Skip to main content

aws_vpn_gateway Resource

Use the aws_vpn_gateway InSpec audit resource to test the properties of a single AWS VPN gateway.

Installation

This resource is available in the Chef InSpec AWS resource pack.

See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.

Syntax

An aws_vpn_gateway resource block declares the tests for a single AWS VPN gateway by vpn_gateway_id.

describe aws_vpn_gateway(vpn_gateway_id: 'vgw-014aef8a0689b8f43') do
  it { should exist }
end

The value of the vpn_gateway_id can be provided as a string.

describe aws_vpn_gateway('vgw-014aef8a0689b8f43') do
  it { should exist }
end

Parameters

The AWS VPN gateway ID is required.

vpn_group_id (required)

The ID of the VPN gateway:

  • must contain between 1 and 50 alphanumeric characters or hyphens
  • should start with vgw-
  • cannot end with a hyphen or contain two consecutive hyphens

It can be passed either as a string or as a vpn_gateway_id: 'value' key-value entry in a hash.

Properties

vpn_gateway_id
The identifier of the AWS VPN gateway.
state
The current state of the VPN gateway. Possible values are: pending, available, deleting, deleted.
type
The type of VPN connection that the VPN gateway supports.
availability_zone
The Availability Zone where the virtual private gateway was created. If not applicable, this field will be be empty.
vpc_id
The ID of the associated VPC.
amazon_side_asn
The private Autonomous System Number (ASN) for the Amazon side of a BGP session.
tags
All tags that are associated to the VPN gateway.

There are also additional properties available. For a comprehensive list, see the API reference documentation.

Examples

Test that a VPN Gateway is available and attached.

describe aws_vpn_gateway('vgw-014aef8a0689b8f43') do
    its('status') { should eq 'available' }
    it { should be_attached }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.

exist

describe aws_vpn_gateway('vgw-014aef8a0689b8f43') do
    it { should exist }
end

be_attached to a VPC

describe aws_vpn_gateway('vgw-014aef8a0689b8f43') do
    it { should be_attached }
    its('vpc_id') { should eq 'vpc-0a510beed76210f2f'}
end

AWS Permissions

Your Principal will need the EC2:Client:DescribeVpnGatewaysResult action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon ElastiCache, and Actions, Resources, and Condition Keys for Identity And Access Management.

Edit this page on GitHub.

Thank you for your feedback!

×









Search Results