Skip to main content

aws_api_gateway_v2_routes Resource

[edit on GitHub]

Use the aws_api_gateway_v2_routes InSpec audit resource to test the properties of multiple AWS API Gateway V2 Routes.

For additional information, including parameters and properties, see the AWS documentation on AWS APIGatewayV2 Route.

Installation

This resource is available in the Chef InSpec AWS resource pack.

See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.

Syntax

Ensure that the route exists.

describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do
  it { should exist }
end

Parameters

api_id (required)
The API identifier.

Properties

api_gateway_manageds
Specifies whether a route is managed by API Gateway. If you created an API using quick create, the $default route is managed by API Gateway. You cannot modify the $default route key.

Field: api_gateway_managed

api_key_requireds
Specifies whether an API key is required for this route. Supported only for WebSocket APIs.

Field: api_key_required

authorization_scopes
A list of authorization scopes configured on a route. The scopes are used with a JWT authorizer to authorize the method invocation. The authorization works by matching the route scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any route scope matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the route scope is configured, the client must provide an access token instead of an identity token for authorization purposes.

Field: authorization_scopes

authorization_types
The authorization type for the route. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer. For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.

Field: authorization_type

authorizer_ids
The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer.

Field: authorizer_id

model_selection_expressions
The model selection expression for the route. Supported only for WebSocket APIs.

Field: model_selection_expression

operation_names
The operation name for the route.

Field: operation_name

request_models
The request models for the route. Supported only for WebSocket APIs.

Field: request_models

request_parameters
The request parameters for the route. Supported only for WebSocket APIs.

Field: request_parameters

route_ids
The route ID.

Field: route_id

route_keys
The route key for the route.

Field: route_key

route_response_selection_expressions
The route response selection expression for the route. Supported only for WebSocket APIs.

Field: route_response_selection_expression

targets
The target for the route.

Field: target

Examples

Test to ensure an authorizer ID is available

describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do
  its('authorizer_ids') { should include 'AUTHORIZER_ID' }
end

Test to verify the requirement of the API key

describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do
  its('api_key_requireds') { should include true }
end

Test to verify the authorization type

describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do
  its('authorization_types') { should include 'JWT' }
end

Test to verify the operation name

describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do
  its('operation_names') { should include 'OPERATION_NAME' }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.

The control passes if the get method returns at least one result.

exist

Use should to test that the entity exists.

describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do
  it { should exist }
end

not exist

Use should_not to test that the entity does not exist.

describe aws_api_gateway_v2_routes(api_id: 'APP_ID') do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the APIGatewayv2:Client:GetRoutesResult action with Effect set to Allow.

Was this page helpful?

×









Search Results