Skip to main content

azurerm_security_center_policies resource

Warning

This resource will be deprecated when version 2 of the inspec-azure resource pack is released. Please use the azure_security_center_policies resource instead.

Use the azurerm_security_center_policies InSpec audit resource to test properties of some or all Azure Security Center Policies.

Security Center Policies are defined for each Resource Group. A Security Center Policy called default also exists for every subscription.

Azure REST API version

This resource interacts with version 2015-06-01-Preview of the Azure Management API. For more information see the official Azure documentation.

At the moment, there doesn’t appear to be a way to select the version of the Azure API docs. If you notice a newer version being referenced in the official documentation please open an issue or submit a pull request using the updated version.

Availability

Install

This resource is available in the inspec-azure resource pack. To use it, add the following to your inspec.yml in your top-level profile:

depends:
  - name: inspec-azure
    git: https://github.com/inspec/inspec-azure.git

You’ll also need to setup your Azure credentials; see the resource pack README.

Version

This resource first became available in 1.0.0 of the inspec-azure resource pack.

Syntax

An azurerm_security_center_policies resource block uses an optional filter to select a group of Security Center Policies and confirm that the expected groups exist.

describe azurerm_security_center_policies do
  ...
end

Examples

Check for a Security Center Policy

describe azurerm_security_center_policies do
  its('names') { should include 'default' }
end

Assert default Security Center Policy exists

describe azurerm_security_center_policies.where(name: 'default')
  it { should exist }
end

Filter Criteria

  • names

names

Filters the results to include only those Security Center Policies that match the given name. This is a string value.

# default should always exist
describe azurerm_security_center_policies.where(name: 'default')
  it { should exist }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exists

The control will pass if the filter returns at least one result. Use should_not if you expect zero matches.

# default should always exist
describe azurerm_security_center_policies.where(name: 'default')
  it { should exist }
end

# this security center policy should not exist
describe azurerm_security_center_policies.where(name: 'DoesNotExist')
  it { should_not exist }
end

Azure Permissions

Your Service Principal must be setup with a contributor role on the subscription you wish to test.

Edit this page on GitHub

Thank you for your feedback!

×