Skip to main content

aws_ssm_parameters Resource

[edit on GitHub]

Use the aws_ssm_parameters InSpec audit resource to test properties of a collection of AWS SSM parameters.

Installation

This resource is available in the Chef InSpec AWS resource pack.

See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.

Syntax

Ensure you have exactly 3 SSM Parameters

describe aws_ssm_parameters do
  its('names.count') { should cmp 3 }
end

Parameters

This resource does not require any parameters.

Properties

names
Provides the name of the parameter.
types
Provides the type of the parameter.
key_ids
Provides the key id of the parameter.
last_modified_dates
Provides the date the parameter was last changed or updated and the parameter version was created.
last_modified_users
Provides the user that last changed or updated the parameter.
descriptions
Provides the description of the parameter.
versions
Provides the version of the parameter.
tiers
Provides the tier of the parameter.

For a comprehensive list of properties available, see the API reference documentation

Examples

Ensure Name of a SSM Parameter exists.

describe aws_ssm_parameters do
  its('names') { should include 'ssm-parameter-name' }
end

Matchers

For a full list of available matchers, please visit our Universal Matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_ssm_parameters.where( <property>: <value> ) do
  it { should exist }
end
describe aws_ssm_parameters.where( <property>: <value> ) do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the SSM:Client:DescribeParametersResult action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Systems Manager.

Was this page helpful?

×









Search Results