Skip to main content

aws_ec2_transit_gateway_route_table_association Resource

Use the aws_ec2_transit_gateway_route_table_association InSpec audit resource to test properties of a single AWS transit gateway route table association.

A transit gateway route table association associates the specified attachment with the specified transit gateway route table. You can associate only one route table with an attachment.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

Ensure that a transit gateway route table ID exists.

describe aws_ec2_transit_gateway_route_table_association(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do
  it { should exist }
end

Parameters

transit_gateway_route_table_id (required)

For additional information, check out the AWS documentation on transit gateway route table association.

Properties

transit_gateway_route_table_id
The ID of the transit gateway route table.
resource_type
The resource type. Valid values are: vpc, vpn, direct-connect-gateway, peering, and connect.
resource_id
The ID of the resource.
state
The possible states of the route table are: available, deleting, deleted, and pending.

Examples

Ensure that the transit gateway route table ID is available.

describe aws_ec2_transit_gateway_route_table_association(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do
  its('transit_gateway_attachment_id') { should eq ''TRANSIT_GATEWAY_ATTACHMENT_ID'' }
end

Ensure that the state is available or deleted.

describe aws_ec2_transit_gateway_route_table_association(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do
    its('state') { should eq 'available' }
end

Matchers

This InSpec audit resource has the following special matchers. For the complete list of available matchers, visit Universal Matchers page.

The controls will pass if the describe method returns at least one result.

exist

Use should to test whether the entity exists.

describe aws_ec2_transit_gateway_route_table_association(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do
  it { should exist }
end

Use should_not to test an entity that should not exist.

describe aws_ec2_transit_gateway_route_table_association(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do
  it { should_not exist }
end

be_available

Use should to check whether the transit gateway route table ID is available.

describe aws_ec2_transit_gateway_route_table_association(transit_gateway_route_table_id: 'TRANSIT_GATEWAY_ROUTE_TABLE_ID') do
  it { should be_available }
end

AWS Permissions

Your Principal will need the ec2:client:get_transit_gateway_route_table_associations action with Effect set to Allow.

For addition information, check out the Actions, Resources, and Condition Keys for Amazon EC2 documentation.

Edit this page on GitHub

Thank you for your feedback!

×