aws_api_gateway_v2_routes Resource
Use the aws_api_gateway_v2_routes InSpec audit resource to test the properties of multiple AWS API Gateway V2 Routes.
For additional information, including parameters and properties, see the AWS documentation on AWS APIGatewayV2 Route.
Install
This resource is available in the Chef InSpec AWS resource pack.
For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.
Syntax
Ensure that the route exists.
describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do
it { should exist }
end
Parameters
api_id(required)- The API identifier.
Properties
api_gateway_manageds- Specifies whether a route is managed by API Gateway. If you created an API using quick create, the
$defaultroute is managed by API Gateway. You cannot modify the$defaultroute key. Field:
api_gateway_managedapi_key_requireds- Specifies whether an API key is required for this route. Supported only for WebSocket APIs.
Field:
api_key_requiredauthorization_scopes- A list of authorization scopes configured on a route. The scopes are used with a JWT authorizer to authorize the method invocation. The authorization works by matching the route scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any route scope matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the route scope is configured, the client must provide an access token instead of an identity token for authorization purposes.
Field:
authorization_scopesauthorization_types- The authorization type for the route. For WebSocket APIs, valid values are
NONEfor open access,AWS_IAMfor using AWS IAM permissions, andCUSTOMfor using a Lambda authorizer. For HTTP APIs, valid values areNONEfor open access,JWTfor using JSON Web Tokens,AWS_IAMfor using AWS IAM permissions, andCUSTOMfor using a Lambda authorizer. Field:
authorization_typeauthorizer_ids- The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer.
Field:
authorizer_idmodel_selection_expressions- The model selection expression for the route. Supported only for WebSocket APIs.
Field:
model_selection_expressionoperation_names- The operation name for the route.
Field:
operation_namerequest_models- The request models for the route. Supported only for WebSocket APIs.
Field:
request_modelsrequest_parameters- The request parameters for the route. Supported only for WebSocket APIs.
Field:
request_parametersroute_ids- The route ID.
Field:
route_idroute_keys- The route key for the route.
Field:
route_keyroute_response_selection_expressions- The route response selection expression for the route. Supported only for WebSocket APIs.
Field:
route_response_selection_expressiontargets- The target for the route.
Field:
target
Examples
Test to ensure an authorizer ID is available
describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do
its('authorizer_ids') { should include 'AUTHORIZER_ID' }
end
Test to verify the requirement of the API key
describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do
its('api_key_requireds') { should include true }
end
Test to verify the authorization type
describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do
its('authorization_types') { should include 'JWT' }
end
Test to verify the operation name
describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do
its('operation_names') { should include 'OPERATION_NAME' }
end
Matchers
For a full list of available matchers, see our Universal Matchers page.The control passes if the get method returns at least one result.
exist
Use should to test that the entity exists.
describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do
it { should exist }
end
not exist
Use should_not to test that the entity does not exist.
describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do
it { should_not exist }
end
AWS Permissions
Your Principal will need the APIGatewayv2:Client:GetRoutesResult action with Effect set to Allow.