mirror of
https://github.com/inspec/inspec
synced 2024-12-21 02:23:13 +00:00
21 lines
561 B
Ruby
21 lines
561 B
Ruby
|
control "Users that have a password but do not have MFA enabled" do
|
||
|
impact 0.7
|
||
|
describe aws_iam_users.where { has_console_password and not has_mfa_enabled } do
|
||
|
it { should_not exist }
|
||
|
end
|
||
|
end
|
||
|
|
||
|
control "Do not allow access keys older than 90 days" do
|
||
|
impact 1.0
|
||
|
describe aws_iam_access_keys.where { created_days_ago > 90 } do
|
||
|
it { should_not exist }
|
||
|
end
|
||
|
end
|
||
|
|
||
|
control "Check our demo bucket for dangerous settings" do
|
||
|
impact 1.0
|
||
|
describe aws_s3_bucket('inspec-testing-public-default.chef.io') do
|
||
|
it { should_not be_public }
|
||
|
end
|
||
|
end
|