aws_ssm_parameters resource

[edit on GitHub]

Use the aws_ssm_parameters InSpec audit resource to test properties of a collection of AWS SSM parameters.

Syntax

Ensure you have exactly 3 SSM Parameters

describe aws_ssm_parameters do
  its('names.count') { should cmp 3 }
end

Parameters

This resource does not expect any parameters.

See also the AWS documentation on SSM.

Properties

Property	Description
names	Provides the name of the parameter.
types	Provides the type of the parameter.
key_ids	Provides the key id of the parameter.
last_modified_dates	Provides the date the parameter was last changed or updated and the parameter version was created.
last_modified_users	Provides the user that last changed or updated the parameter.
descriptions	Provides the description of the parameter.
versions	Provides the version of the parameter.
tiers	Provides the tier of the parameter.

For a comprehensive list of properties available, see the API reference documentation

Examples

Ensure Name of a SSM Parameter exists

describe aws_ssm_parameters do
  its('names') { should include 'ssm-parameter-name' }
end

Matchers

For a full list of available matchers, please visit our Universal Matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_ssm_parameters.where( <property>: <value> ) do
  it { should exist }
end

describe aws_ssm_parameters.where( <property>: <value> ) do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the ssm:DescribeParameters action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Systems Manager.