Skip to main content

aws_efs_file_system resource

Use the aws_efs_file_system InSpec audit resource to test the properties of a single AWS EFS file system. This resource is added to InSpec AWS resource pack in version 1.10.0 and it is available with InSpec 4.18.108 and later versions.

Syntax

An aws_efs_file_system resource block declares the tests for a single AWS EFS file system by either file system id or creation token.

describe aws_efs_file_system(file_system_id: 'fs-12345678') do
  it                         { should be_encrypted }
  its('size_in_bytes.value') { should cmp 6144 }
end

describe aws_efs_file_system(creation_token: 'my-token') do
  its('encrypted')       { should cmp true }
  its('throughput_mode') { should eq 'bursting' }
end

The value of the file_system_id can be provided as a string.

describe aws_efs_file_system('fs-12345678') do
  it { should exist }
end

Parameters

Either the EFS file system id or creation token must be provided.

file_system_id (required if creation_token not provided)

The ID of the EFS file system. This is in the format of fs- followed by 8 or 17 hexadecimal characters. This can be passed either as a string or as a file_system_id: 'value' key-value entry in a hash.

creation_token (required if file_system_id not provided)

The creation token is automatically assigned by AWS if not provided by the user at creation. This is a string with minimum 1 and maximum 64-character long. This must be passed as a creation_token: 'value' key-value entry in a hash.

Properties

creation_token
The value of the creation token.
file_system_id
The id of the file system which is auto-assigned by the AWS.
encrypted
Indicates whether the file system is encrypted or not.
life_cycle_state
The lifecycle phase of the file system, e.g. ‘creating’.
owner_id
The AWS account that created the file system.
performance_mode
The performance mode of the file system, e.g. ‘maxIO’.
throughput_mode
The throughput mode for a file system, e.g. ‘bursting’.
tags
An hash with each key-value pair corresponding to a tag associated with the entity.

There are also additional properties available. For a comprehensive list, see the API reference documentation

Examples

Test that an EFS file system is available:

describe aws_efs_file_system("fs-12345678") do
    its("life_cycle_state") { should eq 'available' }
end

Test that an EFS file system is in ‘maxIO’ performance mode:

describe aws_efs_file_system(creation_token: "My Token") do
    its("performance_mode") { should eq "maxIO" }
end

Test that an EFS file system has a certain tag:

describe aws_efs_file_system(creation_token: "My Token") do
    its("tags") { should include("companyName" => "My Company") }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exist

describe aws_efs_file_system(file_system_id: "fs-12345678") do
    it { should exist }
end

be_encrypted

describe aws_efs_file_system(creation_token: "My Token") do
    it { should be_encrypted }
end

AWS Permissions

Your AWS principal will need the EFS:Client:DescribeFileSystemsResponse action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EFS, and Actions, Resources, and Condition Keys for Identity And Access Management.

Thank you for your feedback!

×