inspec/docs/resources/aws_iam_policies.md.erb

---
title: About the aws_iam_policies Resource
platform: aws
---

# aws\_iam\_policies

Use the `aws_iam_policies` InSpec audit resource to test properties of some or all AWS IAM Policies.

A policy is an entity in AWS that, when attached to an identity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine if the request is allowed or denied. 

Each IAM Policy is uniquely identified by either its `policy_name` or `arn`.

<br>

## Syntax

An `aws_iam_policies` resource block collects a group of IAM Policies and then tests that group.

    # Verify the policy specified by the policy name is included in IAM Policies in the AWS account.
    describe aws_iam_policies do
      its('policy_names') { should include('test-policy-1') }
    end

<br>

## Examples

The following examples show how to use this InSpec audit resource.

As this is the initial release of `aws_iam_policies`, its limited functionality precludes examples.

<br>

## Properties

* `arns`, `entries`, `policy_names`

<br>

## Property Examples

### policy\_names

Provides a list of policy names for all IAM Policies in the AWS account.

    describe aws_iam_policies do
      its('policy_names') { should include('test-policy-1') }
    end

### arns

Provides a list of policy arns for all IAM Policies in the AWS account.

    describe aws_iam_policies do
      its('arns') { should include('arn:aws:iam::aws:policy/test-policy-1') }
    end

### entries

Provides access to the raw results of the query. This can be useful for checking counts and other advanced operations.

    # Allow at most 100 IAM Policies on the account
    describe aws_iam_policies do
      its('entries.count') { should be <= 100}
    end

<br>

## Matchers

For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/). 

### exists

The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.

    # Verify that at least one IAM Policies exists.
    describe aws_iam_policies
      it { should exist }
    end
skeletal aws_iam_ policies resource (#193) Signed-off-by: Rony Xavier <rx294@nyu.edu> 2018-02-01 03:45:02 +00:00			`---`
			`title: About the aws_iam_policies Resource`
AWS resource edits Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-13 19:30:07 +00:00			`platform: aws`
skeletal aws_iam_ policies resource (#193) Signed-off-by: Rony Xavier <rx294@nyu.edu> 2018-02-01 03:45:02 +00:00			`---`

Escapes and formatting 2018-02-15 02:23:29 +00:00			`# aws\_iam\_policies`
skeletal aws_iam_ policies resource (#193) Signed-off-by: Rony Xavier <rx294@nyu.edu> 2018-02-01 03:45:02 +00:00
			Use the `aws_iam_policies` InSpec audit resource to test properties of some or all AWS IAM Policies.

AWS resource edits Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-14 01:42:39 +00:00			`A policy is an entity in AWS that, when attached to an identity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine if the request is allowed or denied.`
skeletal aws_iam_ policies resource (#193) Signed-off-by: Rony Xavier <rx294@nyu.edu> 2018-02-01 03:45:02 +00:00
Escapes and formatting 2018-02-15 02:23:29 +00:00			Each IAM Policy is uniquely identified by either its `policy_name` or `arn`.
skeletal aws_iam_ policies resource (#193) Signed-off-by: Rony Xavier <rx294@nyu.edu> 2018-02-01 03:45:02 +00:00
			`<br>`

			`## Syntax`

			An `aws_iam_policies` resource block collects a group of IAM Policies and then tests that group.

			`# Verify the policy specified by the policy name is included in IAM Policies in the AWS account.`
			`describe aws_iam_policies do`
			`its('policy_names') { should include('test-policy-1') }`
			`end`

			`<br>`

			`## Examples`

			`The following examples show how to use this InSpec audit resource.`

			As this is the initial release of `aws_iam_policies`, its limited functionality precludes examples.

			`<br>`

AWS resource edits Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-13 19:30:07 +00:00			`## Properties`
skeletal aws_iam_ policies resource (#193) Signed-off-by: Rony Xavier <rx294@nyu.edu> 2018-02-01 03:45:02 +00:00
AWS resource edits Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-13 19:30:07 +00:00			* `arns`, `entries`, `policy_names`
skeletal aws_iam_ policies resource (#193) Signed-off-by: Rony Xavier <rx294@nyu.edu> 2018-02-01 03:45:02 +00:00
AWS resource edits Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-13 19:30:07 +00:00			`<br>`
skeletal aws_iam_ policies resource (#193) Signed-off-by: Rony Xavier <rx294@nyu.edu> 2018-02-01 03:45:02 +00:00
AWS resource edits Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-14 01:42:39 +00:00			`## Property Examples`
skeletal aws_iam_ policies resource (#193) Signed-off-by: Rony Xavier <rx294@nyu.edu> 2018-02-01 03:45:02 +00:00
Escapes and formatting 2018-02-15 02:23:29 +00:00			`### policy\_names`
skeletal aws_iam_ policies resource (#193) Signed-off-by: Rony Xavier <rx294@nyu.edu> 2018-02-01 03:45:02 +00:00
			`Provides a list of policy names for all IAM Policies in the AWS account.`

			`describe aws_iam_policies do`
			`its('policy_names') { should include('test-policy-1') }`
			`end`

			`### arns`

			`Provides a list of policy arns for all IAM Policies in the AWS account.`

			`describe aws_iam_policies do`
			`its('arns') { should include('arn:aws:iam::aws:policy/test-policy-1') }`
			`end`

			`### entries`

Spelling and punctuation check on Azure and AWS (#2657) * Spelling and punctuation check Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-20 03:09:51 +00:00			`Provides access to the raw results of the query. This can be useful for checking counts and other advanced operations.`
skeletal aws_iam_ policies resource (#193) Signed-off-by: Rony Xavier <rx294@nyu.edu> 2018-02-01 03:45:02 +00:00
			`# Allow at most 100 IAM Policies on the account`
			`describe aws_iam_policies do`
			`its('entries.count') { should be <= 100}`
			`end`
AWS resource edits Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-13 19:30:07 +00:00
			`<br>`

			`## Matchers`

Add one comma in all docs & deletes two repeated sentences. (#2658) Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-16 03:07:18 +00:00			`For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).`
AWS resource edits Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-13 19:30:07 +00:00
			`### exists`

AWS resource edits Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-14 01:42:39 +00:00			The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
AWS resource edits Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-13 19:30:07 +00:00
			`# Verify that at least one IAM Policies exists.`
			`describe aws_iam_policies`
			`it { should exist }`
			`end`