2018-01-12 06:51:17 +00:00
---
title: About the aws_vpc Resource
2018-02-14 01:42:39 +00:00
platform: aws
2018-01-12 06:51:17 +00:00
---
2018-02-15 02:23:29 +00:00
# aws\_vpc
2018-01-12 06:51:17 +00:00
Use the `aws_vpc` InSpec audit resource to test properties of a single AWS Virtual Private Cloud (VPC).
To test properties of all or multiple VPCs, use the `aws_vpcs` resource.
2018-02-20 03:09:51 +00:00
A VPC is a networking construct that provides an isolated environment. A VPC is contained in a geographic region, but spans availability zones in that region. A VPC may have multiple subnets, internet gateways, and other networking resources. Computing resources--such as EC2 instances--reside on subnets within the VPC.
2018-01-12 06:51:17 +00:00
2018-05-10 18:57:53 +00:00
Each VPC is uniquely identified by its VPC ID. In addition, each VPC has a non-unique CIDR IP Address range (such as 10.0.0.0/16) which it manages.
2018-01-12 06:51:17 +00:00
Every AWS account has at least one VPC, the "default" VPC, in every region.
<br>
2018-08-09 12:34:49 +00:00
## Availability
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
### Version
This resource first became available in v2.0.16 of InSpec.
2018-01-12 06:51:17 +00:00
## Syntax
2018-02-14 01:42:39 +00:00
An `aws_vpc` resource block identifies a VPC by id. If no VPC ID is provided, the default VPC is used.
2018-01-12 06:51:17 +00:00
# Find the default VPC
describe aws_vpc do
it { should exist }
end
# Find a VPC by ID
describe aws_vpc('vpc-12345678') do
it { should exist }
end
# Hash syntax for ID
describe aws_vpc(vpc_id: 'vpc-12345678') do
it { should exist }
end
<br>
## Examples
The following examples show how to use this InSpec audit resource.
### Test that a VPC does not exist
describe aws_vpc('vpc-87654321') do
it { should_not exist }
end
### Test the CIDR of a named VPC
describe aws_vpc('vpc-87654321') do
its('cidr_block') { should cmp '10.0.0.0/16' }
end
<br>
2018-02-14 01:42:39 +00:00
## Properties
2018-01-12 06:51:17 +00:00
2018-02-14 01:42:39 +00:00
* `cidr_block`, `dhcp_options_id`, `state`, `vpc_id`, `instance_tenancy`
2018-01-12 06:51:17 +00:00
2018-02-14 01:42:39 +00:00
<br>
2018-01-12 06:51:17 +00:00
2018-02-14 01:42:39 +00:00
## Property Examples
2018-01-12 06:51:17 +00:00
2018-02-15 02:23:29 +00:00
### cidr\_block
2018-01-12 06:51:17 +00:00
The IPv4 address range that is managed by the VPC.
describe aws_vpc('vpc-87654321') do
its('cidr_block') { should cmp '10.0.0.0/16' }
end
### dhcp\_options\_id
2018-02-14 01:42:39 +00:00
The ID of the set of DHCP options associated with the VPC (or `default` if the default options are associated with the VPC).
2018-01-12 06:51:17 +00:00
describe aws_vpc do
its ('dhcp_options_id') { should eq 'dopt-a94671d0' }
end
2018-02-15 02:23:29 +00:00
### instance\_tenancy
2018-02-14 01:42:39 +00:00
The allowed tenancy of instances launched into the VPC.
describe aws_vpc do
its ('instance_tenancy') { should eq 'default' }
end
2018-01-12 06:51:17 +00:00
### state
The state of the VPC (`pending` | `available`).
describe aws_vpc do
its ('state') { should eq 'available' }
end
2018-02-15 02:23:29 +00:00
### vpc\_id
2018-01-12 06:51:17 +00:00
The ID of the VPC.
describe aws_vpc do
its('vpc_id') { should eq 'vpc-87654321' }
end
2018-02-14 01:42:39 +00:00
<br>
2018-01-12 06:51:17 +00:00
2018-02-14 01:42:39 +00:00
## Matchers
2018-01-12 06:51:17 +00:00
2018-02-16 03:07:18 +00:00
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
2018-02-14 01:42:39 +00:00
2018-02-15 02:23:29 +00:00
### be\_default
2018-02-14 01:42:39 +00:00
The test will pass if the identified VPC is the default VPC for the region.
describe aws_vpc('vpc-87654321') do
it { should be_default }
2018-01-12 06:51:17 +00:00
end
2018-02-14 01:42:39 +00:00
2018-05-10 18:57:53 +00:00
## AWS Permissions
Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeVpcs` action with Effect set to Allow.
You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).