aws_waf_ip_set resource

Use the aws_waf_ip_set Chef InSpec audit resource to test the properties of a single AWS Web Application Firewall (WAF) IP set.

For additional information, including details on parameters and properties, see the AWS documentation on AWS WAF IPSet.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Ensure that IP set exists.

describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
  it { should exist }
end

ip_set_id: The IPSetId for an IP set.
name: A friendly name or description of the IP set.
ip_set_descriptors: The IP address type (IPV4 or IPV6 ) and the IP address range (in CIDR notation) that web requests originate from.
ip_set_descriptors_types: Specify IPV4 or IPV6.
ip_set_descriptors_values: Specify an IPv4 address by using CIDR notation.

Ensure an IP set is available.

describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
  its('ip_set_id') { should eq 'IP_SET_ID' }
end

Ensure an IP set name is available.

describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
    its('name') { should eq 'IP_SET_NAME' }
end

Ensure an IP set descriptors type is IPV4.

describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
    its('ip_set_descriptors_types') { should include 'IPV4' }
end

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

Use should to test that the entity exists.

describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
  it { should exist }
end

Use should_not to test the entity does not exist.

describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
  it { should_not exist }
end

Use should to check if the entity is available.

describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
  it { should be_available }
end

Your Principal will need the WAF:Client:GetIPSetResponse action with Effect set to Allow.