Skip to main content

aws_efs_file_systems Resource

[edit on GitHub]

Use the aws_efs_file_systems InSpec audit resource to test the properties of some or all AWS EFS file systems. To audit a single EFS file system, use aws_efs_file_ststem (singular).

This resource is added to InSpec AWS resource pack in version 1.10.0 and it is available with InSpec 4.18.108 and later versions.

Installation

This resource is available in the Chef InSpec AWS resource pack.

See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.

Syntax

An aws_efs_file_systems resource block collects a group of EFS file system descriptions and then tests that group.

describe aws_efs_file_systems
  it { should exist }
end   

Parameters

This resource does not require any parameters.

Properties

tags
The list of tags that the EFS file system has.
names
The value of the Name (case sensitive) tag if it is defined.
file_system_ids
The ID of the EFS file system.
creation_tokens
The creation token that the EFS file system is associated.
owner_ids
The owner id of the EFS file system.
entries
Provides access to the raw results of the query, which can be treated as an array of hashes.
creation_times
The creation time of the EFS file system.
performance_modes
The performance mode of the EFS file system, e.g. ‘maxIO’.
encryption_status
This indicates whether the EFS file system is encrypted or not.
throughput_modes
The throughput mode of the EFS file system.
kms_key_ids
The ID of an AWS Key Management Service (AWS KMS) customer master key (CMK) that was used to protect the encrypted EFS file system.
size_in_bytes
The latest known metered size (in bytes) of data stored in the file system, in its value field.
life_cycle_states
The life cycle phase of the EFS file system, e.g. ‘deleting’.

Examples

Ensure you have exactly 3 file systems.

describe aws_efs_file_systems do
  its("entries.count") { should cmp 3 }
end

Use this InSpec resource to request the IDs of all EFS file systems, then test in-depth using aws_efs_file_system.

aws_efs_file_systems.file_system_ids.each do |file_system_id|
  describe aws_efs_file_system(file_system_id) do
    its("tags") { should include("companyName" => "My Company Name") }
    it { should be_encrypted }
    its("throughput_mode") { should eq "bursting" }
    its("performance_mode") { should eq "generalPurpose" }
  end
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_efs_file_systems.where( <property>: <value>) do
  it { should exist }
end
describe aws_efs_file_systems.where( <property>: <value>) do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the EFS:Client:DescribeFileSystemsResponse action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EFS, and Actions, Resources, and Condition Keys for Identity And Access Management.

Was this page helpful?

×









Search Results