Skip to content
This repository has been archived by the owner on Jan 8, 2024. It is now read-only.

Latest commit

 

History

History
70 lines (47 loc) · 2.61 KB

aws_ssm_associations.md

File metadata and controls

70 lines (47 loc) · 2.61 KB
title platform
About the aws_ssm_associations Resource
aws

aws_ssm_associations

Use the aws_ssm_associations InSpec audit resource to test properties of a collection of AWS SSM Associations.

Syntax

Ensure you have exactly 3 associations

describe aws_ssm_associations do
  its('names.count') { should cmp 3 }
end

Parameters

This resource does not expect any parameters.

See also the AWS documentation on SSM.

Properties

Property Description
association_ids Provides the ID of the association.
association_names Provides the name of the association.
association_versions Provides the version of the association.
document_versions Provides the document version used in the association.
instance_ids Provides the id of the instance.
last_execution_dates The date on which the association was last run.
names The name of the Systems Manager document.
overviews Provides information about the association.
schedule_expressions A cron expression that specifies a schedule when the association runs.
targets Provides the instances targeted by the request to create an association.

For a comprehensive list of properties available, see the API reference documentation

Examples

Ensure an Association ID of a SSM Association exists
describe aws_ssm_associations do
  its('association_ids') { should include 'association-id' }
end

Matchers

For a full list of available matchers, please visit our Universal Matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_ssm_associations.where( <property>: <value> ) do
  it { should exist }
end

describe aws_ssm_associations.where( <property>: <value> ) do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the ssm:ListAssociations action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Systems Manager.