# Resource Types
[acm](#acm)
| [alb](#alb)
| [alb_listener](#alb_listener)
| [alb_target_group](#alb_target_group)
| [ami](#ami)
| [apigateway](#apigateway)
| [autoscaling_group](#autoscaling_group)
| [batch_compute_environment](#batch_compute_environment)
| [batch_job_definition](#batch_job_definition)
| [batch_job_queue](#batch_job_queue)
| [cloudformation_stack](#cloudformation_stack)
| [cloudfront_distribution](#cloudfront_distribution)
| [cloudtrail](#cloudtrail)
| [cloudwatch_alarm](#cloudwatch_alarm)
| [cloudwatch_event](#cloudwatch_event)
| [cloudwatch_logs](#cloudwatch_logs)
| [codebuild](#codebuild)
| [codedeploy](#codedeploy)
| [codedeploy_deployment_group](#codedeploy_deployment_group)
| [customer_gateway](#customer_gateway)
| [directconnect_virtual_interface](#directconnect_virtual_interface)
| [dynamodb_table](#dynamodb_table)
| [ebs](#ebs)
| [ec2](#ec2)
| [ecr_repository](#ecr_repository)
| [ecs_cluster](#ecs_cluster)
| [ecs_container_instance](#ecs_container_instance)
| [ecs_service](#ecs_service)
| [ecs_task_definition](#ecs_task_definition)
| [efs](#efs)
| [eip](#eip)
| [eks](#eks)
| [elasticache](#elasticache)
| [elasticache_cache_parameter_group](#elasticache_cache_parameter_group)
| [elasticsearch](#elasticsearch)
| [elastictranscoder_pipeline](#elastictranscoder_pipeline)
| [elb](#elb)
| [emr](#emr)
| [firehose](#firehose)
| [iam_group](#iam_group)
| [iam_policy](#iam_policy)
| [iam_role](#iam_role)
| [iam_user](#iam_user)
| [internet_gateway](#internet_gateway)
| [kinesis](#kinesis)
| [kms](#kms)
| [lambda](#lambda)
| [launch_configuration](#launch_configuration)
| [launch_template](#launch_template)
| [nat_gateway](#nat_gateway)
| [network_acl](#network_acl)
| [network_interface](#network_interface)
| [nlb](#nlb)
| [nlb_listener](#nlb_listener)
| [nlb_target_group](#nlb_target_group)
| [rds](#rds)
| [rds_db_cluster_parameter_group](#rds_db_cluster_parameter_group)
| [rds_db_parameter_group](#rds_db_parameter_group)
| [redshift](#redshift)
| [redshift_cluster_parameter_group](#redshift_cluster_parameter_group)
| [route53_hosted_zone](#route53_hosted_zone)
| [route_table](#route_table)
| [s3_bucket](#s3_bucket)
| [security_group](#security_group)
| [ses_identity](#ses_identity)
| [sns_topic](#sns_topic)
| [sqs](#sqs)
| [ssm_parameter](#ssm_parameter)
| [subnet](#subnet)
| [vpc](#vpc)
| [vpn_connection](#vpn_connection)
| [vpn_gateway](#vpn_gateway)
| [waf_web_acl](#waf_web_acl)
| [account](#account)
## acm
Acm resource type.
### exist
```ruby
describe acm('example.com') do
it { should exist }
end
```
### be_pending_validation, be_issued, be_inactive, be_expired, be_validation_timed_out, be_revoked, be_failed
### have_domain_name
### have_domain_validation_option
```ruby
describe acm('example.com') do
it { should have_domain_validation_option(domain_name: 'example.com', validation_method: 'DNS', validation_status: 'SUCCESS') }
it { should have_domain_validation_option(domain_name: 'mail.example.com', validation_method: 'EMAIL') }
end
```
### its(:certificate_arn), its(:domain_name), its(:subject_alternative_names), its(:serial), its(:subject), its(:issuer), its(:created_at), its(:issued_at), its(:imported_at), its(:status), its(:revoked_at), its(:revocation_reason), its(:not_before), its(:not_after), its(:key_algorithm), its(:signature_algorithm), its(:in_use_by), its(:failure_reason), its(:type), its(:renewal_summary), its(:key_usages), its(:extended_key_usages), its(:certificate_authority_arn), its(:renewal_eligibility), its(:options)
## alb
ALB resource type.
### exist
```ruby
describe alb('my-alb') do
it { should exist }
end
```
### be_active, be_provisioning, be_failed
```ruby
describe alb('my-alb') do
it { should be_active }
end
```
### have_security_group
```ruby
describe alb('my-alb') do
it { should have_security_group('sg-1a2b3cd4') }
end
```
### have_subnet
```ruby
describe alb('my-alb') do
it { should have_subnet('subnet-1234a567') }
end
```
### belong_to_vpc
```ruby
describe alb('my-alb') do
it { should belong_to_vpc('my-vpc') }
end
```
### its(:load_balancer_arn), its(:dns_name), its(:canonical_hosted_zone_id), its(:created_time), its(:load_balancer_name), its(:scheme), its(:vpc_id), its(:type), its(:security_groups), its(:ip_address_type)
## alb_listener
AlbListener resource type.
### exist
```ruby
describe alb_listener('arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:listener/app/my-alb/1aa1bb1cc1ddee11/f2f7dc8efc522ab2') do
it { should exist }
its(:port) { should eq 80 }
its(:protocol) { should eq 'HTTP' }
end
```
### have_rule
```ruby
describe alb_listener('arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:listener/app/my-alb/1aa1bb1cc1ddee11/f2f7dc8efc522ab2') do
it { should have_rule('arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:listener-rule/app/my-alb/1aa1bb1cc1ddee11/f2f7dc8efc522ab2/9683b2d02a6cabee') }
it do
should have_rule.priority('10')
.conditions(field: 'path-pattern', values: ['/img/*'])
.actions(target_group_arn: 'arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:123456789012:targetgroup/73e2d6bc24d8a067/73e2d6bc24d8a067', type: 'forward')
end
it do
should have_rule.priority('10')
.if(field: 'path-pattern', values: ['/img/*'])
.then(target_group_arn: 'arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:123456789012:targetgroup/73e2d6bc24d8a067/73e2d6bc24d8a067', type: 'forward')
end
it { should have_rule.conditions([{ field: 'path-pattern', values: ['/admin/*'] }, { field: 'host-header', values: ['admin.example.com'] }]) }
it { should have_rule.actions(target_group_name: 'my-alb-target-group', type: 'forward') }
end
```
### its(:listener_arn), its(:load_balancer_arn), its(:port), its(:protocol), its(:certificates), its(:ssl_policy)
## alb_target_group
AlbTargetGroup resource type.
### exist
```ruby
describe alb_target_group('my-alb-target-group') do
it { should exist }
its(:health_check_path) { should eq '/' }
its(:health_check_port) { should eq 'traffic-port' }
its(:health_check_protocol) { should eq 'HTTP' }
end
```
### have_ec2
```ruby
describe alb_target_group('my-alb-target-group') do
it { should have_ec2('my-ec2') }
end
```
### belong_to_alb
```ruby
describe alb_target_group('my-alb-target-group') do
it { should belong_to_alb('my-alb') }
end
```
### belong_to_vpc
```ruby
describe alb_target_group('my-alb-target-group') do
it { should belong_to_vpc('my-vpc') }
end
```
### its(:target_group_arn), its(:target_group_name), its(:protocol), its(:port), its(:vpc_id), its(:health_check_protocol), its(:health_check_port), its(:health_check_enabled), its(:health_check_interval_seconds), its(:health_check_timeout_seconds), its(:healthy_threshold_count), its(:unhealthy_threshold_count), its(:health_check_path), its(:load_balancer_arns), its(:target_type)
## ami
AMI resource type.
### exist
```ruby
describe ami('my-ami') do
it { should exist }
end
```
### be_pending, be_available, be_invalid, be_deregistered, be_transient, be_failed, be_error
```ruby
describe ami('my-ami') do
it { should be_available }
end
```
### have_tag
### its(:architecture), its(:creation_date), its(:image_id), its(:image_location), its(:image_type), its(:public), its(:kernel_id), its(:owner_id), its(:platform), its(:ramdisk_id), its(:state), its(:description), its(:ena_support), its(:hypervisor), its(:image_owner_alias), its(:name), its(:root_device_name), its(:root_device_type), its(:sriov_net_support), its(:state_reason), its(:virtualization_type)
### :unlock: Advanced use
`ami` can use `Aws::EC2::Image` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Image.html).
## apigateway
Apigateway resource type.
### exist
```ruby
describe apigateway('my-apigateway') do
it { should exist }
end
```
### its(:id), its(:name), its(:description), its(:created_date), its(:version), its(:warnings), its(:binary_media_types), its(:minimum_compression_size), its(:api_key_source), its(:policy)
## autoscaling_group
AutoscalingGroup resource type.
### exist
```ruby
describe autoscaling_group('my-auto-scaling-group') do
it { should exist }
end
```
### have_alb_target_group
```ruby
describe autoscaling_group('my-auto-scaling-group') do
it { should have_alb_target_group('my-alb-target-group') }
end
```
### have_ec2
```ruby
describe autoscaling_group('my-auto-scaling-group') do
it { should have_ec2('my-ec2') }
end
```
### have_elb
```ruby
describe autoscaling_group('my-auto-scaling-group') do
it { should have_elb('my-elb') }
end
```
### have_launch_configuration
```ruby
describe autoscaling_group('my-auto-scaling-group') do
it { should have_launch_configuration('my-lc') }
end
```
### have_nlb_target_group
### have_suspended_process
### have_tag
```ruby
describe autoscaling_group('my-auto-scaling-group') do
it { should have_tag('Name').value('my-group') }
end
```
### its(:auto_scaling_group_name), its(:auto_scaling_group_arn), its(:launch_configuration_name), its(:launch_template), its(:mixed_instances_policy), its(:min_size), its(:max_size), its(:desired_capacity), its(:default_cooldown), its(:availability_zones), its(:load_balancer_names), its(:target_group_arns), its(:health_check_type), its(:health_check_grace_period), its(:created_time), its(:placement_group), its(:vpc_zone_identifier), its(:enabled_metrics), its(:status), its(:termination_policies), its(:new_instances_protected_from_scale_in), its(:service_linked_role_arn)
## batch_compute_environment
BatchComputeEnvironment resource type.
### exist
```ruby
describe batch_compute_environment('my-batch-compute-environment') do
it { should exist }
end
```
### be_disabled
### be_enabled
### be_enabled, be_disabled
```ruby
describe batch_compute_environment('my-batch-compute-environment') do
it { should be_enabled }
end
```
### be_managed
### be_managed, be_unmanaged
```ruby
describe batch_compute_environment('my-batch-compute-environment') do
it { should be_managed }
end
```
### be_unmanaged
### its(:compute_environment_name), its(:compute_environment_arn), its(:ecs_cluster_arn), its(:type), its(:state), its(:status), its(:status_reason), its(:service_role)
## batch_job_definition
BatchJobDefinition resource type.
### exist
```ruby
describe batch_job_definition('my-batch-job-definition') do
it { should exist }
end
```
### its(:job_definition_name), its(:job_definition_arn), its(:revision), its(:status), its(:type), its(:parameters), its(:retry_strategy), its(:timeout), its(:node_properties)
## batch_job_queue
BatchJobQueue resource type.
### exist
```ruby
describe batch_job_queue('my-batch-job-queue') do
it { should exist }
end
```
### be_disabled
### be_enabled
### have_compute_environment_order
```ruby
describe batch_job_queue('my-batch-job-queue') do
it { should have_compute_environment_order('arn:aws:batch:us-east-1:012345678910:compute-environment/C4OnDemand', 1) }
end
```
### its(:job_queue_name), its(:job_queue_arn), its(:state), its(:status), its(:status_reason), its(:priority)
## cloudformation_stack
CloudformationStack resource type.
### exist
```ruby
describe cloudformation_stack('my-cloudformation-stack') do
it { should exist }
its(:stack_status) { should eq 'UPDATE_COMPLETE' }
end
```
### its(:stack_id), its(:stack_name), its(:change_set_id), its(:description), its(:parameters), its(:creation_time), its(:deletion_time), its(:last_updated_time), its(:rollback_configuration), its(:stack_status), its(:stack_status_reason), its(:disable_rollback), its(:notification_arns), its(:timeout_in_minutes), its(:capabilities), its(:role_arn), its(:enable_termination_protection), its(:parent_id), its(:root_id), its(:drift_information)
## cloudfront_distribution
CloudfrontDistribution resource type.
### exist
```ruby
describe cloudfront_distribution('123456789zyxw.cloudfront.net') do
it { should exist }
end
```
### be_in_progress, be_deployed
```ruby
describe cloudfront_distribution('123456789zyxw.cloudfront.net') do
it { should be_deployed }
end
```
### have_custom_response_error_code
```ruby
describe cloudfront_distribution('123456789zyxw.cloudfront.net') do
it do
should have_custom_response_error_code(400)
.error_caching_min_ttl(60)
.response_page_path('/path/to/400.html')
.response_code(400)
end
it do
should have_custom_response_error_code(403)
.error_caching_min_ttl(60)
.response_page_path('/path/to/403.html')
.response_code('403')
end
it do
should have_custom_response_error_code(500)
.error_caching_min_ttl(60)
end
end
```
### have_origin
```ruby
describe cloudfront_distribution('E2CLOUDFRONTXX') do
it do
should have_origin('cf-s3-origin-hosting.dev.example.com')
.domain_name('cf-s3-origin-hosting.dev.example.com.s3.amazonaws.com')
.origin_path('/img')
.origin_access_identity('origin-access-identity/cloudfront/E2VVVVVVVVVVVV')
end
end
```
### have_origin_domain_name
```ruby
describe cloudfront_distribution('123456789zyxw.cloudfront.net') do
it { should have_origin_domain_name('cf-s3-origin-hosting.dev.example.com.s3.amazonaws.com') }
end
```
### have_origin_domain_name_and_path
```ruby
describe cloudfront_distribution('123456789zyxw.cloudfront.net') do
it { should have_origin_domain_name_and_path('cf-s3-origin-hosting.dev.example.com.s3.amazonaws.com/img') }
end
```
### its(:id), its(:arn), its(:status), its(:last_modified_time), its(:domain_name), its(:origin_groups), its(:comment), its(:price_class), its(:enabled), its(:web_acl_id), its(:http_version), its(:is_ipv6_enabled)
## cloudtrail
Cloudtrail resource type.
### exist
```ruby
describe cloudtrail('my-trail') do
it { should exist }
end
```
### be_logging
```ruby
describe cloudtrail('my-trail') do
it { should be_logging }
end
```
### be_multi_region_trail
```ruby
describe cloudtrail('my-trail') do
it { should be_multi_region_trail }
end
```
### have_global_service_events_included
```ruby
describe cloudtrail('my-trail') do
it { should have_global_service_events_included }
end
```
### have_log_file_validation_enabled
```ruby
describe cloudtrail('my-trail') do
it { should have_log_file_validation_enabled }
end
```
### its(:name), its(:s3_bucket_name), its(:s3_key_prefix), its(:sns_topic_name), its(:sns_topic_arn), its(:include_global_service_events), its(:is_multi_region_trail), its(:home_region), its(:trail_arn), its(:log_file_validation_enabled), its(:cloud_watch_logs_log_group_arn), its(:cloud_watch_logs_role_arn), its(:kms_key_id), its(:has_custom_event_selectors), its(:is_organization_trail)
## cloudwatch_alarm
CloudwatchAlarm resource type.
### exist
```ruby
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should exist }
end
```
### have_alarm_action
```ruby
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should have_alarm_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
end
```
### have_insufficient_data_action
```ruby
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should have_insufficient_data_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
end
```
### have_ok_action
```ruby
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should have_ok_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
end
```
### belong_to_metric
```ruby
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should belong_to_metric('NumberOfProcesses').namespace('my-cloudwatch-namespace') }
end
```
### its(:alarm_name), its(:alarm_arn), its(:alarm_description), its(:alarm_configuration_updated_timestamp), its(:actions_enabled), its(:ok_actions), its(:alarm_actions), its(:insufficient_data_actions), its(:state_value), its(:state_reason), its(:state_reason_data), its(:state_updated_timestamp), its(:metric_name), its(:namespace), its(:statistic), its(:extended_statistic), its(:period), its(:unit), its(:evaluation_periods), its(:datapoints_to_alarm), its(:threshold), its(:comparison_operator), its(:treat_missing_data), its(:evaluate_low_sample_count_percentile), its(:metrics)
## cloudwatch_event
CloudwatchEvent resource type.
### exist
### be_enable
### be_scheduled
### its(:name), its(:arn), its(:event_pattern), its(:state), its(:description), its(:schedule_expression), its(:role_arn), its(:managed_by)
## cloudwatch_logs
CloudwatchLogs resource type.
### exist
```ruby
describe cloudwatch_logs('my-cloudwatch-logs-group') do
it { should exist }
end
```
### have_log_stream
```ruby
describe cloudwatch_logs('my-cloudwatch-logs-group') do
it { should have_log_stream('my-cloudwatch-logs-stream') }
end
```
### have_metric_filter
```ruby
describe cloudwatch_logs('my-cloudwatch-logs-group') do
it { should have_metric_filter('my-cloudwatch-logs-metric-filter') }
end
```
### have_subscription_filter
```ruby
describe cloudwatch_logs('my-cloudwatch-logs-group') do
it { should have_subscription_filter('my-cloudwatch-logs-subscription-filter') }
end
```
or
```ruby
describe cloudwatch_logs('my-cloudwatch-logs-group') do
it do
should have_subscription_filter('my-cloudwatch-logs-subscription-filter')\
.filter_pattern('[host, ident, authuser, date, request, status, bytes]')
end
end
```
### its(:log_group_name), its(:creation_time), its(:retention_in_days), its(:metric_filter_count), its(:arn), its(:stored_bytes), its(:kms_key_id)
## codebuild
Codebuild resource type.
### exist
## codedeploy
Codedeploy resource type.
### exist
### its(:application_id), its(:application_name), its(:create_time), its(:linked_to_git_hub), its(:git_hub_account_name), its(:compute_platform)
## codedeploy_deployment_group
CodedeployDeploymentGroup resource type.
### exist
You can set the `application_name` (default: `default`).
```ruby
describe codedeploy_deployment_group('my-codedeploy-deployment-group'), application_name: 'my-codedeploy-application' do
it { should exist }
end
```
### have_autoscaling_group
```ruby
describe codedeploy_deployment_group('my-codedeploy-deployment-group'), application_name: 'my-codedeploy-application' do
it { should have_autoscaling_group('my-autoscaling-group') }
end
```
### its(:application_name), its(:deployment_group_id), its(:deployment_group_name), its(:deployment_config_name), its(:on_premises_instance_tag_filters), its(:service_role_arn), its(:target_revision), its(:trigger_configurations), its(:alarm_configuration), its(:deployment_style), its(:load_balancer_info), its(:last_successful_deployment), its(:last_attempted_deployment), its(:ec2_tag_set), its(:on_premises_tag_set), its(:compute_platform), its(:ecs_services)
## customer_gateway
CustomerGateway resource type.
### exist
```ruby
describe customer_gateway('my-customer-gateway') do
it { should exist }
end
```
### be_pending, be_available, be_deleting, be_deleted
```ruby
describe customer_gateway('my-customer-gateway') do
it { should be_running }
end
```
### have_tag
```ruby
describe customer_gateway('my-customer-gateway') do
it { should have_tag('Name').value('my-customer-gateway') }
end
```
### its(:bgp_asn), its(:customer_gateway_id), its(:ip_address), its(:state), its(:type), its(:tags)
## directconnect_virtual_interface
DirectconnectVirtualInterface resource type.
```ruby
describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
it { should exist }
it { should be_available }
its(:connection_id) { should eq 'dxcon-abcd5fgh' }
its(:virtual_interface_id) { should eq 'dxvif-aabbccdd' }
its(:amazon_address) { should eq '170.252.252.1/30' }
its(:customer_address) { should eq '123.456.789.2/30' }
its(:virtual_gateway_id) { should eq 'vgw-d234e5f6' }
end
```
### exist
```ruby
describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
it { should exist }
end
```
### be_confirming, be_verifying, be_pending, be_available, be_deleting, be_deleted, be_rejected
```ruby
describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
it { should exist }
it { should be_available }
end
```
### its(:owner_account), its(:virtual_interface_id), its(:location), its(:connection_id), its(:virtual_interface_type), its(:virtual_interface_name), its(:vlan), its(:asn), its(:amazon_side_asn), its(:auth_key), its(:amazon_address), its(:customer_address), its(:address_family), its(:virtual_interface_state), its(:customer_router_config), its(:mtu), its(:jumbo_frame_capable), its(:virtual_gateway_id), its(:direct_connect_gateway_id), its(:route_filter_prefixes), its(:bgp_peers), its(:region), its(:aws_device_v2)
## dynamodb_table
DynamodbTable resource type.
### exist
```ruby
describe dynamodb_table('my-dynamodb-table') do
it { should exist }
end
```
### be_creating, be_updating, be_deleting, be_active
### have_attribute_definition
```ruby
describe dynamodb_table('my-dynamodb-table') do
it { should have_attribute_definition('my-dynamodb-table-attaribute1').attribute_type('S') }
it { should have_attribute_definition('my-dynamodb-table-attaribute2').attribute_type('N') }
end
```
### have_key_schema
```ruby
describe dynamodb_table('my-dynamodb-table') do
it { should have_key_schema('my-dynamodb-table-key_schema1').key_type('HASH') }
it { should have_key_schema('my-dynamodb-table-key_schema2').key_type('RANGE') }
end
```
### its(:table_name), its(:table_status), its(:creation_date_time), its(:table_size_bytes), its(:item_count), its(:table_arn), its(:table_id), its(:billing_mode_summary), its(:local_secondary_indexes), its(:global_secondary_indexes), its(:stream_specification), its(:latest_stream_label), its(:latest_stream_arn), its(:restore_summary), its(:sse_description)
### :unlock: Advanced use
`dynamodb_table` can use `Aws::DynamoDB::Table` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/DynamoDB/Table.html).
```ruby
describe dynamodb_table('my-dynamodb-table') do
its('key_schema.first.key_type') { should eq 'HASH' }
end
```
or
```ruby
describe dynamodb_table('my-dynamodb-table') do
its('resource.key_schema.first.key_type') { should eq 'HASH' }
end
```
## ebs
EBS resource type.
### exist
```ruby
describe ebs('my-volume') do
it { should exist }
end
```
### be_attached_to
```ruby
describe ebs('my-volume') do
it { should be_attached_to('my-ec2') }
end
```
### be_creating, be_available, be_in_use, be_deleting, be_deleted, be_error
```ruby
describe ebs('my-volume') do
it { should be_in_use }
end
```
### have_tag
```ruby
describe ebs('my-volume') do
it { should have_tag('Name').value('my-volume') }
end
```
### its(:availability_zone), its(:create_time), its(:encrypted), its(:kms_key_id), its(:size), its(:snapshot_id), its(:state), its(:volume_id), its(:iops), its(:volume_type)
### :unlock: Advanced use
`ebs` can use `Aws::EC2::Volume` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Volume.html).
```ruby
describe ebs('my-volume') do
its('attachments.first.instance_id') { should eq 'i-ec12345a' }
end
```
or
```ruby
describe ebs('my-volume') do
its('resource.attachments.first.instance_id') { should eq 'i-ec12345a' }
end
```
## ec2
EC2 resource type.
### exist
```ruby
describe ec2('my-ec2') do
it { should exist }
end
```
### be_disabled_api_termination
```ruby
describe ec2('my-ec2') do
it { should be_disabled_api_termination }
end
```
### be_pending, be_running, be_shutting_down, be_terminated, be_stopping, be_stopped
```ruby
describe ec2('my-ec2') do
it { should be_running }
end
```
### have_classiclink
```ruby
describe ec2('my-ec2-classic') do
it { should have_classiclink('my-vpc') }
end
```
### have_classiclink_security_group
```ruby
describe ec2('my-ec2-classic') do
it { should have_classiclink_security_group('sg-2a3b4cd5') }
it { should have_classiclink_security_group('my-vpc-security-group-name') }
end
```
### have_credit_specification
The credit option for CPU usage of T2 or T3 instance.
```ruby
describe ec2('my-ec2') do
it { should have_credit_specification('unlimited') }
end
```
### have_ebs
```ruby
describe ec2('my-ec2') do
it { should have_ebs('vol-123a123b') }
it { should have_ebs('my-volume') }
end
```
### have_eip
```ruby
describe ec2('my-ec2') do
it { should have_eip('123.0.456.789') }
end
```
### have_event
```ruby
describe ec2('my-ec2') do
it { should have_event('system-reboot') }
end
```
### have_events
```ruby
describe ec2('my-ec2') do
it { should_not have_events }
end
```
### have_iam_instance_profile
```ruby
describe ec2('my-ec2') do
it { should have_iam_instance_profile('Ec2IamProfileName') }
end
```
### have_network_interface
```ruby
describe ec2('my-ec2') do
it { should have_network_interface('my-eni') }
it { should have_network_interface('eni-12ab3cde') }
it { should have_network_interface('my-eni').as_eth0 }
end
```
### have_security_group
```ruby
describe ec2('my-ec2') do
it { should have_security_group('my-security-group-name') }
it { should have_security_group('sg-1a2b3cd4') }
end
```
### have_security_groups
```ruby
describe ec2('my-ec2') do
it { should have_security_groups(['my-security-group-name-1', 'my-security-group-name-2']) }
it { should have_security_groups(['sg-1a2b3cd4', 'sg-5e6f7gh8']) }
end
```
### have_tag
```ruby
describe ec2('my-ec2') do
it { should have_tag('Name').value('my-ec2') }
end
```
### belong_to_subnet
```ruby
describe ec2('my-ec2') do
it { should belong_to_subnet('subnet-1234a567') }
it { should belong_to_subnet('my-subnet') }
end
```
### belong_to_vpc
```ruby
describe ec2('my-ec2') do
it { should belong_to_vpc('vpc-ab123cde') }
it { should belong_to_vpc('my-vpc') }
end
```
### its(:ami_launch_index), its(:image_id), its(:instance_id), its(:instance_type), its(:kernel_id), its(:key_name), its(:launch_time), its(:monitoring), its(:placement), its(:platform), its(:private_dns_name), its(:private_ip_address), its(:product_codes), its(:public_dns_name), its(:public_ip_address), its(:ramdisk_id), its(:state_transition_reason), its(:subnet_id), its(:vpc_id), its(:architecture), its(:client_token), its(:ebs_optimized), its(:ena_support), its(:hypervisor), its(:instance_lifecycle), its(:elastic_gpu_associations), its(:elastic_inference_accelerator_associations), its(:root_device_name), its(:root_device_type), its(:source_dest_check), its(:spot_instance_request_id), its(:sriov_net_support), its(:state_reason), its(:virtualization_type), its(:cpu_options), its(:capacity_reservation_id), its(:capacity_reservation_specification), its(:hibernation_options), its(:licenses)
### :unlock: Advanced use
`ec2` can use `Aws::EC2::Instance` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Instance.html).
```ruby
describe ec2('my-ec2') do
its('vpc.id') { should eq 'vpc-ab123cde' }
end
```
or
```ruby
describe ec2('my-ec2') do
its('resource.vpc.id') { should eq 'vpc-ab123cde' }
end
```
#### Awspec::DuplicatedResourceTypeError exception
EC2 resources might have the same tag value and if you try to search for a
specific instance using that tag/tag value you might found multiples results
and receive a `Awspec::DuplicatedResourceTypeError` exception as result.
To avoid such situations, you will want to use EC2 instances ID's and then use
those ID's to test whatever you need.
There are several different ways to provide such ID's, like using [Terraform output](https://www.terraform.io/docs/configuration/outputs.html) or even the
AWS SDK directly:
```ruby
require 'awspec'
require 'aws-sdk-ec2'
tag_name = 'tag:Name'
tag_value = 'foobar'
servers = {}
ec2 = Aws::EC2::Resource.new
ec2.instances({filters: [{name: "#{tag_name}",
values: ["#{tag_value}"]}]}).each do |i|
servers.store(i.id, i.subnet_id)
end
if servers.size == 0
raise "Could not find any EC2 instance with #{tag_name} = #{tag_value}!"
end
servers.each_pair do |instance_id, subnet_id|
describe ec2(instance_id) do
it { should exist }
it { should be_running }
its(:image_id) { should eq 'ami-12345foobar' }
its(:instance_type) { should eq 't2.micro' }
it { should belong_to_subnet(subnet_id) }
end
end
```
## ecr_repository
EcrRepository resource type.
### exist
## ecs_cluster
ECS Cluster resource type.
### exist
```ruby
describe ecs_cluster('my-ecs-cluster') do
it { should exist }
end
```
### be_active, be_inactive
```ruby
describe ecs_cluster('my-ecs-cluster') do
it { should be_active }
end
```
### have_container_instance
```ruby
describe ecs_cluster('my-ecs-cluster') do
it { have_container_instance('f2756532-8f13-4d53-87c9-aed50dc94cd7') }
end
```
### its(:cluster_arn), its(:cluster_name), its(:status), its(:registered_container_instances_count), its(:running_tasks_count), its(:pending_tasks_count), its(:active_services_count), its(:statistics), its(:tags)
## ecs_container_instance
ECS Container Instance resource type.
### exist
You can set `cluster` ( default: `default` ).
```ruby
describe ecs_container_instance('my-container-instance'), cluster: 'my-ecs-cluster' do
it { should exist }
end
```
### be_active, be_inactive
```ruby
describe ecs_container_instance('my-container-instance'), cluster: 'my-ecs-cluster' do
it { should be_active }
end
```
### its(:container_instance_arn), its(:ec2_instance_id), its(:version), its(:version_info), its(:status), its(:agent_connected), its(:running_tasks_count), its(:pending_tasks_count), its(:agent_update_status), its(:attributes), its(:registered_at), its(:attachments), its(:tags)
## ecs_service
ECS Service resource type.
### exist
```ruby
describe ecs_service('my-ecs-service') do
it { should exist }
end
```
### be_active, be_draining, be_inactive
```ruby
describe ecs_service('my-ecs-service') do
it { should be_active }
end
```
### its(:service_arn), its(:service_name), its(:cluster_arn), its(:load_balancers), its(:service_registries), its(:status), its(:desired_count), its(:running_count), its(:pending_count), its(:launch_type), its(:platform_version), its(:task_definition), its(:task_sets), its(:role_arn), its(:created_at), its(:placement_constraints), its(:placement_strategy), its(:network_configuration), its(:health_check_grace_period_seconds), its(:scheduling_strategy), its(:deployment_controller), its(:tags), its(:created_by), its(:enable_ecs_managed_tags), its(:propagate_tags)
## ecs_task_definition
ECS Task Definition resource type.
### exist
```ruby
describe ecs_task_definition('my-ecs-task-definition') do
it { should exist }
end
```
### be_active, be_inactive
```ruby
describe ecs_task_definition('my-ecs-task-definition') do
it { should be_active }
end
```
### its(:task_definition_arn), its(:family), its(:task_role_arn), its(:execution_role_arn), its(:network_mode), its(:revision), its(:volumes), its(:status), its(:requires_attributes), its(:placement_constraints), its(:compatibilities), its(:requires_compatibilities), its(:cpu), its(:memory), its(:pid_mode), its(:ipc_mode)
## efs
EFS resource type.
### exist
```ruby
describe efs('my-efs') do
it { should exist }
end
```
### have_tag
```ruby
describe efs('my-efs') do
it { should have_tag('my-key').value('my-value') }
end
```
### its(:owner_id), its(:creation_token), its(:file_system_id), its(:creation_time), its(:life_cycle_state), its(:name), its(:number_of_mount_targets), its(:performance_mode), its(:encrypted), its(:kms_key_id), its(:throughput_mode), its(:provisioned_throughput_in_mibps)
## elastic_ip
Elastic IP resource type.
### exist
```ruby
describe eip('123.0.456.789') do
it { should exist }
end
```
### be_associated_to
```ruby
describe eip('123.0.456.789') do
it { should be_associated_to('i-ec12345a') }
end
```
### belong_to_domain
```ruby
describe eip('123.0.456.789') do
it { should belong_to_domain('vpc') }
end
```
## eks
Eks resource type.
### exist
```ruby
describe eks('my-eks') do
it { should exist }
end
```
### be_active, be_creating
```ruby
describe eks('my-eks') do
it { should be_active }
end
```
### its(:name), its(:arn), its(:created_at), its(:version), its(:endpoint), its(:role_arn), its(:status), its(:client_request_token), its(:platform_version)
## elasticache
Elasticache resource type.
### exist
```ruby
describe elasticache('my-rep-group-001') do
it { should exist }
end
```
### be_available, be_creating, be_deleted, be_deleting, be_incompatible_network, be_modifying, be_rebooting_cache_cluster_nodes, be_restore_failed, be_snapshotting
```ruby
describe elasticache('my-rep-group-001') do
it { should be_available }
end
```
### have_cache_parameter_group
```ruby
describe elasticache('my-rep-group-001') do
it { should have_cache_parameter_group('my-cache-parameter-group') }
end
```
### have_security_group
```ruby
describe elasticache('my-rep-group-001') do
it { should have_security_group('sg-da1bc2ef') }
it { should have_security_group('group-name-sg') }
it { should have_security_group('my-cache-sg') }
end
```
### belong_to_cache_subnet_group
```ruby
describe elasticache('my-rep-group-001') do
it { should belong_to_cache_subnet_group('my-cache-subnet-group') }
end
```
### belong_to_replication_group
```ruby
describe elasticache('my-rep-group-001') do
it { should belong_to_replication_group('my-rep-group') }
end
```
### belong_to_vpc
```ruby
describe elasticache('my-rep-group-001') do
it { should belong_to_vpc('my-vpc') }
end
```
### its(:cache_cluster_id), its(:configuration_endpoint), its(:client_download_landing_page), its(:cache_node_type), its(:engine), its(:engine_version), its(:cache_cluster_status), its(:num_cache_nodes), its(:preferred_availability_zone), its(:cache_cluster_create_time), its(:preferred_maintenance_window), its(:notification_configuration), its(:cache_security_groups), its(:cache_subnet_group_name), its(:cache_nodes), its(:auto_minor_version_upgrade), its(:replication_group_id), its(:snapshot_retention_limit), its(:snapshot_window), its(:auth_token_enabled), its(:transit_encryption_enabled), its(:at_rest_encryption_enabled)
## elasticache_cache_parameter_group
ElasticacheCacheParameterGroup resource type.
```ruby
describe elasticache_cache_parameter_group('my-cache-parameter-group') do
it { should exist }
its(:activerehashing) { should eq 'yes' }
its(:client_output_buffer_limit_pubsub_hard_limit) { should eq '33554432' }
end
```
### exist
```ruby
describe elasticache_cache_parameter_group('my-cache-parameter-group') do
it { should exist }
end
```
## elasticsearch
Elasticsearch resource type.
### exist
```ruby
describe elasticsearch('my-elasticsearch') do
it { should exist }
end
```
### be_created
```ruby
describe elasticsearch('my-elasticsearch') do
it { should be_created }
end
```
### be_deleted
```ruby
describe elasticsearch('my-elasticsearch') do
it { should be_deleted }
end
```
### have_access_policies
```ruby
describe elasticsearch('my-elasticsearch') do
it do
should have_access_policies <<-policy
{
"version": "2012-10-17",
"statement": [
{
"effect": "allow",
"principal": "*",
"action": [
"es:*"
],
"resource": "arn:aws:es:ap-northeast-1:1234567890:domain/my-elasticsearch/*"
}
]
}
policy
end
end
```
### its(:domain_id), its(:domain_name), its(:arn), its(:created), its(:deleted), its(:endpoint), its(:endpoints), its(:processing), its(:upgrade_processing), its(:elasticsearch_version), its(:access_policies), its(:snapshot_options), its(:vpc_options), its(:cognito_options), its(:encryption_at_rest_options), its(:node_to_node_encryption_options), its(:advanced_options), its(:log_publishing_options), its(:service_software_options)
## elastictranscoder_pipeline
ElastictranscoderPipeline resource type.
### exist
### be_active, be_paused
```ruby
describe elastictranscoder_pipeline('my-elastictranscoder-pipeline') do
it { should be_active }
end
```
## elb
ELB resource type.
### exist
```ruby
describe elb('my-elb') do
it { should exist }
end
```
### be_cross_zone_load_balancing_enabled
```ruby
describe elb('my-elb') do
it { should be_cross_zone_load_balancing_enabled }
end
```
### have_access_log
```ruby
describe elb('my-elb') do
it { should have_access_log(s3_bucket_name: 'my-loadbalancer-logs', s3_bucket_prefix: 'my-app', emit_interval: 5) }
end
```
### have_connection_draining
```ruby
describe elb('my-elb') do
it { should have_connection_draining(timeout: 300) }
end
```
### have_ec2
```ruby
describe elb('my-elb') do
it { should have_ec2('my-ec2') }
end
```
### have_listener
http://docs.aws.amazon.com/en_us/ElasticLoadBalancing/latest/DeveloperGuide/elb-listener-config.html
```ruby
describe elb('my-elb') do
it { should have_listener(protocol: 'HTTPS', port: 443, instance_protocol: 'HTTP', instance_port: 80) }
end
```
### have_security_group
```ruby
describe elb('my-elb') do
it { should have_security_group('my-lb-security-group-tag-name') }
end
```
### have_subnet
```ruby
describe elb('my-elb') do
it { should have_subnet('my-subnet') }
end
```
### have_tag
```ruby
describe elb('my-elb') do
it { should have_tag('Name').value('my-elb') }
it { should have_tag('my-tag-key').value('my-tag-value') }
end
```
### belong_to_vpc
```ruby
describe elb('my-elb') do
it { should belong_to_vpc('my-vpc') }
end
```
### its(:health_check_target), its(:health_check_interval), its(:health_check_timeout), its(:health_check_unhealthy_threshold), its(:health_check_healthy_threshold), its(:idle_timeout), its(:load_balancer_name), its(:dns_name), its(:canonical_hosted_zone_name), its(:canonical_hosted_zone_name_id), its(:backend_server_descriptions), its(:availability_zones), its(:subnets), its(:vpc_id), its(:security_groups), its(:created_time), its(:scheme)
## emr
Emr resource type.
### exist
```ruby
describe emr('my-emr') do
it { should exist }
end
```
### be_healthy
```ruby
describe emr('my-emr') do
it { should be_healthy }
end
```
### be_ok
### be_ready
### be_running, be_waiting, be_starting, be_bootstrapping
```ruby
describe emr('my-emr') do
it { should be_running }
end
```
### its(:id), its(:name), its(:instance_collection_type), its(:log_uri), its(:requested_ami_version), its(:running_ami_version), its(:release_label), its(:auto_terminate), its(:termination_protected), its(:visible_to_all_users), its(:service_role), its(:normalized_instance_hours), its(:master_public_dns_name), its(:configurations), its(:security_configuration), its(:auto_scaling_role), its(:scale_down_behavior), its(:custom_ami_id), its(:ebs_root_volume_size), its(:repo_upgrade_on_boot)
## firehose
Firehose resource type.
### exist
```ruby
describe firehose('my-firehose') do
it { should exist }
end
```
### be_active
```ruby
describe firehose('my-firehose') do
it { should be_active }
end
```
### be_creating
### be_deleting
### have_splunk_destination
```ruby
describe firehose('my-firehose') do
it { should have_splunk_destination }
end
```
### its(:delivery_stream_name), its(:delivery_stream_arn), its(:delivery_stream_status), its(:delivery_stream_encryption_configuration), its(:delivery_stream_type), its(:version_id), its(:create_timestamp), its(:last_update_timestamp), its(:source), its(:has_more_destinations)
### :unlock: Advanced use
```ruby
describe firehose('my-firehose') do
its(:delivery_stream_type) { should be_eql('DirectPut') }
end
```
## iam_group
IamGroup resource type.
### exist
```ruby
describe iam_group('my-iam-group') do
it { should exist }
end
```
### be_allowed_action
```ruby
describe iam_group('my-iam-group') do
it { should be_allowed_action('ec2:DescribeInstances') }
it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
end
```
### have_iam_policy
```ruby
describe iam_group('my-iam-group') do
it { should have_iam_policy('ReadOnlyAccess') }
end
```
### have_iam_user
```ruby
describe iam_group('my-iam-group') do
it { should have_iam_user('my-iam-user') }
end
```
### have_inline_policy
### its(:path), its(:group_name), its(:group_id), its(:arn), its(:create_date)
### :unlock: Advanced use
`iam_group` can use `Aws::IAM::Group` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Group.html).
```ruby
describe iam_group('my-iam-group') do
its('users.count') { should eq 5 }
end
```
or
```ruby
describe iam_group('my-iam-group') do
its('resource.users.count') { should eq 5 }
end
```
## iam_policy
IamPolicy resource type.
### exist
```ruby
describe iam_policy('my-iam-policy') do
it { should exist }
end
```
### be_attachable
```ruby
describe iam_policy('my-iam-policy') do
it { should be_attachable }
end
```
### be_attached_to_group
```ruby
describe iam_policy('my-iam-policy') do
it { should be_attached_to_group('my-iam-group') }
end
```
### be_attached_to_role
```ruby
describe iam_policy('my-iam-policy') do
it { should be_attached_to_role('HelloIAmGodRole') }
end
```
### be_attached_to_user
```ruby
describe iam_policy('my-iam-user') do
it { should be_attached_to_user('my-iam-user') }
end
```
### its(:policy_name), its(:policy_id), its(:arn), its(:path), its(:default_version_id), its(:attachment_count), its(:permissions_boundary_usage_count), its(:is_attachable), its(:description), its(:create_date), its(:update_date)
## iam_role
IamRole resource type.
### exist
```ruby
describe iam_role('my-iam-role') do
it { should exist }
end
```
### be_allowed_action
```ruby
describe iam_role('my-iam-role') do
it { should be_allowed_action('ec2:DescribeInstances') }
it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
end
```
### have_iam_policy
```ruby
describe iam_role('my-iam-role') do
it { should have_iam_policy('ReadOnlyAccess') }
end
```
### have_inline_policy
```ruby
describe iam_role('my-iam-role') do
it { should have_inline_policy('AllowS3BucketAccess') }
it do
should have_inline_policy('AllowS3BucketAccess').policy_document(<<-'DOC')
{
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
},
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": ["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]
}
]
}
DOC
end
end
```
### its(:path), its(:role_name), its(:role_id), its(:arn), its(:create_date), its(:assume_role_policy_document), its(:description), its(:max_session_duration), its(:permissions_boundary), its(:tags)
### :unlock: Advanced use
`iam_role` can use `Aws::IAM::Role` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Role.html).
```ruby
describe iam_role('my-iam-role') do
its('attached_policies.count') { should eq 5 }
end
```
or
```ruby
describe iam_role('my-iam-role') do
its('resource.attached_policies.count') { should eq 5 }
end
```
## iam_user
IamUser resource type.
### exist
```ruby
describe iam_user('my-iam-user') do
it { should exist }
end
```
### be_allowed_action
```ruby
describe iam_user('my-iam-user') do
it { should be_allowed_action('ec2:DescribeInstances') }
it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
end
```
### have_iam_policy
```ruby
describe iam_user('my-iam-user') do
it { should have_iam_policy('ReadOnlyAccess') }
end
```
### have_inline_policy
```ruby
describe iam_user('my-iam-user') do
it { should have_inline_policy('AllowS3BucketAccess') }
it do
should have_inline_policy('AllowS3BucketAccess').policy_document(<<-'DOC')
{
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
},
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": ["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]
}
]
}
DOC
end
end
```
### belong_to_iam_group
```ruby
describe iam_user('my-iam-user') do
it { should belong_to_iam_group('my-iam-group') }
end
```
### its(:path), its(:user_name), its(:user_id), its(:arn), its(:create_date), its(:password_last_used), its(:permissions_boundary), its(:tags)
### :unlock: Advanced use
`iam_user` can use `Aws::IAM::User` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/User.html).
```ruby
describe iam_user('my-iam-user') do
its('login_profile.password_reset_required') { should eq false }
end
```
or
```ruby
describe iam_user('my-iam-user') do
its('resource.login_profile.password_reset_required') { should eq false }
end
```
## internet_gateway
InternetGateway resource type.
### exist
```ruby
describe internet_gateway('igw-1ab2cd3e') do
it { should exist }
end
describe internet_gateway('my-internet-gateway') do
it { should exist }
end
```
### be_attached_to
```ruby
describe internet_gateway('igw-1ab2cd3e') do
it { should be_attached_to('vpc-ab123cde') }
end
describe internet_gateway('igw-1ab2cd3e') do
it { should be_attached_to('my-vpc') }
end
```
### have_tag
```ruby
describe internet_gateway('igw-1ab2cd3e') do
it { should have_tag('Name').value('my-internet-gateway') }
end
```
### its(:internet_gateway_id), its(:owner_id)
## kinesis
Kinesis resource type.
### exist
```ruby
describe kinesis('my-kinesis') do
it { should exist }
end
```
### its(:stream_name), its(:stream_arn), its(:stream_status), its(:retention_period_hours), its(:stream_creation_timestamp), its(:encryption_type), its(:key_id), its(:open_shard_count), its(:consumer_count)
## kms
Kms resource type.
### exist
```ruby
describe kms('my-kms-key') do
it { should exist }
end
```
### be_enabled
```ruby
describe kms('my-kms-key') do
it { should be_enabled }
end
```
### have_key_policy
```ruby
describe kms('my-kms-key') do
it { should exist }
it { should be_enabled }
it do
should have_key_policy('default').policy_document(<<-'DOC')
{
"Version" : "2012-10-17",
"Id" : "key-consolepolicy-2",
"Statement" : [ {
"Sid" : "Enable IAM User Permissions",
"Effect" : "Allow",
"Principal" : {
"AWS" : "arn:aws:iam::1234567890:root"
},
"Action" : "kms:*",
"Resource" : "*"
}, {
"Sid" : "Allow access for Key Administrators",
"Effect" : "Allow",
"Principal" : {
"AWS" : "arn:aws:iam::1234567890:user/test-user"
},
"Action" : [ "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*", "kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion" ],
"Resource" : "*"
}, {
"Sid" : "Allow use of the key",
"Effect" : "Allow",
"Principal" : {
"AWS" : [ "arn:aws:iam::1234567890:user/test-user", "arn:aws:iam::1234567890:role/test-role" ]
},
"Action" : [ "kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:DescribeKey" ],
"Resource" : "*"
}, {
"Sid" : "Allow attachment of persistent resources",
"Effect" : "Allow",
"Principal" : {
"AWS" : [ "arn:aws:iam::1234567890:user/test-user", "arn:aws:iam::1234567890:role/test-role" ]
},
"Action" : [ "kms:CreateGrant", "kms:ListGrants", "kms:RevokeGrant" ],
"Resource" : "*",
"Condition" : {
"Bool" : {
"kms:GrantIsForAWSResource" : "true"
}
}
} ]
}
DOC
end
end
```
### its(:aws_account_id), its(:key_id), its(:arn), its(:creation_date), its(:enabled), its(:description), its(:key_usage), its(:key_state), its(:deletion_date), its(:valid_to), its(:origin), its(:custom_key_store_id), its(:cloud_hsm_cluster_id), its(:expiration_model), its(:key_manager)
## lambda
Lambda resource type.
### exist
```ruby
describe lambda('my-lambda-function-name') do
it { should exist }
end
```
### have_env_var
Useful to validate if there is a specific environment variable declared in the Lambda. You probably will want to use it with `have_env_var_value`.
## have_env_var_value
Validates if a specific environment variable has the expected value. More useful to use with `have_env_var` because if the variable isn't available, it will fail without notifying that the variable is missing.
```ruby
expected.each_pair do |key, value|
context "environment variable #{key}" do
it { should have_env_var(key) }
it { should have_env_var_value(key, value) }
end
end
```
`expected` would be a hash that has the environment variables names as keys.
### have_env_vars
Useful to validate if there are environment variables configured in the Lambda:
```ruby
describe lambda('my-lambda-function-name') do
it { should have_env_vars() }
end
```
### have_event_source
This matcher does not support Amazon S3 event sources ([see SDK doc](http://docs.aws.amazon.com/sdkforruby/api/Aws/Lambda/Client.html#list_event_source_mappings-instance_method)).
### its(:function_name), its(:function_arn), its(:runtime), its(:role), its(:handler), its(:code_size), its(:description), its(:timeout), its(:memory_size), its(:last_modified), its(:code_sha_256), its(:version), its(:vpc_config), its(:dead_letter_config), its(:kms_key_arn), its(:master_arn), its(:revision_id), its(:layers)
## launch_configuration
LaunchConfiguration resource type.
### exist
```ruby
describe launch_configuration('my-lc') do
it { should exist }
end
```
### have_block_device_mapping
### have_security_group
```ruby
describe launch_configuration('my-lc') do
it { should have_security_group('my-security-group-name') }
end
```
### its(:launch_configuration_name), its(:launch_configuration_arn), its(:image_id), its(:key_name), its(:security_groups), its(:classic_link_vpc_id), its(:classic_link_vpc_security_groups), its(:user_data), its(:instance_type), its(:kernel_id), its(:ramdisk_id), its(:spot_price), its(:iam_instance_profile), its(:created_time), its(:ebs_optimized), its(:associate_public_ip_address), its(:placement_tenancy)
## launch_template
LaunchTemplate resource type.
### exist
You can set launch template version ( default: $Default ).
```ruby
# launch_template_id or launch_template_name
describe launch_template('my-launch-template') do
it { should exist }
its(:default_version_number) { should eq 1 }
its(:latest_version_number) { should eq 2 }
its('launch_template_version.launch_template_data.image_id') { should eq 'ami-12345foobar' }
its('launch_template_version.launch_template_data.instance_type') { should eq 't2.micro' }
end
```
#### specify version
Specify "latest" or version_number.
```ruby
# version_number
describe launch_template('my-launch-template'), version: 2 do
it { should exist }
its('launch_template_version.launch_template_data.instance_type') { should eq 't2.micro' }
end
# latest
describe launch_template('my-launch-template'), version: 'latest' do
it { should exist }
its('launch_template_version.launch_template_data.instance_type') { should eq 't2.micro' }
end
```
### have_tag
```ruby
describe launch_template('my-launch-template') do
it { should have_tag('env').value('dev') }
end
```
### have_version_number
```ruby
describe launch_template('my-launch-template') do
it { should have_version_number(2) }
end
```
### its(:launch_template_id), its(:launch_template_name), its(:create_time), its(:created_by), its(:default_version_number), its(:latest_version_number), its(:tags)
## nat_gateway
NatGateway resource type.
### exist
```ruby
describe nat_gateway('nat-7ff7777f') do
it { should exist }
end
```
### be_pending, be_failed, be_available, be_deleting, be_deleted
```ruby
describe nat_gateway('nat-7ff7777f') do
it { should be_available }
end
```
### have_eip
```ruby
describe nat_gateway('nat-7ff7777f') do
it { should have_eip('123.0.456.789') }
end
```
### belong_to_vpc
```ruby
describe nat_gateway('nat-7ff7777f') do
it { should belong_to_vpc('my-vpc') }
end
```
### its(:create_time), its(:delete_time), its(:failure_code), its(:failure_message), its(:nat_gateway_id), its(:provisioned_bandwidth), its(:state), its(:subnet_id), its(:vpc_id), its(:tags)
## network_acl
NetworkAcl resource type.
### exist
```ruby
describe network_acl('my-network-acl') do
it { should exist }
end
```
### have_subnet
```ruby
describe network_acl('my-network-acl') do
it { should have_subnet('my-subnet') }
end
```
### have_tag
```ruby
describe network_acl('my-network-acl') do
it { should have_tag('Name').value('my-network-acl') }
end
```
### belong_to_vpc
```ruby
describe network_acl('my-network-acl') do
it { should belong_to_vpc('my-vpc') }
end
```
### its(:inbound), its(:outbound), its(:inbound_entries_count), its(:outbound_entries_count)
```ruby
describe network_acl('my-network-acl') do
its(:inbound) { should be_allowed(80).protocol('tcp').source('123.0.456.789/32') }
its(:inbound) { should be_denied.rule_number('*').source('0.0.0.0/0') }
its(:outbound) { should be_allowed.protocol('ALL').source('0.0.0.0/0') }
its(:inbound_entries_count) { should eq 3 }
its(:outbound_entries_count) { should eq 2 }
end
```
### its(:inbound_entries_count), its(:outbound_entries_count), its(:is_default), its(:network_acl_id), its(:vpc_id), its(:owner_id)
### :unlock: Advanced use
`network_acl` can use `Aws::EC2::NetworkAcl` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/NetworkAcl.html).
```ruby
describe network_acl('my-network-acl') do
its('vpc.id') { should eq 'vpc-ab123cde' }
end
```
or
```ruby
describe network_acl('my-network-acl') do
its('resource.vpc.id') { should eq 'vpc-ab123cde' }
end
```
## network_interface
NetworkInterface resource type.
### exist
```ruby
describe network_interface('eni-12ab3cde') do
it { should exist }
end
```
### be_attached_to
```ruby
describe network_interface('eni-12ab3cde') do
it { should be_attached_to('my-ec2') }
it { should be_attached_to('my-ec2').as_eth0 }
end
```
### be_available, be_attaching, be_in_use, be_detaching
```ruby
describe network_interface('eni-12ab3cde') do
it { should be_in_use }
end
```
### have_private_ip_address
```ruby
describe network_interface('eni-12ab3cde') do
it { should have_private_ip_address('10.0.1.1').primary }
it { should have_private_ip_address('10.0.1.2') }
its(:private_ip_addresses_count) { should eq 2 }
end
```
### have_security_group
```ruby
describe network_interface('eni-12ab3cde') do
it { should have_security_group('my-security-group-name') }
end
```
### have_tag
```ruby
describe network_interface('eni-12ab3cde') do
it { should have_tag('Name').value('my-eni') }
end
```
### belong_to_subnet
```ruby
describe network_interface('eni-12ab3cde') do
it { should belong_to_subnet('my-subnet') }
end
```
### belong_to_vpc
```ruby
describe network_interface('eni-12ab3cde') do
it { should belong_to_vpc('my-vpc') }
end
```
### its(:association), its(:availability_zone), its(:description), its(:interface_type), its(:ipv_6_addresses), its(:mac_address), its(:network_interface_id), its(:owner_id), its(:private_dns_name), its(:private_ip_address), its(:requester_id), its(:requester_managed), its(:source_dest_check), its(:status), its(:subnet_id), its(:vpc_id)
## nlb
NLB resource type.
### exist
```ruby
describe nlb('my-nlb') do
it { should exist }
end
```
### be_active, be_provisioning, be_failed
```ruby
describe nlb('my-nlb') do
it { should be_active }
end
```
### have_security_group
Note that NLBs never have security groups. The have_security_group() function always returns false. See https://forums.aws.amazon.com/thread.jspa?threadID=263245 for discussion about the security-group-less-ness of NLBs.
```ruby
describe nlb('my-nlb') do
it { should_not have_security_group('sg-1a2b3cd4') }
end
```
### have_subnet
```ruby
describe nlb('my-nlb') do
it { should have_subnet('subnet-1234a567') }
end
```
### belong_to_vpc
```ruby
describe nlb('my-nlb') do
it { should belong_to_vpc('my-vpc') }
end
```
### its(:load_balancer_arn), its(:dns_name), its(:canonical_hosted_zone_id), its(:created_time), its(:load_balancer_name), its(:scheme), its(:vpc_id), its(:type), its(:security_groups), its(:ip_address_type)
## nlb_listener
NlbListener resource type.
### exist
```ruby
describe nlb_listener('arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:listener/app/my-nlb/1aa1bb1cc1ddee11/f2f7dc8efc522ab2') do
it { should exist }
its(:port) { should eq 80 }
its(:protocol) { should eq 'HTTP' }
end
```
### have_rule
```ruby
describe nlb_listener('arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:listener/app/my-nlb/1aa1bb1cc1ddee11/f2f7dc8efc522ab2') do
it { should have_rule('arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:listener-rule/app/my-nlb/1aa1bb1cc1ddee11/f2f7dc8efc522ab2/9683b2d02a6cabee') }
it do
should have_rule.priority('10')
.conditions(field: 'path-pattern', values: ['/img/*'])
.actions(target_group_arn: 'arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:123456789012:targetgroup/73e2d6bc24d8a067/73e2d6bc24d8a067', type: 'forward')
end
it do
should have_rule.priority('10')
.if(field: 'path-pattern', values: ['/img/*'])
.then(target_group_arn: 'arn:aws:elasticloadbalancing:ap-northeast-1:1234567890:123456789012:targetgroup/73e2d6bc24d8a067/73e2d6bc24d8a067', type: 'forward')
end
it { should have_rule.conditions([{ field: 'path-pattern', values: ['/admin/*'] }, { field: 'host-header', values: ['admin.example.com'] }]) }
it { should have_rule.actions(target_group_name: 'my-nlb-target-group', type: 'forward') }
end
```
### its(:listener_arn), its(:load_balancer_arn), its(:port), its(:protocol), its(:certificates), its(:ssl_policy)
## nlb_target_group
NlbTargetGroup resource type.
### exist
```ruby
describe nlb_target_group('my-nlb-target-group') do
it { should exist }
its(:health_check_path) { should eq '/' }
its(:health_check_port) { should eq 'traffic-port' }
its(:health_check_protocol) { should eq 'HTTP' }
end
```
### have_ec2
```ruby
describe nlb_target_group('my-nlb-target-group') do
it { should have_ec2('my-ec2') }
end
```
### belong_to_nlb
```ruby
describe nlb_target_group('my-nlb-target-group') do
it { should belong_to_nlb('my-nlb') }
end
```
### belong_to_vpc
```ruby
describe nlb_target_group('my-nlb-target-group') do
it { should belong_to_vpc('my-vpc') }
end
```
### its(:target_group_arn), its(:target_group_name), its(:protocol), its(:port), its(:vpc_id), its(:health_check_protocol), its(:health_check_port), its(:health_check_enabled), its(:health_check_interval_seconds), its(:health_check_timeout_seconds), its(:healthy_threshold_count), its(:unhealthy_threshold_count), its(:health_check_path), its(:load_balancer_arns), its(:target_type)
## rds
RDS resource type.
### exist
```ruby
describe rds('my-rds') do
it { should exist }
end
```
### be_available, be_backing_up, be_creating, be_deleting, be_failed, be_inaccessible_encryption_credentials, be_incompatible_credentials, be_incompatible_network, be_incompatible_option_group, be_incompatible_parameters, be_incompatible_restore, be_maintenance, be_modifying, be_rebooting, be_renaming, be_resetting_master_credentials, be_restore_error, be_storage_full, be_upgrading
```ruby
describe rds('my-rds') do
it { should be_available }
end
```
### have_db_parameter_group
```ruby
describe rds('my-rds') do
it { should have_db_parameter_group('my-db-parameter-group') }
it do
should have_db_parameter_group('custom.mysql5.6')\
.parameter_apply_status('in-sync')
end
end
```
### have_option_group
```ruby
describe rds('my-rds') do
it { should have_option_group('default:mysql-5-6') }
it do
should have_option_group('default:mysql-5-6')\
.status('in-sync')
end
end
```
### have_security_group
```ruby
describe rds('my-rds') do
it { should have_security_group('sg-5a6b7cd8') }
it { should have_security_group('my-db-sg') }
end
```
### have_tag
```ruby
describe rds('my-rds') do
it { should have_tag('Name').value('my-rds') }
end
```
### belong_to_db_subnet_group
```ruby
describe rds('my-rds') do
it { should belong_to_db_subnet_group('my-db-subnet-group') }
end
```
### belong_to_subnet
```ruby
describe rds('my-rds') do
it { should belong_to_subnet('subnet-8901b123') }
it { should belong_to_subnet('db-subnet-a') }
end
```
### belong_to_vpc
```ruby
describe rds('my-rds') do
it { should belong_to_vpc('vpc-ab123cde') }
it { should belong_to_vpc('my-vpc') }
end
```
### its(:vpc_id), its(:db_instance_identifier), its(:db_instance_class), its(:engine), its(:db_instance_status), its(:master_username), its(:db_name), its(:endpoint), its(:allocated_storage), its(:instance_create_time), its(:preferred_backup_window), its(:backup_retention_period), its(:db_security_groups), its(:availability_zone), its(:preferred_maintenance_window), its(:pending_modified_values), its(:latest_restorable_time), its(:multi_az), its(:engine_version), its(:auto_minor_version_upgrade), its(:read_replica_source_db_instance_identifier), its(:read_replica_db_instance_identifiers), its(:read_replica_db_cluster_identifiers), its(:license_model), its(:iops), its(:character_set_name), its(:secondary_availability_zone), its(:publicly_accessible), its(:status_infos), its(:storage_type), its(:tde_credential_arn), its(:db_instance_port), its(:db_cluster_identifier), its(:storage_encrypted), its(:kms_key_id), its(:dbi_resource_id), its(:ca_certificate_identifier), its(:domain_memberships), its(:copy_tags_to_snapshot), its(:monitoring_interval), its(:enhanced_monitoring_resource_arn), its(:monitoring_role_arn), its(:promotion_tier), its(:db_instance_arn), its(:timezone), its(:iam_database_authentication_enabled), its(:performance_insights_enabled), its(:performance_insights_kms_key_id), its(:performance_insights_retention_period), its(:enabled_cloudwatch_logs_exports), its(:processor_features), its(:deletion_protection), its(:associated_roles), its(:listener_endpoint)
### :unlock: Advanced use
`rds` can use `Aws::RDS::DBInstance` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/RDS/DBInstance.html).
```ruby
describe rds('my-rds') do
its('db_subnet_group.db_subnet_group_name') { should eq 'my-db-subnet-group' }
end
```
or
```ruby
describe rds('my-rds') do
its('resource.db_subnet_group.db_subnet_group_name') { should eq 'my-db-subnet-group' }
end
```
## rds_db_cluster_parameter_group
RdsDbClusterParameterGroup resource type.
```ruby
describe rds_db_cluster_parameter_group('my-rds-db-cluster-parameter-group') do
its(:time_zone) { should eq 'US/Central' }
its(:binlog_format) { should eq 'ROW' }
its(:character_set_server) { should eq 'utf8mb4' }
end
```
### exist
```ruby
describe rds_db_cluster_parameter_group('my-rds-db-cluster-parameter-group') do
it { should exist }
end
```
## rds_db_parameter_group
RdsDbParameterGroup resource type.
```ruby
describe rds_db_parameter_group('my-rds-db-parameter-group') do
its(:basedir) { should eq '/rdsdbbin/mysql' }
its(:innodb_buffer_pool_size) { '{DBInstanceClassMemory*3/4}' }
end
```
### exist
```ruby
describe rds_db_parameter_group('my-rds-db-parameter-group') do
it { should exist }
end
```
## redshift
Redshift resource type.
### exist
```ruby
describe redshift('my-redshift') do
it { should exist }
end
```
### be_available, be_cancelling_resize, be_creating, be_deleting, be_final_snapshot, be_hardware_failure, be_incompatible_hsm, be_incompatible_network, be_incompatible_parameters, be_incompatible_restore, be_modifying, be_rebooting, be_renaming, be_resizing, be_rotating_keys, be_storage_full, be_updating_hsm
```ruby
describe redshift('my-redshift') do
it { should be_available }
end
```
### have_cluster_parameter_group
```ruby
describe redshift('my-redshift') do
it { should have_cluster_parameter_group('my-pg') }
it do
should have_cluster_parameter_group('my-pg')\
.parameter_apply_status('in-sync')
end
end
```
### have_security_group
```ruby
describe redshift('my-redshift') do
it { should have_security_group('sg-1a2b3c4d') }
it { should have_security_group('group-name-sg') }
end
```
### have_tag
```ruby
describe redshift('my-redshift') do
it { should have_tag('Name').value('my-cluster') }
end
```
### belong_to_cluster_subnet_group
```ruby
describe redshift('my-redshift') do
it { should belong_to_cluster_subnet_group('my-sg') }
end
```
### belong_to_vpc
```ruby
describe redshift('my-redshift') do
it { should belong_to_vpc('vpc-ab123cde') }
it { should belong_to_vpc('my-vpc') }
end
```
### its(:vpc_id), its(:cluster_identifier), its(:node_type), its(:cluster_status), its(:modify_status), its(:master_username), its(:db_name), its(:endpoint), its(:cluster_create_time), its(:automated_snapshot_retention_period), its(:manual_snapshot_retention_period), its(:cluster_security_groups), its(:cluster_subnet_group_name), its(:vpc_id), its(:availability_zone), its(:preferred_maintenance_window), its(:pending_modified_values), its(:cluster_version), its(:allow_version_upgrade), its(:number_of_nodes), its(:publicly_accessible), its(:encrypted), its(:restore_status), its(:data_transfer_progress), its(:hsm_status), its(:cluster_snapshot_copy_status), its(:cluster_public_key), its(:cluster_nodes), its(:elastic_ip_status), its(:cluster_revision_number), its(:kms_key_id), its(:enhanced_vpc_routing), its(:iam_roles), its(:pending_actions), its(:maintenance_track_name), its(:elastic_resize_number_of_node_options), its(:deferred_maintenance_windows), its(:snapshot_schedule_identifier), its(:snapshot_schedule_state), its(:resize_info)
## redshift_cluster_parameter_group
RedshiftClusterParameterGroup resource type.
```ruby
describe redshift_cluster_parameter_group('my-redshift-cluster-parameter-group') do
its(:datestyle) { should eq 'ISO, MDY' }
its(:query_group) { should eq 'default' }
its(:require_ssl) { should eq 'false' }
end
```
### exist
```ruby
describe redshift_cluster_parameter_group('my-redshift-cluster-parameter-group') do
it { should exist }
end
```
## route53_hosted_zone
Route53HostedZone resource type.
### exist
```ruby
describe route53_hosted_zone('example.com.') do
it { should exist }
end
```
### have_record_set
```ruby
describe route53_hosted_zone('example.com.') do
its(:resource_record_set_count) { should eq 6 }
it { should have_record_set('example.com.').a('123.456.7.890') }
it { should have_record_set('*.example.com.').cname('example.com') }
it { should have_record_set('example.com.').mx('10 mail.example.com') }
it { should have_record_set('mail.example.com.').a('123.456.7.890').ttl(3600) }
ns = 'ns-123.awsdns-45.net.
ns-6789.awsdns-01.org.
ns-2345.awsdns-67.co.uk.
ns-890.awsdns-12.com.'
it { should have_record_set('example.com.').ns(ns) }
it { should have_record_set('s3.example.com.').alias('s3-website-us-east-1.amazonaws.com.', 'Z2ABCDEFGHIJKL') }
end
```
### its(:id), its(:name), its(:caller_reference), its(:config), its(:resource_record_set_count), its(:linked_service)
## route_table
RouteTable resource type.
### exist
```ruby
describe route_table('my-route-table') do
it { should exist }
end
```
### have_route
```ruby
describe route_table('my-route-table') do
it { should have_route('10.0.0.0/16').target(gateway: 'local') }
it { should have_route('0.0.0.0/0').target(gateway: 'igw-1ab2345c') }
it { should have_route('192.168.1.0/24').target(instance: 'my-ec2') }
it { should have_route('192.168.2.0/24').target(vpc_peering_connection: 'my-pcx') }
it { should have_route('192.168.3.0/24').target(nat: 'nat-7ff7777f') }
end
```
### have_subnet
```ruby
describe route_table('my-route-table') do
it { should have_subnet('my-subnet') }
end
```
### have_tag
```ruby
describe route_table('my-route-table') do
it { should have_tag('Name').value('my-route-table') }
end
```
### its(:propagating_vgws), its(:route_table_id), its(:vpc_id), its(:owner_id)
### :unlock: Advanced use
`route_table` can use `Aws::EC2::RouteTable` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/RouteTable.html).
```ruby
describe route_table('my-route-table') do
its('vpc.id') { should eq 'vpc-ab123cde' }
end
```
or
```ruby
describe s3_bucket('my-bucket') do
its('resource.vpc.id') { should eq 'vpc-ab123cde' }
end
```
## s3_bucket
S3Bucket resource type.
### exist
```ruby
describe s3_bucket('my-bucket') do
it { should exist }
end
```
### have_acl_grant
```ruby
describe s3_bucket('my-bucket') do
its(:acl_owner) { should eq 'my-bucket-owner' }
its(:acl_grants_count) { should eq 3 }
it { should have_acl_grant(grantee: 'my-bucket-owner', permission: 'FULL_CONTROL') }
it { should have_acl_grant(grantee: 'http://acs.amazonaws.com/groups/s3/LogDelivery', permission: 'WRITE') }
it { should have_acl_grant(grantee: '68f4bb06b094152df53893bfba57760e', permission: 'READ') }
end
```
### have_cors_rule
```ruby
describe s3_bucket('my-bucket') do
it do
should have_cors_rule(
allowed_methods: ['GET'],
allowed_origins: ['*']
)
end
it do
should have_cors_rule(
allowed_headers: ['*'],
allowed_methods: ['GET'],
allowed_origins: ['https://example.org', 'https://example.com'],
expose_headers: ['X-Custom-Header'],
max_age_seconds: 3600
)
end
end
```
### have_lifecycle_rule
```ruby
describe s3_bucket('my-bucket') do
it do
should have_lifecycle_rule(
id: 'MyRuleName',
noncurrent_version_expiration: { noncurrent_days: 1 },
expiration: { days: 2 },
transitions: [{ days: 3, storage_class: 'GLACIER' }],
status: 'Enabled'
)
end
it do
should have_lifecycle_rule(
id: 'MyRuleName2',
prefix: '123/',
noncurrent_version_expiration: { noncurrent_days: 2 },
expiration: { days: 3 },
transitions: [{ days: 5, storage_class: 'STANDARD_IA' }, { days: 10, storage_class: 'GLACIER' }],
status: 'Enabled'
)
end
end
```
### have_logging_enabled
```ruby
describe s3_bucket('my-bucket') do
it { should have_logging_enabled(target_bucket: 'my-log-bucket', target_prefix: 'logs/') }
end
```
### have_mfa_delete_enabled
```ruby
describe s3_bucket('my-bucket') do
it { should have_mfa_delete_enabled }
end
```
### have_object
```ruby
describe s3_bucket('my-bucket') do
it { should have_object('path/to/object') }
end
```
### have_policy
```ruby
describe s3_bucket('my-bucket') do
it do
should have_policy <<-POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket/*"
}
]
}
POLICY
end
end
```
### have_server_side_encryption
```
describe s3_bucket('my-bucket') do
it { should have_server_side_encryption(algorithm: "AES256") }
it { should have_server_side_encryption(algorithm: "aws:kms") }
end
```
### have_tag
```ruby
describe s3_bucket('my-bucket') do
it { should have_tag('env').value('dev') }
end
```
### have_versioning_enabled
```ruby
describe s3_bucket('my-bucket') do
it { should have_versioning_enabled }
end
```
### its(:acl_grants_count), its(:acl_owner), its(:cors_rules_count), its(:name), its(:creation_date)
### :unlock: Advanced use
`s3_bucket` can use `Aws::S3::Bucket` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/S3/Bucket.html).
```ruby
describe s3_bucket('my-bucket') do
its('acl.owner.display_name') { should eq 'my-bucket-owner' }
end
```
or
```ruby
describe s3_bucket('my-bucket') do
its('resource.acl.owner.display_name') { should eq 'my-bucket-owner' }
end
```
## security_group
SecurityGroup resource type.
### exist
```ruby
describe security_group('my-security-group-name') do
it { should exist }
end
```
### be_inbound_opened_only
### be_opened_only
### be_outbound_opened_only
### have_tag
```ruby
describe security_group('my-security-group-name') do
it { should have_tag('env').value('dev') }
end
```
### its(:inbound), its(:outbound)
```ruby
describe security_group('my-security-group-name') do
its(:outbound) { should be_opened }
its(:inbound) { should be_opened(80) }
its(:inbound) { should be_opened(80).protocol('tcp').for('203.0.113.1/32') }
its(:inbound) { should be_opened(22).protocol('tcp').for('sg-5a6b7cd8') }
end
```
### its(:inbound_rule_count), its(:outbound_rule_count), its(:inbound_permissions_count), its(:outbound_permissions_count), its(:description), its(:group_name), its(:owner_id), its(:group_id), its(:vpc_id)
### :unlock: Advanced use
`security_group` can use `Aws::EC2::SecurityGroup` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/SecurityGroup.html).
```ruby
describe security_group('my-security-group-name') do
its('group_name') { should eq 'my-security-group-name' }
end
```
or
```ruby
describe security_group('my-security-group-name') do
its('resource.group_name') { should eq 'my-security-group-name' }
end
```
## ses_identity
SesIdentity resource type.
### exist
```ruby
describe ses_identity('example.com') do
it { should exist }
end
```
### have_dkim_tokens
### have_identity_policy
```ruby
describe ses_identity('example.com') do
it { should have_identity_policy('my-identity-policy-name') }
end
```
### its(:dkim_enabled), its(:dkim_verification_status), its(:bounce_topic), its(:complaint_topic), its(:delivery_topic), its(:forwarding_enabled), its(:verification_status), its(:verification_token)
## sns_topic
SnsTopic resource type.
### exist
```ruby
describe sns_topic(topic_arn) do
it { should exist }
end
```
### have_subscription
```ruby
describe sns_topic(topic_arn) do
let(:subscription_arn) do
subscription_arn: subscribed, # this is required
end
describe '#subscribed' do
it do
should have_subscription(subscribed)
end
end
end
```
An [automatic matcher](https://www.rubydoc.info/github/rspec/rspec-expectations/RSpec/Matchers) created due the predicate `has_subscription?` existing method of `Awspec::Type::SnsTopic` class.
It validates if a given AWS SNS ARN subscription exists in the SNS Topic.
### have_subscription_attributes
```ruby
describe sns_topic(topic_arn) do
let(:expected_attribs) do
{ protocol: 'lambda',
owner: '123456789',
subscription_arn: subscribed, # this is required
endpoint: 'arn:aws:lambda:us-east-1:123456789:function:foobar' }
end
describe '#subscribed' do
it do
should have_subscription_attributes(expected_attribs)
end
end
end
```
Where `:expected_attribs` is a hash with keys as properties that are part of a SNS Topic subscription:
* subscription_arn
* owner
* protocol
* endpoint
* topic_arn
You can use any combinations of key/values that will be used by `have_subscription_attributes`, but the `subscription_arn` is required and if it is missing, an exception will be generated.
### include_subscribed
```ruby
describe sns_topic(topic_arn) do
it { should include_subscribed(subscribed) }
end
```
### its(:policy), its(:owner), its(:pending_subscriptions), its(:topic_arn), its(:effective_delivery_policy), its(:display_name), its(:confirmed_subscriptions), its(:deleted_subscriptions), its(:name)
### :unlock: Advanced use
You may want to validate the subscriptions too. For that, you probably will want to use the methods `subscriptions` (that will return a list of the subscriptions ARN as symbols) and `has_subscription?` (that expects a SNS Topic subscription as parameter and will return `true` of `false` if it exists as a subscription) of the class `Awspec::Type::SnsTopic` to build the fixture in order to use the matcher `have_subscription_attributes`.
## sqs
SQS resource type.
### exist
```ruby
describe sqs('my-queue') do
it { should exist }
end
```
### have_tag
### its(:queue_arn), its(:approximate_number_of_messages), its(:approximate_number_of_messages_not_visible), its(:approximate_number_of_messages_delayed), its(:created_timestamp), its(:last_modified_timestamp), its(:visibility_timeout), its(:maximum_message_size), its(:message_retention_period), its(:delay_seconds), its(:receive_message_wait_time_seconds), its(:queue_url)
## ssm_parameter
SsmParameter resource type.
### exist
```ruby
describe ssm_parameter('my-parameter') do
it { should exist }
end
```
### be_encrypted
```ruby
describe ssm_parameter('my-parameter') do
it { should be_encrypted }
end
```
### have_tag
```ruby
describe ssm_parameter('my-parameter') do
it { should have_tag('my-key').value('my-value') }
end
```
### its(:name), its(:type), its(:key_id), its(:last_modified_date), its(:last_modified_user), its(:description), its(:allowed_pattern), its(:version)
### :unlock: Advanced use
```ruby
describe ssm_parameter('my-parameter') do
its(:key_id) { should be_eql('6a81f446-27b0-4d51-a04f-af7ddeea2e22') }
its(:description) { should be_eql('Some string description') }
its(:version) { should be_eql(1) }
end
```
## subnet
Subnet resource type.
### exist
```ruby
describe subnet('my-subnet') do
it { should exist }
end
```
### be_associated_to
### be_available, be_pending
```ruby
describe subnet('my-subnet') do
it { should be_available }
end
```
### have_tag
```ruby
describe subnet('my-subnet') do
it { should have_tag('Environment').value('QA') }
end
```
### its(:availability_zone), its(:availability_zone_id), its(:available_ip_address_count), its(:cidr_block), its(:default_for_az), its(:map_public_ip_on_launch), its(:state), its(:subnet_id), its(:vpc_id), its(:owner_id), its(:assign_ipv_6_address_on_creation), its(:ipv_6_cidr_block_association_set), its(:subnet_arn)
### :unlock: Advanced use
`subnet` can use `Aws::EC2::Subnet` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Subnet.html).
```ruby
describe subnet('my-subnet') do
its('vpc.id') { should eq 'vpc-ab123cde' }
end
```
or
```ruby
describe subnet('my-subnet') do
its('resource.vpc.id') { should eq 'vpc-ab123cde' }
end
```
## vpc
VPC resource type.
### exist
```ruby
describe vpc('my-vpc') do
it { should exist }
end
```
### be_available, be_pending
```ruby
describe vpc('vpc-ab123cde') do
it { should be_available }
end
```
### be_connected_to_vpc
```ruby
describe vpc('vpc-ab123cde') do
it { should be_connected_to_vpc('vpc-bcd1235e') }
it { should be_connected_to_vpc('vpc-bcd1235e').as_accepter }
it { should_not be_connected_to_vpc('vpc-bcd1235e').as_requester }
end
```
### have_network_acl
```ruby
describe vpc('vpc-ab123cde') do
it { should have_network_acl('acl-1abc2d3e') }
it { should have_network_acl('my-network-acl') }
end
```
### have_route_table
```ruby
describe vpc('vpc-ab123cde') do
it { should have_route_table('rtb-ab123cde') }
it { should have_route_table('my-route-table') }
end
```
### have_tag
```ruby
describe vpc('vpc-ab123cde') do
it { should have_tag('Stack').value('Networking') }
end
```
### have_vpc_attribute
```ruby
describe vpc('vpc-ab123cde') do
it { should have_vpc_attribute('enableDnsHostnames') }
it { should_not have_vpc_attribute('enableDnsSupport') }
end
```
### have_vpc_peering_connection
```ruby
describe vpc('vpc-ab123cde') do
it { should have_vpc_peering_connection('pcx-c56789de') }
it { should have_vpc_peering_connection('pcx-c56789de').as_accepter }
it { should_not have_vpc_peering_connection('pcx-c56789de').as_requester }
end
```
### its(:cidr_block), its(:dhcp_options_id), its(:state), its(:vpc_id), its(:owner_id), its(:instance_tenancy), its(:ipv_6_cidr_block_association_set), its(:cidr_block_association_set), its(:is_default)
### :unlock: Advanced use
`vpc` can use `Aws::EC2::Vpc` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Vpc.html).
```ruby
describe vpc('my-vpc') do
its('route_tables.first.route_table_id') { should eq 'rtb-a12bcd34' }
end
```
or
```ruby
describe vpc('my-vpc') do
its('resource.route_tables.first.route_table_id') { should eq 'rtb-a12bcd34' }
end
```
## vpn_connection
VpnConnection resource type.
### exist
```ruby
describe vpn_connection('my-vpn-connection') do
it { should exist }
end
```
### be_pending, be_available, be_deleting, be_deleted
```ruby
describe vpn_connection('my-vpn-connection') do
it { should be_running }
end
```
### have_tag
```ruby
describe vpn_connection('my-vpn-connection') do
it { should have_tag('Name').value('my-vpn-connection') }
end
```
### its(:customer_gateway_configuration), its(:customer_gateway_id), its(:category), its(:state), its(:type), its(:vpn_connection_id), its(:vpn_gateway_id), its(:transit_gateway_id), its(:options), its(:routes), its(:vgw_telemetry)
## vpn_gateway
VpnGateway resource type.
### exist
```ruby
describe vpn_gateway('my-vpn-gateway') do
it { should exist }
end
```
### be_pending, be_available, be_deleting, be_deleted
```ruby
describe vpn_gateway('my-vpn-gateway') do
it { should be_running }
end
```
### have_tag
```ruby
describe vpn_gateway('my-vpn-gateway') do
it { should have_tag('Name').value('my-vpn-gateway') }
end
```
### its(:availability_zone), its(:state), its(:type), its(:vpc_attachments), its(:vpn_gateway_id), its(:amazon_side_asn), its(:tags)
## waf_web_acl
WafWebAcl resource type.
### exist
```ruby
describe waf_web_acl('my-waf-web-acl') do
it { should exist }
its(:default_action) { should eq 'BLOCK' }
it { should have_rule('my-waf-web-acl-allowed-ips') }
it { should have_rule('my-waf-web-acl-allowed-ips').order(2).action('BLOCK') }
end
```
### have_rule
```ruby
describe waf_web_acl('my-waf-web-acl') do
it { should have_rule('my-waf-web-acl-allowed-ips') }
it { should have_rule('my-waf-web-acl-allowed-ips').order(2).action('BLOCK') }
end
```
### its(:default_action), its(:web_acl_id), its(:name), its(:metric_name), its(:web_acl_arn)
# Account and Attributes
## account
Account resource type.
```ruby
describe account do
its(:user_id) { should eq 'AKIAI44QH8DHBEXAMPLE' }
its(:account) { should eq '123456789012' }
its(:arn) { should eq 'arn:aws:iam::123456789012:user/Alice' }
its('ec2.supported_platforms') { should eq ["EC2", "VPC"] }
its('ec2.vpc_max_security_groups_per_interface') { should eq 5 }
its('ec2.max_elastic_ips') { should eq 5 }
its('ec2.max_instances') { should eq 20 }
its('ec2.vpc_max_elastic_ips') { should eq 5 }
its('ec2.default_vpc') { should eq 'none' }
its('rds.DBInstances.used') { should eq 0 }
its('rds.DBInstances.max') { should eq 40 }
its('rds.ReservedDBInstances.used') { should eq 0 }
its('rds.ReservedDBInstances.max') { should eq 40 }
its('rds.AllocatedStorage.used') { should eq 0 }
its('rds.AllocatedStorage.max') { should eq 100000 }
its('rds.DBSecurityGroups.used') { should eq 0 }
its('rds.DBSecurityGroups.max') { should eq 25 }
its('rds.AuthorizationsPerDBSecurityGroup.used') { should eq 0 }
its('rds.AuthorizationsPerDBSecurityGroup.max') { should eq 20 }
its('rds.DBParameterGroups.used') { should eq 1 }
its('rds.DBParameterGroups.max') { should eq 50 }
its('rds.ManualSnapshots.used') { should eq 0 }
its('rds.ManualSnapshots.max') { should eq 100 }
its('rds.EventSubscriptions.used') { should eq 0 }
its('rds.EventSubscriptions.max') { should eq 20 }
its('rds.DBSubnetGroups.used') { should eq 1 }
its('rds.DBSubnetGroups.max') { should eq 50 }
its('rds.OptionGroups.used') { should eq 0 }
its('rds.OptionGroups.max') { should eq 20 }
its('rds.SubnetsPerDBSubnetGroup.used') { should eq 2 }
its('rds.SubnetsPerDBSubnetGroup.max') { should eq 20 }
its('rds.ReadReplicasPerMaster.used') { should eq 0 }
its('rds.ReadReplicasPerMaster.max') { should eq 5 }
its('rds.DBClusters.used') { should eq 0 }
its('rds.DBClusters.max') { should eq 40 }
its('rds.DBClusterParameterGroups.used') { should eq 0 }
its('rds.DBClusterParameterGroups.max') { should eq 50 }
its('rds.DBClusterRoles.used') { should eq 0 }
its('rds.DBClusterRoles.max') { should eq 5 }
its('lambda.total_code_size.limit') { should eq 80530636800 }
its('lambda.total_code_size.usage') { should eq 2034651562 }
its('lambda.code_size_unzipped.limit') { should eq 262144000 }
its('lambda.code_size_zipped.limit') { should eq 52428800 }
its('lambda.concurrent_executions.limit') { should eq 200 }
its('lambda.unreserved_concurrent_executions.limit') { should eq 50 }
its('lambda.function_count.usage') { should eq 8 }
its('ses.max_24_hour_send') { should eq 200.0 }
its('ses.max_send_rate') { should eq 1.0 }
its('ses.sent_last_24_hours') { should eq 1.0 }
end
```
## :unlock: Another way: Test with account_attribute type
## account_attribute
Account Attribute resource type.
```ruby
describe account_attribute('ec2') do
its('supported_platforms') { should eq ["EC2", "VPC"] }
its('vpc_max_security_groups_per_interface') { should eq 5 }
its('max_elastic_ips') { should eq 5 }
its('max_instances') { should eq 20 }
its('vpc_max_elastic_ips') { should eq 5 }
its('default_vpc') { should eq 'none' }
end
describe account_attribute('rds') do
its('DBInstances.used') { should eq 0 }
its('DBInstances.max') { should eq 40 }
its('ReservedDBInstances.used') { should eq 0 }
its('ReservedDBInstances.max') { should eq 40 }
its('AllocatedStorage.used') { should eq 0 }
its('AllocatedStorage.max') { should eq 100000 }
its('DBSecurityGroups.used') { should eq 0 }
its('DBSecurityGroups.max') { should eq 25 }
its('AuthorizationsPerDBSecurityGroup.used') { should eq 0 }
its('AuthorizationsPerDBSecurityGroup.max') { should eq 20 }
its('DBParameterGroups.used') { should eq 1 }
its('DBParameterGroups.max') { should eq 50 }
its('ManualSnapshots.used') { should eq 0 }
its('ManualSnapshots.max') { should eq 100 }
its('EventSubscriptions.used') { should eq 0 }
its('EventSubscriptions.max') { should eq 20 }
its('DBSubnetGroups.used') { should eq 1 }
its('DBSubnetGroups.max') { should eq 50 }
its('OptionGroups.used') { should eq 0 }
its('OptionGroups.max') { should eq 20 }
its('SubnetsPerDBSubnetGroup.used') { should eq 2 }
its('SubnetsPerDBSubnetGroup.max') { should eq 20 }
its('ReadReplicasPerMaster.used') { should eq 0 }
its('ReadReplicasPerMaster.max') { should eq 5 }
its('DBClusters.used') { should eq 0 }
its('DBClusters.max') { should eq 40 }
its('DBClusterParameterGroups.used') { should eq 0 }
its('DBClusterParameterGroups.max') { should eq 50 }
its('DBClusterRoles.used') { should eq 0 }
its('DBClusterRoles.max') { should eq 5 }
end
describe account_attribute('lambda') do
its('total_code_size.limit') { should eq 80530636800 }
its('total_code_size.usage') { should eq 2034651562 }
its('code_size_unzipped.limit') { should eq 262144000 }
its('code_size_zipped.limit') { should eq 52428800 }
its('concurrent_executions.limit') { should eq 200 }
its('unreserved_concurrent_executions.limit') { should eq 50 }
its('function_count.usage') { should eq 8 }
end
describe account_attribute('ses') do
its('max_24_hour_send') { should eq 200.0 }
its('max_send_rate') { should eq 1.0 }
its('sent_last_24_hours') { should eq 1.0 }
end
```
## :unlock: Another way: Test with separated resource types
[ec2_account_attributes](#ec2_account_attributes)
| [rds_account_attributes](#rds_account_attributes)
| [lambda_account_settings](#lambda_account_settings)
| [ses_send_quota](#ses_send_quota)
## ec2_account_attributes
Ec2AccountAttributes account attributes.
```ruby
describe ec2_account_attributes do
its(:supported_platforms) { should include 'VPC' }
its(:max_instances) { should eq 20 }
end
```
### its(:supported_platforms), its(:vpc_max_security_groups_per_interface), its(:max_elastic_ips), its(:max_instances), its(:vpc_max_elastic_ips), its(:default_vpc)
## rds_account_attributes
RdsAccountAttributes account attributes.
```ruby
describe rds_account_attributes do
its('DBInstances.used') { should eq 0 }
its('DBInstances.max') { should eq 40 }
end
```
## lambda_account_settings
LambdaAccountSettings account attributes.
```ruby
describe lambda_account_settings do
its('total_code_size.limit') { should eq 80_530_636_800 }
its('total_code_size.usage') { should eq 2_034_651_562 }
its('function_count.usage') { should eq 8 }
end
```
## ses_send_quota
SesSendQuota account attributes.
```ruby
describe ses_send_quota do
its(:max_24_hour_send) { should eq 200.0 }
its(:max_send_rate) { should eq 1.0 }
its(:sent_last_24_hours) { should eq 1.0 }
end
```
### its(:max_24_hour_send), its(:max_send_rate), its(:sent_last_24_hours)