Skip to main content

aws_ssm_document Resource

Use the aws_ssm_document InSpec audit resource to test properties of a ssm document.

For additional information, including details on parameters and properties, see the AWS documentation on SSM Documents.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

An aws_ssm_document resource block uses the parameter to select a ssm document.

describe aws_ssm_document(name: 'document-name-1234') do
  it { should exist }
end

Parameters

name (required)

This resource accepts a single parameter, the SSM Document Name. This can be passed either as a string or as a name: 'value' key-value entry in a hash.

Properties

sha_1
Provides the SHA1 hash of the document, which you can use for verification.
hash
Provides the Sha256 or Sha1 hash created by the system when the document was created.
hash_type
Provides the hash type of the document. Valid values include Sha256 or Sha1.
name
Provides the name of the Systems Manager document.
version_name
Provides the version of the artifact associated with the document.
owner
Provides the AWS user account that created the document.
created_date
Provides the date when the document was created.
status
Provides the status of the Systems Manager document.
status_information
Provides a message returned by AWS Systems Manager that explains the Status value.
document_version
Provides the document version.
description
Provides a description of the document.
parameters
Provides a description of the parameters for a document. These parameters include DefaultValue, Description, Name and Type.
platform_types
Provides the list of OS platforms compatible with this Systems Manager document.
document_type
Provides the type of the document.
schema_version
Provides the schema version.
latest_version
Provides the latest version of the document.
default_version
Provides the default version.
document_format
Provides the document format, either JSON or YAML.
target_type
The target type which defines the kinds of resources the document can run on.
tags
Provides the tags, or metadata, that have been applied to the document.
attachments_information
Provides details about the document attachments, including names, locations, sizes, and so on.
requires
Provides a list of SSM documents required by a document.

For a comprehensive list of properties available, see the API reference documentation

Examples

Check the Name of a SSM Document.

describe aws_ssm_document(name: 'document-name-1234') do
  its('name')  { should eq 'document-name-1234' }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_ssm_document(name: 'document-name-1234') do
  it { should exist }
end
describe aws_ssm_document(name: 'document-name-6789') do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the SSM:Client:DescribeDocumentResult action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Systems Manager.

Edit this page on GitHub

Thank you for your feedback!

×