aws_rds_instance

Use the aws_rds_instance InSpec audit resource to test detailed properties of an individual RDS instance.

RDS gives you access to the capabilities of a MySQL, MariaDB, PostgreSQL, Microsoft SQL Server, Oracle, or Amazon Aurora database server.


Availability

Installation

This resource is distributed along with InSpec itself. You can use it automatically.

Version

This resource first became available in v2.1.21 of InSpec.

Syntax

An aws_rds_instance resource block uses resource parameters to search for an RDS instance, and then tests that RDS instance. If no RDS instances match, no error is raised, but the exists matcher will return false and all properties will be nil. If more than one RDS instance matches (due to vague search parameters), an error is raised.

# Ensure you have a RDS instance with a certain ID
# This is "safe" - RDS IDs are unique within an account
describe aws_rds_instance('test-instance-id') do
  it { should exist }
end

# Ensure you have a RDS instance with a certain ID
# This uses hash syntax
describe aws_rds_instance(db_instance_identifier: 'test-instance-id') do
  it { should exist }
end


Examples

The following examples show how to use this InSpec audit resource.

As this is the initial release of aws_rds_instance, its limited functionality precludes examples.


Resource Parameters

This InSpec resource accepts the following parameters, which are used to search for the RDS instance.

exists

The control will pass if the specified RDS instance was found. Use should_not if you want to verify that the specified RDS instance does not exist.

# Using Hash syntax
describe aws_rds_instance(db_instance_identifier: 'test-instance-id') do
  it { should exist }
end

# Using the instance id directly from the terraform file
describe aws_rds_instance(fixtures['rds_db_instance_id']) do
  it { should exist }
end

# Make sure we don't have any RDS instances with the name 'nogood'
describe aws_rds_instance('nogood') do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the rds:DescribeDBInstances action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon RDS.