Skip to main content

aws_subnet Resource

Use the aws_subnet InSpec audit resource to test properties of a vpc subnet.

For additional information, including details on parameters and properties, see the AWS documentation on Subnets.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

An aws_subnet resource block uses the parameter to select a VPC and a subnet in the VPC.

describe aws_subnet(subnet_id: 'subnet-1234567') do
  it { should exist }
end

Parameters

subnet_id (required)

This resource accepts a single parameter, the Subnet ID. This can be passed either as a string or as a subnet_id: 'value' key-value entry in a hash.

Properties

subnet_id
Provides the ID of the Subnet.
vpc_id
Provides the ID of the VPC the subnet is in.
availability_zone
Provides the Availability Zone of the subnet.
cidr_block
Provides the block of ip addresses specified to the subnet.
available_ip_address_count
Provides the number of available IPv4 addresses on the subnet.

Examples

Check availability zone of a subnet.

describe aws_subnet(subnet_id: 'subnet-12345678') do
  its('availability_zone') { should eq 'us-east-1c' }
end

Check the number of available IP addresses.

describe aws_subnet(subnet_id: 'subnet-12345678') do
  its('available_ip_address_count') { should eq 251 }
end

Test the block of ip addresses specified to the subnet.

describe aws_subnet(subnet_id: 'subnet-12345678') do
  its('cidr_block') { should eq '10.0.1.0/24' }
end

Ensure the subnet is in the right VPC.

describe aws_subnet(subnet_id: 'subnet-12345678') do
  its('vpc_id') { should eq 'vpc-12345678' }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

assigning_ipv_6_address_on_creation

Detects if the network interface on the subnet accepts IPv6 addresses.

describe aws_subnet(subnet_id: 'subnet-12345678') do
  it { should be_assigning_ipv_6_address_on_creation }
end

available

Provides the current state of the subnet.

describe aws_subnet(subnet_id: 'subnet-12345678') do
  it { should be_available }
end

default_for_az

Detects if the subnet is the default subnet for the Availability Zone.

describe aws_subnet(subnet_id: 'subnet-12345678') do
  it { should be_default_for_az }
end

mapping_public_ip_on_launch

Provides the VPC ID for the subnet.

describe aws_subnet(subnet_id: 'subnet-12345678') do
  it { should be_mapping_public_ip_on_launch }
end

exist

The exist matcher indicates that a subnet exists for the specified vpc.

describe aws_subnet(subnet_id: 'subnet-12345678') do
  it { should exist }
end

AWS Permissions

Your Principal will need the EC2:Client:DescribeSubnetsResult action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EC2.

Edit this page on GitHub

Thank you for your feedback!

×