Skip to main content

aws_ssm_activations Resource

Use the aws_ssm_activations InSpec audit resource to test properties of a collection of AWS SSM Activations.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

Ensure you have exactly 3 activations

describe aws_ssm_activations do
  its('activation_ids.count') { should cmp 3 }
end

Parameters

This resource does not require any parameters.

Properties

activation_ids
Provides ID created by Systems Manager when you submitted the activation.
created_dates
Provides the date the activation was created.
default_instance_names
Provides the name for the managed instance when it is created.
descriptions
Provides a user defined description of the activation.
expiration_dates
Provides the date when this activation can no longer be used to register managed instances.
expired
Whether or not the activation is expired.
iam_roles
Provides the Amazon Identity and Access Management (IAM) role to assign to the managed instance.
registration_limits
Provides the maximum number of managed instances that can be registered with this activation.
registrations_count
Provides the number of managed instances already registered with this activation.
tags
Provides the tags assigned to the activation.

For a comprehensive list of properties available, see the API reference documentation

Examples

Ensure an Activation ID of a SSM Activation exists.

describe aws_ssm_activations do
  its('activation_ids') { should include 'activation-id' }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_ssm_activations.where( <property>: <value> ) do
  it { should exist }
end

describe aws_ssm_activations.where( <property>: <value> ) do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the SSM:Client:DescribeActivationsResult action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Systems Manager.

Edit this page on GitHub

Thank you for your feedback!

×









Search Results