Skip to main content

aws_alb Resource

Use the aws_alb InSpec audit resource to test properties of a single AWS Application Load Balancer (ALB).

For additional information, including details on parameters and properties, see the AWS documentation on Elastic Load Balancing.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

Ensure that an aws_alb exists

describe aws_alb('arn:aws:elasticloadbalancing') do
  it { should exist }
end
describe aws_alb(load_balancer_arn: 'arn:aws:elasticloadbalancing') do
  it { should exist }
end

Parameters

load_balancer_arn (required)

This resource accepts a single parameter, the ALB Arn which uniquely identifies the ALB. This can be passed either as a string or as a load_balancer_arn: 'value' key-value entry in a hash.

Properties

load_balancer_name
The name of the load balancer.
load_balancer_addresses
A collectionm of the load balancer addresses.
canonical_hosted_zone_id
The ID of the Amazon Route 53 hosted zone for the load balancer.
dns_name
The DNS name of the load balancer.
availability_zones
The Availability Zones for the load balancer.
security_groups
The security groups for the load balancer. Valid only for load balancers in a VPC.
scheme
The type of load balancer. Valid only for load balancers in a VPC.
state
The state of the load balancer.
subnets
A collection of the subnet ids.
type
The type of the load balancer.
access_log_enabled
Whether the access log for the load balancer is enabled.
vpc_id
The ID of the VPC for the load balancer.
zone_names
A collection of the names of the availability zones.
listeners
A collection of the listeners for the load balancer.
ssl_policies
A list of the SSL Policies configured for the listeners of the load balancer.
external_ports
A list of the ports configured for the listeners of the load balancer.
protocols
A list of the protocols configured for the listeners of the load balancer.

Examples

Test that an ALB has its availability zones configured correctly.

describe aws_alb('arn::alb') do
  its('zone_names.count')  { should be > 1 }
  its('zone_names')        { should include 'us-east-2a' }
  its('zone_names')        { should include 'us-east-2b' }
end

Test whether the access log is enabled for the Application Load Balancer.

describe aws_alb('load_balancer_arn::alb') do
  it                         { should exist }
  its ('access_log_enabled') { should eq true }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_alb('AnExistingALB') do
  it { should exist }
end
describe aws_alb('ANonExistentALB') do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the ElasticLoadBalancing:Client:DescribeLoadBalancers action with Effect set to Allow.

You can find detailed documentation at Authentication and Access Control for Your Load Balancers

Edit this page on GitHub

Thank you for your feedback!

×