inspec/docs/resources/aws_iam_role.md.erb

---
title: About the aws_iam_role Resource
platform: aws
---

# aws\_iam\_role

Use the `aws_iam_role` Chef InSpec audit resource to test properties of a single IAM Role. A Role is a collection of permissions that may be temporarily assumed by a user, EC2 Instance, Lambda Function, or certain other resources.

<br>

## Availability

### Installation

This resource is distributed along with Chef InSpec itself. You can use it automatically.

### Version

This resource first became available in v2.0.16 of InSpec.

## Syntax

    # Ensure that a certain role exists by name
    describe aws_iam_role('my-role') do
      it { should exist }
    end

<br>

## Resource Parameters

### role\_name

This resource expects a single parameter that uniquely identifies the IAM Role, the Role Name. You may pass it as a string, or as the value in a hash:

    describe aws_iam_role('my-role') do
      it { should exist }
    end
    # Same
    describe aws_iam_role(role_name: 'my-role') do
      it { should exist }
    end

<br>

## Properties

### description

A textual description of the IAM Role.

    describe aws_iam_role('my-role') do
      its('description') { should be('Our most important Role')}
    end

<br>

## Matchers

This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

### exist

Indicates that the Role Name provided was found. Use `should_not` to test for IAM Roles that should not exist.

    describe aws_iam_role('should-be-there') do
      it { should exist }
    end

    describe aws_iam_role('should-not-be-there') do
      it { should_not exist }
    end

## AWS Permissions

Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:GetRole` action with Effect set to Allow.

You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
Add skeleton of aws_iam_role Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> 2017-12-14 03:34:52 +00:00			`---`
			`title: About the aws_iam_role Resource`
AWS resource edits Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-14 01:42:39 +00:00			`platform: aws`
Add skeleton of aws_iam_role Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> 2017-12-14 03:34:52 +00:00			`---`

Escapes and formatting 2018-02-15 02:23:29 +00:00			`# aws\_iam\_role`
Add skeleton of aws_iam_role Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> 2017-12-14 03:34:52 +00:00
Update software name from InSpec to Chef Inspec Signed-off-by: IanMadd <maddaus@protonmail.com> 2019-04-26 18:24:29 +00:00			Use the `aws_iam_role` Chef InSpec audit resource to test properties of a single IAM Role. A Role is a collection of permissions that may be temporarily assumed by a user, EC2 Instance, Lambda Function, or certain other resources.
Add skeleton of aws_iam_role Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> 2017-12-14 03:34:52 +00:00
			`<br>`

Clean injection of Availability section (#3206) Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> 2018-08-09 12:34:49 +00:00			`## Availability`

			`### Installation`

Update software name from InSpec to Chef Inspec Signed-off-by: IanMadd <maddaus@protonmail.com> 2019-04-26 18:24:29 +00:00			`This resource is distributed along with Chef InSpec itself. You can use it automatically.`
Clean injection of Availability section (#3206) Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> 2018-08-09 12:34:49 +00:00
			`### Version`

			`This resource first became available in v2.0.16 of InSpec.`

Add skeleton of aws_iam_role Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> 2017-12-14 03:34:52 +00:00			`## Syntax`

Fixes partially indented blocks and unescaped underscores (#2731) Moved 2 space examples 2 more spaces in. Don't be shy, show the world your code the way it was meant to be seen. Underscores in markdown must be escaped otherwise the world goes crooked. Signed-off-by: Franklin Webber <franklin@chef.io> 2018-02-26 16:11:06 +00:00			`# Ensure that a certain role exists by name`
			`describe aws_iam_role('my-role') do`
			`it { should exist }`
			`end`
Add skeleton of aws_iam_role Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> 2017-12-14 03:34:52 +00:00
AWS resource edits Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-14 01:42:39 +00:00			`<br>`

Add skeleton of aws_iam_role Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> 2017-12-14 03:34:52 +00:00			`## Resource Parameters`

Escapes and formatting 2018-02-15 02:23:29 +00:00			`### role\_name`
Add skeleton of aws_iam_role Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> 2017-12-14 03:34:52 +00:00
AWS resource edits Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-14 01:42:39 +00:00			`This resource expects a single parameter that uniquely identifies the IAM Role, the Role Name. You may pass it as a string, or as the value in a hash:`
Add skeleton of aws_iam_role Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> 2017-12-14 03:34:52 +00:00
Fixes partially indented blocks and unescaped underscores (#2731) Moved 2 space examples 2 more spaces in. Don't be shy, show the world your code the way it was meant to be seen. Underscores in markdown must be escaped otherwise the world goes crooked. Signed-off-by: Franklin Webber <franklin@chef.io> 2018-02-26 16:11:06 +00:00			`describe aws_iam_role('my-role') do`
			`it { should exist }`
			`end`
			`# Same`
			`describe aws_iam_role(role_name: 'my-role') do`
			`it { should exist }`
			`end`
Add skeleton of aws_iam_role Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> 2017-12-14 03:34:52 +00:00
AWS resource edits Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-14 01:42:39 +00:00			`<br>`

			`## Properties`

			`### description`

			`A textual description of the IAM Role.`

			`describe aws_iam_role('my-role') do`
			`its('description') { should be('Our most important Role')}`
			`end`

			`<br>`

Add skeleton of aws_iam_role Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> 2017-12-14 03:34:52 +00:00			`## Matchers`

Update software name from InSpec to Chef Inspec Signed-off-by: IanMadd <maddaus@protonmail.com> 2019-04-26 18:24:29 +00:00			`This Chef InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).`
Fixes formatting on aws/azure resources Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-15 04:31:56 +00:00
Add skeleton of aws_iam_role Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> 2017-12-14 03:34:52 +00:00			`### exist`

Fixes partially indented blocks and unescaped underscores (#2731) Moved 2 space examples 2 more spaces in. Don't be shy, show the world your code the way it was meant to be seen. Underscores in markdown must be escaped otherwise the world goes crooked. Signed-off-by: Franklin Webber <franklin@chef.io> 2018-02-26 16:11:06 +00:00			Indicates that the Role Name provided was found. Use `should_not` to test for IAM Roles that should not exist.
Add skeleton of aws_iam_role Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> 2017-12-14 03:34:52 +00:00
			`describe aws_iam_role('should-be-there') do`
			`it { should exist }`
			`end`

			`describe aws_iam_role('should-not-be-there') do`
			`it { should_not exist }`
			`end`
AWS resource permission docs (#3036) * Add documentation about required IAM permissions to AWS Resources. * Change phrasing. Signed-off-by: Miah Johnson <miah@chia-pet.org> 2018-05-10 18:57:53 +00:00
			`## AWS Permissions`

			Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:GetRole` action with Effect set to Allow.

			`You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).`