mirror of
https://github.com/inspec/inspec
synced 2024-12-18 00:53:22 +00:00
82dc6f3ec7
* Update docs in source to use matcher-style calls, not properties-as-predicates Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Main doc file for aws_iam_user Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add documentation for existing resources This adds documentation for the following resources, including custom matchers: - aws_ec2_instance - aws_iam_access_key - aws_iam_password_policy - aws_iam_root_user - aws_iam_users Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Fix `aws_iam_users` example (Console + No MFA) (#104) Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Correct copypasta Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Remove misleading singular matcher information from the plural docs for aws_iam_users Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Correct `aws-iam-userss` typo (#105) Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> * Add EC2 instance state info Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * test commit Signed-off-by: kgarmoe <kgarmoe@chef.io> * copy edits Signed-off-by: kgarmoe <kgarmoe@chef.io> * Yikes, forgot to save after correcting a merge conflict Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2 KiB
2 KiB
title |
---|
About the aws_iam_password_policy Resource |
aws_iam_password_policy
Use the aws_iam_password_policy
InSpec audit resource to test properties of the AWS IAM Password Policy.
Syntax
An aws_iam_password_policy
resource block takes no parameters, but uses several matchers.
describe aws_iam_password_policy do
its('requires_lowercase_characters?') { should be true }
end
Examples
The following examples show how to use this InSpec audit resource.
Test that the IAM Password Policy requires lowercase characters, uppercase characters, numbers, symbols, and a minimum length greater than eight
describe aws_iam_password_policy do
its('requires_lowercase_characters?') { should be true }
its('requires_uppercase_characters?') { should be true }
its('requires_numbers?') { should be true }
its('requires_symbols?') { should be true }
its('minimum_password_length') { should be > 8 }
end
Test that the IAM Password Policy allows users to change their password
describe aws_iam_password_policy do
its('allows_user_to_change_password?') { should be true }
end
Test that the IAM Password Policy expires passwords
describe aws_iam_password_policy do
its('expires_passwords?') { should be true }
end
Test that the IAM Password Policy has a max password age
describe aws_iam_password_policy do
its('max_password_age') { should be > 90 * 86400 }
end
Test that the IAM Password Policy prevents password reuse
describe aws_iam_password_policy do
its('prevents_password_reuse?') { should be true }
end
Test that the IAM Password Policy requires users to remember 3 previous passwords
describe aws_iam_password_policy do
its('number_of_passwords_to_remember') { should eq 3 }
end
Matchers
For a full list of available matchers (such as exist
) please visit our matchers page.