| title | About the aws_ssm_documents Resource |
|---|---|
| platform | aws |
Use the aws_ssm_documents InSpec audit resource to test properties of a collection of AWS SSM Compliance Items.
Ensure you have exactly 3 documents
describe aws_ssm_documents do
its('names.count') { should cmp 3 }
end
This resource does not expect any parameters.
See also the AWS documentation on SSM.
| Property | Description |
|---|---|
| names | Provides the name of the Systems Manager document. |
| owners | Provides the AWS user account that created the document. |
| platform_types | Provides the list of OS platforms compatible with this Systems Manager document. |
| document_versions | Provides the document version. |
| document_types | Provides the type of the document. |
| schema_versions | Provides the schema version. |
| document_formats | Provides the document format, either JSON or YAML. |
| target_types | The target type which defines the kinds of resources the document can run on. |
| tags | Provides the tags, or metadata, that have been applied to the document. |
For a comprehensive list of properties available, see the API reference documentation.
describe aws_ssm_documents do
its('names') { should include 'document-name' }
end
For a full list of available matchers, please visit our Universal Matchers page.
The control will pass if the describe returns at least one result.
Use should_not to test the entity should not exist.
describe aws_ssm_documents.where( <property>: <value> ) do
it { should exist }
end
describe aws_ssm_documents.where( <property>: <value> ) do
it { should_not exist }
end
Your Principal will need the ssm:ListDocuments action with Effect set to Allow.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Systems Manager.