awspec 1.32.0 → 1.33.0

data/lib/awspec/generator/spec/wafv2_web_acl.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Awspec::Generator
+  module Spec
+    class Wafv2WebAcl
+      include Awspec::Helper::Finder
+      def generate_by_scope(scope)
+        web_acls = select_all_web_acls(scope)
+        raise 'Not Found WAFV2 Web ACL' if web_acls.empty?
+
+        specs = web_acls.map do |acl|
+          web_acl = get_web_acl(scope, acl.name, acl.id)
+          ERB.new(wafv2_web_acl_spec_template, nil, '-').result(binding).gsub(/^\n/, '')
+        end
+        specs.join("\n")
+      end
+
+      def wafv2_web_acl_spec_template
+        <<-'EOF'
+describe wafv2_web_acl('<%= web_acl.name %>'), scope: '<%= scope %>' do
+  it { should exist }
+  its(:name) { should eq '<%= web_acl.name %>' }
+  its(:id) { should eq '<%= web_acl.id %>' }
+  its(:arn) { should eq '<%= web_acl.arn %>' }
+  its(:default_action) { should eq '<%= web_acl.default_action.allow ? 'ALLOW' : 'BLOCK' %>' }
+  its(:description) { should eq '<%= web_acl.description %>' }
+  its(:capacity) { should eq <%= web_acl.capacity %> }
+  its(:managed_by_firewall_manager) { should eq <%= web_acl.managed_by_firewall_manager %> }
+  its(:label_namespace) { should eq '<%= web_acl.label_namespace %>' }
+  its(:retrofitted_by_firewall_manager) { should eq <%= web_acl.retrofitted_by_firewall_manager %> }
+<% web_acl.rules.each do |rule| %>
+  it { should have_rule('<%= rule.name %>').order(<%= rule.priority %>) }
+<% end %>
+end
+EOF
+      end
+    end
+  end
+end

data/lib/awspec/generator.rb

@@ -46,6 +46,7 @@ require 'awspec/generator/spec/rds_global_cluster'
 require 'awspec/generator/spec/managed_prefix_list'
 require 'awspec/generator/spec/codepipeline'
 require 'awspec/generator/spec/wafv2_ip_set'
+require 'awspec/generator/spec/wafv2_web_acl'
 
 # Doc
 require 'awspec/generator/doc/type'

data/lib/awspec/helper/finder/backup.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+module Awspec::Helper
+  module Finder
+    module Backup
+      def find_backup_vault(id)
+        selected = []
+        req = {}
+        loop do
+          res = backup_client.list_backup_vaults(req)
+          selected += res.backup_vault_list.select do |v|
+            v.backup_vault_name == id || v.backup_vault_arn == id
+          end
+          break if res.next_token.nil?
+
+          req[:next_token] = res.next_token
+        end
+        selected.single_resource(id)
+      rescue Aws::Backup::Errors::ResourceNotFoundException
+        nil
+      end
+
+      def find_backup_plan(id)
+        selected = []
+        req = {}
+        loop do
+          res = backup_client.list_backup_plans(req)
+          selected += res.backup_plans_list.select do |p|
+            p.backup_plan_name == id || p.backup_plan_arn == id || p.backup_plan_id == id
+          end
+          break if res.next_token.nil?
+
+          req[:next_token] = res.next_token
+        end
+        selected.single_resource(id)
+      rescue Aws::Backup::Errors::ResourceNotFoundException
+        nil
+      end
+
+      def find_backup_selection(id)
+        backup_plans = []
+        req = {}
+        loop do
+          res = backup_client.list_backup_plans(req)
+          backup_plans += res.backup_plans_list.map { |p| p.backup_plan_id }
+          break if res.next_token.nil?
+
+          req[:next_token] = res.next_token
+        end
+
+        selected = []
+        next_token = nil
+
+        backup_plans.each do |plan_id|
+          loop do
+            res = backup_client.list_backup_selections({ backup_plan_id: plan_id, next_token: next_token })
+            selected += res.backup_selections_list.select do |s|
+              s.selection_id == id || s.selection_name == id
+            end
+            break if res.next_token.nil?
+
+            next_token = res.next_token
+          end
+        end
+        selected.single_resource(id)
+      rescue Aws::Backup::Errors::ResourceNotFoundException
+        nil
+      end
+
+      def locked?
+        resource_via_client.locked
+      end
+
+      def airgapped?
+        resource_via_client.vault_type == 'LOGICALLY_AIR_GAPPED_BACKUP_VAULT'
+      end
+
+      STATES = %w[
+        creating available failed
+      ]
+      STATES.each do |state|
+        define_method "#{state}?" do
+          resource_via_client.vault_state.downcase == state
+        end
+      end
+    end
+  end
+end

data/lib/awspec/helper/finder/transfer.rb

@@ -4,8 +4,28 @@ module Awspec::Helper
   module Finder
     module Transfer
       def find_transfer_server(id)
-        res = transfer_client.describe_server(server_id: id)
+        res = transfer_client.describe_server({ server_id: id })
         res.server
+      rescue Aws::Transfer::Errors::ValidationException, Aws::Transfer::Errors::ResourceNotFoundException
+        req = {}
+        servers = []
+        loop do
+          res = transfer_client.list_servers(req)
+          servers.push(*res.servers)
+          break if res.next_token.nil?
+
+          req[:next_token] = res.next_token
+        end
+
+        servers.each do |s|
+          server = transfer_client.describe_server({ server_id: s.server_id }).server
+          server.tags.each do |tag|
+            if tag.key == 'Name' && tag.value == id
+              return server
+            end
+          end
+        end
+        nil
       end
     end
   end

data/lib/awspec/helper/finder/wafv2.rb

@@ -22,6 +22,26 @@ module Awspec::Helper
         res = wafv2_client.get_ip_set({ name: name, scope: scope, id: id })
         res.ip_set
       end
+
+      def find_web_acl(scope, name)
+        web_acls = select_all_web_acls(scope)
+        web_acl = web_acls.find do |acl|
+          acl.name == name
+        end
+        return false unless web_acl
+
+        get_web_acl(scope, name, web_acl.id)
+      end
+
+      def select_all_web_acls(scope)
+        res = wafv2_client.list_web_acls({ scope: scope })
+        res.web_acls
+      end
+
+      def get_web_acl(scope, name, id)
+        res = wafv2_client.get_web_acl({ name: name, scope: scope, id: id })
+        res.web_acl
+      end
     end
   end
 end

data/lib/awspec/helper/finder.rb

@@ -57,6 +57,7 @@ require 'awspec/helper/finder/cognito_identity_pool'
 require 'awspec/helper/finder/transfer'
 require 'awspec/helper/finder/codepipeline'
 require 'awspec/helper/finder/wafv2'
+require 'awspec/helper/finder/backup'
 
 require 'awspec/helper/finder/account_attributes'
 
@@ -121,6 +122,7 @@ module Awspec::Helper
     include Awspec::Helper::Finder::Transfer
     include Awspec::Helper::Finder::Codepipeline
     include Awspec::Helper::Finder::Wafv2
+    include Awspec::Helper::Finder::Backup
 
     CLIENTS = {
       ec2_client: Aws::EC2::Client,
@@ -171,7 +173,8 @@ module Awspec::Helper
       cognito_identity_provider_client: Aws::CognitoIdentityProvider::Client,
       transfer_client: Aws::Transfer::Client,
       codepipeline_client: Aws::CodePipeline::Client,
-      wafv2_client: Aws::WAFV2::Client
+      wafv2_client: Aws::WAFV2::Client,
+      backup_client: Aws::Backup::Client
     }
 
     CLIENT_OPTIONS = {

data/lib/awspec/helper/type.rb

@@ -24,7 +24,8 @@ module Awspec
         internet_gateway acm cloudwatch_logs dynamodb_table eip sqs ssm_parameter cloudformation_stack
         codebuild sns_topic redshift redshift_cluster_parameter_group codedeploy codedeploy_deployment_group
         secretsmanager msk transit_gateway cognito_identity_pool cognito_user_pool vpc_endpoints
-        transfer_server managed_prefix_list codepipeline wafv2_ip_set
+        transfer_server managed_prefix_list codepipeline wafv2_ip_set wafv2_web_acl
+        backup_vault backup_plan backup_selection
       ]
 
       ACCOUNT_ATTRIBUTES = %w[

data/lib/awspec/matcher/belong_to_backup_plan.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+RSpec::Matchers.define :belong_to_backup_plan do |plan|
+  match do |type|
+    return true if type.backup_plan_id == plan
+
+    ret = type.find_backup_plan(plan)
+    return false unless ret
+
+    type.backup_plan_id == (ret.backup_plan_id)
+  end
+end

data/lib/awspec/matcher/have_rule.rb

@@ -4,6 +4,7 @@ RSpec::Matchers.define :have_rule do |rule_id|
   match do |type|
     return type.has_rule?(rule_id, @priority, @action) if type.instance_of?(Awspec::Type::WafWebAcl)
     return type.has_rule?(rule_id, @priority, @action) if type.instance_of?(Awspec::Type::WafregionalWebAcl)
+    return type.has_rule?(rule_id, @priority, @action, @override_action) if type.instance_of?(Awspec::Type::Wafv2WebAcl)
     return type.has_rule?(rule_id, @priority, @conditions, @actions) if type.instance_of?(Awspec::Type::AlbListener)
 
     type.has_rule?(rule_id, @priority, @conditions, @actions) if type.instance_of?(Awspec::Type::NlbListener)
@@ -21,6 +22,10 @@ RSpec::Matchers.define :have_rule do |rule_id|
     @action = action
   end
 
+  chain :override_action do |override_action|
+    @override_action = override_action
+  end
+
   chain :conditions do |conditions|
     @conditions = conditions
   end

data/lib/awspec/matcher.rb

@@ -93,3 +93,6 @@ require 'awspec/matcher/have_env_var_value'
 
 # ManagedPrefixList
 require 'awspec/matcher/have_cidr'
+
+# BackupSelection
+require 'awspec/matcher/belong_to_backup_plan'

data/lib/awspec/stub/backup_plan.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+Aws.config[:backup] = {
+  stub_responses: {
+    list_backup_plans: {
+      backup_plans_list: [
+        {
+          backup_plan_arn: 'arn:aws:backup:us-west-2:111122223333:backup-plan:a460d5d5-d30b-4631-8014-38c58e3c72ca',
+          backup_plan_id: 'a460d5d5-d30b-4631-8014-38c58e3c72ca',
+          creation_date: Time.new(2016, 4, 4, 9, 00, 00, '+00:00'),
+          deletion_date: nil,
+          version_id: 'kMlWPgkmipEb4I9gOEZpdoQiMgxP5KIizKLDhhblGiixgahy',
+          backup_plan_name: 'old-obsolete-plan',
+          creator_request_id: nil,
+          last_execution_date: Time.new(2016, 10, 4, 9, 00, 00, '+00:00'),
+          advanced_backup_settings: nil
+        },
+        {
+          backup_plan_arn: 'arn:aws:backup:us-west-2:111122223333:backup-plan:fff3e784-1a0f-4e7c-8fe9-ba69825f7c00',
+          backup_plan_id: 'fff3e784-1a0f-4e7c-8fe9-ba69825f7c00',
+          creation_date: Time.new(2016, 10, 4, 9, 00, 00, '+00:00'),
+          deletion_date: nil,
+          version_id: 'disFW7K0dOAjTaMWKYlhEyScjBhmi5kKGf7BrY7i1BG8F8wB',
+          backup_plan_name: 'my-backup-plan',
+          creator_request_id: nil,
+          last_execution_date: Time.new(2025, 10, 4, 9, 00, 00, '+00:00'),
+          advanced_backup_settings: nil
+        }
+      ],
+      next_token: nil
+    }
+  }
+}

data/lib/awspec/stub/backup_selection.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+Aws.config[:backup] = {
+  stub_responses: {
+    list_backup_plans: {
+      backup_plans_list: [
+        {
+          backup_plan_arn: 'arn:aws:backup:us-west-2:111122223333:backup-plan:fff3e784-1a0f-4e7c-8fe9-ba69825f7c00',
+          backup_plan_id: 'fff3e784-1a0f-4e7c-8fe9-ba69825f7c00',
+          creation_date: Time.new(2016, 10, 4, 9, 00, 00, '+00:00'),
+          deletion_date: nil,
+          version_id: 'disFW7K0dOAjTaMWKYlhEyScjBhmi5kKGf7BrY7i1BG8F8wB',
+          backup_plan_name: 'my-backup-plan',
+          creator_request_id: nil,
+          last_execution_date: Time.new(2025, 10, 4, 9, 00, 00, '+00:00'),
+          advanced_backup_settings: nil
+        }
+      ],
+      next_token: nil
+    },
+    list_backup_selections: {
+      backup_selections_list: [
+        selection_id: '01dfb41f-c3ca-4b45-91e7-63ef43fe7231',
+        selection_name: 'my-backup-selection',
+        backup_plan_id: 'fff3e784-1a0f-4e7c-8fe9-ba69825f7c00',
+        creation_date: Time.new(2016, 10, 4, 9, 00, 00, '+00:00'),
+        creator_request_id: nil,
+        iam_role_arn: 'arn:aws:iam::111122223333:role/service-role/my-backup-service-role'
+      ],
+      next_token: nil
+    }
+  }
+}

data/lib/awspec/stub/backup_vault.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+Aws.config[:backup] = {
+  stub_responses: {
+    list_backup_vaults: {
+      backup_vault_list: [
+        {
+          backup_vault_name: 'Default',
+          backup_vault_arn: 'arn:aws:backup:us-west-2:111122223333:backup-vault:Default',
+          vault_type: 'BACKUP_VAULT',
+          vault_state: 'AVAILABLE',
+          creation_date: Time.new(2024, 4, 4, 9, 00, 00, '+00:00'),
+          encryption_key_arn: 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab',
+          creator_request_id: 'Default',
+          number_of_recovery_points: 0,
+          locked: false,
+          min_retention_days: nil,
+          max_retention_days: nil,
+          lock_date: nil
+        },
+        {
+          backup_vault_name: 'my-backup-vault',
+          backup_vault_arn: 'arn:aws:backup:us-west-2:111122223333:backup-vault:my-vault',
+          vault_type: 'BACKUP_VAULT',
+          vault_state: 'AVAILABLE',
+          creation_date: Time.new(2024, 4, 4, 9, 00, 00, '+00:00'),
+          encryption_key_arn: 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab',
+          creator_request_id: 'Default',
+          number_of_recovery_points: 123,
+          locked: true,
+          min_retention_days: 7,
+          max_retention_days: 35,
+          lock_date: Time.new(2024, 10, 4, 9, 00, 00, '+00:00')
+        },
+        {
+          backup_vault_name: 'my-airgapped-vault',
+          backup_vault_arn: 'arn:aws:backup:us-west-2:111122223333:backup-vault:my-airgapped-vault',
+          vault_type: 'LOGICALLY_AIR_GAPPED_BACKUP_VAULT',
+          vault_state: 'AVAILABLE',
+          creation_date: Time.new(2024, 4, 4, 9, 00, 00, '+00:00'),
+          encryption_key_arn: 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab',
+          creator_request_id: nil,
+          number_of_recovery_points: 12,
+          locked: false,
+          min_retention_days: 30,
+          max_retention_days: 30,
+          lock_date: nil
+        }
+      ],
+      next_token: nil
+    }
+  }
+}

data/lib/awspec/stub/rds_db_cluster.rb

@@ -78,7 +78,12 @@ Aws.config[:rds] = {
           copy_tags_to_snapshot: false,
           cross_account_clone: false,
           domain_memberships: [],
-          tag_list: [],
+          tag_list: [
+            {
+              key: 'env',
+              value: 'dev'
+            }
+          ],
           global_write_forwarding_status: nil,
           global_write_forwarding_requested: false,
           pending_modified_values: nil,

data/lib/awspec/stub/rds_global_cluster.rb

@@ -30,7 +30,13 @@ Aws.config[:rds] = {
               global_write_forwarding_status: 'disabled'
             }
           ],
-          failover_state: nil
+          failover_state: nil,
+          tag_list: [
+            {
+              key: 'env',
+              value: 'dev'
+            }
+          ]
         }
       ],
       marker: nil

data/lib/awspec/stub/transfer_server.rb

@@ -3,10 +3,10 @@
 Aws.config[:transfer] = {
   stub_responses: {
     describe_server: {
-      server: Aws::Transfer::Types::DescribedServer.new(
+      server: {
         arn: 'arn:aws:transfer:us-east-1:1234567890:server/s-4dc0a424f0154fa89',
         domain: 'S3',
-        endpoint_details: Aws::Transfer::Types::EndpointDetails.new(
+        endpoint_details: {
           address_allocation_ids: %w[
             eipalloc-00000000000000001
             eipalloc-00000000000000002
@@ -19,7 +19,7 @@ Aws.config[:transfer] = {
           ],
           vpc_endpoint_id: 'vpce-00000000000000001',
           vpc_id: 'vpc-0123456789abcdefg'
-        ),
+        },
         endpoint_type: 'VPC',
         host_key_fingerprint: 'SHA256:0pj2UnuoFAKEfHrCZwfPwuFinG3RJEVir/m8bPRINTo=',
         identity_provider_type: 'SERVICE_MANAGED',
@@ -29,13 +29,32 @@ Aws.config[:transfer] = {
         server_id: 's-4dc0a424f0154fa89',
         state: 'ONLINE',
         tags: [
-          Aws::Transfer::Types::Tag.new(
+          {
             key: 'env',
             value: 'dev'
-          )
+          },
+          {
+            key: 'Name',
+            value: 'my-transfer-server'
+          }
         ],
         user_count: 13
-      )
+      }
+    },
+    list_servers: {
+      next_token: nil,
+      servers: [
+        {
+          arn: 'arn:aws:transfer:us-east-1:1234567890:server/s-4dc0a424f0154fa89',
+          domain: 'S3',
+          identity_provider_type: 'SERVICE_MANAGED',
+          endpoint_type: 'VPC',
+          logging_role: 'arn:aws:iam::1234567890:role/service-role/AWSTransferLoggingAccess',
+          server_id: 's-4dc0a424f0154fa89',
+          state: 'ONLINE',
+          user_count: 13
+        }
+      ]
     }
   }
 }

data/lib/awspec/stub/wafv2_ip_set.rb

@@ -4,9 +4,10 @@ Aws.config[:wafv2] = {
   stub_responses: {
     get_ip_set: {
       ip_set: {
-        name: 'my-ip-set',
+        name: 'my-wafv2-ip-set',
         id: '01234567-89ab-cdef-0123-456789abcdef',
-        arn: 'arn:aws:wafv2:ap-northeast-1:123456789012:regional/ipset/my-ip-set/01234567-89ab-cdef-0123-456789abcdef',
+        arn: 'arn:aws:wafv2:ap-northeast-1:123456789012:regional/ipset/'\
+             'my-wafv2-ip-set/01234567-89ab-cdef-0123-456789abcdef',
         description: 'dev ips',
         ip_address_version: 'IPV4',
         addresses: [
@@ -17,14 +18,15 @@ Aws.config[:wafv2] = {
       lock_token: '01234567-89ab-cdef-0123456789abcdef0'
     },
     list_ip_sets: {
-      next_marker: 'my-ip-set',
+      next_marker: 'my-wafv2-ip-set',
       ip_sets: [
         {
-          name: 'my-ip-set',
+          name: 'my-wafv2-ip-set',
           id: '01234567-89ab-cdef-0123-456789abcdef',
           description: 'dev ips',
           lock_token: '01234567-89ab-cdef-0123456789abcdef0',
-          arn: 'arn:aws:wafv2:ap-northeast-1:123456789012:regional/ipset/my-ip-set/01234567-89ab-cdef-0123-456789abcdef'
+          arn: 'arn:aws:wafv2:ap-northeast-1:123456789012:regional/ipset/'\
+               'my-wafv2-ip-set/01234567-89ab-cdef-0123-456789abcdef'
         }
       ]
     }

data/lib/awspec/stub/wafv2_web_acl.rb

@@ -0,0 +1,151 @@
+# frozen_string_literal: true
+
+Aws.config[:wafv2] = {
+  stub_responses: {
+    get_web_acl: {
+      web_acl: {
+        name: 'my-wafv2-web-acl',
+        id: 'a64cc988-40ec-4c4e-ab80-c9acbea42103',
+        arn: 'arn:aws:wafv2:ap-northeast-1:123456789012:regional/webacl/'\
+             'my-wafv2-web-acl/a64cc988-40ec-4c4e-ab80-c9acbea42103',
+        default_action: {
+          allow: {}
+        },
+        description: 'test web acl',
+        rules: [
+          {
+            name: 'AWS-AWSManagedRulesCommonRuleSet',
+            priority: 0,
+            statement: {
+              managed_rule_group_statement: {
+                vendor_name: 'AWS',
+                name: 'AWSManagedRulesCommonRuleSet'
+              }
+            },
+            override_action: {
+              none: {}
+            },
+            visibility_config: {
+              sampled_requests_enabled: true,
+              cloud_watch_metrics_enabled: true,
+              metric_name: 'AWS-AWSManagedRulesCommonRuleSet'
+            }
+          },
+          {
+            name: 'AWS-AWSManagedRulesKnownBadInputsRuleSet',
+            priority: 1,
+            statement: {
+              managed_rule_group_statement: {
+                vendor_name: 'AWS',
+                name: 'AWSManagedRulesKnownBadInputsRuleSet'
+              }
+            },
+            override_action: {
+              none: {}
+            },
+            visibility_config: {
+              sampled_requests_enabled: true,
+              cloud_watch_metrics_enabled: true,
+              metric_name: 'AWS-AWSManagedRulesKnownBadInputsRuleSet'
+            }
+          },
+          {
+            name: 'AWS-AWSManagedRulesLinuxRuleSet',
+            priority: 2,
+            statement: {
+              managed_rule_group_statement: {
+                vendor_name: 'AWS',
+                name: 'AWSManagedRulesLinuxRuleSet'
+              }
+            },
+            override_action: {
+              none: {}
+            },
+            visibility_config: {
+              sampled_requests_enabled: true,
+              cloud_watch_metrics_enabled: true,
+              metric_name: 'AWS-AWSManagedRulesLinuxRuleSet'
+            }
+          },
+          {
+            name: 'AWS-AWSManagedRulesUnixRuleSet',
+            priority: 3,
+            statement: {
+              managed_rule_group_statement: {
+                vendor_name: 'AWS',
+                name: 'AWSManagedRulesUnixRuleSet'
+              }
+            },
+            override_action: {
+              none: {}
+            },
+            visibility_config: {
+              sampled_requests_enabled: true,
+              cloud_watch_metrics_enabled: true,
+              metric_name: 'AWS-AWSManagedRulesUnixRuleSet'
+            }
+          },
+          {
+            name: 'AWS-AWSManagedRulesAnonymousIpList',
+            priority: 4,
+            statement: {
+              managed_rule_group_statement: {
+                vendor_name: 'AWS',
+                name: 'AWSManagedRulesAnonymousIpList'
+              }
+            },
+            override_action: {
+              none: {}
+            },
+            visibility_config: {
+              sampled_requests_enabled: true,
+              cloud_watch_metrics_enabled: true,
+              metric_name: 'AWS-AWSManagedRulesAnonymousIpList'
+            }
+          },
+          {
+            name: 'AWS-AWSManagedRulesAmazonIpReputationList',
+            priority: 5,
+            statement: {
+              managed_rule_group_statement: {
+                vendor_name: 'AWS',
+                name: 'AWSManagedRulesAmazonIpReputationList'
+              }
+            },
+            override_action: {
+              none: {}
+            },
+            visibility_config: {
+              sampled_requests_enabled: true,
+              cloud_watch_metrics_enabled: true,
+              metric_name: 'AWS-AWSManagedRulesAmazonIpReputationList'
+            }
+          }
+        ],
+        visibility_config: {
+          sampled_requests_enabled: true,
+          cloud_watch_metrics_enabled: true,
+          metric_name: 'my-wafv2-web-acl'
+        },
+        capacity: 1275,
+        managed_by_firewall_manager: false,
+        label_namespace: 'awswaf:123456789012:webacl:my-wafv2-web-acl:',
+        retrofitted_by_firewall_manager: false
+      },
+      'lock_token': '8060f9d3-6437-4457-934c-e20bc0440e04'
+    },
+    list_web_acls: {
+      next_marker: 'my-wafv2-web-acl',
+      web_acls: [
+        {
+          name: 'my-wafv2-web-acl',
+          id: 'a64cc988-40ec-4c4e-ab80-c9acbea42103',
+          description: '',
+          lock_token: '8060f9d3-6437-4457-934c-e20bc0440e04',
+          arn: 'arn:aws:wafv2:ap-northeast-1:123456789012:regional/webacl/'\
+               'my-wafv2-web-acl/a64cc988-40ec-4c4e-ab80-c9acbea42103'
+        }
+      ]
+    }
+  }
+}

data/lib/awspec/type/backup_plan.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Awspec::Type
+  class BackupPlan < ResourceBase
+    def resource_via_client
+      @resource_via_client ||= find_backup_plan(@display_name)
+    end
+
+    def id
+      @id ||= resource_via_client.backup_plan_id if resource_via_client
+    end
+  end
+end