aws_waf_ip_set resource
Use the aws_waf_ip_set Chef InSpec audit resource to test the properties of a single AWS Web Application Firewall (WAF) IP set.
For additional information, including details on parameters and properties, see the AWS documentation on AWS WAF IPSet.
Syntax
Ensure that IP set exists.
describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
it { should exist }
end
Parameters
ip_set_id(required)The ID for an IP set.
Properties
ip_set_id- The IPSetId for an IP set.
name- A friendly name or description of the IP set.
ip_set_descriptors- The IP address type (IPV4 or IPV6 ) and the IP address range (in CIDR notation) that web requests originate from.
ip_set_descriptors_types- Specify IPV4 or IPV6.
ip_set_descriptors_values- Specify an IPv4 address by using CIDR notation.
Examples
Ensure an IP set is available:
describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
its('ip_set_id') { should eq 'IP_SET_ID' }
end
Ensure an IP set name is available:
describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
its('name') { should eq 'IP_SET_NAME' }
end
Ensure an IP set descriptors type is IPV4:
describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
its('ip_set_descriptors_types') { should include 'IPV4' }
end
Matchers
For a full list of available matchers, see our Universal Matchers page.This resource has the following special matchers.
exist
Use should to test that the entity exists.
describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
it { should exist }
end
Use should_not to test the entity does not exist.
describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
it { should_not exist }
end
be_available
Use should to check if the entity is available.
describe aws_waf_ip_set(ip_set_id: 'IP_SET_ID') do
it { should be_available }
end
AWS Permissions
Your AWS principal will need the WAF:Client:GetIPSetResponse action with Effect set to Allow.