2018-02-01 03:45:02 +00:00
---
title: About the aws_iam_policies Resource
2018-02-13 19:30:07 +00:00
platform: aws
2018-02-01 03:45:02 +00:00
---
2018-02-15 02:23:29 +00:00
# aws\_iam\_policies
2018-02-01 03:45:02 +00:00
2019-04-26 18:24:29 +00:00
Use the `aws_iam_policies` Chef InSpec audit resource to test properties of some or all AWS IAM Policies.
2018-02-01 03:45:02 +00:00
2018-05-10 18:57:53 +00:00
A policy is an entity in AWS that, when attached to an identity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine if the request is allowed or denied.
2018-02-01 03:45:02 +00:00
2018-02-15 02:23:29 +00:00
Each IAM Policy is uniquely identified by either its `policy_name` or `arn`.
2018-02-01 03:45:02 +00:00
<br>
2018-08-09 12:34:49 +00:00
## Availability
### Installation
2019-04-26 18:24:29 +00:00
This resource is distributed along with Chef InSpec itself. You can use it automatically.
2018-08-09 12:34:49 +00:00
### Version
This resource first became available in v2.0.16 of InSpec.
2018-02-01 03:45:02 +00:00
## Syntax
An `aws_iam_policies` resource block collects a group of IAM Policies and then tests that group.
# Verify the policy specified by the policy name is included in IAM Policies in the AWS account.
describe aws_iam_policies do
its('policy_names') { should include('test-policy-1') }
end
<br>
## Examples
2019-04-26 18:24:29 +00:00
The following examples show how to use this Chef InSpec audit resource.
2018-02-01 03:45:02 +00:00
As this is the initial release of `aws_iam_policies`, its limited functionality precludes examples.
<br>
2018-02-13 19:30:07 +00:00
## Properties
2018-02-01 03:45:02 +00:00
2018-02-13 19:30:07 +00:00
* `arns`, `entries`, `policy_names`
2018-02-01 03:45:02 +00:00
2018-02-13 19:30:07 +00:00
<br>
2018-02-01 03:45:02 +00:00
2018-02-14 01:42:39 +00:00
## Property Examples
2018-02-01 03:45:02 +00:00
2018-02-15 02:23:29 +00:00
### policy\_names
2018-02-01 03:45:02 +00:00
Provides a list of policy names for all IAM Policies in the AWS account.
describe aws_iam_policies do
its('policy_names') { should include('test-policy-1') }
end
### arns
Provides a list of policy arns for all IAM Policies in the AWS account.
describe aws_iam_policies do
its('arns') { should include('arn:aws:iam::aws:policy/test-policy-1') }
end
### entries
2018-02-20 03:09:51 +00:00
Provides access to the raw results of the query. This can be useful for checking counts and other advanced operations.
2018-02-01 03:45:02 +00:00
# Allow at most 100 IAM Policies on the account
describe aws_iam_policies do
its('entries.count') { should be <= 100}
end
2018-02-13 19:30:07 +00:00
<br>
## Matchers
2018-05-10 18:57:53 +00:00
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
2018-02-13 19:30:07 +00:00
### exists
2018-02-14 01:42:39 +00:00
The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
2018-02-13 19:30:07 +00:00
# Verify that at least one IAM Policies exists.
describe aws_iam_policies
it { should exist }
2018-05-10 18:57:53 +00:00
end
## AWS Permissions
Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:ListPolicies` action with Effect set to Allow.
2018-02-13 19:30:07 +00:00
2018-05-10 18:57:53 +00:00
You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).