Skip to main content

aws_ssm_parameters resource

[edit on GitHub]

Use the aws_ssm_parameters InSpec audit resource to test properties of a collection of AWS SSM parameters.

Syntax

Ensure you have exactly 3 SSM Parameters

describe aws_ssm_parameters do
  its('names.count') { should cmp 3 }
end

Parameters

This resource does not expect any parameters.

See also the AWS documentation on SSM.

Properties

PropertyDescription
namesProvides the name of the parameter.
typesProvides the type of the parameter.
key_idsProvides the key id of the parameter.
last_modified_datesProvides the date the parameter was last changed or updated and the parameter version was created.
last_modified_usersProvides the user that last changed or updated the parameter.
descriptionsProvides the description of the parameter.
versionsProvides the version of the parameter.
tiersProvides the tier of the parameter.

For a comprehensive list of properties available, see the API reference documentation

Examples

Ensure Name of a SSM Parameter exists

describe aws_ssm_parameters do
  its('names') { should include 'ssm-parameter-name' }
end

Matchers

For a full list of available matchers, please visit our Universal Matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_ssm_parameters.where( <property>: <value> ) do
  it { should exist }
end

describe aws_ssm_parameters.where( <property>: <value> ) do
  it { should_not exist }
end

AWS Permissions

Your Principal will need the ssm:DescribeParameters action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Systems Manager.

Was this page helpful?