aws_ssm_resource_compliance_summary Resource
Use the aws_ssm_resource_compliance_summary
InSpec audit resource to test properties of a ssm resource compliance summary.
Install
This resource is available in the Chef InSpec AWS resource pack.
For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.
Syntax
An aws_ssm_resource_compliance_summary
resource block uses the parameter to select a ssm resource compliance summary.
describe aws_ssm_resource_compliance_summary(resource_id: 'resource-id-1234') do
it { should exist }
end
Parameters
resource_id
(required)This resource requires the SSM Resource ID parameter. This can be passed either as a string or as a
resource_id: 'value'
key-value entry in a hash.compliance_type
(optional)This optional parameter allows you to filter based on resource_id and compliance type together. This must be passed as a string
compliance_type: 'value'
.overall_severity
(optional)This optional parameter allows you to filter based on resource_id and overall severity together. This must be passed as a string
overall_severity: 'value'
.status
(optional)This optional parameter allows you to filter based on resource_id and status together. This must be passed as a string
status: 'value'
.
See the AWS documentation on SSM Resource Compliance Summary.
Properties
compliance_type
- Provides the compliance type.
compliant_summary
- Provides a list of items that are compliant for the resource.
execution_summary
- Provides information about the execution.
non_compliant_summary
- Provides a list of items that aren’t compliant for the resource.
overall_severity
- Provides the highest severity item found for the resource.
resource_id
- Provides the resource id.
resource_type
- Provides the resource type.
status
- Provides the compliance status for the resource.
For a comprehensive list of properties available, see the API reference documentation
Examples
Check the Status of a SSM Resource Compliance Summary.
describe aws_ssm_resource_compliance_summary(resource_id: 'resource-id-1234', status: 'status-1234') do
it { should exist }
its('resource_id') { should include resource_id }
its('status') { should include 'status-1234' }
end
Return specific Compliance type for a SSM Resource Compliance Summary.
describe aws_ssm_resource_compliance_summary(resource_id: 'resource-id-1234', compliance_type: 'compliance-type-1234') do
it { should exist }
its('resource_id') { should include resource_id }
its('compliance_type') { should include 'compliance-type-1234' }
end
Matchers
For a full list of available matchers, see our Universal Matchers page.This resource has the following special matchers.
exist
The control will pass if the describe returns at least one result.
Use should_not
to test the entity should not exist.
describe aws_ssm_resource_compliance_summary(resource_id: 'resource-id-1234') do
it { should exist }
end
describe aws_ssm_resource_compliance_summary(resource_id: 'resource-id-6789') do
it { should_not exist }
end
AWS Permissions
Your Principal will need the SSM:Client:ListResourceComplianceSummariesResult
action with Effect
set to Allow
.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Systems Manager.