aws_nat_gateways Resource
Use the aws_nat_gateways
InSpec audit resource to test the properties of all AWS NAT gateways owned by the AWS account.
Installation
This resource is available in the Chef InSpec AWS resource pack.
See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.
Syntax
An aws_nat_gateways
resource block collects all of the NAT gateways and then tests that group.
describe aws_nat_gateways do
it { should exist }
end
Parameters
This resource does not require any parameters.
Properties
ids
- The ID of the NAT gateway.
-
Field:
id
names
- The value of the
Name
tag. It isnil
if not defined. -
Field:
name
vpc_ids
- The ID of the VPC in which the NAT gateway is located.
-
Field:
vpc_id
subnet_ids
- The ID of the subnet in which the NAT gateway is placed.
-
Field:
subnet_id
tags
- A hash, with each key-value pair corresponding to a NAT gateway tag.
-
Field:
tags
states
- The sate of the NAT gateway. Valid values are:
pending
,failed
,available
,deleting
anddeleted
. -
Field:
state
Examples
Test that there are exactly 3 NAT gateways.
describe aws_nat_gateways do
its('count') { should cmp 3 }
end
Use this InSpec resource to request the ids of all NAT gateways, then test in-depth using aws_nat_gateway
InSpec singular AWS resource.
aws_nat_gateways.ids.each do |id|
describe aws_nat_gateway(id: id) do
its('state') { should eq 'available' }
end
end
For more examples, please check the integration tests.
Matchers
For a full list of available matchers, please visit our Universal Matchers page.
exist
The control will pass if the describe returns at least one result.
The field names described in the properties table should be used for the <property>
in the where
clause.
Use should_not
to test the entity should not exist.
describe aws_nat_gateways.where( <property>: <value>) do
it { should exist }
end
describe aws_nat_gateways.where( <property>: <value>) do
it { should_not exist }
end
Please see here for more information on how to use filter table.
AWS Permissions
Your Principal will need the EC2:Client:DescribeNatGatewaysResult
action with Effect
set to Allow
.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EC2, and Actions, Resources, and Condition Keys for Identity And Access Management.
Was this page helpful?