Skip to main content

aws_rds_db_security_groups Resource

Use the aws_rds_db_security_groups InSpec audit resource to test properties of multiple Amazon Relational Database Service (RDS) database security groups.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

Ensure that the DB security group exists.

describe aws_rds_db_security_groups do
  it { should exist }
end

For additional information, see the AWS documentation on the AWS::RDS::DBSecurityGroup resource.

Properties

owner_ids
Provides the Amazon Web Services ID of the owner of a specific DB security group.

Field: owner_id

db_security_group_names
The name of the DB security group to return details for.

Field: db_security_group_name

db_security_group_descriptions
Provides the description of the DB security group.

Field: db_security_group_description

vpc_ids
Provides the VpcId of the DB security group.

Field: vpc_id

db_security_group_arns
The Amazon Resource Name (ARN) for the DB security group.

Field: db_security_group_arn

Examples

Ensure a DB security group name is available.

describe aws_rds_db_security_groups do
  its('db_security group_names') { should include 'DB_SECURITY_GROUP_NAME' }
end

Ensure a DB security group ARN is available.

describe aws_rds_db_security_groups do
  its('db_security_group_arns') { should include 'DB_SECURITY_GROUP_ARN' }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

The controls will pass if the describe method returns at least one result.

exist

Use should to test that the entity exists.

describe aws_rds_db_security_groups do
  it { should exist }
end

Use should_not to test the entity does not exist.

describe aws_rds_db_security_groups do
  it { should_not exist }
end

be_available

Use should to check if the entity is available.

describe aws_rds_db_security_groups do
  it { should be_available }
end

AWS Permissions

Your Principal will need the RDS:Client:DescribeDBSecurityGroup action with Effect set to Allow.

Edit this page on GitHub

Thank you for your feedback!

×