aws_efs_file_system Resource
Use the aws_efs_file_system
InSpec audit resource to test the properties of a single AWS EFS file system.
This resource is added to InSpec AWS resource pack in version 1.10.0 and it is available with InSpec 4.18.108 and later versions.
Installation
This resource is available in the Chef InSpec AWS resource pack.
See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.
Syntax
An aws_efs_file_system
resource block declares the tests for a single AWS EFS file system by either file system id or creation token.
describe aws_efs_file_system(file_system_id: 'fs-12345678') do
it { should be_encrypted }
its('size_in_bytes.value') { should cmp 6144 }
end
describe aws_efs_file_system(creation_token: 'my-token') do
its('encrypted') { should cmp true }
its('throughput_mode') { should eq 'bursting' }
end
The value of the file_system_id
can be provided as a string.
describe aws_efs_file_system('fs-12345678') do
it { should exist }
end
Parameters
Either the EFS file system id or creation token must be provided.
file_system_id
(required ifcreation_token
not provided)The ID of the EFS file system. This is in the format of
fs-
followed by 8 or 17 hexadecimal characters. This can be passed either as a string or as afile_system_id: 'value'
key-value entry in a hash.creation_token
(required iffile_system_id
not provided)The creation token is automatically assigned by AWS if not provided by the user at creation. This is a string with minimum 1 and maximum 64-character long. This must be passed as a
creation_token: 'value'
key-value entry in a hash.
Properties
creation_token
- The value of the creation token.
file_system_id
- The id of the file system which is auto-assigned by the AWS.
encrypted
- Indicates whether the file system is encrypted or not.
life_cycle_state
- The lifecycle phase of the file system, e.g. ‘creating’.
owner_id
- The AWS account that created the file system.
performance_mode
- The performance mode of the file system, e.g. ‘maxIO’.
throughput_mode
- The throughput mode for a file system, e.g. ‘bursting’.
tags
- An hash with each key-value pair corresponding to a tag associated with the entity.
There are also additional properties available. For a comprehensive list, see the API reference documentation
Examples
Test that an EFS file system is available.
describe aws_efs_file_system("fs-12345678") do
its("life_cycle_state") { should eq 'available' }
end
Test that an EFS file system is in ‘maxIO’ performance mode.
describe aws_efs_file_system(creation_token: "My Token") do
its("performance_mode") { should eq "maxIO" }
end
Test that an EFS file system has a certain tag.
describe aws_efs_file_system(creation_token: "My Token") do
its("tags") { should include("companyName" => "My Company") }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.
exist
describe aws_efs_file_system(file_system_id: "fs-12345678") do
it { should exist }
end
be_encrypted
describe aws_efs_file_system(creation_token: "My Token") do
it { should be_encrypted }
end
AWS Permissions
Your Principal will need the EFS:Client:DescribeFileSystemsResponse
action with Effect
set to Allow
.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EFS, and Actions, Resources, and Condition Keys for Identity And Access Management.