Skip to main content

aws_guardduty_detector Resource

Use the aws_guardduty_detector InSpec audit resource to test properties of a single AWS GuardDuty Detector.

For additional information, including details on parameters and properties, see the Actions, Resources, and Condition Keys for Amazon GuardDuty.

For additional information, including details on parameters and properties, see the AWS documentation on GuardDuty Detectors.

Requirements

Train AWS version 0.1.18 or newer is required for this resource.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

An aws_guardduty_detector resource block declares the tests for a single AWS GuardDuty Detector by detector id.

describe aws_guardduty_detector(detector_id: '12abc34d567e8fa901bc2d34e56789f0') do
  it { should exist }
end

Parameters

detector_id (required)

This resource accepts a single parameter, the GuardDuty Detector ID. This can be passed either as a string or as a detector_id: 'value' key-value entry in a hash.

Properties

created_at
The timestamp of when the detector was created.
data_sources
An object that describes which data sources are enabled for the detector.
finding_publishing_frequency
The publishing frequency of the finding.
service_role
The GuardDuty service role.
status
The detector status. Status should be either ENABLED or DISABLED.
tags
The tags of the detector resource.
updated_at
The last-updated timestamp for the detector.

There are also additional properties available. For a comprehensive list, see the API reference documentation

Examples

Check the publishing frequency of a Detector.

describe aws_guardduty_detector(detector_id: '12abc34d567e8fa901bc2d34e56789f0') do
  its('finding_publishing_frequency') { should eq "SIX_HOURS" }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

be_enabled

The be_enabled matcher tests if the status of the detector is enabled.

describe aws_guardduty_detector(detector_id: 'detector-id-1234') do
  it { should be_enabled }
end

describe aws_guardduty_detector(detector_id: 'detector-id-6789') do
  it { should_not be_enabled }
end

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_guardduty_detector(detector_id: '12abc34d567e8fa901bc2d34e56789f0') do
  it { should exist }
end

describe aws_guardduty_detector(detector_id: '809abz34d567e8fa91bc2d34e56789f5') do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the GuardDuty:Client:GetDetectorResponse action with Effect set to Allow.

Edit this page on GitHub

Thank you for your feedback!

×









Search Results