Amazon Web Service uses Security Group to act as a virtual firewall that controls the traffic for one or more instances. According to Amazon documentation “rules from each security group are effectively aggregated to create one set of rules”. For a better support in RSPEC to validate AWS Security Group Rules, we need to extend the built-in include matcher. The built-in include matcher works fine for validating that an implemented rule satisfies an expected rule, but needs to be extended to validate that a set of rules satisfy a given specification.
This post first demonstrates, how RSPEC built-in include matcher works in validating one rule, and presents an extension for validating a set of rules.