inspec/lib/plugins/inspec-init/templates/profiles/aws/README.md

# Example InSpec Profile For AWS

This example shows the implementation of an InSpec profile for AWS.

##  Create a profile 

```
$ inspec init profile --platform aws aws-security
Create new profile at /Users/liamcaproni/aws-security
 * Create directory libraries
 * Create file README.md
 * Create directory controls
 * Create file controls/example.rb
 * Create file inspec.yml
 * Create file attributes.yml
 * Create file libraries/.gitkeep 
 
```

## Update `attributes.yml` to point to your custom VPC

```
aws_vpc_id: 'custom-vpc-id'
```

## Run the tests

```
$ cd aws-profile/
$ inspec exec -t aws://eu-west-1/test-iam-profile  --attrs attributes.yml aws-security

Profile: InSpec Profile (aws-security)
Version: 0.1.0
Target:  aws://eu-west-2

  ✔  aws-vpc-check: Check to see if custom VPC exists.
     ✔  VPC vpc-0014dad216b7664e3 should exist
  ✔  aws-vpcs-check: Check in all the VPCs for default sg not allowing 22 inwards
     ✔  EC2 Security Group sg-05cd285a7499ee2bf should allow in {:port=>22}
     ✔  EC2 Security Group sg-0f0faf6d01eafc65d should allow in {:port=>22}
     ✔  EC2 Security Group sg-0cb134808cb42f188 should allow in {:port=>22}
     ✔  EC2 Security Group sg-06b2ae6dea43e32b6 should allow in {:port=>22}
     ✔  EC2 Security Group sg-0fc81264868480768 should allow in {:port=>22}
     ✔  EC2 Security Group sg-0cc3c94d414fdcd1b should allow in {:port=>22}
     ✔  EC2 Security Group sg-0abe7f61 should allow in {:port=>22}
     ✔  EC2 Security Group sg-0f346bed179f1e6ad should allow in {:port=>22}
     ✔  EC2 Security Group sg-0ff737c3be7a370ab should allow in {:port=>22}
     ✔  EC2 Security Group sg-0f37838285d37d035 should allow in {:port=>22}
     ✔  EC2 Security Group sg-001651d64991000f7 should allow in {:port=>22}


```
Adding an AWS platform template so that it can be specified to create a template when using 'inspec init --platform' (#3622) Signed-off-by: Liam Caproni <liamcaproni@gmail.com> 2018-11-27 21:55:03 +00:00			`# Example InSpec Profile For AWS`

			`This example shows the implementation of an InSpec profile for AWS.`

			`## Create a profile`

			```
			`$ inspec init profile --platform aws aws-security`
			`Create new profile at /Users/liamcaproni/aws-security`
			`* Create directory libraries`
			`* Create file README.md`
			`* Create directory controls`
			`* Create file controls/example.rb`
			`* Create file inspec.yml`
			`* Create file attributes.yml`
			`* Create file libraries/.gitkeep`

			```

			## Update `attributes.yml` to point to your custom VPC

			```
			`aws_vpc_id: 'custom-vpc-id'`
			```

			`## Run the tests`

			```
			`$ cd aws-profile/`
			`$ inspec exec -t aws://eu-west-1/test-iam-profile --attrs attributes.yml aws-security`

			`Profile: InSpec Profile (aws-security)`
			`Version: 0.1.0`
			`Target: aws://eu-west-2`

			`✔ aws-vpc-check: Check to see if custom VPC exists.`
			`✔ VPC vpc-0014dad216b7664e3 should exist`
			`✔ aws-vpcs-check: Check in all the VPCs for default sg not allowing 22 inwards`
			`✔ EC2 Security Group sg-05cd285a7499ee2bf should allow in {:port=>22}`
			`✔ EC2 Security Group sg-0f0faf6d01eafc65d should allow in {:port=>22}`
			`✔ EC2 Security Group sg-0cb134808cb42f188 should allow in {:port=>22}`
			`✔ EC2 Security Group sg-06b2ae6dea43e32b6 should allow in {:port=>22}`
			`✔ EC2 Security Group sg-0fc81264868480768 should allow in {:port=>22}`
			`✔ EC2 Security Group sg-0cc3c94d414fdcd1b should allow in {:port=>22}`
			`✔ EC2 Security Group sg-0abe7f61 should allow in {:port=>22}`
			`✔ EC2 Security Group sg-0f346bed179f1e6ad should allow in {:port=>22}`
			`✔ EC2 Security Group sg-0ff737c3be7a370ab should allow in {:port=>22}`
			`✔ EC2 Security Group sg-0f37838285d37d035 should allow in {:port=>22}`
			`✔ EC2 Security Group sg-001651d64991000f7 should allow in {:port=>22}`




			```