Skip to content

Latest commit

 

History

History
76 lines (49 loc) · 3.14 KB

aws_ssm_activation.md

File metadata and controls

76 lines (49 loc) · 3.14 KB
title platform
About the aws_ssm_activation Resource
aws

aws_ssm_activation

Use the aws_ssm_activation InSpec audit resource to test properties of a ssm activation.

Syntax

An aws_ssm_activation resource block uses the parameter to select a ssm activation.

describe aws_ssm_activation(activation_id: 'ssm-activation-id-1234') do
  it { should exist }
end

Parameters

activation_id (required)

This resource accepts a single parameter, the SSM Activation ID. This can be passed either as a string or as a activation_id: 'value' key-value entry in a hash.

See also the AWS documentation on SSM Activations.

Properties

Property Description
activation_id Provides ID created by Systems Manager when you submitted the activation.
created_date Provides the date the activation was created.
default_instance_name Provides the name for the managed instance when it is created.
description Provides a user defined description of the activation.
expiration_date Provides the date when this activation can no longer be used to register managed instances.
expired Whether or not the activation is expired.
iam_role Provides the Amazon Identity and Access Management (IAM) role to assign to the managed instance.
registration_limit Provides the maximum number of managed instances that can be registered with this activation.
registrations_count Provides the number of managed instances already registered with this activation.
tags Provides the tags assigned to the activation.

For a comprehensive list of properties available, see the API reference documentation

Examples

Check the Activation ID of a SSM Activation
describe aws_ssm_activation(activation_id: 'ssm-activation-id-1234') do
  its('activation_id')  { should eq 'ssm-activation-id-1234' }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_ssm_activation(activation_id: 'ssm-activation-id-1234') do
  it { should exist }
end

describe aws_ssm_activation(activation_id: 'ssm-activation-id-6789') do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the ssm:DescribeActivations action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Systems Manager.