aws_api_gateway_v2_domain_name resource
Use the aws_api_gateway_v2_domain_name InSpec audit resource to test the properties of a specific AWS API Gateway V2 domain name.
For additional information, including parameters and properties, see the AWS documentation on AWS APIGatewayV2 DomainName.
Syntax
Ensure that the domain name exists.
describe aws_api_gateway_v2_domain_name(domain_name: 'DOMAIN_NAME') do
it { should exist }
end
Parameters
domain_name(required)- The domain name.
Properties
api_mapping_selection_expression- The API mapping selection expression.
Field:
api_mapping_selection_expressiondomain_name- A domain name for the API.
Field:
domain_nameapi_gateway_domain_names- A domain name for the API.
Field:
domain_name_status_messages[0].api_gateway_domain_namecertificate_arns- An AWS-managed certificate is used by the edge-optimized endpoint for this domain name. AWS Certificate Manager is the only supported source.
Field:
domain_name_status_messages[0].certificate_arncertificate_names- The user-friendly name of the certificate used by the edge-optimized endpoint for this domain name.
Field:
domain_name_status_messages[0].certificate_namecertificate_upload_dates- The timestamp when the certificate has been used by the edge-optimized endpoint for this domain name when uploaded.
Field:
domain_name_status_messages[0].certificate_upload_datedomain_name_statuses- The status of the domain name migration. The valid values are
AVAILABLE,UPDATING,PENDING_CERTIFICATE_REIMPORT, andPENDING_OWNERSHIP_VERIFICATION. Field:
domain_name_status_messages[0].domain_name_statusdomain_name_status_messages- An optional text message containing detailed information about the domain name migration status.
Field:
domain_name_status_messages[0].domain_name_status_messageendpoint_types- The endpoint type.
Field:
domain_name_status_messages[0].endpoint_typehosted_zone_ids- The Amazon Route 53 Hosted Zone ID of the endpoint.
Field:
domain_name_status_messages[0].hosted_zone_idsecurity_policies- The Transport Layer Security (TLS) version of the security policy for this domain name. The valid values are
TLS_1_0andTLS_1_2. Field:
domain_name_status_messages[0].security_policyownership_verification_certificate_arns- The ARN of the public certificate issued by ACM to validate ownership of the custom domain.
Field:
domain_name_status_messages[0].ownership_verification_certificate_arntruststore_uri- An Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example, s3://bucket-name/key-name.
Field:
mutual_tls_authentication.truststore_uritruststore_version- The version of the S3 object that contains the truststore.
Field:
mutual_tls_authentication.truststore_versiontruststore_warnings- A list of warnings that API Gateway returns while processing your truststore. Invalid certificates produce warnings.
Field:
mutual_tls_authentication.truststore_warnings- The collection of tags associated with a domain name.
Field:
tags
Examples
Test to ensure the domain name is available
describe aws_api_gateway_v2_domain_name(domain_name: 'DOMAIN_NAME') do
its('domain_name') { should eq 'DOMAIN_NAME' }
end
Test to verify the domain status
describe aws_api_gateway_v2_domain_name(domain_name: 'DOMAIN_NAME') do
its('domain_name_configurations[0].domain_name_status') { should eq 'AVAILABLE' }
end
Matchers
For a full list of available matchers, see our Universal Matchers page.The control passes if the get method returns at least one result.
exist
Use should to test that the entity exists.
describe aws_api_gateway_v2_domain_name(domain_name: 'DOMAIN_NAME') do
it { should exist }
end
not exist
Use should_not to test that the entity does not exist.
describe aws_api_gateway_v2_domain_name(domain_name: 'DOMAIN_NAME') do
it { should_not exist }
end
AWS Permissions
Your AWS principal will need the APIGatewayv2:Client:GetDomainNameResponse action with Effect set to Allow.