Skip to main content

aws_ebs_volumes resource

[edit on GitHub]

Use the aws_ebs_volumes InSpec audit resource to test properties of a collection of AWS EBS volumes.

EBS volumes are persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud.

Syntax

Ensure you have exactly 3 volumes

describe aws_ebs_volumes do
  its('volume_ids.count') { should cmp 3 }
end

Parameters

This resource does not expect any parameters.

See also the AWS documentation on EBS.

Properties

PropertyDescription
volume_idsThe unique IDs of the EBS Volumes returned.
entriesProvides access to the raw results of the query, which can be treated as an array of hashes.

Examples

#####Ensure a specific volume exists describe aws_ebs_volumes do its(‘volume_ids’) { should include ‘vol-12345678’ } end

Use the InSpec resource to request the IDs of all EBS volumes, then test in-depth using aws_ebs_volume to ensure all volumes are encrypted and have a sensible size.
aws_ebs_volumes.volume_ids.each do |volume_id|
  describe aws_ebs_volume(volume_id) do
    it          { should be_encrypted }
    its('size') { should be > 10 }
    its('iops') { should cmp 100 }
  end
end

Matchers

For a full list of available matchers, please visit our Universal Matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_ebs_volumes do
  it { should exist }
end

describe aws_ebs_volumes do
  it { should_not exist }
end

Your Principal will need the ec2:DescribeVolumes, and iam:GetInstanceProfile actions set to allow. You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EC2, and Actions, Resources, and Condition Keys for Identity And Access Management.