Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-23 21:23:29 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/docs/resources/aws_iam_password_policy.md
Clinton Wolfe 82dc6f3ec7
Documentation for existing resources 
* Update docs in source to use matcher-style calls, not properties-as-predicates

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Main doc file for aws_iam_user

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add documentation for existing resources

This adds documentation for the following resources, including custom matchers:

  - aws_ec2_instance
  - aws_iam_access_key
  - aws_iam_password_policy
  - aws_iam_root_user
  - aws_iam_users

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Fix `aws_iam_users` example (Console + No MFA) (#104)

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Correct copypasta

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Remove misleading singular matcher information from the plural docs for aws_iam_users

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Correct `aws-iam-userss` typo (#105)

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add EC2 instance state info

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* test commit

Signed-off-by: kgarmoe <kgarmoe@chef.io>

* copy edits

Signed-off-by: kgarmoe <kgarmoe@chef.io>

* Yikes, forgot to save after correcting a merge conflict

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-10-27 16:31:36 -04:00

2 KiB
Raw Blame History

title
About the aws_iam_password_policy Resource

aws_iam_password_policy

Use the aws_iam_password_policy InSpec audit resource to test properties of the AWS IAM Password Policy.


Syntax

An aws_iam_password_policy resource block takes no parameters, but uses several matchers.

describe aws_iam_password_policy do
  its('requires_lowercase_characters?') { should be true }
end

Examples

The following examples show how to use this InSpec audit resource.

Test that the IAM Password Policy requires lowercase characters, uppercase characters, numbers, symbols, and a minimum length greater than eight

describe aws_iam_password_policy do
  its('requires_lowercase_characters?') { should be true }
  its('requires_uppercase_characters?') { should be true }
  its('requires_numbers?') { should be true }
  its('requires_symbols?') { should be true }
  its('minimum_password_length') { should be > 8 }
end

Test that the IAM Password Policy allows users to change their password

describe aws_iam_password_policy do
  its('allows_user_to_change_password?') { should be true }
end

Test that the IAM Password Policy expires passwords

describe aws_iam_password_policy do
  its('expires_passwords?') { should be true }
end

Test that the IAM Password Policy has a max password age

describe aws_iam_password_policy do
  its('max_password_age') { should be > 90 * 86400 }
end

Test that the IAM Password Policy prevents password reuse

describe aws_iam_password_policy do
  its('prevents_password_reuse?') { should be true }
end

Test that the IAM Password Policy requires users to remember 3 previous passwords

describe aws_iam_password_policy do
  its('number_of_passwords_to_remember') { should eq 3 }
end

Matchers

For a full list of available matchers (such as exist) please visit our matchers page.