aws_efs_file_system
Use the aws_efs_file_system
InSpec audit resource to test the properties of a single AWS EFS file system.
This resource is added to InSpec AWS resource pack in version 1.10.0 and it is available with InSpec 4.18.108 and later versions.
Syntax
An aws_efs_file_system
resource block declares the tests for a single AWS EFS file system by either file system id or creation token.
describe aws_efs_file_system(file_system_id: 'fs-12345678') do
it { should be_encrypted }
its('size_in_bytes.value') { should cmp 6144 }
end
describe aws_efs_file_system(creation_token: 'my-token') do
its('encrypted') { should cmp true }
its('throughput_mode') { should eq 'bursting' }
end
The value of the file_system_id
can be provided as a string.
describe aws_efs_file_system('fs-12345678') do
it { should exist }
end
Parameters
Either the EFS file system id or creation token must be provided.
file_system_id (required if `creationtoken` not provided)_
The ID of the EFS file system. This is in the format of fs-
followed by 8 or 17 hexadecimal characters.
This can be passed either as a string or as a file_system_id: 'value'
key-value entry in a hash.
creationtoken _(required if `filesystemid` not provided)
The creation token is automatically assigned by AWS if not provided by the user at creation.
This is a string with minimum 1 and maximum 64-character long.
This must be passed as a creation_token: 'value'
key-value entry in a hash.
Properties
Property | Description |
---|---|
creation_token | The value of the creation token. |
file_system_id | The id of the file system which is auto-assigned by the AWS. |
encrypted | Indicates whether the file system is encrypted or not. |
life_cycle_state | The lifecycle phase of the file system, e.g. ‘creating’. |
owner_id | The AWS account that created the file system. |
performance_mode | The performance mode of the file system, e.g. ‘maxIO’. |
throughput_mode | The throughput mode for a file system, e.g. ‘bursting’. |
tags | An hash with each key-value pair corresponding to a tag associated with the entity. |
There are also additional properties available. For a comprehensive list, see the API reference documentation
Examples
Test that an EFS file system is available
describe aws_efs_file_system("fs-12345678") do
its("life_cycle_state") { should eq 'available' }
end
Test that an EFS file system is in ‘maxIO’ performance mode
describe aws_efs_file_system(creation_token: "My Token") do
its("performance_mode") { should eq "maxIO" }
end
Test that an EFS file system has a certain tag
describe aws_efs_file_system(creation_token: "My Token") do
its("tags") { should include("companyName" => "My Company") }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.
exist
describe aws_efs_file_system(file_system_id: "fs-12345678") do
it { should exist }
end
be_encrypted
describe aws_efs_file_system(creation_token: "My Token") do
it { should be_encrypted }
end
AWS Permissions
Your Principal will need the elasticfilesystem:DescribeFileSystems
action set to allow.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EFS, and Actions, Resources, and Condition Keys for Identity And Access Management.