Resource Types
acm | alb | alb_listener | alb_target_group | ami | apigateway | autoscaling_group | batch_compute_environment | batch_job_definition | batch_job_queue | cloudformation_stack | cloudfront_distribution | cloudtrail | cloudwatch_alarm | cloudwatch_event | cloudwatch_logs | codebuild | codedeploy | codedeploy_deployment_group | cognito_identity_pool | cognito_user_pool | customer_gateway | directconnect_virtual_interface | dynamodb_table | ebs | ec2 | ecr_repository | ecs_cluster | ecs_container_instance | ecs_service | ecs_task_definition | efs | eip | eks | eks_nodegroup | elasticache | elasticache_cache_parameter_group | elasticsearch | elastictranscoder_pipeline | elb | emr | firehose | iam_group | iam_policy | iam_role | iam_user | internet_gateway | kinesis | kms | lambda | launch_configuration | launch_template | mq | msk | nat_gateway | network_acl | network_interface | nlb | nlb_listener | nlb_target_group | rds | rds_db_cluster | rds_db_cluster_parameter_group | rds_db_parameter_group | rds_db_subnet_group | rds_global_cluster | rds_proxy | redshift | redshift_cluster_parameter_group | route53_hosted_zone | route_table | s3_bucket | secretsmanager | security_group | ses_identity | sns_topic | sqs | ssm_parameter | subnet | transfer_server | transit_gateway | vpc | vpc_endpoints | vpn_connection | vpn_gateway | waf_web_acl | wafregional_web_acl | account
acm
Acm resource type.
exist
describe acm('example.com') do
it { should exist }
end
be_pending_validation, be_issued, be_inactive, be_expired, be_validation_timed_out, be_revoked, be_failed
have_domain_name
have_domain_validation_option
describe acm('example.com') do
it { should have_domain_validation_option(domain_name: 'example.com', validation_method: 'DNS', validation_status: 'SUCCESS') }
it { should have_domain_validation_option(domain_name: 'mail.example.com', validation_method: 'EMAIL') }
end
its(:certificate_arn), its(:domain_name), its(:subject_alternative_names), its(:serial), its(:subject), its(:issuer), its(:created_at), its(:issued_at), its(:imported_at), its(:status), its(:revoked_at), its(:revocation_reason), its(:not_before), its(:not_after), its(:key_algorithm), its(:signature_algorithm), its(:in_use_by), its(:failure_reason), its(:type), its(:renewal_summary), its(:key_usages), its(:extended_key_usages), its(:certificate_authority_arn), its(:renewal_eligibility), its(:options)
alb
ALB resource type.
exist
describe alb('my-alb') do
it { should exist }
end
be_active, be_provisioning, be_failed
describe alb('my-alb') do
it { should be_active }
end
have_security_group
describe alb('my-alb') do
it { should have_security_group('sg-1a2b3cd4') }
end
have_subnet
describe alb('my-alb') do
it { should have_subnet('subnet-1234a567') }
end
have_tag
describe alb('my-alb') do
it { should have_tag('environment').value('dev') }
end
belong_to_vpc
describe alb('my-alb') do
it { should belong_to_vpc('my-vpc') }
end
its(:load_balancer_arn), its(:dns_name), its(:canonical_hosted_zone_id), its(:created_time), its(:load_balancer_name), its(:scheme), its(:vpc_id), its(:type), its(:security_groups), its(:ip_address_type), its(:customer_owned_ipv_4_pool)
alb_listener
AlbListener resource type.
exist
describe alb_listener('arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:listener/app/my-alb/1aa1bb1cc1ddee11/f2f7dc8efc522ab2') do
it { should exist }
its(:port) { should eq 80 }
its(:protocol) { should eq 'HTTP' }
end
have_rule
describe alb_listener('arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:listener/app/my-alb/1aa1bb1cc1ddee11/f2f7dc8efc522ab2') do
it { should have_rule('arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:listener-rule/app/my-alb/1aa1bb1cc1ddee11/f2f7dc8efc522ab2/9683b2d02a6cabee') }
it do
should have_rule.priority('10')
.conditions(field: 'path-pattern', values: ['/img/*'])
.actions(target_group_arn: 'arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:123456789012:targetgroup/73e2d6bc24d8a067/73e2d6bc24d8a067', type: 'forward')
end
it do
should have_rule.priority('10')
.if(field: 'path-pattern', values: ['/img/*'])
.then(target_group_arn: 'arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:123456789012:targetgroup/73e2d6bc24d8a067/73e2d6bc24d8a067', type: 'forward')
end
it { should have_rule.conditions([{ field: 'path-pattern', values: ['/admin/*'] }, { field: 'host-header', values: ['admin.example.com'] }]) }
it { should have_rule.actions(target_group_name: 'my-alb-target-group', type: 'forward') }
end
its(:listener_arn), its(:load_balancer_arn), its(:port), its(:protocol), its(:certificates), its(:ssl_policy), its(:alpn_policy)
alb_target_group
AlbTargetGroup resource type.
exist
describe alb_target_group('my-alb-target-group') do
it { should exist }
its(:health_check_path) { should eq '/' }
its(:health_check_port) { should eq 'traffic-port' }
its(:health_check_protocol) { should eq 'HTTP' }
end
have_ec2
describe alb_target_group('my-alb-target-group') do
it { should have_ec2('my-ec2') }
end
belong_to_alb
describe alb_target_group('my-alb-target-group') do
it { should belong_to_alb('my-alb') }
end
belong_to_vpc
describe alb_target_group('my-alb-target-group') do
it { should belong_to_vpc('my-vpc') }
end
its(:target_group_arn), its(:target_group_name), its(:protocol), its(:port), its(:vpc_id), its(:health_check_protocol), its(:health_check_port), its(:health_check_enabled), its(:health_check_interval_seconds), its(:health_check_timeout_seconds), its(:healthy_threshold_count), its(:unhealthy_threshold_count), its(:health_check_path), its(:load_balancer_arns), its(:target_type), its(:protocol_version), its(:ip_address_type)
ami
AMI resource type.
exist
describe ami('my-ami') do
it { should exist }
end
be_pending, be_available, be_invalid, be_deregistered, be_transient, be_failed, be_error
describe ami('my-ami') do
it { should be_available }
end
have_tag
its(:architecture), its(:creation_date), its(:image_id), its(:image_location), its(:image_type), its(:public), its(:kernel_id), its(:owner_id), its(:platform), its(:platform_details), its(:usage_operation), its(:ramdisk_id), its(:state), its(:description), its(:ena_support), its(:hypervisor), its(:image_owner_alias), its(:name), its(:root_device_name), its(:root_device_type), its(:sriov_net_support), its(:state_reason), its(:virtualization_type), its(:boot_mode), its(:tpm_support), its(:deprecation_time), its(:imds_support)
🔓 Advanced use
ami
can use Aws::EC2::Image
resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Image.html).
apigateway
Apigateway resource type.
exist
describe apigateway('my-apigateway') do
it { should exist }
end
have_integration_method
have_integration_path
have_method
have_path
its(:id), its(:name), its(:description), its(:created_date), its(:version), its(:warnings), its(:binary_media_types), its(:minimum_compression_size), its(:api_key_source), its(:policy), its(:tags), its(:disable_execute_api_endpoint)
autoscaling_group
AutoscalingGroup resource type.
exist
describe autoscaling_group('my-auto-scaling-group') do
it { should exist }
end
have_alb_target_group
describe autoscaling_group('my-auto-scaling-group') do
it { should have_alb_target_group('my-alb-target-group') }
end
have_ec2
describe autoscaling_group('my-auto-scaling-group') do
it { should have_ec2('my-ec2') }
end
have_elb
describe autoscaling_group('my-auto-scaling-group') do
it { should have_elb('my-elb') }
end
have_launch_configuration
describe autoscaling_group('my-auto-scaling-group') do
it { should have_launch_configuration('my-lc') }
end
have_nlb_target_group
have_suspended_process
have_tag
describe autoscaling_group('my-auto-scaling-group') do
it { should have_tag('Name').value('my-group') }
end
its(:auto_scaling_group_name), its(:auto_scaling_group_arn), its(:launch_configuration_name), its(:launch_template), its(:mixed_instances_policy), its(:min_size), its(:max_size), its(:desired_capacity), its(:predicted_capacity), its(:default_cooldown), its(:availability_zones), its(:load_balancer_names), its(:target_group_arns), its(:health_check_type), its(:health_check_grace_period), its(:created_time), its(:placement_group), its(:vpc_zone_identifier), its(:enabled_metrics), its(:status), its(:termination_policies), its(:new_instances_protected_from_scale_in), its(:service_linked_role_arn), its(:max_instance_lifetime), its(:capacity_rebalance), its(:warm_pool_configuration), its(:warm_pool_size), its(:context), its(:desired_capacity_type), its(:default_instance_warmup), its(:traffic_sources)
batch_compute_environment
BatchComputeEnvironment resource type.
exist
describe batch_compute_environment('my-batch-compute-environment') do
it { should exist }
end
be_disabled
be_enabled
be_enabled, be_disabled
describe batch_compute_environment('my-batch-compute-environment') do
it { should be_enabled }
end
be_managed
be_managed, be_unmanaged
describe batch_compute_environment('my-batch-compute-environment') do
it { should be_managed }
end
be_unmanaged
its(:compute_environment_name), its(:compute_environment_arn), its(:unmanagedv_cpus), its(:ecs_cluster_arn), its(:tags), its(:type), its(:state), its(:status), its(:status_reason), its(:service_role), its(:update_policy), its(:eks_configuration), its(:container_orchestration_type), its(:uuid)
batch_job_definition
BatchJobDefinition resource type.
exist
describe batch_job_definition('my-batch-job-definition') do
it { should exist }
end
its(:job_definition_name), its(:job_definition_arn), its(:revision), its(:status), its(:type), its(:scheduling_priority), its(:parameters), its(:retry_strategy), its(:timeout), its(:node_properties), its(:tags), its(:propagate_tags), its(:platform_capabilities), its(:eks_properties), its(:container_orchestration_type)
batch_job_queue
BatchJobQueue resource type.
exist
describe batch_job_queue('my-batch-job-queue') do
it { should exist }
end
be_disabled
be_enabled
have_compute_environment_order
describe batch_job_queue('my-batch-job-queue') do
it { should have_compute_environment_order('arn:aws:batch:us-east-1:012345678910:compute-environment/C4OnDemand', 1) }
end
its(:job_queue_name), its(:job_queue_arn), its(:state), its(:scheduling_policy_arn), its(:status), its(:status_reason), its(:priority), its(:tags)
cloudformation_stack
CloudformationStack resource type.
exist
describe cloudformation_stack('my-cloudformation-stack') do
it { should exist }
its(:stack_status) { should eq 'UPDATE_COMPLETE' }
end
have_tag
describe cloudformation_stack('my-cloudformation-stack') do
it { should have_tag('env').value('dev') }
end
its(:stack_id), its(:stack_name), its(:change_set_id), its(:description), its(:parameters), its(:creation_time), its(:deletion_time), its(:last_updated_time), its(:rollback_configuration), its(:stack_status), its(:stack_status_reason), its(:disable_rollback), its(:notification_arns), its(:timeout_in_minutes), its(:capabilities), its(:role_arn), its(:enable_termination_protection), its(:parent_id), its(:root_id), its(:drift_information)
cloudfront_distribution
CloudfrontDistribution resource type.
exist
describe cloudfront_distribution('123456789zyxw.cloudfront.net') do
it { should exist }
end
be_in_progress, be_deployed
describe cloudfront_distribution('123456789zyxw.cloudfront.net') do
it { should be_deployed }
end
have_custom_response_error_code
describe cloudfront_distribution('123456789zyxw.cloudfront.net') do
it do
should have_custom_response_error_code(400)
.error_caching_min_ttl(60)
.response_page_path('/path/to/400.html')
.response_code(400)
end
it do
should have_custom_response_error_code(403)
.error_caching_min_ttl(60)
.response_page_path('/path/to/403.html')
.response_code('403')
end
it do
should have_custom_response_error_code(500)
.error_caching_min_ttl(60)
end
end
have_origin
describe cloudfront_distribution('E2CLOUDFRONTXX') do
it do
should have_origin('cf-s3-origin-hosting.dev.example.com')
.domain_name('cf-s3-origin-hosting.dev.example.com.s3.amazonaws.com')
.origin_path('/img')
.origin_access_identity('origin-access-identity/cloudfront/E2VVVVVVVVVVVV')
end
end
have_origin_domain_name
describe cloudfront_distribution('123456789zyxw.cloudfront.net') do
it { should have_origin_domain_name('cf-s3-origin-hosting.dev.example.com.s3.amazonaws.com') }
end
have_origin_domain_name_and_path
describe cloudfront_distribution('123456789zyxw.cloudfront.net') do
it { should have_origin_domain_name_and_path('cf-s3-origin-hosting.dev.example.com.s3.amazonaws.com/img') }
end
its(:id), its(:arn), its(:status), its(:last_modified_time), its(:domain_name), its(:origin_groups), its(:comment), its(:price_class), its(:enabled), its(:web_acl_id), its(:http_version), its(:is_ipv6_enabled), its(:alias_icp_recordals), its(:staging)
cloudtrail
Cloudtrail resource type.
exist
describe cloudtrail('my-trail') do
it { should exist }
end
be_logging
describe cloudtrail('my-trail') do
it { should be_logging }
end
be_multi_region_trail
describe cloudtrail('my-trail') do
it { should be_multi_region_trail }
end
have_global_service_events_included
describe cloudtrail('my-trail') do
it { should have_global_service_events_included }
end
have_log_file_validation_enabled
describe cloudtrail('my-trail') do
it { should have_log_file_validation_enabled }
end
have_tag
describe cloudtrail('my-trail') do
it { should have_tag('Name').value('my-trail') }
end
its(:name), its(:s3_bucket_name), its(:s3_key_prefix), its(:sns_topic_name), its(:sns_topic_arn), its(:include_global_service_events), its(:is_multi_region_trail), its(:home_region), its(:trail_arn), its(:log_file_validation_enabled), its(:cloud_watch_logs_log_group_arn), its(:cloud_watch_logs_role_arn), its(:kms_key_id), its(:has_custom_event_selectors), its(:has_insight_selectors), its(:is_organization_trail)
cloudwatch_alarm
CloudwatchAlarm resource type.
exist
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should exist }
end
have_alarm_action
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should have_alarm_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
end
have_insufficient_data_action
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should have_insufficient_data_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
end
have_ok_action
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should have_ok_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
end
belong_to_metric
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should belong_to_metric('NumberOfProcesses').namespace('my-cloudwatch-namespace') }
end
its(:alarm_name), its(:alarm_arn), its(:alarm_description), its(:alarm_configuration_updated_timestamp), its(:actions_enabled), its(:ok_actions), its(:alarm_actions), its(:insufficient_data_actions), its(:state_value), its(:state_reason), its(:state_reason_data), its(:state_updated_timestamp), its(:metric_name), its(:namespace), its(:statistic), its(:extended_statistic), its(:period), its(:unit), its(:evaluation_periods), its(:datapoints_to_alarm), its(:threshold), its(:comparison_operator), its(:treat_missing_data), its(:evaluate_low_sample_count_percentile), its(:metrics), its(:threshold_metric_id), its(:evaluation_state), its(:state_transitioned_timestamp)
cloudwatch_event
CloudwatchEvent resource type.
exist
be_enable
be_scheduled
its(:name), its(:arn), its(:event_pattern), its(:state), its(:description), its(:schedule_expression), its(:role_arn), its(:managed_by), its(:event_bus_name)
cloudwatch_logs
CloudwatchLogs resource type.
exist
describe cloudwatch_logs('my-cloudwatch-logs-group') do
it { should exist }
end
have_log_stream
describe cloudwatch_logs('my-cloudwatch-logs-group') do
it { should have_log_stream('my-cloudwatch-logs-stream') }
end
have_metric_filter
describe cloudwatch_logs('my-cloudwatch-logs-group') do
it { should have_metric_filter('my-cloudwatch-logs-metric-filter') }
end
or
describe cloudwatch_logs('my-cloudwatch-logs-group') do
it do
should have_metric_filter('my-cloudwatch-logs-metric-filter')
.filter_pattern('[date, error]')
end
end
have_subscription_filter
describe cloudwatch_logs('my-cloudwatch-logs-group') do
it { should have_subscription_filter('my-cloudwatch-logs-subscription-filter') }
end
or
describe cloudwatch_logs('my-cloudwatch-logs-group') do
it do
should have_subscription_filter('my-cloudwatch-logs-subscription-filter')\
.filter_pattern('[host, ident, authuser, date, request, status, bytes]')
end
end
have_tag
describe cloudwatch_logs('my-cloudwatch-logs-group') do
it { should have_tag('Name').value('my-cloudwatch-logs-group') }
end
its(:log_group_name), its(:creation_time), its(:retention_in_days), its(:metric_filter_count), its(:arn), its(:stored_bytes), its(:kms_key_id), its(:data_protection_status)
codebuild
Codebuild resource type.
exist
codedeploy
Codedeploy resource type.
exist
its(:application_id), its(:application_name), its(:create_time), its(:linked_to_git_hub), its(:git_hub_account_name), its(:compute_platform)
codedeploy_deployment_group
CodedeployDeploymentGroup resource type.
exist
You can set the application_name
(default: default
).
describe codedeploy_deployment_group('my-codedeploy-deployment-group'), application_name: 'my-codedeploy-application' do
it { should exist }
end
have_autoscaling_group
describe codedeploy_deployment_group('my-codedeploy-deployment-group'), application_name: 'my-codedeploy-application' do
it { should have_autoscaling_group('my-autoscaling-group') }
end
its(:application_name), its(:deployment_group_id), its(:deployment_group_name), its(:deployment_config_name), its(:on_premises_instance_tag_filters), its(:service_role_arn), its(:target_revision), its(:trigger_configurations), its(:alarm_configuration), its(:deployment_style), its(:outdated_instances_strategy), its(:load_balancer_info), its(:last_successful_deployment), its(:last_attempted_deployment), its(:ec2_tag_set), its(:on_premises_tag_set), its(:compute_platform), its(:ecs_services)
cognito_identity_pool
CognitoIdentityPool resource type.
exist
describe cognito_identity_pool('my-cognito-identity-pool') do
it { should exist }
end
its(:identity_pool_id), its(:identity_pool_name)
cognito_user_pool
CognitoUserPool resource type.
exist
describe cognito_user_pool('my-cognito-user-pool') do
it { should exist }
end
its(:id), its(:name), its(:status), its(:last_modified_date), its(:creation_date)
customer_gateway
CustomerGateway resource type.
exist
describe customer_gateway('my-customer-gateway') do
it { should exist }
end
be_pending, be_available, be_deleting, be_deleted
describe customer_gateway('my-customer-gateway') do
it { should be_running }
end
have_tag
describe customer_gateway('my-customer-gateway') do
it { should have_tag('Name').value('my-customer-gateway') }
end
its(:bgp_asn), its(:customer_gateway_id), its(:ip_address), its(:certificate_arn), its(:state), its(:type), its(:device_name), its(:tags)
directconnect_virtual_interface
DirectconnectVirtualInterface resource type.
describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
it { should exist }
it { should be_available }
its(:connection_id) { should eq 'dxcon-abcd5fgh' }
its(:virtual_interface_id) { should eq 'dxvif-aabbccdd' }
its(:amazon_address) { should eq '170.252.252.1/30' }
its(:customer_address) { should eq '123.456.789.2/30' }
its(:virtual_gateway_id) { should eq 'vgw-d234e5f6' }
end
exist
describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
it { should exist }
end
be_confirming, be_verifying, be_pending, be_available, be_deleting, be_deleted, be_rejected
describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
it { should exist }
it { should be_available }
end
its(:owner_account), its(:virtual_interface_id), its(:location), its(:connection_id), its(:virtual_interface_type), its(:virtual_interface_name), its(:vlan), its(:asn), its(:amazon_side_asn), its(:auth_key), its(:amazon_address), its(:customer_address), its(:address_family), its(:virtual_interface_state), its(:customer_router_config), its(:mtu), its(:jumbo_frame_capable), its(:virtual_gateway_id), its(:direct_connect_gateway_id), its(:route_filter_prefixes), its(:bgp_peers), its(:region), its(:aws_device_v2), its(:aws_logical_device_id), its(:tags), its(:site_link_enabled)
dynamodb_table
DynamodbTable resource type.
exist
describe dynamodb_table('my-dynamodb-table') do
it { should exist }
end
be_creating, be_updating, be_deleting, be_active
have_attribute_definition
describe dynamodb_table('my-dynamodb-table') do
it { should have_attribute_definition('my-dynamodb-table-attaribute1').attribute_type('S') }
it { should have_attribute_definition('my-dynamodb-table-attaribute2').attribute_type('N') }
end
have_key_schema
describe dynamodb_table('my-dynamodb-table') do
it { should have_key_schema('my-dynamodb-table-key_schema1').key_type('HASH') }
it { should have_key_schema('my-dynamodb-table-key_schema2').key_type('RANGE') }
end
its(:table_name), its(:table_status), its(:creation_date_time), its(:table_size_bytes), its(:item_count), its(:table_arn), its(:table_id), its(:billing_mode_summary), its(:local_secondary_indexes), its(:global_secondary_indexes), its(:stream_specification), its(:latest_stream_label), its(:latest_stream_arn), its(:global_table_version), its(:replicas), its(:restore_summary), its(:sse_description), its(:archival_summary), its(:table_class_summary), its(:deletion_protection_enabled)
🔓 Advanced use
dynamodb_table
can use Aws::DynamoDB::Table
resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/DynamoDB/Table.html).
describe dynamodb_table('my-dynamodb-table') do
its('key_schema.first.key_type') { should eq 'HASH' }
end
or
describe dynamodb_table('my-dynamodb-table') do
its('resource.key_schema.first.key_type') { should eq 'HASH' }
end
ebs
EBS resource type.
exist
describe ebs('my-volume') do
it { should exist }
end
be_attached_to
describe ebs('my-volume') do
it { should be_attached_to('my-ec2') }
end
be_creating, be_available, be_in_use, be_deleting, be_deleted, be_error
describe ebs('my-volume') do
it { should be_in_use }
end
have_tag
describe ebs('my-volume') do
it { should have_tag('Name').value('my-volume') }
end
its(:availability_zone), its(:create_time), its(:encrypted), its(:kms_key_id), its(:outpost_arn), its(:size), its(:snapshot_id), its(:state), its(:volume_id), its(:iops), its(:volume_type), its(:fast_restored), its(:multi_attach_enabled), its(:throughput)
🔓 Advanced use
ebs
can use Aws::EC2::Volume
resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Volume.html).
describe ebs('my-volume') do
its('attachments.first.instance_id') { should eq 'i-ec12345a' }
end
or
describe ebs('my-volume') do
its('resource.attachments.first.instance_id') { should eq 'i-ec12345a' }
end
ec2
EC2 resource type.
exist
describe ec2('my-ec2') do
it { should exist }
end
be_disabled_api_termination
describe ec2('my-ec2') do
it { should be_disabled_api_termination }
end
be_pending, be_running, be_shutting_down, be_terminated, be_stopping, be_stopped
describe ec2('my-ec2') do
it { should be_running }
end
have_classiclink
describe ec2('my-ec2-classic') do
it { should have_classiclink('my-vpc') }
end
have_classiclink_security_group
describe ec2('my-ec2-classic') do
it { should have_classiclink_security_group('sg-2a3b4cd5') }
it { should have_classiclink_security_group('my-vpc-security-group-name') }
end
have_credit_specification
The credit option for CPU usage of T2 or T3 instance.
describe ec2('my-ec2') do
it { should have_credit_specification('unlimited') }
end
have_ebs
describe ec2('my-ec2') do
it { should have_ebs('vol-123a123b') }
it { should have_ebs('my-volume') }
end
have_eip
describe ec2('my-ec2') do
it { should have_eip('123.0.456.789') }
end
have_event
describe ec2('my-ec2') do
it { should have_event('system-reboot') }
end
have_events
describe ec2('my-ec2') do
it { should_not have_events }
end
have_iam_instance_profile
describe ec2('my-ec2') do
it { should have_iam_instance_profile('Ec2IamProfileName') }
end
have_network_interface
describe ec2('my-ec2') do
it { should have_network_interface('my-eni') }
it { should have_network_interface('eni-12ab3cde') }
it { should have_network_interface('my-eni').as_eth0 }
end
have_security_group
describe ec2('my-ec2') do
it { should have_security_group('my-security-group-name') }
it { should have_security_group('sg-1a2b3cd4') }
end
have_security_groups
describe ec2('my-ec2') do
it { should have_security_groups(['my-security-group-name-1', 'my-security-group-name-2']) }
it { should have_security_groups(['sg-1a2b3cd4', 'sg-5e6f7gh8']) }
end
have_tag
describe ec2('my-ec2') do
it { should have_tag('Name').value('my-ec2') }
end
belong_to_subnet
describe ec2('my-ec2') do
it { should belong_to_subnet('subnet-1234a567') }
it { should belong_to_subnet('my-subnet') }
end
belong_to_vpc
describe ec2('my-ec2') do
it { should belong_to_vpc('vpc-ab123cde') }
it { should belong_to_vpc('my-vpc') }
end
its(:ami_launch_index), its(:image_id), its(:instance_id), its(:instance_type), its(:kernel_id), its(:key_name), its(:launch_time), its(:monitoring), its(:placement), its(:platform), its(:private_dns_name), its(:private_ip_address), its(:product_codes), its(:public_dns_name), its(:public_ip_address), its(:ramdisk_id), its(:state_transition_reason), its(:subnet_id), its(:vpc_id), its(:architecture), its(:client_token), its(:ebs_optimized), its(:ena_support), its(:hypervisor), its(:instance_lifecycle), its(:elastic_gpu_associations), its(:elastic_inference_accelerator_associations), its(:outpost_arn), its(:root_device_name), its(:root_device_type), its(:source_dest_check), its(:spot_instance_request_id), its(:sriov_net_support), its(:state_reason), its(:virtualization_type), its(:cpu_options), its(:capacity_reservation_id), its(:capacity_reservation_specification), its(:hibernation_options), its(:licenses), its(:metadata_options), its(:enclave_options), its(:boot_mode), its(:platform_details), its(:usage_operation), its(:usage_operation_update_time), its(:private_dns_name_options), its(:ipv_6_address), its(:tpm_support), its(:maintenance_options), its(:current_instance_boot_mode)
🔓 Advanced use
ec2
can use Aws::EC2::Instance
resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Instance.html).
describe ec2('my-ec2') do
its('vpc.id') { should eq 'vpc-ab123cde' }
end
or
describe ec2('my-ec2') do
its('resource.vpc.id') { should eq 'vpc-ab123cde' }
end
Awspec::DuplicatedResourceTypeError exception
EC2 resources might have the same tag value and if you try to search for a
specific instance using that tag/tag value you might found multiples results
and receive a Awspec::DuplicatedResourceTypeError
exception as result.
To avoid such situations, you will want to use EC2 instances ID's and then use those ID's to test whatever you need.
There are several different ways to provide such ID's, like using Terraform output or even the AWS SDK directly:
require 'awspec'
require 'aws-sdk-ec2'
tag_name = 'tag:Name'
tag_value = 'foobar'
servers = {}
ec2 = Aws::EC2::Resource.new
ec2.instances({filters: [{name: "#{tag_name}",
values: ["#{tag_value}"]}]}).each do |i|
servers.store(i.id, i.subnet_id)
end
if servers.size == 0
raise "Could not find any EC2 instance with #{tag_name} = #{tag_value}!"
end
servers.each_pair do |instance_id, subnet_id|
describe ec2(instance_id) do
it { should exist }
it { should be_running }
its(:image_id) { should eq 'ami-12345foobar' }
its(:instance_type) { should eq 't2.micro' }
it { should belong_to_subnet(subnet_id) }
end
end
ecr_repository
ECR Repository resource type.
exist
describe ecr_repository('my-ecr-repository') do
it { should exist }
end
its(:repository_arn), its(:registry_id), its(:repository_name), its(:repository_uri), its(:created_at), its(:image_tag_mutability), its(:image_scanning_configuration), its(:encryption_configuration)
ecs_cluster
ECS Cluster resource type.
exist
describe ecs_cluster('my-ecs-cluster') do
it { should exist }
end
be_active, be_inactive
describe ecs_cluster('my-ecs-cluster') do
it { should be_active }
end
have_container_instance
describe ecs_cluster('my-ecs-cluster') do
it { have_container_instance('f2756532-8f13-4d53-87c9-aed50dc94cd7') }
end
its(:cluster_arn), its(:cluster_name), its(:configuration), its(:status), its(:registered_container_instances_count), its(:running_tasks_count), its(:pending_tasks_count), its(:active_services_count), its(:statistics), its(:tags), its(:settings), its(:capacity_providers), its(:default_capacity_provider_strategy), its(:attachments), its(:attachments_status), its(:service_connect_defaults)
ecs_container_instance
ECS Container Instance resource type.
exist
You can set cluster
( default: default
).
describe ecs_container_instance('my-container-instance'), cluster: 'my-ecs-cluster' do
it { should exist }
end
be_active, be_inactive
describe ecs_container_instance('my-container-instance'), cluster: 'my-ecs-cluster' do
it { should be_active }
end
its(:container_instance_arn), its(:ec2_instance_id), its(:capacity_provider_name), its(:version), its(:version_info), its(:status), its(:status_reason), its(:agent_connected), its(:running_tasks_count), its(:pending_tasks_count), its(:agent_update_status), its(:attributes), its(:registered_at), its(:attachments), its(:tags), its(:health_status)
ecs_service
ECS Service resource type.
exist
You can set cluster
( default: default
).
describe ecs_service('my-ecs-service'), cluster: 'my-ecs-cluster' do
it { should exist }
end
be_active, be_draining, be_inactive
describe ecs_service('my-ecs-service'), cluster: 'my-ecs-cluster' do
it { should be_active }
end
its(:service_arn), its(:service_name), its(:cluster_arn), its(:load_balancers), its(:service_registries), its(:status), its(:desired_count), its(:running_count), its(:pending_count), its(:launch_type), its(:capacity_provider_strategy), its(:platform_version), its(:platform_family), its(:task_definition), its(:task_sets), its(:role_arn), its(:created_at), its(:placement_constraints), its(:placement_strategy), its(:network_configuration), its(:health_check_grace_period_seconds), its(:scheduling_strategy), its(:deployment_controller), its(:tags), its(:created_by), its(:enable_ecs_managed_tags), its(:propagate_tags), its(:enable_execute_command)
ecs_task_definition
ECS Task Definition resource type.
exist
describe ecs_task_definition('my-ecs-task-definition') do
it { should exist }
end
be_active, be_inactive
describe ecs_task_definition('my-ecs-task-definition') do
it { should be_active }
end
its(:task_definition_arn), its(:family), its(:task_role_arn), its(:execution_role_arn), its(:network_mode), its(:revision), its(:volumes), its(:status), its(:requires_attributes), its(:placement_constraints), its(:compatibilities), its(:runtime_platform), its(:requires_compatibilities), its(:cpu), its(:memory), its(:inference_accelerators), its(:pid_mode), its(:ipc_mode), its(:proxy_configuration), its(:registered_at), its(:deregistered_at), its(:registered_by), its(:ephemeral_storage)
efs
EFS resource type.
exist
describe efs('my-efs') do
it { should exist }
end
have_tag
describe efs('my-efs') do
it { should have_tag('my-key').value('my-value') }
end
its(:owner_id), its(:creation_token), its(:file_system_id), its(:file_system_arn), its(:creation_time), its(:life_cycle_state), its(:name), its(:number_of_mount_targets), its(:performance_mode), its(:encrypted), its(:kms_key_id), its(:throughput_mode), its(:provisioned_throughput_in_mibps), its(:availability_zone_name), its(:availability_zone_id)
elastic_ip
Elastic IP resource type.
exist
describe eip('my-eip') do
it { should exist }
end
be_associated_to
describe eip('123.0.456.789') do
it { should be_associated_to('i-ec12345a') }
end
belong_to_domain
describe eip('123.0.456.789') do
it { should belong_to_domain('vpc') }
end
its(:instance_id), its(:public_ip), its(:allocation_id), its(:association_id), its(:domain), its(:network_interface_id), its(:network_interface_owner_id), its(:private_ip_address), its(:public_ipv_4_pool), its(:network_border_group), its(:customer_owned_ip), its(:customer_owned_ipv_4_pool), its(:carrier_ip)
eks
Eks resource type.
exist
describe eks('my-eks') do
it { should exist }
end
be_active, be_creating
describe eks('my-eks') do
it { should be_active }
end
its(:name), its(:arn), its(:created_at), its(:version), its(:endpoint), its(:role_arn), its(:kubernetes_network_config), its(:logging), its(:identity), its(:status), its(:client_request_token), its(:platform_version), its(:tags), its(:encryption_config), its(:connector_config), its(:id), its(:health), its(:outpost_config)
eks_nodegroup
EksNodegroup resource type.
exist
describe eks_nodegroup('my-eks-nodegroup'), cluster: 'my-cluster' do
it { should exist }
end
be_active, be_inactive
be_ready
This matcher might not be exactly you are expecting: it is different from what you can see when looking at the AWS console at the Node Groups configuration and check if the nodes Status is "Ready".
What you seeing over there is
actually the same thing
you would if using kubectl
.
This matcher cannot do the same because it would involve using the Kubernetes API: the AWS Ruby SDK currently doesn't expose this information.
What you can get from be_ready
matcher is asserting that you have at least
the number of EC2 instances (the nodes in your EKS Node Group) are actually
in running state. It doesn't mean everything is fine, the node (EC2 instance)
can be running but without communication with the cluster or any order issue
regarding the Kubernetes configuration.
Although it might look an incomplete assertion, definitely the Node Group "Status" won't be "Active" if the EC2 instances associated with it are not running.
So, using this assertion like the sample below:
describe eks('my-eks-nodegroup'), cluster: 'my-cluster' do
it { should be_ready }
end
Will pass if at least the minimum expected (see scaling_config
) number of EC2
instances are running.
have_security_group
describe eks_nodegroup('my-eks-nodegroup'), cluster: 'my-cluster' do
it { should have_security_group('sg-1a2b3cd4') }
end
its(:nodegroup_name), its(:nodegroup_arn), its(:cluster_name), its(:version), its(:release_version), its(:created_at), its(:modified_at), its(:status), its(:capacity_type), its(:instance_types), its(:subnets), its(:remote_access), its(:ami_type), its(:node_role), its(:labels), its(:taints), its(:resources), its(:disk_size), its(:health), its(:update_config), its(:launch_template), its(:tags)
elasticache
Elasticache resource type.
exist
describe elasticache('my-rep-group-001') do
it { should exist }
end
be_available, be_creating, be_deleted, be_deleting, be_incompatible_network, be_modifying, be_rebooting_cache_cluster_nodes, be_restore_failed, be_snapshotting
describe elasticache('my-rep-group-001') do
it { should be_available }
end
have_cache_parameter_group
describe elasticache('my-rep-group-001') do
it { should have_cache_parameter_group('my-cache-parameter-group') }
end
have_security_group
describe elasticache('my-rep-group-001') do
it { should have_security_group('sg-da1bc2ef') }
it { should have_security_group('group-name-sg') }
it { should have_security_group('my-cache-sg') }
end
belong_to_cache_subnet_group
describe elasticache('my-rep-group-001') do
it { should belong_to_cache_subnet_group('my-cache-subnet-group') }
end
belong_to_replication_group
describe elasticache('my-rep-group-001') do
it { should belong_to_replication_group('my-rep-group') }
end
belong_to_vpc
describe elasticache('my-rep-group-001') do
it { should belong_to_vpc('my-vpc') }
end
its(:cache_cluster_id), its(:configuration_endpoint), its(:client_download_landing_page), its(:cache_node_type), its(:engine), its(:engine_version), its(:cache_cluster_status), its(:num_cache_nodes), its(:preferred_availability_zone), its(:preferred_outpost_arn), its(:cache_cluster_create_time), its(:preferred_maintenance_window), its(:notification_configuration), its(:cache_security_groups), its(:cache_subnet_group_name), its(:cache_nodes), its(:auto_minor_version_upgrade), its(:replication_group_id), its(:snapshot_retention_limit), its(:snapshot_window), its(:auth_token_enabled), its(:auth_token_last_modified_date), its(:transit_encryption_enabled), its(:at_rest_encryption_enabled), its(:arn), its(:replication_group_log_delivery_enabled), its(:log_delivery_configurations), its(:network_type), its(:ip_discovery), its(:transit_encryption_mode)
elasticache_cache_parameter_group
ElasticacheCacheParameterGroup resource type.
describe elasticache_cache_parameter_group('my-cache-parameter-group') do
it { should exist }
its(:activerehashing) { should eq 'yes' }
its(:client_output_buffer_limit_pubsub_hard_limit) { should eq '33554432' }
end
exist
describe elasticache_cache_parameter_group('my-cache-parameter-group') do
it { should exist }
end
elasticsearch
Elasticsearch resource type.
exist
describe elasticsearch('my-elasticsearch') do
it { should exist }
end
be_created
describe elasticsearch('my-elasticsearch') do
it { should be_created }
end
be_deleted
describe elasticsearch('my-elasticsearch') do
it { should be_deleted }
end
have_access_policies
describe elasticsearch('my-elasticsearch') do
it do
should have_access_policies <<-policy
{
"version": "2012-10-17",
"statement": [
{
"effect": "allow",
"principal": "*",
"action": [
"es:*"
],
"resource": "arn:aws:es:ap-northeast-1:1234567890:domain/my-elasticsearch/*"
}
]
}
policy
end
end
its(:domain_id), its(:domain_name), its(:arn), its(:created), its(:deleted), its(:endpoint), its(:endpoints), its(:processing), its(:upgrade_processing), its(:elasticsearch_version), its(:access_policies), its(:snapshot_options), its(:vpc_options), its(:cognito_options), its(:encryption_at_rest_options), its(:node_to_node_encryption_options), its(:advanced_options), its(:log_publishing_options), its(:service_software_options), its(:domain_endpoint_options), its(:advanced_security_options), its(:auto_tune_options), its(:change_progress_details)
elastictranscoder_pipeline
ElastictranscoderPipeline resource type.
exist
be_active, be_paused
describe elastictranscoder_pipeline('my-elastictranscoder-pipeline') do
it { should be_active }
end
elb
ELB resource type.
exist
describe elb('my-elb') do
it { should exist }
end
be_cross_zone_load_balancing_enabled
describe elb('my-elb') do
it { should be_cross_zone_load_balancing_enabled }
end
have_access_log
describe elb('my-elb') do
it { should have_access_log(s3_bucket_name: 'my-loadbalancer-logs', s3_bucket_prefix: 'my-app', emit_interval: 5) }
end
have_connection_draining
describe elb('my-elb') do
it { should have_connection_draining(timeout: 300) }
end
have_ec2
describe elb('my-elb') do
it { should have_ec2('my-ec2') }
end
have_listener
http://docs.aws.amazon.com/en_us/ElasticLoadBalancing/latest/DeveloperGuide/elb-listener-config.html
describe elb('my-elb') do
it { should have_listener(protocol: 'HTTPS', port: 443, instance_protocol: 'HTTP', instance_port: 80) }
end
have_security_group
describe elb('my-elb') do
it { should have_security_group('my-lb-security-group-tag-name') }
end
have_subnet
describe elb('my-elb') do
it { should have_subnet('my-subnet') }
end
have_tag
describe elb('my-elb') do
it { should have_tag('Name').value('my-elb') }
it { should have_tag('my-tag-key').value('my-tag-value') }
end
belong_to_vpc
describe elb('my-elb') do
it { should belong_to_vpc('my-vpc') }
end
its(:health_check_target), its(:health_check_interval), its(:health_check_timeout), its(:health_check_unhealthy_threshold), its(:health_check_healthy_threshold), its(:idle_timeout), its(:load_balancer_name), its(:dns_name), its(:canonical_hosted_zone_name), its(:canonical_hosted_zone_name_id), its(:backend_server_descriptions), its(:availability_zones), its(:subnets), its(:vpc_id), its(:security_groups), its(:created_time), its(:scheme)
emr
Emr resource type.
exist
describe emr('my-emr') do
it { should exist }
end
be_healthy
describe emr('my-emr') do
it { should be_healthy }
end
be_ok
be_ready
be_running, be_waiting, be_starting, be_bootstrapping
describe emr('my-emr') do
it { should be_running }
end
its(:id), its(:name), its(:instance_collection_type), its(:log_uri), its(:log_encryption_kms_key_id), its(:requested_ami_version), its(:running_ami_version), its(:release_label), its(:auto_terminate), its(:termination_protected), its(:visible_to_all_users), its(:service_role), its(:normalized_instance_hours), its(:master_public_dns_name), its(:configurations), its(:security_configuration), its(:auto_scaling_role), its(:scale_down_behavior), its(:custom_ami_id), its(:ebs_root_volume_size), its(:repo_upgrade_on_boot), its(:cluster_arn), its(:outpost_arn), its(:step_concurrency_level), its(:placement_groups), its(:os_release_label)
firehose
Firehose resource type.
exist
describe firehose('my-firehose') do
it { should exist }
end
be_active
describe firehose('my-firehose') do
it { should be_active }
end
be_creating
be_deleting
have_splunk_destination
describe firehose('my-firehose') do
it { should have_splunk_destination }
end
its(:delivery_stream_name), its(:delivery_stream_arn), its(:delivery_stream_status), its(:failure_description), its(:delivery_stream_encryption_configuration), its(:delivery_stream_type), its(:version_id), its(:create_timestamp), its(:last_update_timestamp), its(:source), its(:has_more_destinations)
🔓 Advanced use
describe firehose('my-firehose') do
its(:delivery_stream_type) { should be_eql('DirectPut') }
end
iam_group
IamGroup resource type.
exist
describe iam_group('my-iam-group') do
it { should exist }
end
be_allowed_action
describe iam_group('my-iam-group') do
it { should be_allowed_action('ec2:DescribeInstances') }
it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
end
have_iam_policy
describe iam_group('my-iam-group') do
it { should have_iam_policy('ReadOnlyAccess') }
end
have_iam_user
describe iam_group('my-iam-group') do
it { should have_iam_user('my-iam-user') }
end
have_inline_policy
describe iam_group('my-iam-group') do
it { should have_inline_policy('InlineEC2FullAccess') }
it do
should have_inline_policy('InlineEC2FullAccess').policy_document(<<-'DOC')
{
"Statement": [
{
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "elasticloadbalancing:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "cloudwatch:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "autoscaling:*",
"Resource": "*"
}
]
}
DOC
end
end
You can test absence of inline policies.
describe iam_group('my-iam-group') do
it { should_not have_inline_policy }
end
its(:path), its(:group_name), its(:group_id), its(:arn), its(:create_date)
🔓 Advanced use
iam_group
can use Aws::IAM::Group
resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Group.html).
describe iam_group('my-iam-group') do
its('users.count') { should eq 5 }
end
or
describe iam_group('my-iam-group') do
its('resource.users.count') { should eq 5 }
end
iam_policy
IamPolicy resource type.
exist
describe iam_policy('my-iam-policy') do
it { should exist }
end
be_attachable
describe iam_policy('my-iam-policy') do
it { should be_attachable }
end
be_attached_to_group
describe iam_policy('my-iam-policy') do
it { should be_attached_to_group('my-iam-group') }
end
be_attached_to_role
describe iam_policy('my-iam-policy') do
it { should be_attached_to_role('HelloIAmGodRole') }
end
be_attached_to_user
describe iam_policy('my-iam-user') do
it { should be_attached_to_user('my-iam-user') }
end
have_policy_document
describe iam_policy('my-iam-user') do
it do
should have_policy_document(<<-'DOC')
{
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
},
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": ["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]
}
]
}
DOC
end
end
its(:policy_name), its(:policy_id), its(:arn), its(:path), its(:default_version_id), its(:attachment_count), its(:permissions_boundary_usage_count), its(:is_attachable), its(:description), its(:create_date), its(:update_date), its(:tags)
iam_role
IamRole resource type.
exist
describe iam_role('my-iam-role') do
it { should exist }
end
be_allowed_action
describe iam_role('my-iam-role') do
it { should be_allowed_action('ec2:DescribeInstances') }
it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
end
have_iam_policy
describe iam_role('my-iam-role') do
it { should have_iam_policy('ReadOnlyAccess') }
end
have_inline_policy
describe iam_role('my-iam-role') do
it { should have_inline_policy('AllowS3BucketAccess') }
it do
should have_inline_policy('AllowS3BucketAccess').policy_document(<<-'DOC')
{
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
},
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": ["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]
}
]
}
DOC
end
end
You can test absence of inline policies.
describe iam_role('my-iam-role') do
it { should_not have_inline_policy }
end
its(:path), its(:role_name), its(:role_id), its(:arn), its(:create_date), its(:assume_role_policy_document), its(:description), its(:max_session_duration), its(:permissions_boundary), its(:tags), its(:role_last_used)
🔓 Advanced use
iam_role
can use Aws::IAM::Role
resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Role.html).
describe iam_role('my-iam-role') do
its('attached_policies.count') { should eq 5 }
end
or
describe iam_role('my-iam-role') do
its('resource.attached_policies.count') { should eq 5 }
end
iam_user
IamUser resource type.
exist
describe iam_user('my-iam-user') do
it { should exist }
end
be_allowed_action
describe iam_user('my-iam-user') do
it { should be_allowed_action('ec2:DescribeInstances') }
it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
end
have_iam_policy
describe iam_user('my-iam-user') do
it { should have_iam_policy('ReadOnlyAccess') }
end
have_inline_policy
describe iam_user('my-iam-user') do
it { should have_inline_policy('AllowS3BucketAccess') }
it do
should have_inline_policy('AllowS3BucketAccess').policy_document(<<-'DOC')
{
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
},
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": ["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]
}
]
}
DOC
end
end
You can test absence of inline policies.
describe iam_user('my-iam-user') do
it { should_not have_inline_policy }
end
belong_to_iam_group
describe iam_user('my-iam-user') do
it { should belong_to_iam_group('my-iam-group') }
end
its(:path), its(:user_name), its(:user_id), its(:arn), its(:create_date), its(:password_last_used), its(:permissions_boundary), its(:tags)
🔓 Advanced use
iam_user
can use Aws::IAM::User
resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/User.html).
describe iam_user('my-iam-user') do
its('login_profile.password_reset_required') { should eq false }
end
or
describe iam_user('my-iam-user') do
its('resource.login_profile.password_reset_required') { should eq false }
end
internet_gateway
InternetGateway resource type.
exist
describe internet_gateway('igw-1ab2cd3e') do
it { should exist }
end
describe internet_gateway('my-internet-gateway') do
it { should exist }
end
be_attached_to
describe internet_gateway('igw-1ab2cd3e') do
it { should be_attached_to('vpc-ab123cde') }
end
describe internet_gateway('igw-1ab2cd3e') do
it { should be_attached_to('my-vpc') }
end
have_tag
describe internet_gateway('igw-1ab2cd3e') do
it { should have_tag('Name').value('my-internet-gateway') }
end
its(:internet_gateway_id), its(:owner_id)
kinesis
Kinesis resource type.
exist
describe kinesis('my-kinesis') do
it { should exist }
end
its(:stream_name), its(:stream_arn), its(:stream_status), its(:stream_mode_details), its(:retention_period_hours), its(:stream_creation_timestamp), its(:encryption_type), its(:key_id), its(:open_shard_count), its(:consumer_count)
kms
Kms resource type.
exist
describe kms('my-kms-key') do
it { should exist }
end
be_enabled
describe kms('my-kms-key') do
it { should be_enabled }
end
have_key_policy
describe kms('my-kms-key') do
it { should exist }
it { should be_enabled }
it do
should have_key_policy('default').policy_document(<<-'DOC')
{
"Version" : "2012-10-17",
"Id" : "key-consolepolicy-2",
"Statement" : [ {
"Sid" : "Enable IAM User Permissions",
"Effect" : "Allow",
"Principal" : {
"AWS" : "arn:aws:iam::1234567890:root"
},
"Action" : "kms:*",
"Resource" : "*"
}, {
"Sid" : "Allow access for Key Administrators",
"Effect" : "Allow",
"Principal" : {
"AWS" : "arn:aws:iam::1234567890:user/test-user"
},
"Action" : [ "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*", "kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion" ],
"Resource" : "*"
}, {
"Sid" : "Allow use of the key",
"Effect" : "Allow",
"Principal" : {
"AWS" : [ "arn:aws:iam::1234567890:user/test-user", "arn:aws:iam::1234567890:role/test-role" ]
},
"Action" : [ "kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:DescribeKey" ],
"Resource" : "*"
}, {
"Sid" : "Allow attachment of persistent resources",
"Effect" : "Allow",
"Principal" : {
"AWS" : [ "arn:aws:iam::1234567890:user/test-user", "arn:aws:iam::1234567890:role/test-role" ]
},
"Action" : [ "kms:CreateGrant", "kms:ListGrants", "kms:RevokeGrant" ],
"Resource" : "*",
"Condition" : {
"Bool" : {
"kms:GrantIsForAWSResource" : "true"
}
}
} ]
}
DOC
end
end
its(:aws_account_id), its(:key_id), its(:arn), its(:creation_date), its(:enabled), its(:description), its(:key_usage), its(:key_state), its(:deletion_date), its(:valid_to), its(:origin), its(:custom_key_store_id), its(:cloud_hsm_cluster_id), its(:expiration_model), its(:key_manager), its(:customer_master_key_spec), its(:key_spec), its(:encryption_algorithms), its(:signing_algorithms), its(:multi_region), its(:multi_region_configuration), its(:pending_deletion_window_in_days), its(:mac_algorithms), its(:xks_key_configuration)
lambda
Lambda resource type.
exist
describe lambda('my-lambda-function-name') do
it { should exist }
end
have_env_var
Useful to validate if there is a specific environment variable declared in the Lambda. You probably will want to use it with have_env_var_value
.
have_env_var_value
Validates if a specific environment variable has the expected value. More useful to use with have_env_var
because if the variable isn't available, it will fail without notifying that the variable is missing.
expected.each_pair do |key, value|
context "environment variable #{key}" do
it { should have_env_var(key) }
it { should have_env_var_value(key, value) }
end
end
expected
would be a hash that has the environment variables names as keys.
have_env_vars
Useful to validate if there are environment variables configured in the Lambda:
describe lambda('my-lambda-function-name') do
it { should have_env_vars() }
end
have_event_source
This matcher does not support Amazon S3 event sources (see SDK doc).
its(:function_name), its(:function_arn), its(:runtime), its(:role), its(:handler), its(:code_size), its(:description), its(:timeout), its(:memory_size), its(:last_modified), its(:code_sha_256), its(:version), its(:vpc_config), its(:dead_letter_config), its(:kms_key_arn), its(:master_arn), its(:revision_id), its(:layers), its(:state), its(:state_reason), its(:state_reason_code), its(:last_update_status), its(:last_update_status_reason), its(:last_update_status_reason_code), its(:file_system_configs), its(:package_type), its(:image_config_response), its(:signing_profile_version_arn), its(:signing_job_arn), its(:architectures), its(:ephemeral_storage), its(:snap_start), its(:runtime_version_config)
launch_configuration
LaunchConfiguration resource type.
exist
describe launch_configuration('my-lc') do
it { should exist }
end
have_block_device_mapping
have_security_group
describe launch_configuration('my-lc') do
it { should have_security_group('my-security-group-name') }
end
its(:launch_configuration_name), its(:launch_configuration_arn), its(:image_id), its(:key_name), its(:security_groups), its(:classic_link_vpc_id), its(:classic_link_vpc_security_groups), its(:user_data), its(:instance_type), its(:kernel_id), its(:ramdisk_id), its(:spot_price), its(:iam_instance_profile), its(:created_time), its(:ebs_optimized), its(:associate_public_ip_address), its(:placement_tenancy), its(:metadata_options)
launch_template
LaunchTemplate resource type.
exist
You can set launch template version ( default: $Default ).
# launch_template_id or launch_template_name
describe launch_template('my-launch-template') do
it { should exist }
its(:default_version_number) { should eq 1 }
its(:latest_version_number) { should eq 2 }
its('launch_template_version.launch_template_data.image_id') { should eq 'ami-12345foobar' }
its('launch_template_version.launch_template_data.instance_type') { should eq 't2.micro' }
end