aws_elasticloadbalancingv2_target_group Resource
Use the aws_elasticloadbalancingv2_target_group
InSpec audit resource to test properties of a single Elastic Load Balancing V2 target group.
For additional information, including details on parameters and properties, see the AWS documentation on ElasticLoadBalancingV2 TargetGroup.
Installation
This resource is available in the Chef InSpec AWS resource pack.
See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.
Syntax
Ensure that a target group arn exists.
describe aws_elasticloadbalancingv2_target_group(target_group_arn: 'arn:aws:elasticloadbalancing:REGION:ACCOUNT_ID:RESOURCE_ID') do
it { should exist }
end
Parameters
target_group_arn
(required)The Amazon Resource Name (ARN) of the target group.
Properties
target_group_arn
- The Amazon Resource Name (ARN) of the target group.
target_group_name
- The name of the target group.
protocol
- The protocol to use for routing traffic to the targets. Valid values are:
GENEVE
,HTTP
,HTTPS
,TCP
,TCP_UDP
,TLS
, orUDP
. port
- The port on which the targets are listening. Not used if the target is a Lambda function.
vpc_id
- The ID of the VPC for the targets.
health_check_protocol
- The protocol to use to connect with the target. The GENEVE, TLS, UDP, and TCP_UDP protocols are not supported for health checks.
health_check_port
- The port to use to connect with the target.
health_check_enabled
- Indicates whether health checks are enabled.
health_check_interval_seconds
- The approximate amount of time, in seconds, between health checks of an individual target.
health_check_timeout_seconds
- The amount of time, in seconds, during which no response means a failed health check.
healthy_threshold_count
- The number of consecutive health check successes required before considering an unhealthy target healthy.
unhealthy_threshold_count
- The number of consecutive health check failures required before considering the target unhealthy.
health_check_path
- The destination for health checks on the targets.
matcher (http_code)
- For Application Load Balancers, you can specify values between 200 and 499, and the default value is 200. You can specify multiple values (for example, “200,202”) or a range of values (for example, “200-299”). For Network Load Balancers and Gateway Load Balancers, this must be “200–399”.
matcher (grpc_code)
- You can specify values between 0 and 99. You can specify multiple values (for example, “0,1”) or a range of values (for example, “0-5”). The default value is 12.
load_balancer_arns
- The Amazon Resource Names (ARN) of the load balancers that route traffic to this target group.
target_type
- The type of target that you must specify when registering targets with this target group. The possible values are instance (register targets by instance ID), ip (register targets by IP address), or lambda (register a single Lambda function as a target).
protocol_version
- For HTTP or HTTPS protocols, the protocol version. Valid values are
GRPC
,HTTP1
, andHTTP2
.
Examples
Ensure a target group ARN is available.
describe aws_elasticloadbalancingv2_target_group(target_group_arn: 'arn:aws:elasticloadbalancing:REGION:ACCOUNT_ID:RESOURCE_ID') do
its('target_group_arn') { should eq 'arn:aws:elasticloadbalancing:REGION:ACCOUNT_ID:RESOURCE_ID' }
end
Ensure that the target group name exists.
describe aws_elasticloadbalancingv2_target_group(target_group_arn: 'arn:aws:elasticloadbalancing:REGION:ACCOUNT_ID:RESOURCE_ID') do
its('target_group_name') { should eq 'TARGET_GROUP_NAME' }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.
The controls will pass if the describe
method returns at least one result.
exist
Use should
to test that the entity exists.
describe aws_elasticloadbalancingv2_target_group(target_group_arn: 'arn:aws:elasticloadbalancing:REGION:ACCOUNT_ID:RESOURCE_ID') do
it { should exist }
end
Use should_not
to test the entity does not exist.
describe aws_elasticloadbalancingv2_target_group( target_group_arn: 'dummy') do
it { should_not exist }
end
be_available
Use should
to check if the work_group name is available.
describe aws_elasticloadbalancingv2_target_group(target_group_arn: 'arn:aws:elasticloadbalancing:REGION:ACCOUNT_ID:RESOURCE_ID') do
it { should be_available }
end
AWS Permissions
Your Principal will need the ElasticLoadBalancingV2:Client:DescribeTargetGroupsOutput
action with Effect
set to Allow
.