| title | platform |
|---|---|
About the aws_db_subnet_groups Resource |
aws |
Use the aws_db_subnet_groups InSpec audit resource to test properties of a collection of AWS RDS subnet groups.
RDS gives you access to the capabilities of a MySQL, MariaDB, PostgreSQL, Microsoft SQL Server, Oracle, or Amazon Aurora database server.
Ensure you have exactly 3 subnet groups
describe aws_db_subnet_groups do
its('db_subnet_group_names.count') { should cmp 3 }
end
This resource does not expect any parameters.
See also the AWS documentation on RDS.
| Property | Description |
|---|---|
| db_subnet_group_names | The name of the DB subnet group. |
| db_subnet_group_descriptions | Provides the description of the DB subnet group. |
| vpc_ids | Provides the VPC ID of the DB subnet group. |
| subnet_group_status | Provides the status of the DB subnet group. |
| subnets | Contains a list of Subnet elements. |
| db_subnet_group_arns | The Amazon Resource Name for the DB subnet group. |
For a comprehensive list of properties available, see the API reference documentation
describe aws_db_subnet_groups do
its('db_subnet_group_names') { should include 'subnet-group-name' }
end
For a full list of available matchers, please visit our Universal Matchers page.
The control will pass if the describe returns at least one result.
Use should_not to test the entity should not exist.
describe aws_db_subnet_groups.where( <property>: <value> ) do
it { should exist }
end
describe aws_db_subnet_groups.where( <property>: <value> ) do
it { should_not exist }
end
Your Principal will need the rds:DescribeDBSubnetGroups action with Effect set to Allow.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon RDS.