mirror of
https://github.com/inspec/inspec
synced 2024-12-25 04:23:15 +00:00
27 lines
948 B
Ruby
27 lines
948 B
Ruby
|
# encoding: utf-8
|
||
|
# copyright: 2018, The Authors
|
||
|
|
||
|
title 'Sample Section'
|
||
|
|
||
|
aws_vpc_id = attribute('aws_vpc_id')
|
||
|
|
||
|
# you add controls here
|
||
|
control 'aws-vpc-check' do # A unique ID for this control.
|
||
|
impact 1.0 # The criticality, if this control fails.
|
||
|
title 'Check to see if custom VPC exists.' # A human-readable title
|
||
|
describe aws_vpc(aws_vpc_id) do # The test itself.
|
||
|
it { should exist }
|
||
|
end
|
||
|
end
|
||
|
|
||
|
# Plural resources can be inspected to check for specific resource details.
|
||
|
control 'aws-vpcs-check' do
|
||
|
impact 1.0
|
||
|
title 'Check in all the VPCs for default sg not allowing 22 inwards'
|
||
|
aws_vpcs.vpc_ids.each do |vpc_id|
|
||
|
describe aws_security_group(vpc_id: vpc_id, group_name: 'default') do
|
||
|
it { should allow_in(port: 22) }
|
||
|
end
|
||
|
end
|
||
|
end
|