Skip to content

Latest commit

 

History

History
70 lines (47 loc) · 2.82 KB

aws_ssm_activations.md

File metadata and controls

70 lines (47 loc) · 2.82 KB
title platform
About the aws_ssm_activations Resource
aws

aws_ssm_activations

Use the aws_ssm_activations InSpec audit resource to test properties of a collection of AWS SSM Activations.

Syntax

Ensure you have exactly 3 activations

describe aws_ssm_activations do
  its('activation_ids.count') { should cmp 3 }
end

Parameters

This resource does not expect any parameters.

See also the AWS documentation on SSM.

Properties

Property Description
activation_ids Provides ID created by Systems Manager when you submitted the activation.
created_dates Provides the date the activation was created.
default_instance_names Provides the name for the managed instance when it is created.
descriptions Provides a user defined description of the activation.
expiration_dates Provides the date when this activation can no longer be used to register managed instances.
expired Whether or not the activation is expired.
iam_roles Provides the Amazon Identity and Access Management (IAM) role to assign to the managed instance.
registration_limits Provides the maximum number of managed instances that can be registered with this activation.
registrations_count Provides the number of managed instances already registered with this activation.
tags Provides the tags assigned to the activation.

For a comprehensive list of properties available, see the API reference documentation

Examples

Ensure an Activation ID of a SSM Activation exists
describe aws_ssm_activations do
  its('activation_ids') { should include 'activation-id' }
end

Matchers

For a full list of available matchers, please visit our Universal Matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_ssm_activations.where( <property>: <value> ) do
  it { should exist }
end

describe aws_ssm_activations.where( <property>: <value> ) do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the ssm:DescribeActivations action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Systems Manager.