aws_route_table
Use the aws_route_table
InSpec audit resource to test properties of a single Route Table. A route table contains a set of rules, called routes, that are used to determine where network traffic is directed.
Syntax
This resource expects a single parameter that uniquely identifies the Route Table. You may pass it as a string, or as the value in a hash:
describe aws_route_table('rtb-123abcde') do
it { should exist }
end
describe aws_route_table(route_table_id: 'rtb-123abcde') do
it { should exist }
end
Parameters
route_table_id (required)
This resource accepts a single parameter, the route_table_id.
This can be passed either as a string or as a route_table_id: 'value'
key-value entry in a hash.
See also the AWS documentation on Route Tables.
Properties
Property | Description |
---|---|
route_table_id | The ID of the route table. |
owner_id | The ID of the AWS account that owns the route table. |
vpc_id | The ID of the VPC. |
routes | The routes in the route table. |
associations | The associations between the route table and one or more subnets. |
propagating_vgws | Any virtual private gateway (VGW) propagating routes. |
tags | Any tags assigned to the route table. |
Examples
Confirm that the route table has expected VPC identifier
describe aws_route_table(route_table_id: 'rtb-123abcde') do
its('vpc_id') { should eq 'vpc-01625e36123456789' }
end
Confirm that the route table has expected owner identifier
describe aws_route_table(route_table_id: 'rtb-123abcde') do
its('owner_id') { should eq '123456789012' }
end
Ensure the expected number of routes is present
describe aws_route_table(route_table_id: 'rtb-123abcde') do
its('routes.count') { should eq 2 }
end
Ensure the expected number of associations is present
describe aws_route_table(route_table_id: 'rtb-123abcde') do
its('associations.count') { should eq 1 }
end
Ensure there are no virtual private gateway (VGW) propagating routes
describe aws_route_table(route_table_id: 'rtb-123abcde') do
its('propagating_vgws') { should be_empty }
end
Matchers
For a full list of available matchers, please visit our matchers page.
exist
The control will pass if the describe returns at least one result.
Use should_not
to test the entity should not exist.
describe aws_route_table('should-be-there') do
it { should exist }
end
describe aws_route_table('should-not-be-there') do
it { should_not exist }
end
AWS Permissions
Your Principal will need the ec2:DescribeRouteTables
action with Effect set to Allow.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EC2.