1a31425e81
* Initial Commit Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com> * aws_iam_user uses lazy loading Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com> * Disassociates convert call from list_users Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com> * A real-world working AwsIamUsers (#71) * Add aws_iam_users Signed-off-by: Chris Redekop <chris.redekop@d2l.com> * Adding Filter table and Collect User Details to aws_iam_users.rb Signed-off-by: Chris Redekop <chris.redekop@d2l.com> * Adding Filter table and Collect User Details to aws_iam_users.rb Signed-off-by: Chris Redekop <chris.redekop@d2l.com> * Adding Filter table and Collect User Details to aws_iam_users.rb Signed-off-by: Chris Redekop <chris.redekop@d2l.com> * Get an aws_iam_users integration test to pass Signed-off-by: Chris Redekop <chris.redekop@d2l.com> * Fix RuboCop issues and tests Signed-off-by: Chris Redekop <chris.redekop@d2l.com> * Improving code based on PR feedback Signed-off-by: Chris Redekop <chris.redekop@d2l.com> * AWS IAM Users unit tests work with new lazy loading feature Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com> * Fixes tests Signed-off-by: aduric <adnan.duric@d2l.com> * Users should only hold the returned user references, transfering responsibility to each user to fetch any details Signed-off-by: aduric <adnan.duric@d2l.com> * Create user details provider class Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com> * Using details provider factory to delegate creation of detail providers, and updates tests Signed-off-by: aduric <adnan.duric@d2l.com> * Rubocop fixes Signed-off-by: aduric <adnan.duric@d2l.com> * Rename user details provider factory to initializer, and remove unnecessary instance variables Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com> |
||
|---|---|---|
| libraries | ||
| test | ||
| .gitignore | ||
| .rubocop.yml | ||
| .travis.yml | ||
| CONTRIBUTING.md | ||
| Gemfile | ||
| inspec.yml | ||
| LICENSE | ||
| Rakefile | ||
| README.md | ||
InSpec for AWS
Roadmap
This repository is the development repository for InSpec for AWS. Once RFC Platforms is fully implemented in InSpec, this repository is going to be merged into core InSpec.
As of now, AWS resources are implemented as an InSpec resource pack. It will ship with the required resources to write your own AWS tests.
├── README.md - this readme
└── libraries - contains AWS resources
Get started
To run the profile, use InSpec with an environment variable for AWS credentials:
AWS_REGIONAWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEY
Those variables are defined in AWS CLI Docs
Now you can use inspec exec inspec-aws. Please note, that you have to define the AWS target in future: inspec exec inspec-aws -t aws://accesskey:secret@region.
Use the resources
Since this is a InSpec resource pack, it only defines InSpec resources. It includes example tests only. You can easily use the AWS InSpec resources in your tests do the following:
Create a new profile
inspec init profile my-profile
Adapt the inspec.yml
name: my-profile
title: My own AWS profile
version: 0.1.0
depends:
- name: aws
url: https://github.com/chef/inspec-aws/archive/master.tar.gz
Add controls
Since your profile depends on the resource pack, you can use those resources in your own profile:
control "aws-1" do
impact 0.7
title 'Checks the machine is running'
describe aws_ec2('i-my-ec2-instance-id') do
it { should be_running }
end
end
Available Resources
aws_ec2- This resource reads information about an ec2 instanceaws_iam_access_key- Verifies settings for AWS IAM access keysaws_iam_password_policy- Verifies iam password policyaws_iam_root_user- Verifies settings for AWS root accountaws_iam_user- Verifies settings for a specific AWS IAM useraws_iam_users- Verifies settings for AWS IAM users
Roadmap
aws_amiaws_s3bucketaws_security_groupaws_iam_groupaws_iam_policyaws_iam_role...
Tests
Unit tests
To execute the unit tests, run:
bundle exec rake test
Integration tests
To run the integration tests, please make sure all required environment variables like AWS_ACCESS_KEY_ID
, AWS_SECRET_ACCESS_KEY and AWS_REGION are set properly. (AWS_REGION must be set to us-east-1 when running the integration tests.) We use terraform to create the AWS setup and InSpec to verify the all aspects. If you want to use a specific terraform environment, set environment variable INSPEC_TERRAFORM_ENV. Integration tests can be executed via:
bundle exec rake test:integration
This task sets up test AWS resources, runs the integration tests, and then cleans up the resources. To perform these tasks independently, please call them individually:
bundle exec rake test:configure_test_environmentbundle exec rake test:setup_integration_testsbundle exec rake test:run_integration_testsbundle exec rake test:cleanup_integration_testsbundle exec rake test:destroy_test_environment
Kudos
This project was inspired by inspec-aws from arothian.
License
| Author: | Christoph Hartmann (chris@lollyrock.com) |
| Copyright: | Copyright (c) 2017 Chef Software Inc. |
| License: | Apache License, Version 2.0 |
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.