Skip to main content

aws_elbs Resource

Use the aws_elbs InSpec audit resource to test the configuration of a collection of AWS Elastic Load Balancers.

For additional information, including details on parameters and properties, see the AWS documentation on Elastic Load Balancing.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

describe aws_elbs do
  its('load_balancer_names') { should include 'elb-name' }
end

Parameters

This resource does not require any parameters.

Properties

load_balancer_names
The name of the load balancer.
dns_names
The DNS name of the load balancer.
availability_zones
The Availability Zones for the load balancer.
instance_ids
An array containing all instance ids associated with the ELB.
external_ports
An array of the external ports exposed on the ELB.
internal_ports
An array of the internal ports exposed on the ELB.
security_group_ids
The security groups for the load balancer. Valid only for load balancers in a VPC.
vpc_ids
The ID of the VPC for the load balancer.
subnet_id s
The IDs of the subnets for the load balancer.

Examples

Ensure there are no Load Balancers with an undesired zone.

describe aws_elbs do
  it                             { should exist }
  its('availability_zones')      { should_not include 'us-east-1a'}
end

Ensure all ELBs expose only port 80.

aws_elbs.each do |elb|
  describe elb do
    its('external_ports.count') { should cmp 1 }
    its('external_ports')       { should include 80 }
    its('internal_ports.count') { should cmp 1 }
    its('internal_ports')       { should include 80 }
  end
end

Matchers

For a full list of available matchers, visit the InSpec matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_elbs.where( <property>: <value>) do
  it { should exist }
end
describe aws_elbs.where( <property>: <value>) do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the ElasticLoadBalancing:Client:DescribeAccessPointsOutput action with Effect set to Allow.

You can find detailed documentation at Authentication and Access Control for Your Load Balancers

Edit this page on GitHub

Thank you for your feedback!

×