Skip to main content

aws_emr_security_configuration Resource

Use the aws_emr_security_configuration InSpec audit resource to test properties of the singular resource of AWS EMR security configuration.

For additional information, including details on parameters and properties, see the AWS documentation on AWS EMR security configuration.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

An aws_emr_security_configuration resource block declares the tests for a single AWS EMR security configuration by security_configuration_name.

describe aws_emr_security_configuration(security_configuration_name: 'SECURITY_CONFIGURATION_NAME') do
  it { should exist }
end
describe aws_emr_security_configuration('SECURITY_CONFIGURATION_NAME') do
  it { should exist }
end

Parameters

security_configuration_name (required)

This resource requires a single parameter, the EMR security configuration name. This can be passed either as a string or as a security_configuration_name: 'value' key-value entry in a hash.

Properties

encryption_at_rest
Specifies whether at-rest encryption is enabled for the cluster.
encryption_in_transit
Specifies whether in-transit encryption is enabled for the cluster.
local_disk_encryption
Specifies whether local-disk encryption is enabled for the cluster.

Examples

Test that an EMR security configuration has at-rest encryption enabled.

describe aws_emr_security_configuration('SECURITY_CONFIGURATION_NAME') do
  its ('encryption_at_rest') { should eq true }
end

Test that an EMR security configuration has in-transit encryption enabled.

describe aws_emr_security_configuration('SECURITY_CONFIGURATION_NAME') do
  its ('encryption_in_transit') { should eq true }
end

Test that an EMR security configuration has local-disk encryption enabled.

describe aws_emr_security_configuration('SECURITY_CONFIGURATION_NAME') do
  its ('local_disk_encryption') { should eq true }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exist

Use should to test the entity should exist.

describe aws_emr_security_configuration('SECURITY_CONFIGURATION_NAME') do
  it { should exist }
end

Use should_not to test the entity should not exist.

describe aws_emr_security_configuration('SECURITY_CONFIGURATION_NAME') do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the EMR:Client:DescribeSecurityConfigurationOutput action with Effect set to Allow.

Edit this page on GitHub

Thank you for your feedback!

×