aws_flow_log

Use the aws_flow_log InSpec audit resource to test properties of a single Flow Log.

Availability

Installation

This resource is distributed along with InSpec itself. You can use it automatically.

Version

This resource first became available in v2.2.10 of InSpec.

Syntax

describe aws_flow_log('fl-9c718cf5') do
  it { should exist }
end

Resource Parameters

flow_log_id

This resource accepts a single parameter or other search terms. You may pass it as a string, or as the value in a hash:

describe aws_flow_log('fl-9c718cf5') do
  it { should exist }
end

describe aws_flow_log(flow_log_id: 'fl-8905f8e0') do
  it { should exist }
end

subnet_id

To search for a flow log by the associated subnet id:

describe aws_flow_log(subnet_id: 'subnet-c6a4319c') do
  it { should exist }
end

vpc_id

To search for a flow log by the associated vpc id:

describe aws_flow_log(vpc_id: 'vpc-96cabaef') do
  it { should exist }
end

Properties

flow_log_id

The flow_log_id property tests the name of the flow log.

describe awsflowlog(subnetid: ‘subnet-c6a4319c’) do its(‘flowlog_id’) { should cmp ‘fl-9c718cf5’ } end

log_group_name

The log_group_name property tests the name of the associated log group.

describe awsflowlog(‘fl-9c718cf5’) do its(‘loggroupname’) { should cmp ‘testloggroup’ } end

resource_id

The resource_id property tests the id of the associated VPC, subnet, or network interface.

describe awsflowlog(‘fl-9c718cf5’) do its(‘resource_id’) { should cmp ‘subnet-c6a4319c’ } end

resource_type

The resource_type property tests the type of resource the Flow Log is attached to. The property will return eni, subnet, or vpc.

describe awsflowlog(‘fl-9c718cf5’) do its(‘resource_type’) { should cmp ‘subnet’ } end

Matchers

For a full list of available matchers, please visit our matchers page.

exist

Indicates that the Flow Log provided was found. Use should_not to test for Flow Logs that should not exist.

describe aws_flow_log('should-be-there') do
  it { should exist }
end

describe aws_flow_log('should-not-be-there') do
  it { should_not exist }
end

be_attached_to_eni

Indicates that the Flow Log is attached to a ENI resource.

describe aws_flow_log('fl-9c718cf5') do
  it { should be_attached_to_eni }
end

be_attached_to_subnet

Indicates that the Flow Log is attached to a subnet resource.

describe aws_flow_log('fl-9c718cf5') do
  it { should be_attached_to_subnet }
end

be_attached_to_vpc

Indicates that the Flow Log is attached to a vpc resource.

describe aws_flow_log('fl-9c718cf5') do
  it { should be_attached_to_vpc }
end