Skip to main content

aws_ec2_traffic_mirror_filter resource

Use the aws_ec2_traffic_mirror_filter InSpec audit resource to test properties of a single AWS traffic mirror filter.

Syntax

An aws_ec2_traffic_mirror_filter resource block declares the tests for a single AWS traffic mirror filter.

describe aws_ec2_traffic_mirror_filter(aws_ec2_traffic_mirror_filter_id: 'TRAFFIC_MIRROR_FILTER_ID') do
  it { should exist }
end

describe aws_ec2_traffic_mirror_filter('TRAFFIC_MIRROR_FILTER_ID') do
  it { should exist }
end

Parameters

traffic_mirror_filter_id (required)

The ID of the EC2 traffic mirror. This is in the format of tmf- followed by 8 or 17 hexadecimal characters. This can be passed either as a string or as an aws_ec2_traffic_mirror_filter_id: 'value' key-value entry in a hash.

Properties

traffic_mirror_filter_id
The ID of a traffic mirror filter.
description
The description of a traffic mirror filter.
tags
A list of hashes with each key-value pair corresponding to a traffic mirror tag, e.g, [{:key=>"Name", :value=>"Testing Box"}, {:key=>"Environment", :value=>"Dev"}].

There are also additional properties available. For a comprehensive list, see the API reference documentation

Examples

Test that an EC2 traffic mirror should exist:

describe aws_ec2_traffic_mirror_filter(aws_ec2_traffic_mirror_filter_id: 'TRAFFIC_MIRROR_FILTER_ID') do
  it { should exist }
end

Test that an EC2 traffic mirror description is correct:

describe aws_ec2_traffic_mirror_filter(aws_ec2_traffic_mirror_filter_id: 'TRAFFIC_MIRROR_FILTER_ID') do
  its('description') { should eq "DESCRIPTION_TEXT" }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

The controls will pass if the describe method returns at least one result.

exist

Use should to test that the entity exists.

describe aws_ec2_traffic_mirror_filter(aws_ec2_traffic_mirror_filter_id: 'TRAFFIC_MIRROR_FILTER_ID') do
  it { should exist }
end

Use should_not to test the entity does not exist.

describe aws_ec2_traffic_mirror_filter(aws_ec2_traffic_mirror_filter_id: 'TRAFFIC_MIRROR_FILTER_ID') do
  it { should_not exist }
end

be_available

Check if the test the entity is available.

describe aws_ec2_traffic_mirror_filter(aws_ec2_traffic_mirror_filter_id: 'TRAFFIC_MIRROR_FILTER_ID') do
  it { should be_available }
end

AWS Permissions

Your AWS principal will need the EC2:Client:DescribeTrafficMirrorFiltersResult action with Effect set to Allow.

See the Actions, Resources, and Condition Keys for Amazon EC2 documentation for additional information.

Thank you for your feedback!

×