aws_internet_gateway

Use the aws_internet_gateway InSpec audit resource to test the properties of a single AWS internet gateway.

Syntax

An aws_internet_gateway resource block declares the tests for a single AWS internet gateway by id or name.

describe aws_internet_gateway(id: 'igw-abc0123456789deff') do
  it { should exist }
end 

describe aws_internet_gateway(name: 'my-igw') do
  it { should exist }
end

Parameters

Either the id or the name must be provided.

id (required if name not provided)

The value of the internet_gateway_id assigned by the AWS after the resource has been created. This should be in the format of igw- followed by 8 or 17 hexadecimal characters and passed as an id: 'value' key-value entry in a hash.

name (required if id not provided)

If a Name tag is applied to the internet gateway, this can be used to lookup the resource. This must be passed as a name: 'value' key-value entry in a hash. If there are multiple internet gateways with the same name, this resource will raise an error.

Properties

Property Description
id The ID of the internet gateway.
name The value of the Name tag. It is nil if not defined.
vpc_id The ID of the attached VPC. It is nil if the resource is in a detached state.
tags A hash, with each key-value pair corresponding to an internet gateway tag.
attached? Indicates whether the internet gateway is attached to a VPC or not (true or false).
detached? Indicates whether the internet gateway is in a detached state or not (true or false).
owner_id The ID of the AWS account that owns the internet gateway.

There are also additional properties available. For a comprehensive list, see the API reference documentation

Examples

Test that the internet gateway is attached
describe aws_internet_gateway(name: 'my-igw') do
  it { should be_attached }
end
Test that the ID of the attached VPC is vpc-1234567890abcdef1
describe aws_internet_gateway(id: 'igw-abc0123456789deff') do
  its('vpc_id') { should eq `vpc-1234567890abcdef1` }
end
Test that the internet gateway has a certain tag
describe aws_internet_gateway(name: 'my-igw') do
  its('tags') { should include('environment' => 'dev') }
  its('tags') { should include('shutdown-at-10-pm') }    # Regardless of the value
end

Matchers

This InSpec audit resource has the following special matcher. For a full list of available matchers, please visit our matchers page.

exist

describe aws_internet_gateway(name: 'my-igw') do
    it { should exist }
end

AWS Permissions

Your Principal will need the ec2:DescribeInternetGateways action set to allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EC2, and Actions, Resources, and Condition Keys for Identity And Access Management.