Skip to main content

aws_ssm_maintenance_window Resource

[edit on GitHub]

Use the aws_ssm_maintenance_window InSpec audit resource to test properties of a single AWS Systems Manager (SSM) maintenance window.

The AWS::SSM::MaintenanceWindow resource represents general information about a maintenance window for AWS Systems Manager.

For additional information, including details on parameters and properties, see the AWS documentation on the AWS::SSM::MaintenanceWindow resource type.

Installation

This resource is available in the Chef InSpec AWS resource pack.

See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.

Syntax

Ensure that the maintenance window exists.

describe aws_ssm_maintenance_window(window_id: 'WINDOW_ID') do
  it { should exist }
end

Parameters

window_id (required)

The ID of the maintenance window for which you want to retrieve information.

Properties

window_id
The ID of the maintenance window for which you want to retrieve information.
name
The name of the maintenance window.
description
The description of the maintenance window.
start_date
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active.
end_date
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive.
schedule
The schedule of the maintenance window in the form of a cron or rate expression.
schedule_timezone
The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format.
schedule_offset
The number of days to wait to run a maintenance window after the scheduled cron expression date and time.
next_execution_time
The next time the maintenance window will actually run, taking into account any specified times for the maintenance window to become active or inactive.
duration
The duration of the maintenance window in hours.
cutoff
The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
allow_unassociated_targets
Whether targets must be registered with the maintenance window before tasks can be defined for those targets.
enabled
Indicates whether the maintenance window is enabled.
created_date
The date the maintenance window was created.
modified_date
The date the maintenance window was last modified.

Examples

Ensure a window ID is available.

describe aws_ssm_maintenance_window(window_id: 'WINDOW_ID') do
  its('window_id') { should eq 'WINDOW_ID' }
end

Ensure a name is available.

describe aws_ssm_maintenance_window(window_id: 'WINDOW_ID') do
  its('name') { should eq 'WINDOW_NAME' }
end

Ensure a duration is 1.

describe aws_ssm_maintenance_window(window_id: 'WINDOW_ID') do
  its('duration') { should eq 1 }
end

Ensure a maintenance window is enabled.

describe aws_ssm_maintenance_window(window_id: 'WINDOW_ID') do
  its('enabled') { should eq true }
end

Matchers

This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.

The controls will pass if the get method returns at least one result.

exist

Use should to test that the entity exists.

describe aws_ssm_maintenance_window(window_id: 'WINDOW_ID') do
  it { should exist }
end

Use should_not to test the entity does not exist.

describe aws_ssm_maintenance_window(window_id: 'WINDOW_ID') do
  it { should_not exist }
end

be_available

Use should to check if the entity is available.

describe aws_ssm_maintenance_window(window_id: 'WINDOW_ID')
  it { should be_available }
end

AWS Permissions

Your Principal will need the SSM:Client:GetMaintenanceWindowResult action with Effect set to Allow.

Was this page helpful?

×









Search Results