Skip to main content

aws_iam_managed_policy Resource

Use the aws_iam_managed_policy InSpec audit resource to test the properties of an AWS IAM managed policy.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

The aws_iam_managed_policy resource returns an IAM managed policy and allows testing of that policy.

describe aws_iam_managed_policy(policy_arn: 'POLICY_ARN') do
  its('policy_name') { should eq 'POLICY_NAME' }
end

See the AWS documentation on IAM Managed Policy for additional information.

Parameters

policy_arn (required)

The ARN of the AWS IAM managed policy.

Properties

arn
The ARN identifier of the specified policy.
policy_id
The stable and unique string identifying the policy.
policy_name
The friendly name (not ARN) identifying the policy.
attachment_count
The count of attached entities for each policy.
attached_group
The list of group names of the groups attached to each policy.
default_version_id
The identifier for the default version of the policy.

Examples

Test that a specific policy name exists.

describe aws_iam_managed_policy(policy_arn: 'POLICY_ARN') do
  its('policy_name') { should eq 'POLICY_NAME' }
end

Test that a specific policy ID exists.

describe aws_iam_managed_policy(policy_arn: 'POLICY_ARN') do
  its('policy_id') { should eq 'POLICY_ID'}
end

Matchers

For a full list of available matchers, visit the InSpec matchers page.

exist

The control passes if the describe method returns at least one result.

Use should to test an entity that should exist.

describe aws_iam_managed_policy(policy_arn: 'POLICY_ARN').where( PROPERTY: PROPERTY_VALUE ) do
  it { should exist }
end

Use should_not to test an entity that should not exist.

describe aws_iam_managed_policy(policy_arn: 'POLICY_ARN').where( PROPERTY: PROPERTY_VALUE ) do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the iam:ListPolicies action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Identity And Access Management.

Edit this page on GitHub

Thank you for your feedback!

×