2018-02-07 15:03:11 +00:00
---
2018-02-08 04:23:05 +00:00
title: About the aws_subnet Resource
2018-02-14 01:42:39 +00:00
platform: aws
2018-02-07 15:03:11 +00:00
---
2018-02-15 02:23:29 +00:00
# aws\_subnet
2018-02-07 15:03:11 +00:00
2019-04-26 18:24:29 +00:00
Use the `aws_subnet` Chef InSpec audit resource to test properties of a vpc subnet.
2018-02-07 15:03:11 +00:00
2018-02-08 04:23:05 +00:00
To test properties of a single VPC subnet, use the `aws_subnet` resource.
2018-02-07 15:03:11 +00:00
2018-02-08 04:23:05 +00:00
To test properties of all or a group of VPC subnets, use the `aws_subnets` resource.
2018-02-07 15:03:11 +00:00
<br>
2018-08-09 12:34:49 +00:00
## Availability
### Installation
2019-04-26 18:24:29 +00:00
This resource is distributed along with Chef InSpec itself. You can use it automatically.
2018-08-09 12:34:49 +00:00
### Version
This resource first became available in v2.0.16 of InSpec.
2018-02-07 15:03:11 +00:00
## Syntax
2018-02-08 04:23:05 +00:00
An `aws_subnet` resource block uses the parameter to select a VPC and a subnet in the VPC.
2018-02-07 15:03:11 +00:00
2018-02-08 04:23:05 +00:00
describe aws_subnet(subnet_id: 'subnet-1234567') do
2018-02-07 15:03:11 +00:00
it { should exist }
its('cidr_block') { should eq '10.0.1.0/24' }
end
<br>
## Resource Parameters
2019-04-26 18:24:29 +00:00
This Chef InSpec resource accepts the following parameters, which are used to search for the VPCs subnet.
2018-02-07 15:03:11 +00:00
2018-02-15 02:23:29 +00:00
### subnet\_id
2018-02-07 15:03:11 +00:00
A string identifying the subnet that the VPC contains.
# This will error if there is more than the default SG
2018-02-08 04:23:05 +00:00
describe aws_subnet(subnet_id: 'subnet-12345678') do
2018-05-10 18:57:53 +00:00
it { should exist }
2018-02-07 15:03:11 +00:00
end
<br>
2018-02-14 01:42:39 +00:00
## Properties
2018-02-07 15:03:11 +00:00
2018-03-20 12:43:30 +00:00
* `availability_zone`, `available_ip_address_count`, `cidr_block`, `subnet_id`, `vpc_id`
2018-02-14 01:42:39 +00:00
<br>
2018-02-07 15:03:11 +00:00
2018-02-14 01:42:39 +00:00
## Property Examples
2018-02-15 02:23:29 +00:00
### availability\_zone
2018-02-14 01:42:39 +00:00
Provides the Availability Zone of the subnet.
2018-02-07 15:03:11 +00:00
2018-02-08 04:23:05 +00:00
describe aws_subnet(subnet_id: 'subnet-12345678') do
2018-05-10 18:57:53 +00:00
its('availability_zone') { should eq 'us-east-1c' }
2018-02-07 15:03:11 +00:00
end
2018-02-15 02:23:29 +00:00
### available\_ip\_address\_count
2018-02-14 01:42:39 +00:00
Provides the number of available IPv4 addresses on the subnet.
2018-02-07 15:03:11 +00:00
2018-02-08 04:23:05 +00:00
describe aws_subnet(subnet_id: 'subnet-12345678') do
2018-05-10 18:57:53 +00:00
its('available_ip_address_count') { should eq 251 }
2018-02-07 15:03:11 +00:00
end
2018-02-15 02:23:29 +00:00
### cidr\_block
2018-02-07 15:03:11 +00:00
2018-02-14 01:42:39 +00:00
Provides the block of ip addresses specified to the subnet.
2018-02-07 15:03:11 +00:00
2018-02-08 04:23:05 +00:00
describe aws_subnet(subnet_id: 'subnet-12345678') do
2018-05-10 18:57:53 +00:00
its('cidr_block') { should eq '10.0.1.0/24' }
2018-02-07 15:03:11 +00:00
end
2018-02-15 02:23:29 +00:00
### subnet\_id
2018-02-07 15:03:11 +00:00
2018-02-14 01:42:39 +00:00
Provides the ID of the Subnet.
2018-02-07 15:03:11 +00:00
2018-02-08 04:23:05 +00:00
describe aws_subnet(subnet_id: 'subnet-12345678') do
2018-05-10 18:57:53 +00:00
its('subnet_id') { should eq 'subnet-12345678' }
2018-02-07 15:03:11 +00:00
end
2018-02-14 01:42:39 +00:00
2018-02-15 02:23:29 +00:00
### vpc\_id
2018-02-07 15:03:11 +00:00
Provides the ID of the VPC the subnet is in.
2018-02-08 04:23:05 +00:00
describe aws_subnet(subnet_id: 'subnet-12345678') do
2018-05-10 18:57:53 +00:00
its('vpc_id') { should eq 'vpc-12345678' }
2018-02-07 15:03:11 +00:00
end
2018-05-10 18:57:53 +00:00
<br>
2018-02-07 15:03:11 +00:00
2018-02-14 01:42:39 +00:00
## Matchers
2018-02-07 15:03:11 +00:00
2019-04-26 18:24:29 +00:00
This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
2018-02-14 01:42:39 +00:00
2018-02-15 02:23:29 +00:00
### assigning\_ipv\_6\_address\_on\_creation
2018-02-14 01:42:39 +00:00
Detects if the network interface on the subnet accepts IPv6 addresses.
2018-02-07 15:03:11 +00:00
2018-02-08 04:23:05 +00:00
describe aws_subnet(subnet_id: 'subnet-12345678') do
2018-05-10 18:57:53 +00:00
it { should be_assigning_ipv_6_address_on_creation }
2018-02-07 15:03:11 +00:00
end
2018-05-10 18:57:53 +00:00
2018-02-14 01:42:39 +00:00
### available
2018-02-07 15:03:11 +00:00
2018-02-14 01:42:39 +00:00
Provides the current state of the subnet.
2018-02-07 15:03:11 +00:00
2018-02-08 04:23:05 +00:00
describe aws_subnet(subnet_id: 'subnet-12345678') do
2018-05-10 18:57:53 +00:00
it { should be_available }
2018-02-07 15:03:11 +00:00
end
2018-02-15 02:23:29 +00:00
### default\_for\_az
2018-02-07 15:03:11 +00:00
2018-02-14 01:42:39 +00:00
Detects if the subnet is the default subnet for the Availability Zone.
2018-02-07 15:03:11 +00:00
2018-02-08 04:23:05 +00:00
describe aws_subnet(subnet_id: 'subnet-12345678') do
2018-05-10 18:57:53 +00:00
it { should be_default_for_az }
2018-02-07 15:03:11 +00:00
end
2018-02-14 01:42:39 +00:00
### exist
2018-02-07 15:03:11 +00:00
2018-02-14 01:42:39 +00:00
The `exist` matcher indicates that a subnet exists for the specified vpc.
2018-02-07 15:03:11 +00:00
2018-02-08 04:23:05 +00:00
describe aws_subnet(subnet_id: 'subnet-12345678') do
2018-02-14 01:42:39 +00:00
it { should exist }
2018-02-07 15:03:11 +00:00
end
2018-05-10 18:57:53 +00:00
2018-02-15 02:23:29 +00:00
### mapping\_public\_ip\_on\_launch
2018-02-07 15:03:11 +00:00
2018-02-14 01:42:39 +00:00
Provides the VPC ID for the subnet.
2018-02-07 15:03:11 +00:00
2018-02-08 04:23:05 +00:00
describe aws_subnet(subnet_id: 'subnet-12345678') do
2018-05-10 18:57:53 +00:00
it { should be_mapping_public_ip_on_launch }
2018-03-20 12:43:30 +00:00
end
2018-05-10 18:57:53 +00:00
## AWS Permissions
Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeSubnets` action with Effect set to Allow.
You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html).