aws_elbs
Use the aws_elbs
InSpec audit resource to test the configuration of a collection of AWS Elastic Load Balancers.
Syntax
describe aws_elbs do
its('load_balancer_names') { should include 'elb-name' }
end
Parameters
This resource does not expect any parameters.
See also the AWS documentation on Elastic Load Balancing.
Properties
Property | Description |
---|---|
load_balancer_names | The name of the load balancer. |
dns_names | The DNS name of the load balancer. |
availability_zones | The Availability Zones for the load balancer. |
instance_ids | An array containing all instance ids associated with the ELB. |
external_ports | An array of the external ports exposed on the ELB. |
internal_ports | An array of the internal ports exposed on the ELB. |
security_group_ids | The security groups for the load balancer. Valid only for load balancers in a VPC. |
vpc_ids | The ID of the VPC for the load balancer. |
subnet_id s | The IDs of the subnets for the load balancer. |
Examples
Ensure there are no Load Balancers with an undesired zone.
describe aws_elbs do
it { should exist }
its('availability_zones') { should_not include 'us-east-1a'}
end
Ensure all ELBs expose only port 80
aws_elbs.each do |elb|
describe elb do
its('external_ports.count') { should cmp 1 }
its('external_ports') { should include 80 }
its('internal_ports.count') { should cmp 1 }
its('internal_ports') { should include 80 }
end
end
Matchers
For a full list of available matchers, please visit our matchers page.
exist
The control will pass if the describe returns at least one result.
Use should_not
to test the entity should not exist.
describe aws_elbs.where( <property>: <value>) do
it { should exist }
end
describe aws_elbs.where( <property>: <value>) do
it { should_not exist }
end
AWS Permissions
Your Principal will need the elasticloadbalancing:DescribeLoadBalancers
action set to Allow.
You can find detailed documentation at Authentication and Access Control for Your Load Balancers