inspec/test/integration/verify/controls/aws_ec2_security_groups.rb

43 lines
1.3 KiB
Ruby
Raw Normal View History

fixtures = {}
[
'ec2_security_group_default_vpc_id',
'ec2_security_group_default_group_id',
].each do |fixture_name|
fixtures[fixture_name] = attribute(
fixture_name,
default: "default.#{fixture_name}",
description: 'See ../build/ec2.tf',
)
end
control "aws_security_groups client-side filtering" do
all_groups = aws_ec2_security_groups
# You should always have at least one security group
describe all_groups do
it { should exist }
end
# You should be able to find a security group in the default VPC
describe all_groups.where(vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
it { should exist }
end
describe all_groups.where(vpc_id: 'vpc-12345678') do
it { should_not exist }
end
# You should be able to find the security group named default
describe all_groups.where(group_name: 'default') do
it { should exist }
end
describe all_groups.where(group_name: 'no-such-security-group') do
it { should_not exist }
end
end
control "aws_security_groups properties" do
# You should be able to find the default security group's ID.
describe aws_ec2_security_groups.where(vpc_id: fixtures['ec2_security_group_default_vpc_id']) do
its('group_ids') { should include fixtures['ec2_security_group_default_group_id'] }
end
end