Skip to main content

aws_region resource

[edit on GitHub]

Use the aws_region InSpec audit resource to test properties of a single AWS region.


An aws_region resource block identifies an AWS region by ID. If no region is provided, the current default is used.

describe aws_region('eu-west-2') do
  it { should exist }

describe aws_region(region_name: 'us-east-1') do
  it { should exist }


region_name (optional)

This resource accepts a single parameter, the region_name. This can be passed either as a string or as a region_name: 'value' key-value entry in a hash.

See also the AWS documentation on Regions.


Property Description
region_name The Name of the region.
endpoint The resolved endpoint of the region.


Test whether a region exists

describe aws_region('region-not-real') do
  it { should_not exist }

Test the Region Endpoint

describe aws_region(region_name: 'eu-west-2') do
  its('endpoint') { should eq '' }


This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.


The control will pass if the describe returns at least one result.

  it { should exist }

AWS Permissions

Your Principal will need the ec2:DescribeRegions action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EC2.

Was this page helpful?


Search Results