Skip to main content

aws_ec2_traffic_mirror_filter Resource

Use the aws_ec2_traffic_mirror_filter InSpec audit resource to test properties of a single AWS traffic mirror filter.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

An aws_ec2_traffic_mirror_filter resource block declares the tests for a single AWS traffic mirror filter.

describe aws_ec2_traffic_mirror_filter(aws_ec2_traffic_mirror_filter_id: 'TRAFFIC_MIRROR_FILTER_ID') do
  it { should exist }
end
describe aws_ec2_traffic_mirror_filter('TRAFFIC_MIRROR_FILTER_ID') do
  it { should exist }
end

Parameters

traffic_mirror_filter_id (required)

The ID of the EC2 traffic mirror. This is in the format of tmf- followed by 8 or 17 hexadecimal characters. This can be passed either as a string or as an aws_ec2_traffic_mirror_filter_id: 'value' key-value entry in a hash.

Properties

traffic_mirror_filter_id
The ID of a traffic mirror filter.
description
The description of a traffic mirror filter.
tags
A list of hashes with each key-value pair corresponding to a traffic mirror tag, e.g, [{:key=>"Name", :value=>"Testing Box"}, {:key=>"Environment", :value=>"Dev"}].

There are also additional properties available. For a comprehensive list, see the API reference documentation

Examples

Test that an EC2 traffic mirror should exist.

describe aws_ec2_traffic_mirror_filter(aws_ec2_traffic_mirror_filter_id: 'TRAFFIC_MIRROR_FILTER_ID') do
  it { should exist }
end

Test that an EC2 traffic mirror description is correct.

describe aws_ec2_traffic_mirror_filter(aws_ec2_traffic_mirror_filter_id: 'TRAFFIC_MIRROR_FILTER_ID') do
  its('description') { should eq "DESCRIPTION_TEXT" }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

The controls will pass if the describe method returns at least one result.

exist

Use should to test that the entity exists.

describe aws_ec2_traffic_mirror_filter(aws_ec2_traffic_mirror_filter_id: 'TRAFFIC_MIRROR_FILTER_ID') do
  it { should exist }
end

Use should_not to test the entity does not exist.

describe aws_ec2_traffic_mirror_filter(aws_ec2_traffic_mirror_filter_id: 'TRAFFIC_MIRROR_FILTER_ID') do
  it { should_not exist }
end

be_available

Check if the test the entity is available.

describe aws_ec2_traffic_mirror_filter(aws_ec2_traffic_mirror_filter_id: 'TRAFFIC_MIRROR_FILTER_ID') do
  it { should be_available }
end

AWS Permissions

Your Principal will need the EC2:Client:DescribeTrafficMirrorFiltersResult action with Effect set to Allow.

See the Actions, Resources, and Condition Keys for Amazon EC2 documentation for additional information.

Edit this page on GitHub

Thank you for your feedback!

×