Skip to main content

aws_region resource

[edit on GitHub]

Use the aws_region InSpec audit resource to test properties of a single AWS region.

Syntax

An aws_region resource block identifies an AWS region by ID. If no region is provided, the current default is used.

describe aws_region('eu-west-2') do
  it { should exist }
end

describe aws_region(region_name: 'us-east-1') do
  it { should exist }
end

Parameters

region_name (optional)

This resource accepts a single parameter, the region_name. This can be passed either as a string or as a region_name: 'value' key-value entry in a hash.

See also the AWS documentation on Regions.

Properties

PropertyDescription
region_nameThe Name of the region.
endpointThe resolved endpoint of the region.

Examples

Test whether a region exists

describe aws_region('region-not-real') do
  it { should_not exist }
end

Test the Region Endpoint

describe aws_region(region_name: 'eu-west-2') do
  its('endpoint') { should eq 'ec2.eu-west-2.amazonaws.com' }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.

exist

The control will pass if the describe returns at least one result.

  it { should exist }

AWS Permissions

Your Principal will need the ec2:DescribeRegions action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EC2.

Was this page helpful?