| title | platform |
|---|---|
About the aws_iam_groups Resource |
aws |
Use the aws_iam_groups InSpec audit resource to test properties of a collection of IAM groups.
An aws_iam_groups resource block identifies a group by group name.
describe aws_iam_groups('mygroup') do
it { should exist }
end
# Hash syntax for group name
describe aws_iam_groups(group_name: 'mygroup') do
it { should exist }
end
This resource does not expect any parameters.
See also the AWS documentation on IAM Groups.
| Property | Description |
|---|---|
| group_names | The group name. |
| group_ids | The group ID. |
| arns | The Amazon Resource Name of the group. |
| users | Array of users associated with the group. |
| entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
| has_inline_policies | Boolean indicating whether or not the group has policies applied to it. |
| inline_policy_names | The names of the policies (if any) which are applied to the group. |
describe aws_iam_groups do
it { should exist }
its('group_names') { should include 'prod-access-group' }
end
describe aws_iam_groups.where(has_inline_policies: true) do
its('group_names') { should be_empty }
end
The control will pass if a group with the given group name exists.
describe aws_iam_groups do
it { should exist }
end
Your Principal will need the IAM:Client:ListGroupsResponse action with Effect set to Allow.
You can find detailed documentation at Actions, Resources, and Condition Keys for Identity And Access Management.