aws_elbs Resource
Use the aws_elbs
InSpec audit resource to test the configuration of a collection of AWS Elastic Load Balancers.
For additional information, including details on parameters and properties, see the AWS documentation on Elastic Load Balancing.
Install
This resource is available in the Chef InSpec AWS resource pack.
For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.
Syntax
describe aws_elbs do
its('load_balancer_names') { should include 'elb-name' }
end
Parameters
This resource does not require any parameters.
Properties
load_balancer_names
- The name of the load balancer.
dns_names
- The DNS name of the load balancer.
availability_zones
- The Availability Zones for the load balancer.
instance_ids
- An array containing all instance ids associated with the ELB.
external_ports
- An array of the external ports exposed on the ELB.
internal_ports
- An array of the internal ports exposed on the ELB.
security_group_ids
- The security groups for the load balancer. Valid only for load balancers in a VPC.
vpc_ids
- The ID of the VPC for the load balancer.
subnet_id s
- The IDs of the subnets for the load balancer.
Examples
Ensure there are no Load Balancers with an undesired zone.
describe aws_elbs do
it { should exist }
its('availability_zones') { should_not include 'us-east-1a'}
end
Ensure all ELBs expose only port 80.
aws_elbs.each do |elb|
describe elb do
its('external_ports.count') { should cmp 1 }
its('external_ports') { should include 80 }
its('internal_ports.count') { should cmp 1 }
its('internal_ports') { should include 80 }
end
end
Matchers
For a full list of available matchers, visit the InSpec matchers page.
exist
The control will pass if the describe returns at least one result.
Use should_not
to test the entity should not exist.
describe aws_elbs.where( <property>: <value>) do
it { should exist }
end
describe aws_elbs.where( <property>: <value>) do
it { should_not exist }
end
AWS Permissions
Your Principal will need the ElasticLoadBalancing:Client:DescribeAccessPointsOutput
action with Effect
set to Allow
.
You can find detailed documentation at Authentication and Access Control for Your Load Balancers