aws_api_gateway_methods Resource
Use the aws_api_gateway_methods
InSpec audit resource to test properties of multiple API Gateway methods.
The AWS::ApiGateway::Method resource creates API Gateway methods that define the parameters and body that clients must send in their requests.
For additional information, including details on parameters and properties, see the AWS APIGateway Method documentation.
Installation
This resource is available in the Chef InSpec AWS resource pack.
See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.
Syntax
Ensure that a API Gateway method exists.
describe aws_api_gateway_method(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID', http_method: 'HTTP_METHOD') do
it { should exist }
end
Parameters
rest_api_id
(required)The ID of the RestApi resource in which API Gateway creates the method.
resource_id
(required)The ID of an API Gateway resource. For root resource methods, specify the RestApi root resource ID, such as
{ "Fn::GetAtt": ["MyRestApi", "RootResourceId"] }
.http_method
(required)The HTTP method that clients use to call this method.
Properties
http_methods
- The HTTP method that clients use to call this method.
authorization_types
- The method’s authorization type. Valid values are
NONE
for open access,AWS_IAM
for using AWS IAM permissions,CUSTOM
for using a custom authorizer, orCOGNITO_USER_POOLS
for using a Cognito user pool. authorizer_ids
- The identifier of an Authorizer to use on this method. The authorizationType must be
CUSTOM
. api_key_required
- A boolean flag specifying whether a valid ApiKey is required to invoke this method.
request_validator_ids
- The identifier of a
RequestValidator
for request validation. operation_names
- A human-friendly operation identifier for the method.
request_parameters
- A key-value map defining required or optional method request parameters that can be accepted by API Gateway.
A key is a method request parameter name matching the pattern ofmethod.request.{location}.{name}
, where thelocation
is querystring, path, or header, andname
is a valid and unique parameter name.
The value associated with the key is a Boolean flag indicating whether the parameter is required (true
) or optional (false
).
The method request parameter names defined here are available inIntegration
to be mapped to integration request parameters or templates. request_models
- A key-value map specifying data schemas, represented by
Model
resources, (as the mapped value) of the request payloads of given content types (as the mapping key). method_responses
- Gets a method response associated with a given HTTP status code.
method_integrations
- Gets the method’s integration responsible for passing the client-submitted request to the back end and performing necessary transformations to make the request compliant with the back end.
authorization_scopes
- A list of authorization scopes configured on the method.
Examples
Ensure an HTTP method is a GET request.
describe aws_api_gateway_methods(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID', http_method: 'HTTP_METHOD') do
its('http_method') { should include 'GET' }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.
The controls will pass if the get
method returns at least one result.
exist
Use should
to test that the entity exists.
describe aws_api_gateway_methods(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID', http_method: 'HTTP_METHOD') do
it { should exist }
end
Use should_not
to test the entity does not exist.
describe aws_api_gateway_methods(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID', http_method: 'HTTP_METHOD') do
it { should_not exist }
end
be_available
Use should
to check if the method name is available.
describe aws_api_gateway_methods(rest_api_id: 'REST_API_ID', resource_id: 'RESOURCE_ID', http_method: 'HTTP_METHOD') do
it { should be_available }
end
AWS Permissions
Your Principal will need the APIGateway:Client:Methods
action with Effect
set to Allow
.