Awesome
awspec
RSpec tests for your AWS resources.
Installation
Add this line to your application's Gemfile:
gem 'awspec'
And then execute:
$ bundle
Or install it yourself as:
$ gem install awspec
Getting Started
STEP 1. Generate awspec init files
If you're starting on a fresh RSpec project, you can use awspec to generate your init files:
$ awspec init
If you're working on an existing RSpec project, you will need to add the following lines to your spec_helper.rb
file:
require 'awspec'
Awsecrets.load(secrets_path: File.expand_path('./secrets.yml', File.dirname(__FILE__)))
STEP 2. Set AWS config
2-1. Use Shared Credentials like AWS CLI
$ aws configure
...
2-2. Use secrets.yml
$ cat <<EOF > spec/secrets.yml
region: ap-northeast-1
aws_access_key_id: XXXXXXXXXXXXXXXXXXXX
aws_secret_access_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
EOF
STEP 3. Write spec/*_spec.rb
require 'spec_helper'
describe ec2('my-ec2-tag-name') do
it { should be_running }
its(:instance_id) { should eq 'i-ec12345a' }
its(:image_id) { should eq 'ami-abc12def' }
its(:public_ip_address) { should eq '123.0.456.789' }
it { should have_security_group('my-security-group-name') }
it { should belong_to_vpc('my-vpc') }
it { should belong_to_subnet('subnet-1234a567') }
it { should have_eip('123.0.456.789') }
it { should be_disabled_api_termination }
end
Using shared_context: region
require 'spec_helper'
describe sqs('my-sqs-queue'), region: 'us-west-2' do
it { should exist }
its(:queue_url) { should eq 'https://sqs.us-west-2.amazonaws.com/xxxxxxxxxxxx/my-sqs-queue' }
its(:queue_arn) { should eq 'arn:aws:sqs:us-west-2:xxxxxxxxxxxx:my-sqs-queue' }
its(:visibility_timeout) { should eq '30' }
its(:maximum_message_size) { should eq '256000' }
its(:message_retention_period) { should eq '86400' }
its(:delay_seconds) { should eq '0' }
its(:receive_message_wait_time_seconds) { should eq '10' }
end
Using terraform outputs as identifier
Especially in cases, where resources created by terraform have the same names (e.g. created by VPC module), it is helpful to use terraform outputs as unique identifiers.
output "my_ec2_instance" {
value = aws_instance.my_instance.id
}
require 'spec_helper'
my_ec2_instance = `terraform output my_ec2_instance`.strip
describe ec2(my_ec2_instance) do
it { should be_running }
its(:image_id) { should eq 'ami-abc12def' }
its(:public_ip_address) { should eq '123.0.456.789' }
it { should have_security_group('my-security-group-name') }
it { should belong_to_vpc('my-vpc') }
it { should belong_to_subnet('subnet-1234a567') }
it { should have_eip('123.0.456.789') }
it { should be_disabled_api_termination }
end
STEP 4. Run tests
Add gem "rake" in your Gemfile if you are starting a blank project.
$ bundle exec rake spec
Advanced Tips: Spec generate command
Generate spec from AWS resources already exists.
$ awspec generate ec2 vpc-ab123cde >> spec/ec2_spec.rb
Make sure you have added in your spec file
require 'spec_helper'
Advanced Tips: Use Shared Credentials (~/.aws/config ~/.aws/credentials)
$ awspec generate ec2 vpc-ab123cde --profile mycreds
$ AWS_PROFILE=mycreds bundle exec rake spec
Advanced Tips: Configuring the AWS client retries
The ClientWrap
class
provides mechanisms for retrying AWS API calls when it receives a
RequestLimitExceeded
error. ClientWrap
implements a backoff algorithm
where the client will sleep for successively longer periods of time until the
algorithm has calculated a backoff greater than or equal to the
backoff_limit
, at which point it will give up and re-raise the error. You
can see the full implementation in ClientWrap#method_missing
.
You can configure this retry and backoff logic in your spec_helper.rb
:
require 'awspec'
# These are the defaults, but you can change them.
Awspec.configure do |config|
config.client_backoff 0.0
config.client_backoff_limit 30
config.client_iteration 1
end
Advanced Tips: Setting A Custom Endpoint
Set the endpoint
environment variable to tell awspec to use a different
endpoint to connect to aws. Common use cases are connecting to aws through a
proxy, using a different service with an aws compatible interface, or
connecting to a local mock aws environment.
For example, first create a resource on a local aws service using the aws cli:
AWS_SECRET_ACCESS_KEY=dummy AWS_ACCESS_KEY_ID=dummy \
aws --endpoint-url http://localhost:5000 s3 mb s3://my-bucket
Then you can tell awspec to run the test suite using the same custom endpoint:
endpoint=http://localhost:5000 bundle exec rake spec
Support AWS Resources
Resource Types information here
awspec AWS key/secrets precedence
Dependent on awsecrets.
References
awspec is inspired by Serverspec.
- Original idea (code / architecture) -> Serverspec
AWS + Serverspec
original concept -> https://github.com/marcy-terui/awspec- Serverspec book