RubyGems - awspec - Versions diffs - 0.28.0 → 0.28.1 - Mend

awspec 0.28.0 → 0.28.1

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6f73c5f63d506b9942d39232be4d5d3ed4459ba8
-  data.tar.gz: bc58760a303309b3699ac78c8b5f91bd7a214562
+  metadata.gz: 20ed13efcb8640c392acddfac6a0a5549a864327
+  data.tar.gz: 73089cd4e5a596637343845a2ca7b0e9c29ac278
 SHA512:
-  metadata.gz: 33982233fcd1c9b6014f958911146d9d53d2ecfc6561d61164cf7c87e1cb45e0d3838c447725170ddd579bcab99a69720cce4c457323828efe30be042f65c72d
-  data.tar.gz: 1859a5181cbba64c2dcce3840af265fce99a362c6c26eba903dfee19b315ab1ae5ce56d9e864921a82fdfa4425234d741bb754ae7ca6de383e8e6da57e8bec3c
+  metadata.gz: cf67c07ceb07b99fa0f7b084603928df154f1a10fde662db419002651b7f4ba537ee306334f6d9e288d27f8c21455a8f557979e2451b325fddd0a6d57d5f3a0e
+  data.tar.gz: 3fcc0f0602fa94a8e1a8765e4b5c410913af8468817a5f5b7a6b741c496502b12e506629536ebe9dd5b518e4c7d41fb10de08613e2d8c1e49351555d4beca83a

data/Rakefile CHANGED Viewed

@@ -8,7 +8,7 @@ end
 require 'awspec'
-types = Awspec::Helper::Type::TYPES.reject { |type| type == 'base' }.map do |type|
+types = Awspec::Helper::Type::TYPES.map do |type|
   'spec:' + type
 end

data/doc/resource_types.md CHANGED Viewed

@@ -1,1030 +1,1067 @@
 # Resource Types
-[ec2](#ec2)
-| [rds](#rds)
-| [rds_db_parameter_group](#rds_db_parameter_group)
-| [security_group](#security_group)
-| [vpc](#vpc)
-| [s3_bucket](#s3_bucket)
-| [route53_hosted_zone](#route53_hosted_zone)
-| [autoscaling_group](#autoscaling_group)
-| [subnet](#subnet)
-| [route_table](#route_table)
+[autoscaling_group](#autoscaling_group)
+| [cloudwatch_alarm](#cloudwatch_alarm)
+| [directconnect_virtual_interface](#directconnect_virtual_interface)
 | [ebs](#ebs)
+| [ec2](#ec2)
+| [elasticache](#elasticache)
+| [elasticache_cache_parameter_group](#elasticache_cache_parameter_group)
 | [elb](#elb)
-| [lambda](#lambda)
-| [iam_user](#iam_user)
 | [iam_group](#iam_group)
-| [iam_role](#iam_role)
 | [iam_policy](#iam_policy)
-| [elasticache](#elasticache)
-| [elasticache_cache_parameter_group](#elasticache_cache_parameter_group)
-| [cloudwatch_alarm](#cloudwatch_alarm)
-| [ses_identity](#ses_identity)
-| [network_acl](#network_acl)
-| [directconnect_virtual_interface](#directconnect_virtual_interface)
+| [iam_role](#iam_role)
+| [iam_user](#iam_user)
+| [lambda](#lambda)
 | [nat_gateway](#nat_gateway)
+| [network_acl](#network_acl)
+| [rds](#rds)
+| [rds_db_parameter_group](#rds_db_parameter_group)
+| [route53_hosted_zone](#route53_hosted_zone)
+| [route_table](#route_table)
+| [s3_bucket](#s3_bucket)
+| [security_group](#security_group)
+| [ses_identity](#ses_identity)
+| [subnet](#subnet)
+| [vpc](#vpc)
-## <a name="ec2">ec2</a>
+## <a name="autoscaling_group">autoscaling_group</a>
-EC2 resource type.
+AutoscalingGroup resource type.
 ### exist
 ```ruby
-describe ec2('my-ec2') do
+describe autoscaling_group('my-auto-scaling-group') do
   it { should exist }
 end
 ```
-### be_disabled_api_termination
+### have_ec2
 ```ruby
-describe ec2('my-ec2') do
-  it { should be_disabled_api_termination }
+describe autoscaling_group('my-auto-scaling-group') do
+  it { should have_ec2('my-ec2') }
 end
 ```
-### be_pending, be_running, be_shutting_down, be_terminated, be_stopping, be_stopped
+### have_elb
 ```ruby
-describe ec2('my-ec2') do
-  it { should be_running }
+describe autoscaling_group('my-auto-scaling-group') do
+  it { should have_elb('my-elb') }
 end
 ```
+### its(:auto_scaling_group_name), its(:auto_scaling_group_arn), its(:launch_configuration_name), its(:min_size), its(:max_size), its(:desired_capacity), its(:default_cooldown), its(:health_check_type), its(:health_check_grace_period), its(:created_time), its(:placement_group), its(:vpc_zone_identifier), its(:status), its(:new_instances_protected_from_scale_in)
+## <a name="cloudwatch_alarm">cloudwatch_alarm</a>
-### have_ebs
+CloudwatchAlarm resource type.
+### exist
 ```ruby
-describe ec2('my-ec2') do
-  it { should have_ebs('vol-123a123b') }
-  it { should have_ebs('my-volume') }
+describe cloudwatch_alarm('my-cloudwatch-alarm') do
+  it { should exist }
 end
 ```
-### have_eip
+### have_alarm_action
 ```ruby
-describe ec2('my-ec2') do
-  it { should have_eip('123.0.456.789') }
+describe cloudwatch_alarm('my-cloudwatch-alarm') do
+  it { should have_alarm_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
 end
 ```
-### have_security_group
+### have_insufficient_data_action
 ```ruby
-describe ec2('my-ec2') do
-  it { should have_security_group('my-security-group-name') }
-  it { should have_security_group('sg-1a2b3cd4') }
+describe cloudwatch_alarm('my-cloudwatch-alarm') do
+  it { should have_insufficient_data_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
 end
 ```
-### belong_to_subnet
+### have_ok_action
 ```ruby
-describe ec2('my-ec2') do
-  it { should belong_to_subnet('subnet-1234a567') }
-  it { should belong_to_subnet('my-subnet') }
+describe cloudwatch_alarm('my-cloudwatch-alarm') do
+  it { should have_ok_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
 end
 ```
-### belong_to_vpc
+### belong_to_metric
 ```ruby
-describe ec2('my-ec2') do
-  it { should belong_to_vpc('vpc-ab123cde') }
-  it { should belong_to_vpc('my-vpc') }
+describe cloudwatch_alarm('my-cloudwatch-alarm') do
+  it { should belong_to_metric('NumberOfProcesses').namespace('my-cloudwatch-namespace') }
 end
 ```
+### its(:alarm_name), its(:alarm_arn), its(:alarm_description), its(:alarm_configuration_updated_timestamp), its(:actions_enabled), its(:state_value), its(:state_reason), its(:state_reason_data), its(:state_updated_timestamp), its(:metric_name), its(:namespace), its(:statistic), its(:period), its(:unit), its(:evaluation_periods), its(:threshold), its(:comparison_operator)
+## <a name="directconnect_virtual_interface">directconnect_virtual_interface</a>
-### its(:instance_id), its(:image_id), its(:private_dns_name), its(:public_dns_name), its(:state_transition_reason), its(:key_name), its(:ami_launch_index), its(:instance_type), its(:launch_time), its(:placement), its(:kernel_id), its(:ramdisk_id), its(:platform), its(:monitoring), its(:subnet_id), its(:vpc_id), its(:private_ip_address), its(:public_ip_address), its(:state_reason), its(:architecture), its(:root_device_type), its(:root_device_name), its(:virtualization_type), its(:instance_lifecycle), its(:spot_instance_request_id), its(:client_token), its(:source_dest_check), its(:hypervisor), its(:iam_instance_profile), its(:ebs_optimized), its(:sriov_net_support)
-### :unlock: Advanced use
-`ec2` can use `Aws::EC2::Instance` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Instance.html).
+DirectconnectVirtualInterface resource type.
 ```ruby
-describe ec2('my-ec2') do
-  its('vpc.id') { should eq 'vpc-ab123cde' }
+describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
+  it { should exist }
+  it { should be_available }
+  its(:connection_id) { should eq 'dxcon-abcd5fgh' }
+  its(:virtual_interface_id) { should eq 'dxvif-aabbccdd' }
+  its(:amazon_address) { should eq '170.252.252.1/30' }
+  its(:customer_address) { should eq '123.456.789.2/30' }
+  its(:virtual_gateway_id) { should eq 'vgw-d234e5f6' }
 end
 ```
-or
+### exist
 ```ruby
-describe ec2('my-ec2') do
-  its('resource.vpc.id') { should eq 'vpc-ab123cde' }
+describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
+  it { should exist }
 end
 ```
-## <a name="rds">rds</a>
-RDS resource type.
-### exist
+### be_confirming, be_verifying, be_pending, be_available, be_deleting, be_deleted, be_rejected
 ```ruby
-describe rds('my-rds') do
+describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
   it { should exist }
+  it { should be_available }
 end
 ```
+### its(:owner_account), its(:virtual_interface_id), its(:location), its(:connection_id), its(:virtual_interface_type), its(:virtual_interface_name), its(:vlan), its(:asn), its(:auth_key), its(:amazon_address), its(:customer_address), its(:virtual_interface_state), its(:customer_router_config), its(:virtual_gateway_id)
+## <a name="ebs">ebs</a>
+EBS resource type.
-### be_available, be_backing_up, be_creating, be_deleting, be_failed, be_inaccessible_encryption_credentials, be_incompatible_credentials, be_incompatible_network, be_incompatible_option_group, be_incompatible_parameters, be_incompatible_restore, be_maintenance, be_modifying, be_rebooting, be_renaming, be_resetting_master_credentials, be_restore_error, be_storage_full, be_upgrading
+### exist
 ```ruby
-describe rds('my-rds') do
-  it { should be_available }
+describe ebs('my-volume') do
+  it { should exist }
 end
 ```
-### have_db_parameter_group
+### be_attached_to
 ```ruby
-describe rds('my-rds') do
-  it { should belong_to_db_subnet_group('my-db-subnet-group') }
+describe ebs('my-volume') do
+  it { should be_attached_to('my-ec2') }
 end
 ```
-### have_option_group
+### be_creating, be_available, be_in_use, be_deleting, be_deleted, be_error
 ```ruby
-describe rds('my-rds') do
-  it { should have_option_group('default:mysql-5-6') }
+describe ebs('my-volume') do
+  it { should be_in_use }
 end
 ```
-### have_security_group
+### its(:volume_id), its(:size), its(:snapshot_id), its(:availability_zone), its(:state), its(:create_time), its(:volume_type), its(:iops), its(:encrypted), its(:kms_key_id)
+### :unlock: Advanced use
+`ebs` can use `Aws::EC2::Volume` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Volume.html).
 ```ruby
-describe rds('my-rds') do
-  it { should have_security_group('sg-5a6b7cd8') }
-  it { should have_security_group('my-db-sg') }
+describe ebs('my-volume') do
+  its('attachments.first.instance_id') { should eq 'i-ec12345a' }
 end
 ```
-### belong_to_db_subnet_group
+or
 ```ruby
-describe rds('my-rds') do
-  it { should belong_to_db_subnet_group('my-db-subnet-group') }
+describe ebs('my-volume') do
+  its('resource.attachments.first.instance_id') { should eq 'i-ec12345a' }
 end
 ```
+## <a name="ec2">ec2</a>
-### belong_to_subnet
+EC2 resource type.
+### exist
 ```ruby
-describe rds('my-rds') do
-  it { should belong_to_subnet('subnet-8901b123') }
-  it { should belong_to_subnet('db-subnet-a') }
+describe ec2('my-ec2') do
+  it { should exist }
 end
 ```
-### belong_to_vpc
+### be_disabled_api_termination
 ```ruby
-describe rds('my-rds') do
-  it { should belong_to_vpc('vpc-ab123cde') }
-  it { should belong_to_vpc('my-vpc') }
+describe ec2('my-ec2') do
+  it { should be_disabled_api_termination }
 end
 ```
-### its(:vpc_id), its(:db_instance_identifier), its(:db_instance_class), its(:engine), its(:db_instance_status), its(:master_username), its(:db_name), its(:endpoint), its(:allocated_storage), its(:instance_create_time), its(:preferred_backup_window), its(:backup_retention_period), its(:availability_zone), its(:preferred_maintenance_window), its(:pending_modified_values), its(:latest_restorable_time), its(:multi_az), its(:engine_version), its(:auto_minor_version_upgrade), its(:read_replica_source_db_instance_identifier), its(:license_model), its(:iops), its(:character_set_name), its(:secondary_availability_zone), its(:publicly_accessible), its(:storage_type), its(:tde_credential_arn), its(:db_instance_port), its(:db_cluster_identifier), its(:storage_encrypted), its(:kms_key_id), its(:dbi_resource_id), its(:ca_certificate_identifier), its(:copy_tags_to_snapshot), its(:monitoring_interval), its(:enhanced_monitoring_resource_arn), its(:monitoring_role_arn)
-### :unlock: Advanced use
-`rds` can use `Aws::RDS::DBInstance` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/RDS/DBInstance.html).
+### be_pending, be_running, be_shutting_down, be_terminated, be_stopping, be_stopped
 ```ruby
-describe rds('my-rds') do
-  its('db_subnet_group.db_subnet_group_name') { should eq 'my-db-subnet-group' }
+describe ec2('my-ec2') do
+  it { should be_running }
 end
 ```
-or
+### have_ebs
 ```ruby
-describe rds('my-rds') do
-  its('resource.db_subnet_group.db_subnet_group_name') { should eq 'my-db-subnet-group' }
+describe ec2('my-ec2') do
+  it { should have_ebs('vol-123a123b') }
+  it { should have_ebs('my-volume') }
 end
 ```
-## <a name="rds_db_parameter_group">rds_db_parameter_group</a>
-RdsDbParameterGroup resource type.
+### have_eip
 ```ruby
-describe rds_db_parameter_group('my-rds-db-parameter-group') do
-  its(:basedir) { should eq '/rdsdbbin/mysql' }
-  its(:innodb_buffer_pool_size) { '{DBInstanceClassMemory*3/4}' }
+describe ec2('my-ec2') do
+  it { should have_eip('123.0.456.789') }
 end
 ```
-### exist
+### have_security_group
 ```ruby
-describe rds_db_parameter_group('my-rds-db-parameter-group') do
-  it { should exist }
+describe ec2('my-ec2') do
+  it { should have_security_group('my-security-group-name') }
+  it { should have_security_group('sg-1a2b3cd4') }
 end
 ```
-## <a name="security_group">security_group</a>
-SecurityGroup resource type.
-### exist
+### belong_to_subnet
 ```ruby
-describe security_group('my-security-group-name') do
-  it { should exist }
+describe ec2('my-ec2') do
+  it { should belong_to_subnet('subnet-1234a567') }
+  it { should belong_to_subnet('my-subnet') }
 end
 ```
-### its(:inbound), its(:outbound)
+### belong_to_vpc
 ```ruby
-describe security_group('my-security-group-name') do
-  its(:outbound) { should be_opened }
-  its(:inbound) { should be_opened(80) }
-  its(:inbound) { should be_opened(80).protocol('tcp').for('203.0.113.1/32') }
-  its(:inbound) { should be_opened(22).protocol('tcp').for('sg-5a6b7cd8') }
+describe ec2('my-ec2') do
+  it { should belong_to_vpc('vpc-ab123cde') }
+  it { should belong_to_vpc('my-vpc') }
 end
 ```
-### its(:inbound_rule_count), its(:outbound_rule_count), its(:inbound_permissions_count), its(:outbound_permissions_count), its(:owner_id), its(:group_name), its(:group_id), its(:description), its(:vpc_id)
+### its(:instance_id), its(:image_id), its(:private_dns_name), its(:public_dns_name), its(:state_transition_reason), its(:key_name), its(:ami_launch_index), its(:instance_type), its(:launch_time), its(:placement), its(:kernel_id), its(:ramdisk_id), its(:platform), its(:monitoring), its(:subnet_id), its(:vpc_id), its(:private_ip_address), its(:public_ip_address), its(:state_reason), its(:architecture), its(:root_device_type), its(:root_device_name), its(:virtualization_type), its(:instance_lifecycle), its(:spot_instance_request_id), its(:client_token), its(:source_dest_check), its(:hypervisor), its(:iam_instance_profile), its(:ebs_optimized), its(:sriov_net_support)
 ### :unlock: Advanced use
-`security_group` can use `Aws::EC2::SecurityGroup` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/SecurityGroup.html).
+`ec2` can use `Aws::EC2::Instance` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Instance.html).
 ```ruby
-describe security_group('my-security-group-name') do
-  its('group_name') { should eq 'my-security-group-name' }
+describe ec2('my-ec2') do
+  its('vpc.id') { should eq 'vpc-ab123cde' }
 end
 ```
 or
 ```ruby
-describe security_group('my-security-group-name') do
-  its('resource.group_name') { should eq 'my-security-group-name' }
+describe ec2('my-ec2') do
+  its('resource.vpc.id') { should eq 'vpc-ab123cde' }
 end
 ```
-## <a name="vpc">vpc</a>
+## <a name="elasticache">elasticache</a>
-VPC resource type.
+Elasticache resource type.
 ### exist
 ```ruby
-describe vpc('my-vpc') do
+describe elasticache('my-rep-group-001') do
   it { should exist }
 end
 ```
-### be_available, be_pending
+### be_available, be_creating, be_deleted, be_deleting, be_incompatible_network, be_modifying, be_rebooting_cache_cluster_nodes, be_restore_failed, be_snapshotting
 ```ruby
-describe vpc('vpc-ab123cde') do
+describe elasticache('my-rep-group-001') do
   it { should be_available }
 end
 ```
-### have_network_acl
+### have_cache_parameter_group
 ```ruby
-describe vpc('vpc-ab123cde') do
-  it { should have_network_acl('acl-1abc2d3e') }
-  it { should have_network_acl('my-network-acl') }
+describe elasticache('my-rep-group-001') do
+  it { should have_cache_parameter_group('my-cache-parameter-group') }
 end
 ```
-### have_route_table
+### belong_to_cache_subnet_group
 ```ruby
-describe vpc('vpc-ab123cde') do
-  it { should have_network_acl('acl-1abc2d3e') }
-  it { should have_network_acl('my-network-acl') }
+describe elasticache('my-rep-group-001') do
+  it { should belong_to_cache_subnet_group('my-cache-subnet-group') }
 end
 ```
-### its(:vpc_id), its(:state), its(:cidr_block), its(:dhcp_options_id), its(:instance_tenancy), its(:is_default)
-### :unlock: Advanced use
-`vpc` can use `Aws::EC2::Vpc` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Vpc.html).
+### belong_to_replication_group
 ```ruby
-describe vpc('my-vpc') do
-  its('route_tables.first.route_table_id') { should eq 'rtb-a12bcd34' }
+describe elasticache('my-rep-group-001') do
+  it { should belong_to_replication_group('my-rep-group') }
 end
 ```
-or
+### belong_to_vpc
 ```ruby
-describe vpc('my-vpc') do
-  its('resource.route_tables.first.route_table_id') { should eq 'rtb-a12bcd34' }
+describe elasticache('my-rep-group-001') do
+  it { should belong_to_vpc('my-vpc') }
 end
 ```
-## <a name="s3_bucket">s3_bucket</a>
+### its(:cache_cluster_id), its(:configuration_endpoint), its(:client_download_landing_page), its(:cache_node_type), its(:engine), its(:engine_version), its(:cache_cluster_status), its(:num_cache_nodes), its(:preferred_availability_zone), its(:cache_cluster_create_time), its(:preferred_maintenance_window), its(:notification_configuration), its(:cache_subnet_group_name), its(:auto_minor_version_upgrade), its(:replication_group_id), its(:snapshot_retention_limit), its(:snapshot_window)
+## <a name="elasticache_cache_parameter_group">elasticache_cache_parameter_group</a>
+ElasticacheCacheParameterGroup resource type.
+```ruby
+describe elasticache_cache_parameter_group('my-cache-parameter-group') do
+  it { should exist }
+  its(:activerehashing) { should eq 'yes' }
+  its(:client_output_buffer_limit_pubsub_hard_limit) { should eq '33554432' }
+end
+```
-S3Bucket resource type.
 ### exist
 ```ruby
-describe s3_bucket('my-bucket') do
+describe elasticache_cache_parameter_group('my-cache-parameter-group') do
   it { should exist }
 end
 ```
-### have_acl_grant
+## <a name="elb">elb</a>
+ELB resource type.
+### exist
 ```ruby
-describe s3_bucket('my-bucket') do
-  its(:acl_owner) { should eq 'my-bucket-owner' }
-  its(:acl_grants_count) { should eq 3 }
-  it { should have_acl_grant(grantee: 'my-bucket-owner', permission: 'FULL_CONTROL') }
-  it { should have_acl_grant(grantee: 'http://acs.amazonaws.com/groups/s3/LogDelivery', permission: 'WRITE') }
-  it { should have_acl_grant(grantee: '68f4bb06b094152df53893bfba57760e', permission: 'READ') }
+describe elb('my-elb') do
+  it { should exist }
 end
 ```
-### have_cors_rule
+### have_ec2
 ```ruby
-describe s3_bucket('my-bucket') do
-  it do
-    should have_cors_rule(
-      allowed_methods: ['GET'],
-      allowed_origins: ['*']
-    )
-  end
-  it do
-    should have_cors_rule(
-      allowed_headers: ['*'],
-      allowed_methods: ['GET'],
-      allowed_origins: ['https://example.org', 'https://example.com'],
-      expose_headers:  ['X-Custom-Header'],
-      max_age_seconds: 3600
-    )
-  end
+describe elb('my-elb') do
+  it { should have_ec2('my-ec2') }
 end
 ```
-### have_object
+### have_listener
+http://docs.aws.amazon.com/en_us/ElasticLoadBalancing/latest/DeveloperGuide/elb-listener-config.html
 ```ruby
-describe s3_bucket('my-bucket') do
-  it { should have_object('path/to/object') }
+describe elb('my-elb') do
+  it { should have_listener(protocol: 'HTTPS', port: 443, instance_protocol: 'HTTP', instance_port: 80) }
 end
 ```
-### have_policy
+### have_security_group
 ```ruby
-describe s3_bucket('my-bucket') do
-    should have_policy <<-POLICY
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Sid": "AllowPublicRead",
-      "Effect": "Allow",
-      "Principal": "*",
-      "Action": "s3:GetObject",
-      "Resource": "arn:aws:s3:::my-bucket/*"
-    }
-  ]
-}
-    POLICY
-  end
+describe elb('my-elb') do
+  it { should have_security_group('my-lb-security-group-tag-name') }
 end
 ```
-### its(:acl_grants_count), its(:acl_owner), its(:cors_rules_count), its(:name), its(:creation_date)
-### :unlock: Advanced use
-`s3_bucket` can use `Aws::S3::Bucket` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/S3/Bucket.html).
+### have_subnet
 ```ruby
-describe s3_bucket('my-bucket') do
-  its('acl.owner.display_name') { should eq 'my-bucket-owner' }
+describe elb('my-elb') do
+  it { should have_subnet('my-subnet') }
 end
 ```
-or
+### belong_to_vpc
 ```ruby
-describe s3_bucket('my-bucket') do
-  its('resource.acl.owner.display_name') { should eq 'my-bucket-owner' }
+describe elb('my-elb') do
+  it { should belong_to_vpc('my-vpc') }
 end
 ```
-## <a name="route53_hosted_zone">route53_hosted_zone</a>
+### its(:health_check_target), its(:health_check_interval), its(:health_check_timeout), its(:health_check_unhealthy_threshold), its(:health_check_healthy_threshold), its(:load_balancer_name), its(:dns_name), its(:canonical_hosted_zone_name), its(:canonical_hosted_zone_name_id), its(:vpc_id), its(:created_time), its(:scheme)
+## <a name="iam_group">iam_group</a>
-Route53HostedZone resource type.
+IamGroup resource type.
 ### exist
 ```ruby
-describe route53_hosted_zone('example.com.') do
+describe iam_group('my-iam-group') do
   it { should exist }
 end
 ```
-### have_record_set
+### be_allowed_action
 ```ruby
-describe route53_hosted_zone('example.com.') do
-  its(:resource_record_set_count) { should eq 6 }
-  it { should have_record_set('example.com.').a('123.456.7.890') }
-  it { should have_record_set('*.example.com.').cname('example.com') }
-  it { should have_record_set('example.com.').mx('10 mail.example.com') }
-  it { should have_record_set('mail.example.com.').a('123.456.7.890').ttl(3600) }
-  ns = 'ns-123.awsdns-45.net.
-ns-6789.awsdns-01.org.
-ns-2345.awsdns-67.co.uk.
-ns-890.awsdns-12.com.'
-  it { should have_record_set('example.com.').ns(ns) }
-  it { should have_record_set('s3.example.com.').alias('s3-website-us-east-1.amazonaws.com.', 'Z2ABCDEFGHIJKL') }
+describe iam_group('my-iam-group') do
+  it { should be_allowed_action('ec2:DescribeInstances') }
+  it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
 end
 ```
-### its(:id), its(:name), its(:caller_reference), its(:config), its(:resource_record_set_count)
-## <a name="autoscaling_group">autoscaling_group</a>
-AutoscalingGroup resource type.
-### exist
+### have_iam_policy
 ```ruby
-describe autoscaling_group('my-auto-scaling-group') do
-  it { should exist }
+describe iam_group('my-iam-group') do
+  it { should have_iam_policy('ReadOnlyAccess') }
 end
 ```
-### have_ec2
+### have_iam_user
 ```ruby
-describe autoscaling_group('my-auto-scaling-group') do
-  it { should have_ec2('my-ec2') }
+describe iam_group('my-iam-group') do
+  it { should have_iam_user('my-iam-user') }
 end
 ```
+### its(:path), its(:group_name), its(:group_id), its(:arn), its(:create_date)
+## <a name="iam_policy">iam_policy</a>
+IamPolicy resource type.
-### have_elb
+### exist
 ```ruby
-describe autoscaling_group('my-auto-scaling-group') do
-  it { should have_elb('my-elb') }
+describe iam_policy('my-iam-policy') do
+  it { should exist }
 end
 ```
-### its(:auto_scaling_group_name), its(:auto_scaling_group_arn), its(:launch_configuration_name), its(:min_size), its(:max_size), its(:desired_capacity), its(:default_cooldown), its(:health_check_type), its(:health_check_grace_period), its(:created_time), its(:placement_group), its(:vpc_zone_identifier), its(:status), its(:new_instances_protected_from_scale_in)
-## <a name="subnet">subnet</a>
-Subnet resource type.
-### exist
+### be_attachable
 ```ruby
-describe subnet('my-subnet') do
-  it { should exist }
+describe iam_policy('my-iam-policy') do
+  it { should be_attachable }
 end
 ```
-### be_available, be_pending
+### be_attached_to_group
 ```ruby
-describe subnet('my-subnet') do
-  it { should be_available }
+describe iam_policy('my-iam-policy') do
+  it { should be_attached_to_group('my-iam-group') }
 end
 ```
-### its(:subnet_id), its(:state), its(:vpc_id), its(:cidr_block), its(:available_ip_address_count), its(:availability_zone), its(:default_for_az), its(:map_public_ip_on_launch)
-### :unlock: Advanced use
-`subnet` can use `Aws::EC2::Subnet` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Subnet.html).
+### be_attached_to_role
 ```ruby
-describe subnet('my-subnet') do
-  its('vpc.id') { should eq 'vpc-ab123cde' }
+describe iam_policy('my-iam-policy') do
+  it { should be_attached_to_role('HelloIAmGodRole') }
 end
 ```
-or
+### be_attached_to_user
 ```ruby
-describe subnet('my-subnet') do
-  its('resource.vpc.id') { should eq 'vpc-ab123cde' }
+describe iam_policy('my-iam-policy') do
+  it { should be_attached_to_policy('my-iam-policy') }
 end
 ```
-## <a name="route_table">route_table</a>
+### its(:policy_name), its(:policy_id), its(:arn), its(:path), its(:default_version_id), its(:attachment_count), its(:is_attachable), its(:description), its(:create_date), its(:update_date)
+## <a name="iam_role">iam_role</a>
-RouteTable resource type.
+IamRole resource type.
 ### exist
 ```ruby
-describe route_table('my-route-table') do
+describe iam_role('my-iam-role') do
   it { should exist }
 end
 ```
-### have_route
+### be_allowed_action
 ```ruby
-describe route_table('my-route-table') do
-  it { should have_route('10.0.0.0/16').target(gateway: 'local') }
-  it { should have_route('0.0.0.0/0').target(gateway: 'igw-1ab2345c') }
-  it { should have_route('192.168.1.0/24').target(instance: 'my-ec2') }
-  it { should have_route('192.168.2.0/24').target(vpc_peering_connection: 'my-pcx') }
-  it { should have_route('192.168.3.0/24').target(nat: 'nat-7ff7777f') }
+describe iam_role('my-iam-role') do
+  it { should be_allowed_action('ec2:DescribeInstances') }
+  it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
 end
 ```
-### have_subnet
+### have_iam_policy
 ```ruby
-describe route_table('my-route-table') do
-  it { should have_subnet('my-subnet') }
+describe iam_role('my-iam-role') do
+  it { should have_iam_policy('ReadOnlyAccess') }
 end
 ```
+### its(:path), its(:role_name), its(:role_id), its(:arn), its(:create_date), its(:assume_role_policy_document)
+## <a name="iam_user">iam_user</a>
-### its(:route_table_id), its(:vpc_id)
-### :unlock: Advanced use
+IamUser resource type.
-`route_table` can use `Aws::EC2::RouteTable` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/RouteTable.html).
+### exist
 ```ruby
-describe route_table('my-route-table') do
-  its('vpc.id') { should eq 'vpc-ab123cde' }
+describe iam_user('my-iam-user') do
+  it { should exist }
 end
 ```
-or
+### be_allowed_action
 ```ruby
-describe s3_bucket('my-bucket') do
-  its('resource.vpc.id') { should eq 'vpc-ab123cde' }
+describe iam_user('my-iam-user') do
+  it { should be_allowed_action('ec2:DescribeInstances') }
+  it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
 end
 ```
-## <a name="ebs">ebs</a>
-EBS resource type.
+### have_iam_policy
+```ruby
+describe iam_user('my-iam-user') do
+  it { should have_iam_policy('ReadOnlyAccess') }
+end
+```
+### belong_to_iam_group
+```ruby
+describe iam_user('my-iam-user') do
+  it { should belong_to_iam_group('my-iam-group') }
+end
+```
+### its(:path), its(:user_name), its(:user_id), its(:arn), its(:create_date), its(:password_last_used)
+## <a name="lambda">lambda</a>
+Lambda resource type.
 ### exist
 ```ruby
-describe ebs('my-volume') do
+describe lambda('my-lambda-function-name') do
   it { should exist }
 end
 ```
-### be_attached_to
+### have_event_source
+This matcher does not support Amazon S3 event sources. ( [See SDK doc](http://docs.aws.amazon.com/sdkforruby/api/Aws/Lambda/Client.html#list_event_source_mappings-instance_method) )
+### its(:function_name), its(:function_arn), its(:runtime), its(:role), its(:handler), its(:code_size), its(:description), its(:timeout), its(:memory_size), its(:last_modified), its(:code_sha_256), its(:version)
+## <a name="nat_gateway">nat_gateway</a>
+NatGateway resource type.
+### exist
 ```ruby
-describe ebs('my-volume') do
-  it { should be_attached_to('my-ec2') }
+describe nat_gateway('nat-7ff7777f') do
+  it { should exist }
 end
 ```
-### be_creating, be_available, be_in_use, be_deleting, be_deleted, be_error
+### be_pending, be_failed, be_available, be_deleting, be_deleted
 ```ruby
-describe ebs('my-volume') do
-  it { should be_in_use }
+describe nat_gateway('nat-7ff7777f') do
+  it { should be_available }
 end
 ```
-### its(:volume_id), its(:size), its(:snapshot_id), its(:availability_zone), its(:state), its(:create_time), its(:volume_type), its(:iops), its(:encrypted), its(:kms_key_id)
-### :unlock: Advanced use
-`ebs` can use `Aws::EC2::Volume` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Volume.html).
+### have_eip
 ```ruby
-describe ebs('my-volume') do
-  its('attachments.first.instance_id') { should eq 'i-ec12345a' }
+describe nat_gateway('nat-7ff7777f') do
+  it { should have_eip('123.0.456.789') }
 end
 ```
-or
+### belong_to_vpc
 ```ruby
-describe ebs('my-volume') do
-  its('resource.attachments.first.instance_id') { should eq 'i-ec12345a' }
+describe nat_gateway('nat-7ff7777f') do
+  it { should belong_to_vpc('my-vpc') }
 end
 ```
-## <a name="elb">elb</a>
+### its(:vpc_id), its(:subnet_id), its(:nat_gateway_id), its(:create_time), its(:delete_time), its(:state), its(:failure_code), its(:failure_message)
+## <a name="network_acl">network_acl</a>
-ELB resource type.
+NetworkAcl resource type.
 ### exist
 ```ruby
-describe elb('my-elb') do
+describe network_acl('my-network-acl') do
   it { should exist }
 end
 ```
-### have_ec2
+### have_subnet
 ```ruby
-describe elb('my-elb') do
-  it { should have_ec2('my-ec2') }
+describe network_acl('my-network-acl') do
+  it { should have_subnet('my-subnet') }
 end
 ```
-### have_listener
-http://docs.aws.amazon.com/en_us/ElasticLoadBalancing/latest/DeveloperGuide/elb-listener-config.html
+### belong_to_vpc
 ```ruby
-describe elb('my-elb') do
-  it { should have_listener(protocol: 'HTTPS', port: 443, instance_protocol: 'HTTP', instance_port: 80) }
+describe network_acl('my-network-acl') do
+  it { should belong_to_vpc('my-vpc') }
 end
 ```
-### have_security_group
+### its(:inbound), its(:outbound), its(:inbound_entries_count), its(:outbound_entries_count)
 ```ruby
-describe elb('my-elb') do
-  it { should have_security_group('my-lb-security-group-tag-name') }
+describe network_acl('my-network-acl') do
+  its(:inbound) { should be_allowed(80).protocol('tcp').source('123.0.456.789/32') }
+  its(:inbound) { should be_denied.rule_number('*').source('0.0.0.0/0') }
+  its(:outbound) { should be_allowed.protocol('ALL').source('0.0.0.0/0') }
+  its(:inbound_entries_count) { should eq 3 }
+  its(:outbound_entries_count) { should eq 2 }
 end
 ```
-### have_subnet
+### its(:inbound_entries_count), its(:outbound_entries_count), its(:network_acl_id), its(:vpc_id), its(:is_default)
+### :unlock: Advanced use
+`network_acl` can use `Aws::EC2::NetworkAcl` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/NetworkAcl.html).
 ```ruby
-describe elb('my-elb') do
-  it { should have_subnet('my-subnet') }
+describe network_acl('my-network-acl') do
+  its('vpc.id') { should eq 'vpc-ab123cde' }
 end
 ```
-### belong_to_vpc
+or
 ```ruby
-describe elb('my-elb') do
-  it { should belong_to_vpc('my-vpc') }
+describe network_acl('my-network-acl') do
+  its('resource.vpc.id') { should eq 'vpc-ab123cde' }
 end
 ```
-### its(:health_check_target), its(:health_check_interval), its(:health_check_timeout), its(:health_check_unhealthy_threshold), its(:health_check_healthy_threshold), its(:load_balancer_name), its(:dns_name), its(:canonical_hosted_zone_name), its(:canonical_hosted_zone_name_id), its(:vpc_id), its(:created_time), its(:scheme)
-## <a name="lambda">lambda</a>
+## <a name="rds">rds</a>
-Lambda resource type.
+RDS resource type.
 ### exist
 ```ruby
-describe lambda('my-lambda-function-name') do
+describe rds('my-rds') do
   it { should exist }
 end
 ```
-### have_event_source
-This matcher does not support Amazon S3 event sources. ( [See SDK doc](http://docs.aws.amazon.com/sdkforruby/api/Aws/Lambda/Client.html#list_event_source_mappings-instance_method) )
+### be_available, be_backing_up, be_creating, be_deleting, be_failed, be_inaccessible_encryption_credentials, be_incompatible_credentials, be_incompatible_network, be_incompatible_option_group, be_incompatible_parameters, be_incompatible_restore, be_maintenance, be_modifying, be_rebooting, be_renaming, be_resetting_master_credentials, be_restore_error, be_storage_full, be_upgrading
-### its(:function_name), its(:function_arn), its(:runtime), its(:role), its(:handler), its(:code_size), its(:description), its(:timeout), its(:memory_size), its(:last_modified), its(:code_sha_256), its(:version)
-## <a name="iam_user">iam_user</a>
+```ruby
+describe rds('my-rds') do
+  it { should be_available }
+end
+```
-IamUser resource type.
-### exist
+### have_db_parameter_group
 ```ruby
-describe iam_user('my-iam-user') do
-  it { should exist }
+describe rds('my-rds') do
+  it { should belong_to_db_subnet_group('my-db-subnet-group') }
 end
 ```
-### be_allowed_action
+### have_option_group
 ```ruby
-describe iam_user('my-iam-user') do
-  it { should be_allowed_action('ec2:DescribeInstances') }
-  it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
+describe rds('my-rds') do
+  it { should have_option_group('default:mysql-5-6') }
 end
 ```
-### have_iam_policy
+### have_security_group
 ```ruby
-describe iam_user('my-iam-user') do
-  it { should have_iam_policy('ReadOnlyAccess') }
+describe rds('my-rds') do
+  it { should have_security_group('sg-5a6b7cd8') }
+  it { should have_security_group('my-db-sg') }
 end
 ```
-### belong_to_iam_group
+### belong_to_db_subnet_group
 ```ruby
-describe iam_user('my-iam-user') do
-  it { should belong_to_iam_group('my-iam-group') }
+describe rds('my-rds') do
+  it { should belong_to_db_subnet_group('my-db-subnet-group') }
 end
 ```
-### its(:path), its(:user_name), its(:user_id), its(:arn), its(:create_date), its(:password_last_used)
-## <a name="iam_group">iam_group</a>
-IamGroup resource type.
-### exist
+### belong_to_subnet
 ```ruby
-describe iam_group('my-iam-group') do
-  it { should exist }
+describe rds('my-rds') do
+  it { should belong_to_subnet('subnet-8901b123') }
+  it { should belong_to_subnet('db-subnet-a') }
 end
 ```
-### be_allowed_action
+### belong_to_vpc
 ```ruby
-describe iam_group('my-iam-group') do
-  it { should be_allowed_action('ec2:DescribeInstances') }
-  it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
+describe rds('my-rds') do
+  it { should belong_to_vpc('vpc-ab123cde') }
+  it { should belong_to_vpc('my-vpc') }
 end
 ```
-### have_iam_policy
+### its(:vpc_id), its(:db_instance_identifier), its(:db_instance_class), its(:engine), its(:db_instance_status), its(:master_username), its(:db_name), its(:endpoint), its(:allocated_storage), its(:instance_create_time), its(:preferred_backup_window), its(:backup_retention_period), its(:availability_zone), its(:preferred_maintenance_window), its(:pending_modified_values), its(:latest_restorable_time), its(:multi_az), its(:engine_version), its(:auto_minor_version_upgrade), its(:read_replica_source_db_instance_identifier), its(:license_model), its(:iops), its(:character_set_name), its(:secondary_availability_zone), its(:publicly_accessible), its(:storage_type), its(:tde_credential_arn), its(:db_instance_port), its(:db_cluster_identifier), its(:storage_encrypted), its(:kms_key_id), its(:dbi_resource_id), its(:ca_certificate_identifier), its(:copy_tags_to_snapshot), its(:monitoring_interval), its(:enhanced_monitoring_resource_arn), its(:monitoring_role_arn)
+### :unlock: Advanced use
+`rds` can use `Aws::RDS::DBInstance` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/RDS/DBInstance.html).
 ```ruby
-describe iam_group('my-iam-group') do
-  it { should have_iam_policy('ReadOnlyAccess') }
+describe rds('my-rds') do
+  its('db_subnet_group.db_subnet_group_name') { should eq 'my-db-subnet-group' }
 end
 ```
-### have_iam_user
+or
 ```ruby
-describe iam_group('my-iam-group') do
-  it { should have_iam_user('my-iam-user') }
+describe rds('my-rds') do
+  its('resource.db_subnet_group.db_subnet_group_name') { should eq 'my-db-subnet-group' }
 end
 ```
-### its(:path), its(:group_name), its(:group_id), its(:arn), its(:create_date)
-## <a name="iam_role">iam_role</a>
+## <a name="rds_db_parameter_group">rds_db_parameter_group</a>
-IamRole resource type.
+RdsDbParameterGroup resource type.
+```ruby
+describe rds_db_parameter_group('my-rds-db-parameter-group') do
+  its(:basedir) { should eq '/rdsdbbin/mysql' }
+  its(:innodb_buffer_pool_size) { '{DBInstanceClassMemory*3/4}' }
+end
+```
 ### exist
 ```ruby
-describe iam_role('my-iam-role') do
+describe rds_db_parameter_group('my-rds-db-parameter-group') do
   it { should exist }
 end
 ```
-### be_allowed_action
+## <a name="route53_hosted_zone">route53_hosted_zone</a>
+Route53HostedZone resource type.
+### exist
 ```ruby
-describe iam_role('my-iam-role') do
-  it { should be_allowed_action('ec2:DescribeInstances') }
-  it { should be_allowed_action('s3:Put*').resource_arn('arn:aws:s3:::my-bucket-name/*') }
+describe route53_hosted_zone('example.com.') do
+  it { should exist }
 end
 ```
-### have_iam_policy
+### have_record_set
 ```ruby
-describe iam_role('my-iam-role') do
-  it { should have_iam_policy('ReadOnlyAccess') }
+describe route53_hosted_zone('example.com.') do
+  its(:resource_record_set_count) { should eq 6 }
+  it { should have_record_set('example.com.').a('123.456.7.890') }
+  it { should have_record_set('*.example.com.').cname('example.com') }
+  it { should have_record_set('example.com.').mx('10 mail.example.com') }
+  it { should have_record_set('mail.example.com.').a('123.456.7.890').ttl(3600) }
+  ns = 'ns-123.awsdns-45.net.
+ns-6789.awsdns-01.org.
+ns-2345.awsdns-67.co.uk.
+ns-890.awsdns-12.com.'
+  it { should have_record_set('example.com.').ns(ns) }
+  it { should have_record_set('s3.example.com.').alias('s3-website-us-east-1.amazonaws.com.', 'Z2ABCDEFGHIJKL') }
 end
 ```
-### its(:path), its(:role_name), its(:role_id), its(:arn), its(:create_date), its(:assume_role_policy_document)
-## <a name="iam_policy">iam_policy</a>
+### its(:id), its(:name), its(:caller_reference), its(:config), its(:resource_record_set_count)
+## <a name="route_table">route_table</a>
-IamPolicy resource type.
+RouteTable resource type.
 ### exist
 ```ruby
-describe iam_policy('my-iam-policy') do
+describe route_table('my-route-table') do
   it { should exist }
 end
 ```
-### be_attachable
+### have_route
 ```ruby
-describe iam_policy('my-iam-policy') do
-  it { should be_attachable }
+describe route_table('my-route-table') do
+  it { should have_route('10.0.0.0/16').target(gateway: 'local') }
+  it { should have_route('0.0.0.0/0').target(gateway: 'igw-1ab2345c') }
+  it { should have_route('192.168.1.0/24').target(instance: 'my-ec2') }
+  it { should have_route('192.168.2.0/24').target(vpc_peering_connection: 'my-pcx') }
+  it { should have_route('192.168.3.0/24').target(nat: 'nat-7ff7777f') }
 end
 ```
-### be_attached_to_group
+### have_subnet
 ```ruby
-describe iam_policy('my-iam-policy') do
-  it { should be_attached_to_group('my-iam-group') }
+describe route_table('my-route-table') do
+  it { should have_subnet('my-subnet') }
 end
 ```
-### be_attached_to_role
+### its(:route_table_id), its(:vpc_id)
+### :unlock: Advanced use
+`route_table` can use `Aws::EC2::RouteTable` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/RouteTable.html).
 ```ruby
-describe iam_policy('my-iam-policy') do
-  it { should be_attached_to_role('HelloIAmGodRole') }
+describe route_table('my-route-table') do
+  its('vpc.id') { should eq 'vpc-ab123cde' }
 end
 ```
-### be_attached_to_user
+or
 ```ruby
-describe iam_policy('my-iam-policy') do
-  it { should be_attached_to_policy('my-iam-policy') }
+describe s3_bucket('my-bucket') do
+  its('resource.vpc.id') { should eq 'vpc-ab123cde' }
 end
 ```
-### its(:policy_name), its(:policy_id), its(:arn), its(:path), its(:default_version_id), its(:attachment_count), its(:is_attachable), its(:description), its(:create_date), its(:update_date)
-## <a name="elasticache">elasticache</a>
+## <a name="s3_bucket">s3_bucket</a>
-Elasticache resource type.
+S3Bucket resource type.
 ### exist
 ```ruby
-describe elasticache('my-rep-group-001') do
+describe s3_bucket('my-bucket') do
   it { should exist }
 end
 ```
-### be_available, be_creating, be_deleted, be_deleting, be_incompatible_network, be_modifying, be_rebooting_cache_cluster_nodes, be_restore_failed, be_snapshotting
+### have_acl_grant
 ```ruby
-describe elasticache('my-rep-group-001') do
-  it { should be_available }
+describe s3_bucket('my-bucket') do
+  its(:acl_owner) { should eq 'my-bucket-owner' }
+  its(:acl_grants_count) { should eq 3 }
+  it { should have_acl_grant(grantee: 'my-bucket-owner', permission: 'FULL_CONTROL') }
+  it { should have_acl_grant(grantee: 'http://acs.amazonaws.com/groups/s3/LogDelivery', permission: 'WRITE') }
+  it { should have_acl_grant(grantee: '68f4bb06b094152df53893bfba57760e', permission: 'READ') }
 end
 ```
-### have_cache_parameter_group
+### have_cors_rule
 ```ruby
-describe elasticache('my-rep-group-001') do
-  it { should have_cache_parameter_group('my-cache-parameter-group') }
+describe s3_bucket('my-bucket') do
+  it do
+    should have_cors_rule(
+      allowed_methods: ['GET'],
+      allowed_origins: ['*']
+    )
+  end
+  it do
+    should have_cors_rule(
+      allowed_headers: ['*'],
+      allowed_methods: ['GET'],
+      allowed_origins: ['https://example.org', 'https://example.com'],
+      expose_headers:  ['X-Custom-Header'],
+      max_age_seconds: 3600
+    )
+  end
 end
 ```
-### belong_to_cache_subnet_group
+### have_object
 ```ruby
-describe elasticache('my-rep-group-001') do
-  it { should belong_to_cache_subnet_group('my-cache-subnet-group') }
+describe s3_bucket('my-bucket') do
+  it { should have_object('path/to/object') }
 end
 ```
-### belong_to_replication_group
+### have_policy
 ```ruby
-describe elasticache('my-rep-group-001') do
-  it { should belong_to_replication_group('my-rep-group') }
+describe s3_bucket('my-bucket') do
+    should have_policy <<-POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "AllowPublicRead",
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "s3:GetObject",
+      "Resource": "arn:aws:s3:::my-bucket/*"
+    }
+  ]
+}
+    POLICY
+  end
 end
 ```
-### belong_to_vpc
-```ruby
-describe elasticache('my-rep-group-001') do
-  it { should belong_to_vpc('my-vpc') }
-end
-```
-### its(:cache_cluster_id), its(:configuration_endpoint), its(:client_download_landing_page), its(:cache_node_type), its(:engine), its(:engine_version), its(:cache_cluster_status), its(:num_cache_nodes), its(:preferred_availability_zone), its(:cache_cluster_create_time), its(:preferred_maintenance_window), its(:notification_configuration), its(:cache_subnet_group_name), its(:auto_minor_version_upgrade), its(:replication_group_id), its(:snapshot_retention_limit), its(:snapshot_window)
-## <a name="elasticache_cache_parameter_group">elasticache_cache_parameter_group</a>
+### its(:acl_grants_count), its(:acl_owner), its(:cors_rules_count), its(:name), its(:creation_date)
+### :unlock: Advanced use
-ElasticacheCacheParameterGroup resource type.
+`s3_bucket` can use `Aws::S3::Bucket` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/S3/Bucket.html).
 ```ruby
-describe elasticache_cache_parameter_group('my-cache-parameter-group') do
-  it { should exist }
-  its(:activerehashing) { should eq 'yes' }
-  its(:client_output_buffer_limit_pubsub_hard_limit) { should eq '33554432' }
+describe s3_bucket('my-bucket') do
+  its('acl.owner.display_name') { should eq 'my-bucket-owner' }
 end
 ```
-### exist
+or
 ```ruby
-describe elasticache_cache_parameter_group('my-cache-parameter-group') do
-  it { should exist }
+describe s3_bucket('my-bucket') do
+  its('resource.acl.owner.display_name') { should eq 'my-bucket-owner' }
 end
 ```
+## <a name="security_group">security_group</a>
-## <a name="cloudwatch_alarm">cloudwatch_alarm</a>
-CloudwatchAlarm resource type.
+SecurityGroup resource type.
 ### exist
 ```ruby
-describe cloudwatch_alarm('my-cloudwatch-alarm') do
+describe security_group('my-security-group-name') do
   it { should exist }
 end
 ```
-### have_alarm_action
+### its(:inbound), its(:outbound)
 ```ruby
-describe cloudwatch_alarm('my-cloudwatch-alarm') do
-  it { should have_alarm_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
+describe security_group('my-security-group-name') do
+  its(:outbound) { should be_opened }
+  its(:inbound) { should be_opened(80) }
+  its(:inbound) { should be_opened(80).protocol('tcp').for('203.0.113.1/32') }
+  its(:inbound) { should be_opened(22).protocol('tcp').for('sg-5a6b7cd8') }
 end
 ```
-### have_insufficient_data_action
-```ruby
-describe cloudwatch_alarm('my-cloudwatch-alarm') do
-  it { should have_insufficient_data_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
-end
-```
+### its(:inbound_rule_count), its(:outbound_rule_count), its(:inbound_permissions_count), its(:outbound_permissions_count), its(:owner_id), its(:group_name), its(:group_id), its(:description), its(:vpc_id)
+### :unlock: Advanced use
-### have_ok_action
+`security_group` can use `Aws::EC2::SecurityGroup` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/SecurityGroup.html).
 ```ruby
-describe cloudwatch_alarm('my-cloudwatch-alarm') do
-  it { should have_ok_action('arn:aws:sns:ap-northeast-1:1234567890:sns_alert') }
+describe security_group('my-security-group-name') do
+  its('group_name') { should eq 'my-security-group-name' }
 end
 ```
-### belong_to_metric
+or
 ```ruby
-describe cloudwatch_alarm('my-cloudwatch-alarm') do
-  it { should belong_to_metric('NumberOfProcesses').namespace('my-cloudwatch-namespace') }
+describe security_group('my-security-group-name') do
+  its('resource.group_name') { should eq 'my-security-group-name' }
 end
 ```
-### its(:alarm_name), its(:alarm_arn), its(:alarm_description), its(:alarm_configuration_updated_timestamp), its(:actions_enabled), its(:state_value), its(:state_reason), its(:state_reason_data), its(:state_updated_timestamp), its(:metric_name), its(:namespace), its(:statistic), its(:period), its(:unit), its(:evaluation_periods), its(:threshold), its(:comparison_operator)
 ## <a name="ses_identity">ses_identity</a>
 SesIdentity resource type.
@@ -1050,57 +1087,35 @@ end
 ```
 ### its(:dkim_enabled), its(:dkim_verification_status), its(:bounce_topic), its(:complaint_topic), its(:delivery_topic), its(:forwarding_enabled), its(:verification_status), its(:verification_token)
-## <a name="network_acl">network_acl</a>
+## <a name="subnet">subnet</a>
-NetworkAcl resource type.
+Subnet resource type.
 ### exist
 ```ruby
-describe network_acl('my-network-acl') do
+describe subnet('my-subnet') do
   it { should exist }
 end
 ```
-### have_subnet
-```ruby
-describe network_acl('my-network-acl') do
-  it { should have_subnet('my-subnet') }
-end
-```
-### belong_to_vpc
-```ruby
-describe network_acl('my-network-acl') do
-  it { should belong_to_vpc('my-vpc') }
-end
-```
-### its(:inbound), its(:outbound), its(:inbound_entries_count), its(:outbound_entries_count)
+### be_available, be_pending
 ```ruby
-describe network_acl('my-network-acl') do
-  its(:inbound) { should be_allowed(80).protocol('tcp').source('123.0.456.789/32') }
-  its(:inbound) { should be_denied.rule_number('*').source('0.0.0.0/0') }
-  its(:outbound) { should be_allowed.protocol('ALL').source('0.0.0.0/0') }
-  its(:inbound_entries_count) { should eq 3 }
-  its(:outbound_entries_count) { should eq 2 }
+describe subnet('my-subnet') do
+  it { should be_available }
 end
 ```
-### its(:inbound_entries_count), its(:outbound_entries_count), its(:network_acl_id), its(:vpc_id), its(:is_default)
+### its(:subnet_id), its(:state), its(:vpc_id), its(:cidr_block), its(:available_ip_address_count), its(:availability_zone), its(:default_for_az), its(:map_public_ip_on_launch)
 ### :unlock: Advanced use
-`network_acl` can use `Aws::EC2::NetworkAcl` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/NetworkAcl.html).
+`subnet` can use `Aws::EC2::Subnet` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Subnet.html).
 ```ruby
-describe network_acl('my-network-acl') do
+describe subnet('my-subnet') do
   its('vpc.id') { should eq 'vpc-ab123cde' }
 end
 ```
@@ -1108,84 +1123,68 @@ end
 or
 ```ruby
-describe network_acl('my-network-acl') do
+describe subnet('my-subnet') do
   its('resource.vpc.id') { should eq 'vpc-ab123cde' }
 end
 ```
-## <a name="directconnect_virtual_interface">directconnect_virtual_interface</a>
-DirectconnectVirtualInterface resource type.
-```ruby
-describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
-  it { should exist }
-  it { should be_available }
-  its(:connection_id) { should eq 'dxcon-abcd5fgh' }
-  its(:virtual_interface_id) { should eq 'dxvif-aabbccdd' }
-  its(:amazon_address) { should eq '170.252.252.1/30' }
-  its(:customer_address) { should eq '123.456.789.2/30' }
-  its(:virtual_gateway_id) { should eq 'vgw-d234e5f6' }
-end
-```
+## <a name="vpc">vpc</a>
+VPC resource type.
 ### exist
 ```ruby
-describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
+describe vpc('my-vpc') do
   it { should exist }
 end
 ```
-### be_confirming, be_verifying, be_pending, be_available, be_deleting, be_deleted, be_rejected
+### be_available, be_pending
 ```ruby
-describe directconnect_virtual_interface('my-directconnect-virtual-interface') do
-  it { should exist }
+describe vpc('vpc-ab123cde') do
   it { should be_available }
 end
 ```
-### its(:owner_account), its(:virtual_interface_id), its(:location), its(:connection_id), its(:virtual_interface_type), its(:virtual_interface_name), its(:vlan), its(:asn), its(:auth_key), its(:amazon_address), its(:customer_address), its(:virtual_interface_state), its(:customer_router_config), its(:virtual_gateway_id)
-## <a name="nat_gateway">nat_gateway</a>
-NatGateway resource type.
-### exist
+### have_network_acl
 ```ruby
-describe nat_gateway('nat-7ff7777f') do
-  it { should exist }
+describe vpc('vpc-ab123cde') do
+  it { should have_network_acl('acl-1abc2d3e') }
+  it { should have_network_acl('my-network-acl') }
 end
 ```
-### be_pending, be_failed, be_available, be_deleting, be_deleted
+### have_route_table
 ```ruby
-describe nat_gateway('nat-7ff7777f') do
-  it { should be_available }
+describe vpc('vpc-ab123cde') do
+  it { should have_network_acl('acl-1abc2d3e') }
+  it { should have_network_acl('my-network-acl') }
 end
 ```
-### have_eip
+### its(:vpc_id), its(:state), its(:cidr_block), its(:dhcp_options_id), its(:instance_tenancy), its(:is_default)
+### :unlock: Advanced use
+`vpc` can use `Aws::EC2::Vpc` resource (see http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Vpc.html).
 ```ruby
-describe nat_gateway('nat-7ff7777f') do
-  it { should have_eip('123.0.456.789') }
+describe vpc('my-vpc') do
+  its('route_tables.first.route_table_id') { should eq 'rtb-a12bcd34' }
 end
 ```
-### belong_to_vpc
+or
 ```ruby
-describe nat_gateway('nat-7ff7777f') do
-  it { should belong_to_vpc('my-vpc') }
+describe vpc('my-vpc') do
+  its('resource.route_tables.first.route_table_id') { should eq 'rtb-a12bcd34' }
 end
 ```
-### its(:vpc_id), its(:subnet_id), its(:nat_gateway_id), its(:create_time), its(:delete_time), its(:state), its(:failure_code), its(:failure_message)