Filters the IAM groups by their group name, a string. If you know the exact group name, use `aws_iam_group` (singular) instead. This criteria may be used when you know a pattern of the name.
# Use a regex to find groups ending with 'Admins'
describe aws_iam_groups.where(group_name: /Admins$/) do
its('group_names') { should include 'FriendlyAdmins' }
its('group_names') { shoud_not include 'ShunnedAdmins' }
end
## Properties
### group_names
An Array of Strings, reflecting the IAM group names matched by the filter. If no groups matched, this will be empty. You can also use this with `aws_iam_group` to enumerate groups.
# Check for friendly people
describe aws_iam_groups.where(group_name: /Admins$/) do
its('group_names') { should include 'FriendlyAdmins' }
its('group_names') { should include 'KindAdmins' }
end
# Use to loop and fetch groups individually for auditing in detail
# Without a `where`, this fetches all groups
aws_iam_groups.group_names.each do |group_names|
# A roundabout way of saying "bob should not be in any groups"
This resource has no resource-specific matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:ListGroups` action with Effect set to Allow.
You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
