it { should belong_to_iam_group('my-iam-group') }
endits(:path), its(:user_name), its(:user_id), its(:arn), its(:create_date), its(:password_last_used), its(:permissions_boundary), its(:tags)
🔓 Advanced use
iam_user can use Aws::IAM::User resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/User.html).
describe iam_user('my-iam-user') do
its('login_profile.password_reset_required') { should eq false }
endor
describe iam_user('my-iam-user') do
its('resource.login_profile.password_reset_required') { should eq false }
endinternet_gateway
InternetGateway resource type.
exist
describe internet_gateway('igw-1ab2cd3e') do
it { should exist }
end
describe internet_gateway('my-internet-gateway') do
it { should exist }
endbe_attached_to
describe internet_gateway('igw-1ab2cd3e') do
it { should be_attached_to('vpc-ab123cde') }
end
describe internet_gateway('igw-1ab2cd3e') do
it { should be_attached_to('my-vpc') }
endhave_tag
describe internet_gateway('igw-1ab2cd3e') do
it { should have_tag('Name').value('my-internet-gateway') }
endits(:internet_gateway_id), its(:owner_id)
kinesis
Kinesis resource type.
exist
describe kinesis('my-kinesis') do
it { should exist }
endits(:stream_name), its(:stream_arn), its(:stream_status), its(:stream_mode_details), its(:retention_period_hours), its(:stream_creation_timestamp), its(:encryption_type), its(:key_id), its(:open_shard_count), its(:consumer_count)
kms
Kms resource type.
exist
describe kms('my-kms-key') do
it { should exist }
endbe_enabled
describe kms('my-kms-key') do
it { should be_enabled }
endhave_key_policy
describe kms('my-kms-key') do
it { should exist }
it { should be_enabled }
it do
should have_key_policy('default').policy_document(<<-'DOC')
{
"Version" : "2012-10-17",
"Id" : "key-consolepolicy-2",
"Statement" : [ {
"Sid" : "Enable IAM User Permissions",
"Effect" : "Allow",
"Principal" : {
"AWS" : "arn:aws:iam::1234567890:root"
},
"Action" : "kms:*",
"Resource" : "*"
}, {
"Sid" : "Allow access for Key Administrators",
"Effect" : "Allow",
"Principal" : {
"AWS" : "arn:aws:iam::1234567890:user/test-user"
},
"Action" : [ "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*", "kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion" ],
"Resource" : "*"
}, {
"Sid" : "Allow use of the key",
"Effect" : "Allow",
"Principal" : {
"AWS" : [ "arn:aws:iam::1234567890:user/test-user", "arn:aws:iam::1234567890:role/test-role" ]
},
"Action" : [ "kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:DescribeKey" ],
"Resource" : "*"
}, {
"Sid" : "Allow attachment of persistent resources",
"Effect" : "Allow",
"Principal" : {
"AWS" : [ "arn:aws:iam::1234567890:user/test-user", "arn:aws:iam::1234567890:role/test-role" ]
},
"Action" : [ "kms:CreateGrant", "kms:ListGrants", "kms:RevokeGrant" ],
"Resource" : "*",
"Condition" : {
"Bool" : {
"kms:GrantIsForAWSResource" : "true"
}
}
} ]
}
DOC
end
endits(:aws_account_id), its(:key_id), its(:arn), its(:creation_date), its(:enabled), its(:description), its(:key_usage), its(:key_state), its(:deletion_date), its(:valid_to), its(:origin), its(:custom_key_store_id), its(:cloud_hsm_cluster_id), its(:expiration_model), its(:key_manager), its(:customer_master_key_spec), its(:key_spec), its(:encryption_algorithms), its(:signing_algorithms), its(:multi_region), its(:multi_region_configuration), its(:pending_deletion_window_in_days), its(:mac_algorithms), its(:xks_key_configuration)
lambda
Lambda resource type.
exist
describe lambda('my-lambda-function-name') do
it { should exist }
endhave_env_var
Useful to validate if there is a specific environment variable declared in the Lambda. You probably will want to use it with have_env_var_value.
have_env_var_value
Validates if a specific environment variable has the expected value. More useful to use with have_env_var because if the variable isn't available, it will fail without notifying that the variable is missing.
expected.each_pair do |key, value|
context "environment variable #{key}" do
it { should have_env_var(key) }
it { should have_env_var_value(key, value) }
end
endexpected would be a hash that has the environment variables names as keys.
have_env_vars
Useful to validate if there are environment variables configured in the Lambda:
describe lambda('my-lambda-function-name') do
it { should have_env_vars() }
endhave_event_source
This matcher does not support Amazon S3 event sources (see SDK doc).
its(:function_name), its(:function_arn), its(:runtime), its(:role), its(:handler), its(:code_size), its(:description), its(:timeout), its(:memory_size), its(:last_modified), its(:code_sha_256), its(:version), its(:vpc_config), its(:dead_letter_config), its(:kms_key_arn), its(:master_arn), its(:revision_id), its(:layers), its(:state), its(:state_reason), its(:state_reason_code), its(:last_update_status), its(:last_update_status_reason), its(:last_update_status_reason_code), its(:file_system_configs), its(:package_type), its(:image_config_response), its(:signing_profile_version_arn), its(:signing_job_arn), its(:architectures), its(:ephemeral_storage), its(:snap_start), its(:runtime_version_config)
launch_configuration
LaunchConfiguration resource type.
exist
describe launch_configuration('my-lc') do
it { should exist }
endhave_block_device_mapping
have_security_group
describe launch_configuration('my-lc') do
it { should have_security_group('my-security-group-name') }
endits(:launch_configuration_name), its(:launch_configuration_arn), its(:image_id), its(:key_name), its(:security_groups), its(:classic_link_vpc_id), its(:classic_link_vpc_security_groups), its(:user_data), its(:instance_type), its(:kernel_id), its(:ramdisk_id), its(:spot_price), its(:iam_instance_profile), its(:created_time), its(:ebs_optimized), its(:associate_public_ip_address), its(:placement_tenancy), its(:metadata_options)
launch_template
LaunchTemplate resource type.
exist
You can set launch template version ( default: $Default ).
# launch_template_id or launch_template_name
describe launch_template('my-launch-template') do
it { should exist }
its(:default_version_number) { should eq 1 }
its(:latest_version_number) { should eq 2 }
its('launch_template_version.launch_template_data.image_id') { should eq 'ami-12345foobar' }
its('launch_template_version.launch_template_data.instance_type') { should eq 't2.micro' }
end