aws_vpn_gateway resource

Use the aws_vpn_gateway InSpec audit resource to test the properties of a single AWS VPN gateway.

Syntax

An aws_vpn_gateway resource block declares the tests for a single AWS VPN gateway by vpn_gateway_id.

describe aws_vpn_gateway(vpn_gateway_id: 'vgw-014aef8a0689b8f43') do
  it { should exist }
end

The value of the vpn_gateway_id can be provided as a string.

describe aws_vpn_gateway('vgw-014aef8a0689b8f43') do
  it { should exist }
end

The AWS VPN gateway ID is required.

vpn_group_id (required)

The ID of the VPN gateway:

: It can be passed either as a string or as a vpn_gateway_id: 'value' key-value entry in a hash.

vpn_gateway_id: The identifier of the AWS VPN gateway.
state: The current state of the VPN gateway. Possible values are: pending, available, deleting, deleted.
type: The type of VPN connection that the VPN gateway supports.
availability_zone: The Availability Zone where the virtual private gateway was created. If not applicable, this field will be be empty.
vpc_id: The ID of the associated VPC.
amazon_side_asn: The private Autonomous System Number (ASN) for the Amazon side of a BGP session.
tags: All tags that are associated to the VPN gateway.

There are also additional properties available. For a comprehensive list, see the API reference documentation.

Test that a VPN Gateway is available and attached:

describe aws_vpn_gateway('vgw-014aef8a0689b8f43') do
    its('status') { should eq 'available' }
    it { should be_attached }
end

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

describe aws_vpn_gateway('vgw-014aef8a0689b8f43') do
    it { should exist }
end

describe aws_vpn_gateway('vgw-014aef8a0689b8f43') do
    it { should be_attached }
    its('vpc_id') { should eq 'vpc-0a510beed76210f2f'}
end

Your AWS principal will need the EC2:Client:DescribeVpnGatewaysResult action with Effect set to Allow.