Skip to main content

aws_waf_ip_set resource

Use the aws_waf_ip_set Chef InSpec audit resource to test the properties of a single AWS Web Application Firewall (WAF) IP set.

For additional information, including details on parameters and properties, see the AWS documentation on AWS WAF IPSet.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

Ensure that IP set exists.

describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
  it { should exist }
end

Parameters

ip_set_id (required)

The ID for an IP set.

Properties

ip_set_id
The IPSetId for an IP set.
name
A friendly name or description of the IP set.
ip_set_descriptors
The IP address type (IPV4 or IPV6 ) and the IP address range (in CIDR notation) that web requests originate from.
ip_set_descriptors_types
Specify IPV4 or IPV6.
ip_set_descriptors_values
Specify an IPv4 address by using CIDR notation.

Examples

Ensure an IP set is available.

describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
  its('ip_set_id') { should eq 'IP_SET_ID' }
end

Ensure an IP set name is available.

describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
    its('name') { should eq 'IP_SET_NAME' }
end

Ensure an IP set descriptors type is IPV4.

describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
    its('ip_set_descriptors_types') { should include 'IPV4' }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exist

Use should to test that the entity exists.

describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
  it { should exist }
end

Use should_not to test the entity does not exist.

describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
  it { should_not exist }
end

be_available

Use should to check if the entity is available.

describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
  it { should be_available }
end

AWS Permissions

Your Principal will need the WAF:Client:GetIPSetResponse action with Effect set to Allow.

Edit this page on GitHub

Thank you for your feedback!

×