Skip to main content

aws_ssm_resource_compliance_summary Resource

[edit on GitHub]

Use the aws_ssm_resource_compliance_summary InSpec audit resource to test properties of a ssm resource compliance summary.

Installation

This resource is available in the Chef InSpec AWS resource pack.

See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.

Syntax

An aws_ssm_resource_compliance_summary resource block uses the parameter to select a ssm resource compliance summary.

describe aws_ssm_resource_compliance_summary(resource_id: 'resource-id-1234') do
  it { should exist }
end

Parameters

resource_id (required)

This resource requires the SSM Resource ID parameter. This can be passed either as a string or as a resource_id: 'value' key-value entry in a hash.

compliance_type (optional)

This optional parameter allows you to filter based on resource_id and compliance type together. This must be passed as a string compliance_type: 'value'.

overall_severity (optional)

This optional parameter allows you to filter based on resource_id and overall severity together. This must be passed as a string overall_severity: 'value'.

status (optional)

This optional parameter allows you to filter based on resource_id and status together. This must be passed as a string status: 'value'.

See also the AWS documentation on SSM Resource Compliance Summary.

Properties

compliance_type
Provides the compliance type.
compliant_summary
Provides a list of items that are compliant for the resource.
execution_summary
Provides information about the execution.
non_compliant_summary
Provides a list of items that aren’t compliant for the resource.
overall_severity
Provides the highest severity item found for the resource.
resource_id
Provides the resource id.
resource_type
Provides the resource type.
status
Provides the compliance status for the resource.

For a comprehensive list of properties available, see the API reference documentation

Examples

Check the Status of a SSM Resource Compliance Summary.

describe aws_ssm_resource_compliance_summary(resource_id: 'resource-id-1234', status: 'status-1234') do
  it { should exist }
  its('resource_id')    { should include resource_id }
  its('status')         { should include 'status-1234' }
end

Return specific Compliance type for a SSM Resource Compliance Summary.

describe aws_ssm_resource_compliance_summary(resource_id: 'resource-id-1234', compliance_type: 'compliance-type-1234') do
  it { should exist }
  its('resource_id')      { should include resource_id }
  its('compliance_type')  { should include 'compliance-type-1234' }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_ssm_resource_compliance_summary(resource_id: 'resource-id-1234') do
  it { should exist }
end
describe aws_ssm_resource_compliance_summary(resource_id: 'resource-id-6789') do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the SSM:Client:ListResourceComplianceSummariesResult action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Systems Manager.

Was this page helpful?

×









Search Results