aws_region
Use the aws_region
InSpec audit resource to test properties of a single AWS region.
Syntax
An aws_region
resource block identifies an AWS region by ID. If no region is provided, the current default is used.
describe aws_region('eu-west-2') do
it { should exist }
end
describe aws_region(region_name: 'us-east-1') do
it { should exist }
end
Parameters
region_name (optional)
This resource accepts a single parameter, the region_name.
This can be passed either as a string or as a region_name: 'value'
key-value entry in a hash.
See also the AWS documentation on Regions.
Properties
Property | Description |
---|---|
region_name | The Name of the region. |
endpoint | The resolved endpoint of the region. |
Examples
Test whether a region exists
describe aws_region('region-not-real') do
it { should_not exist }
end
Test the Region Endpoint
describe aws_region(region_name: 'eu-west-2') do
its('endpoint') { should eq 'ec2.eu-west-2.amazonaws.com' }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.
exist
The control will pass if the describe returns at least one result.
it { should exist }
AWS Permissions
Your Principal will need the ec2:DescribeRegions
action with Effect set to Allow.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EC2.