aws_vpn_connection resource
Use the aws_vpn_connection InSpec audit resource to test the properties of a single AWS VPN connection.
Syntax
An aws_vpn_connection resource block declares the tests for a single AWS VPN connection by vpn_connection_id.
describe aws_vpn_connection(vpn_connection_id: 'vpn-1234567890') do
it { should exist }
end
describe aws_vpn_connection('vpn-1234567890') do
it { should exist }
end
Parameters
vpn_connection_id(required)- The identifier of the AWS VPN connection. It can be passed either as a string or as a
vpn_connection_id: 'value'hash key-value entry.
Properties
vpn_connection_id- The identifier of the AWS VPN connection.
state- The current state of the VPN connection. Possible values are:
pending,available,deleting, anddeleted. type- The type of VPN connection that the VPN connection supports.
vpn_gateway_id- The ID of the associated VPN.
- All tags that are associated with the VPN connection.
There are also additional properties available. For a comprehensive list, see the API reference documentation.
Examples
Test that a VPN connection is available
describe aws_vpn_connection('vpn-1234567890') do
its('vpn_connection_id') { should eq 'vpn-1234567890' }
end
Test that a VPN connection status is available
describe aws_vpn_connection('vpn-1234567890') do
its('status') { should eq 'available' }
end
Matchers
For a full list of available matchers, see our Universal Matchers page.The control passes if the get method returns at least one result.
exist
Use should to test that the entity exists.
describe aws_vpn_connection('vpn-1234567890') do
it { should exist }
end
not exist
Use should_not to test that the entity does not exist.
describe aws_vpn_connection('vpn-1234567890') do
it { should_not exist }
end
AWS Permissions
Your AWS principal will need the EC2:Client:DescribeVpnConnectionsResult action with Effect set to Allow.