aws_iam_oidc_provider Resource
Use the aws_iam_oidc_provider
InSpec audit resource to test properties of a single IAM OpenID Connect (OIDC) provider.
This resource retrieves information about the specified OIDC provider.
For additional information, including details on parameters and properties, see the AWS documentation on IAM OIDC provider.
Install
This resource is available in the Chef InSpec AWS resource pack.
For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.
Syntax
Ensure that an OIDC provider exists.
describe aws_iam_oidc_provider(open_id_connect_provider_arn: 'OIDC_PROVIDER_ARN') do
it { should exist }
end
Parameters
open_id_connect_provider_arn
(required)The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM to get information for.
Properties
url
- The URL that the IAM OIDC provider resource object is associated with.
create_date
- The date and time when the IAM OIDC provider resource object was created in the account.
tags
- A list of tags that are attached to the specified IAM OIDC provider.
Examples
Ensure an URL is available.
describe aws_iam_oidc_provider(open_id_connect_provider_arn: 'OIDC_PROVIDER_ARN') do
its('url') { should eq 'example.com' }
end
Ensure that tags are available.
describe aws_iam_oidc_provider(open_id_connect_provider_arn: 'OIDC_PROVIDER_ARN') do
its('tags') { should eq ':TAG => 'TAG_VALUE' }
end
Matchers
For a full list of available matchers, see our Universal Matchers page.This resource has the following special matchers.
exist
Use should
to test that the entity exists.
describe aws_iam_oidc_provider(open_id_connect_provider_arn: 'OIDC_PROVIDER_ARN') do
it { should exist }
end
Use should_not
to test the entity does not exist.
describe aws_iam_oidc_provider(open_id_connect_provider_arn: 'OIDC_PROVIDER_ARN') do
it { should_not exist }
end
be_available
Use should
to check if the entity is available.
describe aws_iam_oidc_provider(open_id_connect_provider_arn: 'OIDC_PROVIDER_ARN') do
it { should be_available }
end
AWS Permissions
Your Principal will need the IAM:Client:GetOpenIDConnectProviderResponse
action with Effect
set to Allow
.