aws_vpn_connection Resource
Use the aws_vpn_connection
InSpec audit resource to test the properties of a single AWS VPN connection.
Installation
This resource is available in the Chef InSpec AWS resource pack.
See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.
Syntax
An aws_vpn_connection
resource block declares the tests for a single AWS VPN connection by vpn_connection_id
.
describe aws_vpn_connection(vpn_connection_id: 'vpn-1234567890') do
it { should exist }
end
describe aws_vpn_connection('vpn-1234567890') do
it { should exist }
end
Parameters
vpn_connection_id
(required)- The identifier of the AWS VPN connection. It can be passed either as a string or as a
vpn_connection_id: 'value'
hash key-value entry.
Properties
vpn_connection_id
- The identifier of the AWS VPN connection.
state
- The current state of the VPN connection. Possible values are:
pending
,available
,deleting
, anddeleted
. type
- The type of VPN connection that the VPN connection supports.
vpn_gateway_id
- The ID of the associated VPN.
tags
- All tags that are associated with the VPN connection.
There are also additional properties available. For a comprehensive list, see the API reference documentation.
Examples
Test that a VPN connection is available
describe aws_vpn_connection('vpn-1234567890') do
its('vpn_connection_id') { should eq 'vpn-1234567890' }
end
Test that a VPN connection status is available
describe aws_vpn_connection('vpn-1234567890') do
its('status') { should eq 'available' }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.
The control passes if the get
method returns at least one result.
exist
Use should
to test that the entity exists.
describe aws_vpn_connection('vpn-1234567890') do
it { should exist }
end
not exist
Use should_not
to test that the entity does not exist.
describe aws_vpn_connection('vpn-1234567890') do
it { should_not exist }
end
AWS Permissions
Your Principal will need the EC2:Client:DescribeVpnConnectionsResult
action with Effect
set to Allow
.