Skip to main content

aws_emr_security_configurationss Resource

Use the aws_emr_security_configurations resource to test the properties of collection for AWS EMR security configuration.

For additional information, including details on parameters and properties, see the AWS documentation on AWS EMR security configuration.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

describe aws_emr_security_configurations do
  it { should exist }
end

Parameters

This resource does not require any parameters.

Properties

security_configuration_names
The name of the security configuration.

Field: name

encryption_at_rest
Specifies whether at-rest encryption is enabled for the cluster.

Field: security_configuration(EncryptionConfiguration(EnableAtRestEncryption))

encryption_in_transit
Specifies whether in-transit encryption is enabled for the cluster.

Field: security_configuration(EncryptionConfiguration(EnableInTransitEncryption))

local_disk_encryption
Specifies whether local-disk encryption is enabled for the cluster.

Field: security_configuration(EncryptionConfiguration(AtRestEncryptionConfiguration(LocalDiskEncryptionConfiguration)))

Examples

Ensure AWS EMR security configurations exists.

describe aws_emr_security_configurations do
  it { should exist }
  its('encryption_at_rests') { should include encryption_at_rest }
  its('encryption_in_transits') { should include encryption_in_transit }
  its('local_disk_encryptions') { should include local_disk_encryption }
end

Matchers

For a full list of available matchers, visit the InSpec matchers page.

exist

Use should to test an entity that should exist.

describe aws_emr_security_configurations.where(security_configuration_name: 'SECURITY_CONFIGURATION_NAME') do
  it { should exist }
end

Use should_not to test an entity that should not exist.

describe aws_emr_security_configurations.where(security_configuration_name: 'INVALID_SECURITY_CONFIGURATION_NAME') do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the EMR:Client:DescribeSecurityConfigurationOutput action with Effect set to Allow.

Edit this page on GitHub

Thank you for your feedback!

×