aws_ec2_hosts Resource
Use the aws_ec2_hosts InSpec audit resource to test properties of multiple AWS EC2 host resources.
The AWS::EC2::host allocates a fully dedicated physical server for launching EC2 instances.
For additional information, including details on parameters and properties, see the AWS documentation on AWS EC2 host..
Installation
This resource is available in the Chef InSpec AWS resource pack.
See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.
Syntax
Ensure that the host exists.
describe aws_ec2_hosts do
it { should exist }
end
Parameters
This resource does not require any parameters.
Properties
auto_placements- Whether auto-placement is on or off.
Field:
auto_placementavailability_zones- The Availability Zone of the Dedicated host.
Field:
availability_zoneavailable_capacities- The number of instances that can be launched onto the Dedicated host depending on the host’s available capacity.
Field:
available_instance_capacityclient_tokens- Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
Field:
client_tokenhost_ids- The ID of the Dedicated host.
Field:
host_idhost_properties- The hardware specifications of the Dedicated host.
Field:
host_propertieshost_reservation_ids- The reservation ID of the Dedicated host.
Field:
host_reservation_idinstances- The IDs and instance type that are currently running on the Dedicated host.
Field:
instancesstates- The Dedicated host’s state.
Field:
stateallocation_times- The time that the Dedicated host was allocated.
Field:
allocation_timerelease_times- The time that the Dedicated host was released.
Field:
release_timetags- Any tags assigned to the Dedicated host.
Field:
tagshost_recoveries- Indicates whether host recovery is enabled or disabled for the Dedicated host.
Field:
host_recoveryallows_multiple_instance_types- Indicates whether the Dedicated host supports multiple instance types of the same instance family.
Field:
allows_multiple_instance_typesowner_ids- The ID of the Amazon Web Services account that owns the Dedicated host.
Field:
owner_idavailability_zone_ids- The ID of the Availability Zone in which the Dedicated host is allocated.
Field:
availability_zone_idmember_of_service_linked_resource_groups- Indicates whether the Dedicated host is in a host resource group.
Field:
member_of_service_linked_resource_group
Examples
Ensure a host is available.
describe aws_ec2_hosts do
its('host_ids') { should include 'DEDICATED_HOST_ID' }
end
Ensure that the state is available.
describe aws_ec2_hosts do
its('states') { should include 'available' }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.
The controls will pass if the describe method returns at least one result.
exist
Use should to test that the entity exists.
describe aws_ec2_hosts do
it { should exist }
end
Use should_not to test the entity does not exist.
describe aws_ec2_hosts do
it { should_not exist }
end
be_available
Use should to check if the entity is available.
describe aws_ec2_hosts do
it { should be_available }
end
AWS Permissions
Your Principal will need the EC2:Client:DescribeHostsResult action with Effect set to Allow.
Was this page helpful?