inspec/lib/plugins/inspec-init/templates/profiles/aws/controls/example.rb

40 lines
1.9 KiB
Ruby
Raw Normal View History

# copyright: 2018, The Authors
title "Sample Section"
aws_vpc_id = attribute("aws_vpc_id", default: "", description: "Optional AWS VPC identifier.")
# You add controls here
control "aws-single-vpc-exists-check" do # A unique ID for this control.
only_if { aws_vpc_id != "" } # Only run this control if the `aws_vpc_id` attribute is provided.
impact 1.0 # The criticality, if this control fails.
title "Check to see if custom VPC exists." # A human-readable title.
describe aws_vpc(aws_vpc_id) do # The test itself.
it { should exist }
end
end
# Plural resources can be inspected to check for specific resource details.
control "aws-vpcs-check" do
impact 1.0
title "Check in all the VPCs for default sg not allowing 22 inwards"
aws_vpcs.vpc_ids.each do |vpc_id|
describe aws_security_group(vpc_id: vpc_id, group_name: "default") do
it { should allow_in(port: 22) }
end
end
end
control "aws-vpcs-multi-region-status-check" do # A unique ID for this control.
impact 1.0 # The criticality, if this control fails.
title 'Check AWS VPCs in all regions have status "available"' # A human-readable title.
aws_regions.region_names.each do |region| # Loop over all available AWS regions
aws_vpcs(aws_region: region).vpc_ids.each do |vpc| # Find all VPCs in a single AWS region
describe aws_vpc(aws_region: region, vpc_id: vpc) do # The test itself.
it { should exist } # Confirms AWS VPC exists
it { should be_available } # Confirms AWS VPC has status "available"
end
end
end
end