aws_ebs_volumes

Use the aws_ebs_volumes InSpec audit resource to test properties of some or all AWS EBS volumes. To audit a single EBS volume, use aws_ebs_volume (singular).

EBS volumes are persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud.

Each EBS volume is uniquely identified by its ID.


Availability

Installation

This resource is distributed along with InSpec itself. You can use it automatically.

Syntax

An aws_ebs_volumes resource block collects a group of EBS volumes and then tests that group.

# Ensure you have exactly 3 volumes
describe aws_ebs_volumes do
  its('volume_ids.count') { should cmp 3 }
end

# Use the InSpec resource to enumerate IDs, then test in-depth using `aws_ebs_volume`.
aws_ebs_volumes.volume_ids.each do |volume_id|
  describe aws_ebs_volume(volume_id) do
    it { should exist }
    it { should be_encrypted }
    its('size') { should cmp 8 }
    its('iops') { should cmp 100 }
  end
end


Examples

As this is the initial release of aws_ebs_volumes, its limited functionality precludes examples.


Filter Criteria

This resource currently does not support any filter criteria; it will always fetch all volumes in the region.

Properties

entries

Provides access to the raw results of the query, which can be treated as an array of hashes. This can be useful for checking counts and other advanced operations.

# Allow at most 100 EBS volumes on the account
describe aws_ebs_volumes do
  its('entries.count') { should be <= 100 }
end

volume_ids

Provides a list of the volume ids that were found in the query.

describe aws_ebs_volumes do
  its('volume_ids') { should include 'vol-12345678' }
  its('volume_ids.count') { should cmp 3 }
end


Matchers

For a full list of available matchers, please visit our Universal Matchers page.

exist

The control will pass if the filter returns at least one result. Use should_not if you expect zero matches.

# Verify that at least one EBS volume exists
describe aws_ebs_volumes do
  it { should exist }
end