aws_iam_saml_provider Resource
Use the aws_iam_saml_provider
InSpec audit resource to test properties of an AWS IAM SAML Provider.
Install
This resource is available in the Chef InSpec AWS resource pack.
For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.
Syntax
describe aws_iam_saml_provider('SAML_ARN') do
it { should exist }
end
Parameters
saml_provider_arn
(required)This resource accepts a single parameter, the ARN of the SAML Provider. This can be passed either as a string or as a
saml_provider_arn: 'value'
key-value entry in a hash.
Properties
provider
- The provider.
arn
- The arn of the provider.
saml_metadata_document
- Metadata document associated with the saml provider.
valid_until
- The expiration date and time for the SAML provider.
create_date
- The date and time, in ISO 8601 date-time format , when the role was created.
Syntax
An aws_iam_saml_provider
resource block declares the tests for a single AWS IAM SAML Provider by Provider ARN.
describe aws_iam_saml_provider('arn:aws:iam::123456789012:saml-provider/FANCY') do
it { should exist }
end
Examples
Ensure we have at least one provider currently valid.
describe aws_iam_saml_provider("arn:aws:iam::123456789012:saml-provider/FANCY") do
it { should exist }
its("arn") { should match("arn:aws:iam::.*:saml-provider\/FANCY") }
its("valid_until") { should be > Time.now + 90 * 86400 }
end
Matchers
For a full list of available matchers, visit the InSpec matchers page.
exist
The exists
matcher tests if the filtered IAM SAML Provider(s) exists.
describe aws_iam_saml_provider('arn:aws:iam::123456789012:saml-provider/FANCY') do
it { should exist }
end
You may also use it { should_not exist }
.
AWS Permissions
Your Principal will need the IAM:Client:GetSAMLProviderResponse
action with Effect
set to Allow
.