aws_elasticloadbalancingv2_listener_rules Resource
Use the aws_elasticloadbalancingv2_listener_rules
InSpec audit resource to test properties of multiple listener rules associated with an Application Load Balancer.
Each rule consists of a priority, one or more actions, and one or more conditions.
For additional information, including details on parameters and properties, see the AWS documentation on ELBv2 Listener Rule.
Installation
This resource is available in the Chef InSpec AWS resource pack.
See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.
Syntax
Ensure that a listener ARN exists.
describe aws_elasticloadbalancingv2_listener_rules(listener_arn: 'LISTENER_ARN') do
it { should exist }
end
Parameters
listener_arn
(required)The ARN of the listener.
Properties
rule_arns
- The Amazon Resource Name (ARN) of the rule.
Field:
rule_arns
priorities
- The rule priority.
Field:
priorities
conditions
- The conditions for listener rules. Each rule can include zero or one of the following conditions:
http-request-method
,host-header
,path-pattern
, andsource-ip
, and zero or more of the following conditions:http-header
andquery-string
. Field:
conditions
actions
- The actions for listener rules. Each rule includes exactly one of the following types of actions:
forward
,redirect
, orfixed-response
. Field:
actions
is_defaults
- Indicates whether this is the default rule.
Field:
is_defaults
Examples
Ensure a listener ARN is available.
describe aws_elasticloadbalancingv2_listener_rules(listener_arn: 'LISTENER_ARN') do
its('rule_arns') { should include 'RULE_ARN' }
end
Verify the priority of the desired rule ARN.
describe aws_elasticloadbalancingv2_listener_rules(listener_arn: 'LISTENER_ARN') do
its('priorities') { should include 1 }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.
The controls will pass if the describe
method returns at least one result.
exist
Use should
to test that the entity exists.
describe aws_elasticloadbalancingv2_listener_rules(listener_arn: 'LISTENER_ARN') do
it { should exist }
end
Use should_not
to test the entity does not exist.
describe aws_elasticloadbalancingv2_listener_rules(listener_arn: 'LISTENER_ARN') do
it { should_not exist }
end
be_available
Use should
to check if the work_group name is available.
describe aws_elasticloadbalancingv2_listener_rules(listener_arn: 'LISTENER_ARN') do
it { should be_available }
end
AWS Permissions
Your Principal will need the ElasticLoadBalancingV2:Client:DescribeRulesOutput
action with Effect
set to Allow
.