mirror of
https://github.com/inspec/inspec
synced 2024-12-18 00:53:22 +00:00
82dc6f3ec7
* Update docs in source to use matcher-style calls, not properties-as-predicates Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Main doc file for aws_iam_user Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add documentation for existing resources This adds documentation for the following resources, including custom matchers: - aws_ec2_instance - aws_iam_access_key - aws_iam_password_policy - aws_iam_root_user - aws_iam_users Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Fix `aws_iam_users` example (Console + No MFA) (#104) Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Correct copypasta Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove misleading singular matcher information from the plural docs for aws_iam_users Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Correct `aws-iam-userss` typo (#105) Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add EC2 instance state info Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * test commit Signed-off-by: kgarmoe <kgarmoe@chef.io> * copy edits Signed-off-by: kgarmoe <kgarmoe@chef.io> * Yikes, forgot to save after correcting a merge conflict Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
1.6 KiB
1.6 KiB
title |
---|
About the aws_iam_access_key Resource |
aws_iam_access_key
Use the aws_iam_access_key
InSpec audit resource to test properties of a single AWS IAM access key.
Syntax
An aws_iam_access_key
resource block declares the tests for a single AWS IAM access key by username and id.
describe aws_iam_access_key(username: 'username', id: 'access-key-id') do
it { should exist }
it { should_not be_active }
its('create_date') { should be > Time.now - 365 * 86400 }
its('last_used_date') { should be > Time.now - 90 * 86400 }
end
Examples
The following examples show how to use this InSpec audit resource.
Test that an IAM access key is not active
describe aws_iam_access_key(username: 'username', id: 'access-key-id') do
it { should_not be_active }
end
Test that an IAM access key is older than one year
describe aws_iam_access_key(username: 'username', id: 'access-key-id') do
its('create_date') { should be > Time.now - 365 * 86400 }
end
Test that an IAM access key has been used in the past 90 days
describe aws_iam_access_key(username: 'username', id: 'access-key-id') do
its('last_used_date') { should be > Time.now - 90 * 86400 }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers (such as exist
) please visit our matchers page.
be_active
The be_active
matcher tests if the described IAM access key is active.
it { should be_active }