Skip to main content

aws_ec2_transit_gateway_attachment Resource

Use the aws_ec2_transit_gateway_attachment InSpec audit resource to test properties of a single specific Transit Gateway attachment.

A Transit Gateway attachment attaches a VPC to a Transit Gateway.

For additional information, including details on parameters and properties, see the AWS documentation on Transit Gateway attachments.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

Ensure that a Transit Gateway attachment ID exists

describe aws_ec2_transit_gateway_attachment(transit_gateway_attachment_id:'tgw-attach-006f2fd0a03d51323') do
  it { should exist }
end

Ensure that a Transit Gateway attachment ID exists

describe aws_ec2_transit_gateway_attachment(transit_gateway_attachment_id: 'dummy') do
  it { should exist }
end

Parameters

transit_gateway_attachment_id (required)

Properties

transit_gateway_attachment_id
The IDs of the attachments.
transit_gateway_id
The ID of the Transit Gateway.
transit_gateway_owner_id
The ID of the AWS account that owns the Transit Gateway.
resource_owner_id
The ID of the AWS account that owns the resource.
resource_type
The resource type. Valid values are: vpc, vpn, direct-connect-gateway, peering, and connect.
resource_id
The ID of the resource.
state
The state of the attachment. Valid values are: available, deleted, deleting, failed, failing, initiatingRequest, modifying, pendingAcceptance, pending, rollingBack, rejected, and rejecting.
association (transit_gateway_route_table_id)
The ID of the route table for the Transit Gateway.
association (state)
The state of the attachment. Valid values are associating, associated, disassociating, and disassociated.
creation_time
The creation time of the Transit Gateway.
tags
The tags of the attachments.

Examples

Ensure a Transit Gateway attachment ID is available.

describe aws_ec2_transit_gateway_attachment(transit_gateway_attachment_id: 'tgw-attach-006f2fd0a03d51323') do
  its('public_ip') { should eq 'tgw-attach-006f2fd0a03d51323' }
end

Ensure that the state is available or deleted.

describe aws_ec2_transit_gateway_attachment(transit_gateway_attachment_id: 'tgw-attach-006f2fd0a03d51323') do
    its('state') { should eq 'available' }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

The controls will pass if the describe method returns at least one result.

exist

Use should to test that the entity exists.

describe aws_ec2_transit_gateway_attachment(transit_gateway_attachment_id: 'tgw-attach-006f2fd0a03d51323') do
  it { should exist }
end

Use should_not to test the entity does not exist.

describe aws_ec2_transit_gateway_attachment(transit_gateway_attachment_id: 'tgw-attach-006f2fd0a03d51323') do
  it { should_not exist }
end

be_available

Check if the IP address is available.

describe aws_ec2_transit_gateway_attachment(transit_gateway_attachment_id: 'tgw-attach-006f2fd0a03d51323') do
  it { should be_available }
end

Use should_not to test an IP address that should not exist.

describe aws_ec2_transit_gateway_attachment(transit_gateway_attachment_id: 'tgw-attach-006f2fd0a03d51323') do
  it { should_not be_available }
end

AWS Permissions

Your Principal will need the ec2:DescribeAddresses action with Effect set to Allow.

See the Actions, Resources, and Condition Keys for Amazon EC2 documentation for additional information.

Edit this page on GitHub

Thank you for your feedback!

×