Testing Properties of an API Gateway Method

The aws_api_gateway_method InSpec audit resource allows you to test various properties of a single API Gateway method. This resource is a powerful tool that enables you to define the parameters and body that clients must include in their requests. In this article, we will explore the installation process, syntax, parameters, properties, examples, matchers, and AWS permissions related to this resource.

Installation

To use the aws_api_gateway_method resource, you need to have the Chef InSpec AWS resource pack installed. Please refer to the Chef InSpec documentation on cloud platforms for detailed instructions on how to configure your AWS environment for InSpec and create an InSpec profile that utilizes the InSpec AWS resource pack.

Syntax

To ensure that an API Gateway method exists, use the following syntax:

aws_api_gateway_method(rest_api_id: 'rest_api_id', resource_id: 'resource_id', http_method: 'http_method')

Make sure to provide the required parameters:

  • rest_api_id: The ID of the RestApi resource created by API Gateway to host the method.
  • resource_id: The ID of the API Gateway resource. For root resource methods, specify the RestApi root resource ID.
  • http_method: The HTTP method used by clients to call this method.

Parameters

The aws_api_gateway_method resource requires the following parameters:

  • rest_api_id (required): The ID of the RestApi resource where the method is created.
  • resource_id (required): The ID of the API Gateway resource. For root resource methods, provide the RestApi root resource ID.
  • http_method (required): The HTTP method clients use to call the method.

Properties

The aws_api_gateway_method resource provides access to several properties:

  • http_method: The HTTP method clients use to call the method.
  • authorization_type: The method’s authorization type. Valid values include NONE, AWS_IAM, CUSTOM, and COGNITO_USER_POOLS.
  • authorizer_id: The identifier of the authorizer used for this method.
  • api_key_required: A flag indicating whether a valid API key is required to invoke this method.
  • request_validator_id: The identifier of the request validator used for request validation.
  • operation_name: A human-friendly identifier for the method’s operation.
  • request_parameters: A key-value map defining required or optional method request parameters that API Gateway can accept.
  • request_models: A key-value map specifying data schemas (represented by Model resources) for the request payloads of different content types.
  • method_responses (status_code): The status code used in the method response.
  • method_responses (response_parameters): A key-value map specifying required or optional response parameters that API Gateway can send back to the caller.
  • method_responses (response_models): Specifies the Model resources used for the response’s content-type.
  • method_integration (type): Specifies the API method integration type.
  • method_integration (http_method): Specifies the integration’s HTTP method type.
  • method_integration (uri): Specifies the Uniform Resource Identifier (URI) of the integration endpoint.
  • method_integration (connection_type): Specifies the network connection type to the integration endpoint.
  • method_integration (connection_id): The ID of the VpcLink used for the integration.
  • method_integration (credentials): Specifies the credentials required for the integration.
  • method_integration (request_parameters): A key-value map specifying request parameters passed from the method request to the backend.
  • method_integration (request_templates): Represents a map of Velocity templates applied to the request payload based on the Content-Type header.
  • method_integration (passthrough_behavior): Specifies how the method request body of an unmapped content type is passed through.
  • method_integration (content_handling): Specifies how to handle request payload content type conversions.
  • method_integration (timeout_in_millis): Custom timeout value in milliseconds for the integration.
  • method_integration (cache_namespace): Specifies a group of related cached parameters.
  • method_integration (cache_key_parameters): A list of request parameters whose values API Gateway caches.
  • method_integration (integration_responses (status_code)): Specifies the status code used to map the integration response to a MethodResponse.
  • method_integration (integration_responses (selection_pattern)): Specifies the regular expression pattern used to choose an integration response based on the backend’s response.
  • method_integration (integration_responses (response_parameters)): A key-value map specifying response parameters passed to the method response from the backend.
  • method_integration (integration_responses (response_templates)): Specifies the templates used to transform the integration response body.
  • method_integration (integration_responses (content_handling)): Specifies how to handle response payload content type conversions.
  • tls_config (insecure_skip_verification): Specifies whether API Gateway skips certificate verification for the integration endpoint.
  • authorization_scopes: A list of authorization scopes configured on the method.
See also  Elevate Your Hotel or Travel Agency Business with the Best Hotel Prices API

Examples

Here are a couple of examples to demonstrate the usage of the aws_api_gateway_method resource:

  • To ensure that the method is a GET request:

    describe aws_api_gateway_method(rest_api_id: 'rest_api_id', resource_id: 'resource_id', http_method: 'GET') do
      it { should exist }
    end
  • To check if the connection type is ‘INTERNET’:

    describe aws_api_gateway_method(rest_api_id: 'rest_api_id', resource_id: 'resource_id', http_method: 'http_method') do
      its('method_integration.connection_type') { should eq 'INTERNET' }
    end

Matchers

The aws_api_gateway_method resource includes the following special matchers:

  • exist: Use should to test the existence of an entity.
  • be_available: Use should to check if the work group name is available.

Please refer to our Universal Matchers page for a complete list of available matchers. The controls will pass if the get method returns at least one result.

AWS Permissions

To use the aws_api_gateway_method resource, your principal must have the APIGateway:Client::client:Method action with the Effect set to Allow.

For more information about this resource and detailed documentation on parameters and properties, please visit ProgramMatek.