aws_ssm_activations Resource
Use the aws_ssm_activations
InSpec audit resource to test properties of a collection of AWS SSM Activations.
Installation
This resource is available in the Chef InSpec AWS resource pack.
See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.
Syntax
Ensure you have exactly 3 activations
describe aws_ssm_activations do
its('activation_ids.count') { should cmp 3 }
end
Parameters
This resource does not require any parameters.
Properties
activation_ids
- Provides ID created by Systems Manager when you submitted the activation.
created_dates
- Provides the date the activation was created.
default_instance_names
- Provides the name for the managed instance when it is created.
descriptions
- Provides a user defined description of the activation.
expiration_dates
- Provides the date when this activation can no longer be used to register managed instances.
expired
- Whether or not the activation is expired.
iam_roles
- Provides the Amazon Identity and Access Management (IAM) role to assign to the managed instance.
registration_limits
- Provides the maximum number of managed instances that can be registered with this activation.
registrations_count
- Provides the number of managed instances already registered with this activation.
tags
- Provides the tags assigned to the activation.
For a comprehensive list of properties available, see the API reference documentation
Examples
Ensure an Activation ID of a SSM Activation exists.
describe aws_ssm_activations do
its('activation_ids') { should include 'activation-id' }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.
exist
The control will pass if the describe returns at least one result.
Use should_not
to test the entity should not exist.
describe aws_ssm_activations.where( <property>: <value> ) do
it { should exist }
end
describe aws_ssm_activations.where( <property>: <value> ) do
it { should_not exist }
end
AWS Permissions
Your Principal will need the SSM:Client:DescribeActivationsResult
action with Effect
set to Allow
.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Systems Manager.
Was this page helpful?