aws_internet_gateway resource
Use the aws_internet_gateway InSpec audit resource to test the properties of a single AWS internet gateway.
Syntax
An aws_internet_gateway resource block declares the tests for a single AWS internet gateway by id or name.
describe aws_internet_gateway(id: 'igw-abc0123456789deff') do
it { should exist }
end
describe aws_internet_gateway(name: 'my-igw') do
it { should exist }
end
Parameters
Either the id or the name must be provided.
id (required if name not provided)
The value of the internet_gateway_id assigned by the AWS after the resource has been created.
This should be in the format of igw- followed by 8 or 17 hexadecimal characters and passed as an id: 'value' key-value entry in a hash.
name (required if id not provided)
If a Name tag is applied to the internet gateway, this can be used to lookup the resource.
This must be passed as a name: 'value' key-value entry in a hash.
If there are multiple internet gateways with the same name, this resource will raise an error.
Properties
| Property | Description |
|---|---|
| id | The ID of the internet gateway. |
| name | The value of the Name tag. It is nil if not defined. |
| vpc_id | The ID of the attached VPC. It is nil if the resource is in a detached state. |
| tags | A hash, with each key-value pair corresponding to an internet gateway tag. |
| attached? | Indicates whether the internet gateway is attached to a VPC or not (true or false). |
| detached? | Indicates whether the internet gateway is in a detached state or not (true or false). |
| owner_id | The ID of the AWS account that owns the internet gateway. |
There are also additional properties available. For a comprehensive list, see the API reference documentation
Examples
Test that the internet gateway is attached
describe aws_internet_gateway(name: 'my-igw') do
it { should be_attached }
end
Test that the ID of the attached VPC is vpc-1234567890abcdef1
describe aws_internet_gateway(id: 'igw-abc0123456789deff') do
its('vpc_id') { should eq `vpc-1234567890abcdef1` }
end
Test that the internet gateway has a certain tag
describe aws_internet_gateway(name: 'my-igw') do
its('tags') { should include('environment' => 'dev') }
its('tags') { should include('shutdown-at-10-pm') } # Regardless of the value
end
Matchers
This InSpec audit resource has the following special matcher. For a full list of available matchers, please visit our matchers page.
exist
describe aws_internet_gateway(name: 'my-igw') do
it { should exist }
end
AWS Permissions
Your Principal will need the ec2:DescribeInternetGateways action set to allow.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EC2, and Actions, Resources, and Condition Keys for Identity And Access Management.
Was this page helpful?