mirror of
https://github.com/inspec/inspec
synced 2024-11-30 16:39:20 +00:00
82dc6f3ec7
* Update docs in source to use matcher-style calls, not properties-as-predicates Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Main doc file for aws_iam_user Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add documentation for existing resources This adds documentation for the following resources, including custom matchers: - aws_ec2_instance - aws_iam_access_key - aws_iam_password_policy - aws_iam_root_user - aws_iam_users Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Fix `aws_iam_users` example (Console + No MFA) (#104) Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Correct copypasta Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove misleading singular matcher information from the plural docs for aws_iam_users Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Correct `aws-iam-userss` typo (#105) Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add EC2 instance state info Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * test commit Signed-off-by: kgarmoe <kgarmoe@chef.io> * copy edits Signed-off-by: kgarmoe <kgarmoe@chef.io> * Yikes, forgot to save after correcting a merge conflict Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
63 lines
1.7 KiB
Markdown
63 lines
1.7 KiB
Markdown
---
|
|
title: About the aws_iam_user Resource
|
|
---
|
|
|
|
# aws_iam_user
|
|
|
|
Use the `aws_iam_user` InSpec audit resource to test properties of a single AWS IAM user.
|
|
|
|
To test properties of all or multiple users, use the `aws_iam_users` resource.
|
|
|
|
To test properties of the special AWS root user (which owns the account), use the `aws_iam_root_user` resource.
|
|
|
|
<br>
|
|
|
|
## Syntax
|
|
|
|
An `aws_iam_user` resource block declares a user by name, and then lists tests to be performed.
|
|
|
|
describe aws_iam_user(name: 'test_user') do
|
|
it { should exist }
|
|
end
|
|
|
|
<br>
|
|
|
|
## Examples
|
|
|
|
The following examples show how to use this InSpec audit resource.
|
|
|
|
### Test that a user does not exist
|
|
|
|
describe aws_iam_user(name: 'gone') do
|
|
it { should_not exist }
|
|
end
|
|
|
|
### Test that a user has multi-factor authentication enabled
|
|
|
|
describe aws_iam_user(name: 'test_user') do
|
|
it { should have_mfa_enabled }
|
|
end
|
|
|
|
### Test that a service user does not have a password
|
|
|
|
describe aws_iam_user(name: 'test_user') do
|
|
it { should have_console_password }
|
|
end
|
|
|
|
<br>
|
|
|
|
## Matchers
|
|
|
|
This InSpec audit resource has the following special matchers. For a full list of available matchers (such as `exist`) please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
|
|
### have_console_password
|
|
|
|
The `have_console_password` matcher tests if the user has a password that could be used to log into the AWS web console.
|
|
|
|
it { should have_console_password }
|
|
|
|
### have_mfa_enabled
|
|
|
|
The `have_mfa_enabled` matcher tests if the user has Multi-Factor Authentication enabled, requiring them to enter a secondary code when they login to the web console.
|
|
|
|
it { should have_mfa_enabled }
|