aws_elasticloadbalancingv2_target_groups Resource
Use the aws_elasticloadbalancingv2_target_groups
InSpec audit resource to test properties of multiple Elastic Load Balancing V2 target groups.
Installation
This resource is available in the Chef InSpec AWS resource pack.
See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.
Syntax
Ensure that a target group arn exists.
describe aws_elasticloadbalancingv2_target_groups do
it { should exist }
end
For additional information, see the AWS documentation on ElasticLoadBalancingV2 TargetGroup.
Properties
target_group_arns
- The Amazon Resource Name (ARN) of the target group.
target_group_names
- The name of the target group.
protocols
- The protocol to use for routing traffic to the targets. Valid values are:
GENEVE
,HTTP
,HTTPS
,TCP
,TCP_UDP
,TLS
, orUDP
. ports
- The port on which the targets are listening. Not used if the target is a Lambda function.
vpc_id s
- The ID of the VPC for the targets.
health_check_protocols
- The protocol to use to connect with the target. The
GENEVE
,TLS
,UDP
, andTCP_UDP
protocols are not supported for health checks. health_check_ports
- The port to use to connect with the target.
health_check_enableds
- Indicates whether health checks are enabled.
health_check_interval_seconds
- The approximate amount of time, in seconds, between health checks of an individual target.
health_check_timeout_seconds
- The amount of time, in seconds, during which no response means a failed health check.
healthy_threshold_counts
- The number of consecutive health check successes required before considering an unhealthy target healthy.
unhealthy_threshold_counts
- The number of consecutive health check failures required before considering the target unhealthy.
health_check_paths
- The destination for health checks on the targets.
matchers
- The HTTP or gRPC codes to use when checking for a successful response from a target.
load_balancer_arns
- The Amazon Resource Names (ARN) of the load balancers that route traffic to this target group.
target_types
- The type of target that you must specify when registering targets with this target group. The possible values are instance (register targets by instance ID), ip (register targets by IP address), or lambda (register a single Lambda function as a target).
protocol_versions
- For HTTP or HTTPS protocols, the protocol version. Valid values are
GRPC
,HTTP1
, andHTTP2
.
Examples
Ensure a target group ARN is available.
describe aws_elasticloadbalancingv2_target_groups do
its('target_group_names') { should include 'TARGET_GROUP_NAME' }
end
Ensure that the target group name exists.
describe aws_elasticloadbalancingv2_target_groups do
its('protocol_versions') { should include 'HTTP1' }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.
The controls will pass if the describe
method returns at least one result.
exist
Use should
to test that the entity exists.
describe aws_elasticloadbalancingv2_target_groups do
it { should exist }
end
Use should_not
to test the entity does not exist.
describe aws_elasticloadbalancingv2_target_groups do
it { should_not exist }
end
be_available
Use should
to check if the work_group name is available.
describe aws_elasticloadbalancingv2_target_groups do
it { should be_available }
end
AWS Permissions
Your Principal will need the ElasticLoadBalancingV2:Client:DescribeTargetGroupsOutput
action with Effect
set to Allow
.