mirror of
https://github.com/inspec/inspec
synced 2024-12-02 17:40:00 +00:00
20 lines
561 B
Ruby
20 lines
561 B
Ruby
control "Users that have a password but do not have MFA enabled" do
|
|
impact 0.7
|
|
describe aws_iam_users.where { has_console_password and not has_mfa_enabled } do
|
|
it { should_not exist }
|
|
end
|
|
end
|
|
|
|
control "Do not allow access keys older than 90 days" do
|
|
impact 1.0
|
|
describe aws_iam_access_keys.where { created_days_ago > 90 } do
|
|
it { should_not exist }
|
|
end
|
|
end
|
|
|
|
control "Check our demo bucket for dangerous settings" do
|
|
impact 1.0
|
|
describe aws_s3_bucket('inspec-testing-public-default.chef.io') do
|
|
it { should_not be_public }
|
|
end
|
|
end
|