Skip to main content

aws_ec2_vpc_peering_connections Resource

Use the aws_ec2_vpc_peering_connections InSpec audit resource to test properties of a plural AWS EC2 Network Interface Attachment.

The AWS::EC2::VPCPeeringConnection resource requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection.

For additional information, including details on parameters and properties, see the AWS documentation on AWS EC2 VPC Peering Connection..

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

Ensure that VPC Peering Connection ID exists.

describe aws_ec2_vpc_peering_connections do
  it { should exist }
end

Parameters

This resource does not require any parameters.

Properties

accepter_vpc_infos
Information about the accepter VPC. CIDR block information is only returned when describing an active VPC peering connection.

Field: accepter_vpc_info

expiration_times
The time that an unaccepted VPC peering connection will expire.

Field: expiration_time

requester_vpc_infos
Information about the requester VPC. CIDR block information is only returned when describing an active VPC peering connection.

Field: requester_vpc_info

statuses
The status of the VPC peering connection.

Field: status

tags
Any tags assigned to the resource.

Field: tags

vpc_peering_connection_ids
The ID of the VPC peering connection.

Field: vpc_peering_connection_id

Examples

Ensure a VPC Peering Connection ID is available.

describe aws_ec2_vpc_peering_connections do
  its('vpc_peering_connection_ids') { should include 'VPCPeeringConnectionID' }
end

Ensure that the status is available.

describe aws_ec2_vpc_peering_connections do
    its('statuses') { should_not be_empty }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

The controls will pass if the describe method returns at least one result.

exist

Use should to test that the entity exists.

describe aws_ec2_vpc_peering_connections do
  it { should exist }
end

Use should_not to test the entity does not exist.

describe aws_ec2_vpc_peering_connections do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the EC2:Client:DescribeVpcPeeringConnectionsResult action with Effect set to Allow.

Edit this page on GitHub

Thank you for your feedback!

×