| title | platform |
|---|---|
About the aws_ssm_associations Resource |
aws |
Use the aws_ssm_associations InSpec audit resource to test properties of a collection of AWS SSM Associations.
Ensure you have exactly 3 associations
describe aws_ssm_associations do
its('names.count') { should cmp 3 }
end
This resource does not expect any parameters.
See also the AWS documentation on SSM.
| Property | Description |
|---|---|
| association_ids | Provides the ID of the association. |
| association_names | Provides the name of the association. |
| association_versions | Provides the version of the association. |
| document_versions | Provides the document version used in the association. |
| instance_ids | Provides the id of the instance. |
| last_execution_dates | The date on which the association was last run. |
| names | The name of the Systems Manager document. |
| overviews | Provides information about the association. |
| schedule_expressions | A cron expression that specifies a schedule when the association runs. |
| targets | Provides the instances targeted by the request to create an association. |
For a comprehensive list of properties available, see the API reference documentation
describe aws_ssm_associations do
its('association_ids') { should include 'association-id' }
end
For a full list of available matchers, please visit our Universal Matchers page.
The control will pass if the describe returns at least one result.
Use should_not to test the entity should not exist.
describe aws_ssm_associations.where( <property>: <value> ) do
it { should exist }
end
describe aws_ssm_associations.where( <property>: <value> ) do
it { should_not exist }
end
Your Principal will need the ssm:ListAssociations action with Effect set to Allow.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Systems Manager.