aws_eks_clusters Resource
Use the aws_eks_clusters
resource to test the configuration of a collection of AWS Elastic Container Service for Kubernetes.
For additional information, including details on parameters and properties, see the AWS documentation on EKS Clusters.
Installation
This resource is available in the Chef InSpec AWS resource pack.
See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.
Syntax
describe aws_eks_clusters do
its('names.count') { should cmp 10 }
end
Parameters
This resource does not require any parameters.
Properties
arn
- The Amazon Resource Name (ARN) of the cluster.
name
- The name of the cluster.
endpoint
- The endpoint for your Kubernetes API server.
status
- The current status of the cluster.
version
- The Kubernetes server version for the cluster.
certificate_authority
- The certificate-authority-data for your cluster.
subnets_count
- The number of subnets associated with your cluster.
subnet_ids
- The subnets associated with your cluster.
security_groups_count
- The count of security groups associated with your cluster.
security_group_ids
- The security groups associated with the cross-account elastic network interfaces that are used to allow communication between your worker nodes and the Kubernetes control plane.
role_arn
- The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.
vpc_id
- The VPC associated with your cluster.
created_at
- The Unix epoch timestamp in seconds for when the cluster was created.
creating
- Boolean indicating whether or not the state of the cluster is CREATING.
active
- Boolean indicating whether or not the state of the cluster is ACTIVE.
failed
- Boolean indicating whether or not the state of the cluster is FAILED.
deleting
- Boolean indicating whether or not the state of the cluster is DELETING.
entries
- Provides access to the raw results of the query, which can be treated as an array of hashes.
Examples
Allow at most 100 EKS Clusters on the account.
describe aws_eks_clusters do
its('entries.count') { should be <= 100}
end
Ensure a specific Cluster exists, by name.
describe aws_eks_clusters do
its('names') { should include('cluster-1') }
end
Ensure no Clusters are in a failed state.
describe aws_eks_clusters.where( failed: true ) do
it { should_not exist )
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.
exist
The control will pass if the describe returns at least one result.
Use should_not
to test the entity should not exist.
describe aws_eks_clusters.where( <property>: <value>) do
it { should exist }
end
describe aws_eks_clusters.where( <property>: <value>) do
it { should_not exist }
end
AWS Permissions
Your Principal will need the EKS:Client:DescribeClusterResponse
action with Effect
set to Allow
.
You can find detailed documentation at Amazon EKS IAM Policies, Roles, and Permissions The documentation for EKS actions is at Policy Structure