mirror of
https://github.com/inspec/inspec
synced 2024-11-24 13:43:09 +00:00
a359399fa0
Moved 2 space examples 2 more spaces in. Don't be shy, show the world your code the way it was meant to be seen. Underscores in markdown must be escaped otherwise the world goes crooked. Signed-off-by: Franklin Webber <franklin@chef.io>
63 lines
1.5 KiB
Text
63 lines
1.5 KiB
Text
---
|
|
title: About the aws_iam_role Resource
|
|
platform: aws
|
|
---
|
|
|
|
# aws\_iam\_role
|
|
|
|
Use the `aws_iam_role` InSpec audit resource to test properties of a single IAM Role. A Role is a collection of permissions that may be temporarily assumed by a user, EC2 Instance, Lambda Function, or certain other resources.
|
|
|
|
<br>
|
|
|
|
## Syntax
|
|
|
|
# Ensure that a certain role exists by name
|
|
describe aws_iam_role('my-role') do
|
|
it { should exist }
|
|
end
|
|
|
|
<br>
|
|
|
|
## Resource Parameters
|
|
|
|
### role\_name
|
|
|
|
This resource expects a single parameter that uniquely identifies the IAM Role, the Role Name. You may pass it as a string, or as the value in a hash:
|
|
|
|
describe aws_iam_role('my-role') do
|
|
it { should exist }
|
|
end
|
|
# Same
|
|
describe aws_iam_role(role_name: 'my-role') do
|
|
it { should exist }
|
|
end
|
|
|
|
<br>
|
|
|
|
## Properties
|
|
|
|
### description
|
|
|
|
A textual description of the IAM Role.
|
|
|
|
describe aws_iam_role('my-role') do
|
|
its('description') { should be('Our most important Role')}
|
|
end
|
|
|
|
<br>
|
|
|
|
## Matchers
|
|
|
|
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
|
|
### exist
|
|
|
|
Indicates that the Role Name provided was found. Use `should_not` to test for IAM Roles that should not exist.
|
|
|
|
describe aws_iam_role('should-be-there') do
|
|
it { should exist }
|
|
end
|
|
|
|
describe aws_iam_role('should-not-be-there') do
|
|
it { should_not exist }
|
|
end
|