aws_iam_group

Use the aws_iam_group Chef InSpec audit resource to test properties of a single IAM group.

To test properties of multiple or all groups, use the aws_iam_groups resource.


Availability

Installation

This resource is distributed along with Chef InSpec itself. You can use it automatically.

Version

This resource first became available in v2.0.16 of InSpec.

Syntax

An aws_iam_group resource block identifies a group by group name.

# Find a group by group name
describe aws_iam_group('mygroup') do
  it { should exist }
end

# Hash syntax for group name
describe aws_iam_group(group_name: 'mygroup') do
  it { should exist }
end


Examples

The following examples show how to use this Chef InSpec audit resource.

As this is the initial release of aws_iam_group, its limited functionality precludes examples.


Properties

users

Provides a list of the users that are attached to the group

describe aws_iam_group('mygroup')
  its('users') { should include 'iam_user_name' }
end


Matchers

exists

The control will pass if a group with the given group name exists.

describe aws_iam_group('mygroup')
  it { should exist }
end

AWS Permissions

Your Principal will need the iam:GetGroup action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Identity And Access Management.