class AwsSecurityGroups < Inspec.resource(1) name 'aws_security_groups' desc 'Verifies settings for AWS Security Groups in bulk' example <<~EXAMPLE # Verify that you have security groups defined describe aws_security_groups do it { should exist } end # Verify you have more than the default security group describe aws_security_groups do its('entries.count') { should be > 1 } end EXAMPLE supports platform: 'aws' include AwsPluralResourceMixin # Underlying FilterTable implementation. filter = FilterTable.create filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? } filter.register_column(:group_ids, field: :group_id) filter.install_filter_methods_on_resource(self, :table) def to_s 'EC2 Security Groups' end private def validate_params(raw_criteria) unless raw_criteria.is_a? Hash raise 'Unrecognized criteria for fetching Security Groups. ' \ "Use 'criteria: value' format." end # No criteria yet unless raw_criteria.empty? raise ArgumentError, 'aws_ec2_security_groups does not currently accept resource parameters.' end raw_criteria end def fetch_from_api @table = [] backend = BackendFactory.create(inspec_runner) backend.describe_security_groups({}).security_groups.each do |sg_info| @table.push({ group_id: sg_info.group_id, group_name: sg_info.group_name, vpc_id: sg_info.vpc_id, }) end end class Backend class AwsClientApi < AwsBackendBase BackendFactory.set_default_backend self self.aws_client_class = Aws::EC2::Client def describe_security_groups(query) aws_service_client.describe_security_groups(query) end end end end