Skip to main content

aws_iam_oidc_provider Resource

Use the aws_iam_oidc_provider InSpec audit resource to test properties of a single IAM OpenID Connect (OIDC) provider.

This resource retrieves information about the specified OIDC provider.

For additional information, including details on parameters and properties, see the AWS documentation on IAM OIDC provider.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

Ensure that an OIDC provider exists.

describe aws_iam_oidc_provider(open_id_connect_provider_arn: 'OIDC_PROVIDER_ARN') do
  it { should exist }
end

Parameters

open_id_connect_provider_arn (required)

The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM to get information for.

Properties

url
The URL that the IAM OIDC provider resource object is associated with.
create_date
The date and time when the IAM OIDC provider resource object was created in the account.
tags
A list of tags that are attached to the specified IAM OIDC provider.

Examples

Ensure an URL is available.

describe aws_iam_oidc_provider(open_id_connect_provider_arn: 'OIDC_PROVIDER_ARN') do
  its('url') { should eq 'example.com' }
end

Ensure that tags are available.

describe aws_iam_oidc_provider(open_id_connect_provider_arn: 'OIDC_PROVIDER_ARN') do
    its('tags') { should eq ':TAG => 'TAG_VALUE' }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exist

Use should to test that the entity exists.

describe aws_iam_oidc_provider(open_id_connect_provider_arn: 'OIDC_PROVIDER_ARN') do
  it { should exist }
end

Use should_not to test the entity does not exist.

describe aws_iam_oidc_provider(open_id_connect_provider_arn: 'OIDC_PROVIDER_ARN') do
  it { should_not exist }
end

be_available

Use should to check if the entity is available.

describe aws_iam_oidc_provider(open_id_connect_provider_arn: 'OIDC_PROVIDER_ARN') do
  it { should be_available }
end

AWS Permissions

Your Principal will need the IAM:Client:GetOpenIDConnectProviderResponse action with Effect set to Allow.

Edit this page on GitHub

Thank you for your feedback!

×









Search Results