Resource Types
ec2 | rds | rds_db_parameter_group | security_group | vpc | s3_bucket | route53_hosted_zone | autoscaling_group | subnet | route_table | ebs | elb | lambda | iam_user | iam_group | iam_role | iam_policy | elasticache | elasticache_cache_parameter_group | cloudwatch_alarm | ses_identity | network_acl | directconnect_virtual_interface
ec2
EC2 resource type.
exist
describe ec2('my-ec2') do
it { should exist }
end
be_disabled_api_termination
describe ec2('my-ec2') do
it { should be_disabled_api_termination }
end
be_pending, be_running, be_shutting_down, be_terminated, be_stopping, be_stopped
describe ec2('my-ec2') do
it { should be_running }
end
have_ebs
describe ec2('my-ec2') do
it { should have_ebs('vol-123a123b') }
it { should have_ebs('my-volume') }
end
have_eip
describe ec2('my-ec2') do
it { should have_eip('123.0.456.789') }
end
have_security_group
describe ec2('my-ec2') do
it { should have_security_group('my-security-group-name') }
it { should have_security_group('sg-1a2b3cd4') }
end
belong_to_subnet
describe ec2('my-ec2') do
it { should belong_to_subnet('subnet-1234a567') }
it { should belong_to_subnet('my-subnet') }
end
belong_to_vpc
describe ec2('my-ec2') do
it { should belong_to_vpc('vpc-ab123cde') }
it { should belong_to_vpc('my-vpc') }
end
its(:instance_id), its(:image_id), its(:private_dns_name), its(:public_dns_name), its(:state_transition_reason), its(:key_name), its(:ami_launch_index), its(:instance_type), its(:launch_time), its(:placement), its(:kernel_id), its(:ramdisk_id), its(:platform), its(:monitoring), its(:subnet_id), its(:vpc_id), its(:private_ip_address), its(:public_ip_address), its(:state_reason), its(:architecture), its(:root_device_type), its(:root_device_name), its(:virtualization_type), its(:instance_lifecycle), its(:spot_instance_request_id), its(:client_token), its(:source_dest_check), its(:hypervisor), its(:iam_instance_profile), its(:ebs_optimized), its(:sriov_net_support)
:unlock: Advanced use
ec2 can use Aws::EC2::Instance resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Instance.html).
describe ec2('my-ec2') do
its('vpc.id') { should eq 'vpc-ab123cde' }
end
or
describe ec2('my-ec2') do
its('resource.vpc.id') { should eq 'vpc-ab123cde' }
end
rds
RDS resource type.
exist
describe rds('my-rds') do
it { should exist }
end
be_available, be_backing_up, be_creating, be_deleting, be_failed, be_inaccessible_encryption_credentials, be_incompatible_credentials, be_incompatible_network, be_incompatible_option_group, be_incompatible_parameters, be_incompatible_restore, be_maintenance, be_modifying, be_rebooting, be_renaming, be_resetting_master_credentials, be_restore_error, be_storage_full, be_upgrading
describe rds('my-rds') do
it { should be_available }
end
have_db_parameter_group
describe rds('my-rds') do
it { should belong_to_db_subnet_group('my-db-subnet-group') }
end
have_option_group
describe rds('my-rds') do
it { should have_option_group('default:mysql-5-6') }
end
have_security_group
describe rds('my-rds') do
it { should have_security_group('sg-5a6b7cd8') }
it { should have_security_group('my-db-sg') }
end
belong_to_db_subnet_group
describe rds('my-rds') do
it { should belong_to_db_subnet_group('my-db-subnet-group') }
end
belong_to_subnet
describe rds('my-rds') do
it { should belong_to_subnet('subnet-8901b123') }
it { should belong_to_subnet('db-subnet-a') }
end
belong_to_vpc
describe rds('my-rds') do
it { should belong_to_vpc('vpc-ab123cde') }
it { should belong_to_vpc('my-vpc') }
end
its(:vpc_id), its(:db_instance_identifier), its(:db_instance_class), its(:engine), its(:db_instance_status), its(:master_username), its(:db_name), its(:endpoint), its(:allocated_storage), its(:instance_create_time), its(:preferred_backup_window), its(:backup_retention_period), its(:availability_zone), its(:preferred_maintenance_window), its(:pending_modified_values), its(:latest_restorable_time), its(:multi_az), its(:engine_version), its(:auto_minor_version_upgrade), its(:read_replica_source_db_instance_identifier), its(:license_model), its(:iops), its(:character_set_name), its(:secondary_availability_zone), its(:publicly_accessible), its(:storage_type), its(:tde_credential_arn), its(:db_instance_port), its(:db_cluster_identifier), its(:storage_encrypted), its(:kms_key_id), its(:dbi_resource_id), its(:ca_certificate_identifier), its(:copy_tags_to_snapshot)
:unlock: Advanced use
rds can use Aws::RDS::DBInstance resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/RDS/DBInstance.html).
describe rds('my-rds') do
its('db_subnet_group.db_subnet_group_name') { should eq 'my-db-subnet-group' }
end
or
describe rds('my-rds') do
its('resource.db_subnet_group.db_subnet_group_name') { should eq 'my-db-subnet-group' }
end
rds_db_parameter_group
RdsDbParameterGroup resource type.
describe rds_db_parameter_group('my-rds-db-parameter-group') do
its(:basedir) { should eq '/rdsdbbin/mysql' }
its(:innodb_buffer_pool_size) { '{DBInstanceClassMemory*3/4}' }
end
exist
describe rds_db_parameter_group('my-rds-db-parameter-group') do
it { should exist }
end
security_group
SecurityGroup resource type.
exist
describe security_group('my-security-group-name') do
it { should exist }
end
its(:inbound), its(:outbound)
describe security_group('my-security-group-name') do
its(:outbound) { should be_opened }
its(:inbound) { should be_opened(80) }
its(:inbound) { should be_opened(80).protocol('tcp').for('203.0.113.1/32') }
its(:inbound) { should be_opened(22).protocol('tcp').for('sg-5a6b7cd8') }
end
its(:inbound_rule_count), its(:outbound_rule_count), its(:inbound_permissions_count), its(:outbound_permissions_count), its(:owner_id), its(:group_name), its(:group_id), its(:description), its(:vpc_id)
:unlock: Advanced use
security_group can use Aws::EC2::SecurityGroup resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/SecurityGroup.html).
describe security_group('my-security-group-name') do
its('group_name') { should eq 'my-security-group-name' }
end
or
describe security_group('my-security-group-name') do
its('resource.group_name') { should eq 'my-security-group-name' }
end
vpc
VPC resource type.
exist
describe vpc('my-vpc') do
it { should exist }
end
be_available, be_pending
describe vpc('vpc-ab123cde') do
it { should be_available }
end
have_network_acl
describe vpc('vpc-ab123cde') do
it { should have_network_acl('acl-1abc2d3e') }
it { should have_network_acl('my-network-acl') }
end
have_route_table
describe vpc('vpc-ab123cde') do
it { should have_network_acl('acl-1abc2d3e') }
it { should have_network_acl('my-network-acl') }
end
its(:vpc_id), its(:state), its(:cidr_block), its(:dhcp_options_id), its(:instance_tenancy), its(:is_default)
:unlock: Advanced use
vpc can use Aws::EC2::Vpc resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Vpc.html).
describe vpc('my-vpc') do
its('route_tables.first.route_table_id') { should eq 'rtb-a12bcd34' }
end
or
describe vpc('my-vpc') do
its('resource.route_tables.first.route_table_id') { should eq 'rtb-a12bcd34' }
end
s3_bucket
S3Bucket resource type.
exist
describe s3_bucket('my-bucket') do
it { should exist }
end
have_acl_grant
describe s3_bucket('my-bucket') do
its(:acl_owner) { should eq 'my-bucket-owner' }
its(:acl_grants_count) { should eq 3 }
it { should have_acl_grant(grantee: 'my-bucket-owner', permission: 'FULL_CONTROL') }
it { should have_acl_grant(grantee: 'http://acs.amazonaws.com/groups/s3/LogDelivery', permission: 'WRITE') }
it { should have_acl_grant(grantee: '68f4bb06b094152df53893bfba57760e', permission: 'READ') }
end
have_cors_rule
describe s3_bucket('my-bucket') do
it do
should have_cors_rule(
allowed_methods: ['GET'],
allowed_origins: ['*']
)
end
it do
should have_cors_rule(
allowed_headers: ['*'],
allowed_methods: ['GET'],
allowed_origins: ['https://example.org', 'https://example.com'],
expose_headers: ['X-Custom-Header'],
max_age_seconds: 3600
)
end
end
have_object
describe s3_bucket('my-bucket') do
it { should have_object('path/to/object') }
end
have_policy
describe s3_bucket('my-bucket') do
should have_policy <<-POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket/*"
}
]
}
POLICY
end
end
its(:acl_grants_count), its(:acl_owner), its(:cors_rules_count), its(:name), its(:creation_date)
:unlock: Advanced use
s3_bucket can use Aws::S3::Bucket resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/S3/Bucket.html).
describe s3_bucket('my-bucket') do
its('acl.owner.display_name') { should eq 'my-bucket-owner' }
end
or
describe s3_bucket('my-bucket') do
its('resource.acl.owner.display_name') { should eq 'my-bucket-owner' }
end
route53_hosted_zone
Route53HostedZone resource type.
exist
describe route53_hosted_zone('example.com.') do
it { should exist }
end
have_record_set
describe route53_hosted_zone('example.com.') do
its(:resource_record_set_count) { should eq 6 }
it { should have_record_set('example.com.').a('123.456.7.890') }
it { should have_record_set('*.example.com.').cname('example.com') }
it { should have_record_set('example.com.').mx('10 mail.example.com') }
it { should have_record_set('mail.example.com.').a('123.456.7.890').ttl(3600) }
ns = 'ns-123.awsdns-45.net.
ns-6789.awsdns-01.org.
ns-2345.awsdns-67.co.uk.
ns-890.awsdns-12.com.'
it { should have_record_set('example.com.').ns(ns) }
it { should have_record_set('s3.example.com.').alias('s3-website-us-east-1.amazonaws.com.', 'Z2ABCDEFGHIJKL') }
end
its(:id), its(:name), its(:caller_reference), its(:config), its(:resource_record_set_count)
autoscaling_group
AutoscalingGroup resource type.
exist
describe autoscaling_group('my-auto-scaling-group') do
it { should exist }
end
have_ec2
describe autoscaling_group('my-auto-scaling-group') do
it { should have_ec2('my-ec2') }
end
have_elb
describe autoscaling_group('my-auto-scaling-group') do
it { should have_elb('my-elb') }
end
its(:auto_scaling_group_name), its(:auto_scaling_group_arn), its(:launch_configuration_name), its(:min_size), its(:max_size), its(:desired_capacity), its(:default_cooldown), its(:health_check_type), its(:health_check_grace_period), its(:created_time), its(:placement_group), its(:vpc_zone_identifier), its(:status), its(:new_instances_protected_from_scale_in)
subnet
Subnet resource type.
exist
describe subnet('my-subnet') do
it { should exist }
end
be_available, be_pending
describe subnet('my-subnet') do
it { should be_available }
end
its(:subnet_id), its(:state), its(:vpc_id), its(:cidr_block), its(:available_ip_address_count), its(:availability_zone), its(:default_for_az), its(:map_public_ip_on_launch)
:unlock: Advanced use
subnet can use Aws::EC2::Subnet resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Subnet.html).
describe subnet('my-subnet') do
its('vpc.id') { should eq 'vpc-ab123cde' }
end
or
describe subnet('my-subnet') do
its('resource.vpc.id') { should eq 'vpc-ab123cde' }
end
route_table
RouteTable resource type.
exist
describe route_table('my-route-table') do
it { should exist }
end
have_route
describe route_table('my-route-table') do
it { should have_route('10.0.0.0/16').target(gateway: 'local') }
it { should have_route('0.0.0.0/0').target(gateway: 'igw-1ab2345c') }
it { should have_route('192.168.1.0/24').target(instance: 'my-ec2') }
it { should have_route('192.168.2.0/24').target(vpc_peering_connection: 'my-pcx') }
end
have_subnet
describe route_table('my-route-table') do
it { should have_subnet('my-subnet') }
end
its(:route_table_id), its(:vpc_id)
:unlock: Advanced use
route_table can use Aws::EC2::RouteTable resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/RouteTable.html).
describe route_table('my-route-table') do
its('vpc.id') { should eq 'vpc-ab123cde' }
end
or
describe s3_bucket('my-bucket') do
its('resource.vpc.id') { should eq 'vpc-ab123cde' }
end
ebs
EBS resource type.
exist
describe ebs('my-volume') do
it { should exist }
end
be_attached_to
describe ebs('my-volume') do
it { should be_attached_to('my-ec2') }
end
be_creating, be_available, be_in_use, be_deleting, be_deleted, be_error
describe ebs('my-volume') do
it { should be_in_use }
end
its(:volume_id), its(:size), its(:snapshot_id), its(:availability_zone), its(:state), its(:create_time), its(:volume_type), its(:iops), its(:encrypted), its(:kms_key_id)
:unlock: Advanced use
ebs can use Aws::EC2::Volume resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Volume.html).
describe ebs('my-volume') do
its('attachments.first.instance_id') { should eq 'i-ec12345a' }
end
or
describe ebs('my-volume') do
its('resource.attachments.first.instance_id') { should eq 'i-ec12345a' }
end
elb
ELB resource type.
exist
describe elb('my-elb') do
it { should exist }
end
have_ec2
describe elb('my-elb') do
it { should have_ec2('my-ec2') }
end
have_listener
http://docs.aws.amazon.com/en_us/ElasticLoadBalancing/latest/DeveloperGuide/elb-listener-config.html
describe elb('my-elb') do
it { should have_listener(protocol: 'HTTPS', port: 443, instance_protocol: 'HTTP', instance_port: 80) }
end
have_security_group
describe elb('my-elb') do
it { should have_security_group('my-lb-security-group-tag-name') }
end
have_subnet
describe elb('my-elb') do
it { should have_subnet('my-subnet') }
end
belong_to_vpc
describe elb('my-elb') do
it { should belong_to_vpc('my-vpc') }
end
its(:health_check_target), its(:health_check_interval), its(:health_check_timeout), its(:health_check_unhealthy_threshold), its(:health_check_healthy_threshold), its(:load_balancer_name), its(:dns_name), its(:canonical_hosted_zone_name), its(:canonical_hosted_zone_name_id), its(:vpc_id), its(:created_time), its(:scheme)
lambda
Lambda resource type.
exist
describe lambda('my-lambda-function-name') do
it { should exist }
end
have_event_source
This matcher does not support Amazon S3 event sources. ( See SDK doc )
its(:function_name), its(:function_arn), its(:runtime), its(:role), its(:handler), its(:code_size), its(:description), its(:timeout), its(:memory_size), its(:last_modified), its(:code_sha_256), its(:version)
iam_user
IamUser resource type.
exist
describe iam_user('my-iam-user') do
it { should exist }
end
be_allowed_action
describe iam_user('my-iam-user') do
it { should be_allowed_action('ec2:DescribeInstances') }
it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
end
have_iam_policy
describe iam_user('my-iam-user') do
it { should have_iam_policy('ReadOnlyAccess') }
end
belong_to_iam_group
describe iam_user('my-iam-user') do
it { should belong_to_iam_group('my-iam-group') }
end
its(:path), its(:user_name), its(:user_id), its(:arn), its(:create_date), its(:password_last_used)
iam_group
IamGroup resource type.
exist
describe iam_group('my-iam-group') do
it { should exist }
end
be_allowed_action
describe iam_group('my-iam-group') do
it { should be_allowed_action('ec2:DescribeInstances') }
it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
end
have_iam_policy
describe iam_group('my-iam-group') do
it { should have_iam_policy('ReadOnlyAccess') }
end
have_iam_user
describe iam_group('my-iam-group') do
it { should have_iam_user('my-iam-user') }
end
its(:path), its(:group_name), its(:group_id), its(:arn), its(:create_date)
iam_role
IamRole resource type.
exist
describe iam_role('my-iam-role') do
it { should exist }
end
be_allowed_action
describe iam_role('my-iam-role') do
it { should be_allowed_action('ec2:DescribeInstances') }
it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
end
have_iam_policy
describe iam_role('my-iam-role') do
it { should have_iam_policy('ReadOnlyAccess') }
end
its(:path), its(:role_name), its(:role_id), its(:arn), its(:create_date), its(:assume_role_policy_document)
iam_policy
IamPolicy resource type.
exist
describe iam_policy('my-iam-policy') do
it { should exist }
end
be_attachable
describe iam_policy('my-iam-policy') do
it { should be_attachable }
end
be_attached_to_group
describe iam_policy('my-iam-policy') do
it { should be_attached_to_group('my-iam-group') }
end
be_attached_to_role
describe iam_policy('my-iam-policy') do
it { should be_attached_to_role('HelloIAmGodRole') }
end
be_attached_to_user
describe iam_policy('my-iam-policy') do
it { should be_attached_to_policy('my-iam-policy') }
end
its(:policy_name), its(:policy_id), its(:arn), its(:path), its(:default_version_id), its(:attachment_count), its(:is_attachable), its(:description), its(:create_date), its(:update_date)
elasticache
Elasticache resource type.
exist
describe elasticache('my-rep-group-001') do
it { should exist }
end
be_available, be_creating, be_deleted, be_deleting, be_incompatible_network, be_modifying, be_rebooting_cache_cluster_nodes, be_restore_failed, be_snapshotting
describe elasticache('my-rep-group-001') do
it { should be_available }
end
have_cache_parameter_group
describe elasticache('my-rep-group-001') do
it { should have_cache_parameter_group('my-cache-parameter-group') }
end
belong_to_cache_subnet_group
describe elasticache('my-rep-group-001') do
it { should belong_to_cache_subnet_group('my-cache-subnet-group') }
end
belong_to_replication_group
describe elasticache('my-rep-group-001') do
it { should belong_to_replication_group('my-rep-group') }
end
belong_to_vpc
describe elasticache('my-rep-group-001') do
it { should belong_to_vpc('my-vpc') }
end
its(:cache_cluster_id), its(:configuration_endpoint), its(:client_download_landing_page), its(:cache_node_type), its(:engine), its(:engine_version), its(:cache_cluster_status), its(:num_cache_nodes), its(:preferred_availability_zone), its(:cache_cluster_create_time), its(:preferred_maintenance_window), its(:notification_configuration), its(:cache_subnet_group_name), its(:auto_minor_version_upgrade), its(:replication_group_id), its(:snapshot_retention_limit), its(:snapshot_window)
elasticache_cache_parameter_group
ElasticacheCacheParameterGroup resource type.
describe elasticache_cache_parameter_group('my-cache-parameter-group') do
it { should exist }
its(:activerehashing) { should eq 'yes' }
its(:client_output_buffer_limit_pubsub_hard_limit) { should eq '33554432' }
end
exist
describe elasticache_cache_parameter_group('my-cache-parameter-group') do
it { should exist }
end
cloudwatch_alarm
CloudwatchAlarm resource type.
exist
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should exist }
end
have_alarm_action
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should have_alarm_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
end
have_insufficient_data_action
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should have_insufficient_data_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
end
have_ok_action
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should have_ok_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
end
belong_to_metric
describe cloudwatch_alarm('my-cloudwatch-alarm') do
it { should belong_to_metric('NumberOfProcesses').namespace('my-cloudwatch-namespace') }
end
its(:alarm_name), its(:alarm_arn), its(:alarm_description), its(:alarm_configuration_updated_timestamp), its(:actions_enabled), its(:state_value), its(:state_reason), its(:state_reason_data), its(:state_updated_timestamp), its(:metric_name), its(:namespace), its(:statistic), its(:period), its(:unit), its(:evaluation_periods), its(:threshold), its(:comparison_operator)
ses_identity
SesIdentity resource type.
exist
describe ses_identity('example.com') do
it { should exist }
end
have_dkim_tokens
have_identity_policy
describe ses_identity('example.com') do
it { should have_identity_policy('my-identity-policy-name') }
end
its(:dkim_enabled), its(:dkim_verification_status), its(:bounce_topic), its(:complaint_topic), its(:delivery_topic), its(:forwarding_enabled), its(:verification_status), its(:verification_token)
network_acl
NetworkAcl resource type.
exist
describe network_acl('my-network-acl') do
it { should exist }
end
have_subnet
describe network_acl('my-network-acl') do
it { should have_subnet('my-subnet') }
end
belong_to_vpc
describe network_acl('my-network-acl') do
it { should belong_to_vpc('my-vpc') }
end
its(:inbound), its(:outbound), its(:inbound_entries_count), its(:outbound_entries_count)
describe network_acl('my-network-acl') do
its(:inbound) { should be_allowed(80).protocol('tcp').source('123.0.456.789/32') }
its(:inbound) { should be_denied.rule_number('*').source('0.0.0.0/0') }
its(:outbound) { should be_allowed.protocol('ALL').source('0.0.0.0/0') }
its(:inbound_entries_count) { should eq 3 }
its(:outbound_entries_count) { should eq 2 }
end
its(:inbound_entries_count), its(:outbound_entries_count), its(:network_acl_id), its(:vpc_id), its(:is_default)
:unlock: Advanced use
network_acl can use Aws::EC2::NetworkAcl resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/NetworkAcl.html).
describe network_acl('my-network-acl') do
its('vpc.id') { should eq 'vpc-ab123cde' }
end
or
describe network_acl('my-network-acl') do
its('resource.vpc.id') { should eq 'vpc-ab123cde' }
end
directconnect_virtual_interface
DirectconnectVirtualInterface resource type.
describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
it { should exist }
it { should be_available }
its(:connection_id) { should eq 'dxcon-abcd5fgh' }
its(:virtual_interface_id) { should eq 'dxvif-aabbccdd' }
its(:amazon_address) { should eq '170.252.252.1/30' }
its(:customer_address) { should eq '123.456.789.2/30' }
its(:virtual_gateway_id) { should eq 'vgw-d234e5f6' }
end
exist
describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
it { should exist }
end
be_confirming, be_verifying, be_pending, be_available, be_deleting, be_deleted, be_rejected
describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
it { should exist }
it { should be_available }
end