aws_transit_gateway

Use the aws_transit_gateway InSpec audit resource to test properties of a transit gateway.

Syntax

An aws_transit_gateway resource block uses the parameter to select a transit gateway.

describe aws_transit_gateway(transit_gateway_id: 'tgw-1234567') do
  it { should exist }
end

Parameters

transitgatewayid (required)

This resource accepts a single parameter, the Transit Gateway ID. This can be passed either as a string or as a transit_gateway_id: 'value' key-value entry in a hash.

See also the AWS documentation on Transit Gateways.

Properties

Property Description
transit_gateway_id Provides the ID of the Transit Gateway.
transit_gateway_arn Provides the ARN of the Transit Gateway.
transit_gateway_owner_id Provides the id of the owner of the Transit Gateway.
defaultroutetable_id Provides the id of the default route table of the Transit Gateway.
propagation_default_route_table_id Provides the propagation default route table id for the Transit gateway
dns_support Provides the status of dns support for the Transit Gateway
vpn_ecmp_support Provides the status of vpn ecmp support for the Transit Gateway

Examples

Check the owner id zone of the Transit Gateway
describe aws_transit_gateway(transit_gateway_id: 'tgw-0e231ae7f5e5e7bd5') do
  its('transit_gateway_owner_id') { should eq 'owner_id' }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.

exist

The exist matcher indicates that a transit gateway exists.

describe aws_transit_gateway(transit_gateway_id: 'tgw-0e231ae7f5e5e7bd5') do
      it { should exist }
end

AWS Permissions

Your Principal will need the ec2:DescribeTransitGateways action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EC2.