aws_transfer_users Resource

Use the aws_transfer_users InSpec audit resource to test properties of multiple Transfer users.

For additional information, including details on parameters and properties, see the AWS documentation on Transfer user.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Ensure that an user exists.

describe aws_transfer_users do
  it { should exist }
end

This resource does not require any parameters.

ARNs: The ARNs of the user.
home_directories: The landing directories for users when they log in to the server using the client.
home_directory_types: The landing directory types you want your users’ home directory to be when they log into the server.
roles: The ARNs of the IAM roles that controls your users’ access to your Amazon S3 bucket or EFS file system.
ssh_public_key_count: The ssh public key count of the user.
user_names: The user names associated with a server as specified by the ServerId.

Ensure an ARN is available.

describe aws_transfer_users do
  its('arns') { should include 'USER_ARN' }
end

Ensure that the roles is available.

describe aws_transfer_users do
    its('roles') { should include 'USER_ROLE_ARN' }
end

For a full list of available matchers, see our Universal Matchers page.

The controls will pass if the list method returns at least one result.

Use should to test that the entity exists.

describe aws_transfer_users do
  it { should exist }
end

Use should_not to test the entity does not exist.

describe aws_transfer_users do
  it { should_not exist }
end

Use should to check if the user is available.

describe aws_transfer_users do
  it { should be_available }
end

Your Principal will need the Transfer:Client:ListUsersResponse action with Effect set to Allow.