aws_api_gateway_usage

Use the aws_api_gateway_usage_plan InSpec audit resource to test the properties of a single specific AWS API Gateway usage plan. A usage plan sets a target for the throttling and quota limits on individual client API keys.

For additional information, including parameters and properties, see the AWS documentation on AWS APIGateway UsagePlan.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

Ensure that a usage plan exists.

describe aws_api_gateway_usage_plan(usage_plan_id: 'USAGE_PLAN_ID') do
  it { should exist }
end

Parameters

usage_plan_id (required): The identifier of a usage plan resource.

Properties

id: The identifier of a usage plan resource.; Field: id
name: The name of a usage plan.; Field: name
description: The description of a usage plan.; Field: description
api_stages: The associated API stages of a usage plan.; Field: api_stages
api_stages_api_ids: API ID of the associated API stage in a usage plan.; Field: api_stages[0].api_id
api_stages_stages: API stage name of the associated API stage in a usage plan.; Field: api_stages[0].stage
api_stages_throttles: Map containing method level throttling information for API stage in a usage plan.; Field: api_stages[0].throttle
throttle: The overall request rate (average requests per second) and burst capacity. A map containing method level throttling information for the API stage in a usage plan.; Field: throttle
throttle.burst_limit: The API target request burst rate limit. This allows more requests for a period of time than the target rate limit.; Field: throttle.burst_limit
throttle.rate_limit: The API target request rate limit.; Field: throttle.rate_limit
quota: The maximum target number of permitted requests that the user can make within a given time interval.; Field: quota
quota.limit: The target maximum number of requests that can be made in a given time period.; Field: quota.limit
quota.offset: The number of requests subtracted from the given limit in the initial time period.; Field: quota.offset
quota.period: The time period in which the limit applies. Valid values are DAY, WEEK, or MONTH.; Field: quota.period
product_code: The AWS Markeplace product identifier to associate with the usage plan as a SaaS product on AWS Marketplace.; Field: product_code
tags: The collection of tags. Each tag element is associated with a given resource.; Field: tags

Examples

Test to ensure a usage plan ID is available

describe aws_api_gateway_usage_plan(usage_plan_id: 'USAGE_PLAN_ID') do
  its('id') { should eq 'USAGE_PLAN_ID' }
end

Test to ensure a usage plan name is available

describe aws_api_gateway_usage_plan(usage_plan_id: 'USAGE_PLAN_ID') do
  its('name') { should eq 'USAGE_PLAN_NAME' }
end

Test to verify the quota limit is set to `2` in the usage plan API gateway

describe aws_api_gateway_usage_plan(usage_plan_id: 'USAGE_PLAN_ID') do
  its('quota.limit') { should eq 2 }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

The control passes if the get method returns at least one result.

exist

Use should to test that the entity exists.

describe aws_api_gateway_usage_plan(usage_plan_id: 'USAGE_PLAN_ID') do
  it { should exist }
end

Use should_not to test that the entity does not exist.

describe aws_api_gateway_usage_plan(usage_plan_id: 'USAGE_PLAN_ID') do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the APIGateway:Client:UsagePlan action with Effect set to Allow.

aws_api_gateway_usage_plan resource