aws_transfer_users Resource
Use the aws_transfer_users
InSpec audit resource to test properties of multiple Transfer users.
For additional information, including details on parameters and properties, see the AWS documentation on Transfer user.
Install
This resource is available in the Chef InSpec AWS resource pack.
For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.
Syntax
Ensure that an user exists.
describe aws_transfer_users do
it { should exist }
end
Parameters
This resource does not require any parameters.
Properties
ARNs
- The ARNs of the user.
home_directories
- The landing directories for users when they log in to the server using the client.
home_directory_types
- The landing directory types you want your users’ home directory to be when they log into the server.
roles
- The ARNs of the IAM roles that controls your users’ access to your Amazon S3 bucket or EFS file system.
ssh_public_key_count
- The ssh public key count of the user.
user_names
- The user names associated with a server as specified by the
ServerId
.
Examples
Ensure an ARN is available.
describe aws_transfer_users do
its('arns') { should include 'USER_ARN' }
end
Ensure that the roles is available.
describe aws_transfer_users do
its('roles') { should include 'USER_ROLE_ARN' }
end
Matchers
For a full list of available matchers, see our Universal Matchers page.The controls will pass if the list
method returns at least one result.
exist
Use should
to test that the entity exists.
describe aws_transfer_users do
it { should exist }
end
Use should_not
to test the entity does not exist.
describe aws_transfer_users do
it { should_not exist }
end
be_available
Use should
to check if the user is available.
describe aws_transfer_users do
it { should be_available }
end
AWS Permissions
Your Principal will need the Transfer:Client:ListUsersResponse
action with Effect
set to Allow
.