Skip to main content

aws_ssm_resource_compliance_summaries Resource

[edit on GitHub]

Use the aws_ssm_resource_compliance_summaries InSpec audit resource to test properties of a collection of AWS SSM compliance summaries.

Installation

This resource is available in the Chef InSpec AWS resource pack.

See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.

Syntax

Ensure you have exactly 3 SSM Resource Compliance Summary Types

describe aws_ssm_resource_compliance_summaries do
  its('compliance_types.count') { should cmp 3 }
end

Parameters

compliance_type (optional)

This optional parameter allows you to filter based on compliance type. This must be passed as a string compliance_type: 'value'.

overall_severity (optional)

This optional parameter allows you to filter based on overall severity. This must be passed as a string overall_severity: 'value'.

See also the AWS documentation on SSM.

Properties

compliance_types
Provides the compliance type.
compliant_summaries
Provides a list of items that are compliant for the resource.
execution_summaries
Provides information about the execution.
non_compliant_summaries
Provides a list of items that aren’t compliant for the resource.
overall_severity
Provides the highest severity item found for the resource.
resource_ids
Provides the resource id.
resource_types
Provides the resource type.
status
Provides the compliance status for the resource.

For a comprehensive list of properties available, see the API reference documentation

Examples

Ensure Compliance Type of a SSM Resource Compliance Summary exists.

describe aws_ssm_resource_compliance_summaries do
  its('compliance_types') { should include 'ssm-compliance-type' }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_ssm_resource_compliance_summaries.where( <property>: <value> ) do
  it { should exist }
end
describe aws_ssm_resource_compliance_summaries.where( <property>: <value> ) do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the SSM:Client:ListResourceComplianceSummariesResult action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Systems Manager.

Was this page helpful?

×









Search Results