aws_iam_ssh_public_keys Resource
Use the aws_iam_ssh_public_keys
InSpec audit resource to test the properties of the plural resource of an AWS SSH public key for an IAM user.
For additional information, including details on parameters and properties, see the AWS documentation on AWS IAM AccessKey..
Installation
This resource is available in the Chef InSpec AWS resource pack.
See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.
Syntax
Ensure that the public key exists by passing the parameter user_name.
describe aws_iam_ssh_public_keys(user_name: 'USER_NAME') do
it { should exist }
end
Ensure that the public key exists without passing any parameter.
describe aws_iam_ssh_public_keys do
it { should exist }
end
Parameters
user_name
(required)-
The IAM user name associated with the SSH public key. The above required parameter is optional.
Properties
user_names
- The IAM user name associated with the SSH public key.
-
Field:
user_name
ssh_public_key_ids
- The unique identifier for the SSH public key.
-
Field:
ssh_public_key_id
statuses
- The status of the SSH public key.
-
Field:
status
upload_dates
- The date and time, in ISO 8601 date-time format, when the SSH public key is uploaded.
-
Field:
upload_date
Examples
Ensure a user name is available.
describe aws_iam_ssh_public_keys do
its('user_names') { should include 'USER_NAME' }
end
Ensure an ssh public key id is available.
describe aws_iam_ssh_public_keys do
its('ssh_public_key_ids') { should include 'KEY_ID' }
end
Ensure status is ‘Active’ by passing the parameter user_name.
describe aws_iam_ssh_public_keys(user_name: 'USER_NAME') do
its('statuses') { should include 'Active' }
end
Ensure status is ‘Active’ without passing any parameter.
describe aws_iam_ssh_public_keys do
its('statuses') { should include 'Active' }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.
The control passes if the list
method returns at least one result.
exist
Use should
to test that the entity exists.
describe aws_iam_ssh_public_keys(user_name: 'USER_NAME') do
it { should exist }
end
describe aws_iam_ssh_public_keys do
it { should exist }
end
Use should_not
to test the entity does not exist.
describe aws_iam_ssh_public_keys(user_name: 'USER_NAME') do
it { should_not exist }
end
describe aws_iam_ssh_public_keys do
it { should_not exist }
end
be_available
Use should
to check if the entity is available.
describe aws_iam_ssh_public_keys(user_name: 'USER_NAME') do
it { should be_available }
end
describe aws_iam_ssh_public_keys do
it { should be_available }
end
AWS Permissions
Your Principal will need the IAM:Client:ListSSHPublicKeysResponse
action with Effect
set to Allow
.
Was this page helpful?