title | platform |
---|---|
About the aws_ssm_documents Resource |
aws |
Use the aws_ssm_documents
InSpec audit resource to test properties of a collection of AWS SSM Compliance Items.
Ensure you have exactly 3 documents
describe aws_ssm_documents do
its('names.count') { should cmp 3 }
end
This resource does not expect any parameters.
See also the AWS documentation on SSM.
Property | Description |
---|---|
names | Provides the name of the Systems Manager document. |
owners | Provides the AWS user account that created the document. |
platform_types | Provides the list of OS platforms compatible with this Systems Manager document. |
document_versions | Provides the document version. |
document_types | Provides the type of the document. |
schema_versions | Provides the schema version. |
document_formats | Provides the document format, either JSON or YAML. |
target_types | The target type which defines the kinds of resources the document can run on. |
tags | Provides the tags, or metadata, that have been applied to the document. |
For a comprehensive list of properties available, see the API reference documentation.
describe aws_ssm_documents do
its('names') { should include 'document-name' }
end
For a full list of available matchers, please visit our Universal Matchers page.
The control will pass if the describe returns at least one result.
Use should_not
to test the entity should not exist.
describe aws_ssm_documents.where( <property>: <value> ) do
it { should exist }
end
describe aws_ssm_documents.where( <property>: <value> ) do
it { should_not exist }
end
Your Principal will need the ssm:ListDocuments
action with Effect set to Allow.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Systems Manager.