inspec 2.1.81 → 2.1.83

data/docs/resources/aws_iam_role.md.erb

@@ -1,69 +1,69 @@
----
-title: About the aws_iam_role Resource
-platform: aws
----
-
-# aws\_iam\_role
-
-Use the `aws_iam_role` InSpec audit resource to test properties of a single IAM Role. A Role is a collection of permissions that may be temporarily assumed by a user, EC2 Instance, Lambda Function, or certain other resources.
-
-<br>
-
-## Syntax
-
-    # Ensure that a certain role exists by name
-    describe aws_iam_role('my-role') do
-      it { should exist }
-    end
-
-<br>
-
-## Resource Parameters
-
-### role\_name
-
-This resource expects a single parameter that uniquely identifies the IAM Role, the Role Name. You may pass it as a string, or as the value in a hash:
-
-    describe aws_iam_role('my-role') do
-      it { should exist }
-    end
-    # Same
-    describe aws_iam_role(role_name: 'my-role') do
-      it { should exist }
-    end
-
-<br>
-
-## Properties
-
-### description
-
-A textual description of the IAM Role.
-
-    describe aws_iam_role('my-role') do
-      its('description') { should be('Our most important Role')}
-    end
-
-<br>
-
-## Matchers
-
-This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### exist
-
-Indicates that the Role Name provided was found. Use `should_not` to test for IAM Roles that should not exist.
-
-    describe aws_iam_role('should-be-there') do
-      it { should exist }
-    end
-
-    describe aws_iam_role('should-not-be-there') do
-      it { should_not exist }
-    end
-
-## AWS Permissions
-
-Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:GetRole` action with Effect set to Allow.
-
-You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
+---
+title: About the aws_iam_role Resource
+platform: aws
+---
+
+# aws\_iam\_role
+
+Use the `aws_iam_role` InSpec audit resource to test properties of a single IAM Role. A Role is a collection of permissions that may be temporarily assumed by a user, EC2 Instance, Lambda Function, or certain other resources.
+
+<br>
+
+## Syntax
+
+    # Ensure that a certain role exists by name
+    describe aws_iam_role('my-role') do
+      it { should exist }
+    end
+
+<br>
+
+## Resource Parameters
+
+### role\_name
+
+This resource expects a single parameter that uniquely identifies the IAM Role, the Role Name. You may pass it as a string, or as the value in a hash:
+
+    describe aws_iam_role('my-role') do
+      it { should exist }
+    end
+    # Same
+    describe aws_iam_role(role_name: 'my-role') do
+      it { should exist }
+    end
+
+<br>
+
+## Properties
+
+### description
+
+A textual description of the IAM Role.
+
+    describe aws_iam_role('my-role') do
+      its('description') { should be('Our most important Role')}
+    end
+
+<br>
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### exist
+
+Indicates that the Role Name provided was found. Use `should_not` to test for IAM Roles that should not exist.
+
+    describe aws_iam_role('should-be-there') do
+      it { should exist }
+    end
+
+    describe aws_iam_role('should-not-be-there') do
+      it { should_not exist }
+    end
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:GetRole` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).

data/docs/resources/aws_iam_root_user.md.erb

@@ -1,76 +1,76 @@
----
-title: About the aws_iam_root_user Resource
-platform: aws
----
-
-# aws\_iam\_root\_user
-
-Use the `aws_iam_root_user` InSpec audit resource to test properties of the root user (owner of the account).
-
-To test properties of all or multiple users, use the `aws_iam_users` resource.
-
-To test properties of a specific AWS user use the `aws_iam_user` resource.
-
-<br>
-
-## Syntax
-
-An `aws_iam_root_user` resource block requires no parameters but has several matchers.
-
-    describe aws_iam_root_user do
-      it { should have_mfa_enabled }
-    end
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test that the AWS root account has at-least one access key
-
-    describe aws_iam_root_user do
-      it { should have_access_key }
-    end
-
-### Test that the AWS root account has Multi-Factor Authentication enabled
-
-    describe aws_iam_root_user do
-      it { should have_mfa_enabled }
-    end
-
-<br>
-
-## Matchers
-
-This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### have\_mfa\_enabled
-
-The `have_mfa_enabled` matcher tests if the AWS root user has Multi-Factor Authentication enabled, requiring them to enter a secondary code when they login to the web console.
-
-    it { should have_mfa_enabled }
-
-### have\_hardware\_mfa\_enabled
-
-The `have_hardware_mfa_enabled` matcher tests if the AWS root user has Hardware Multi-Factor Authentication device enabled, requiring them to enter a secondary code when they login to the web console.
-
-    it { should have_hardware_mfa_enabled }
-
-### have\_virtual\_mfa\_enabled
-
-The `have_virtual_mfa_enabled` matcher tests if the AWS root user has Virtual Multi-Factor Authentication device enabled, requiring them to enter a secondary code when they login to the web console.
-
-    it { should have_virtual_mfa_enabled }
-
-### have\_access\_key
-
-The `have_access_key` matcher tests if the AWS root user has at least one access key.
-
-    it { should have_access_key }
-
-## AWS Permissions
-
-Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:GetAccountSummary` action with Effect set to Allow.
-
-You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
+---
+title: About the aws_iam_root_user Resource
+platform: aws
+---
+
+# aws\_iam\_root\_user
+
+Use the `aws_iam_root_user` InSpec audit resource to test properties of the root user (owner of the account).
+
+To test properties of all or multiple users, use the `aws_iam_users` resource.
+
+To test properties of a specific AWS user use the `aws_iam_user` resource.
+
+<br>
+
+## Syntax
+
+An `aws_iam_root_user` resource block requires no parameters but has several matchers.
+
+    describe aws_iam_root_user do
+      it { should have_mfa_enabled }
+    end
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test that the AWS root account has at-least one access key
+
+    describe aws_iam_root_user do
+      it { should have_access_key }
+    end
+
+### Test that the AWS root account has Multi-Factor Authentication enabled
+
+    describe aws_iam_root_user do
+      it { should have_mfa_enabled }
+    end
+
+<br>
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### have\_mfa\_enabled
+
+The `have_mfa_enabled` matcher tests if the AWS root user has Multi-Factor Authentication enabled, requiring them to enter a secondary code when they login to the web console.
+
+    it { should have_mfa_enabled }
+
+### have\_hardware\_mfa\_enabled
+
+The `have_hardware_mfa_enabled` matcher tests if the AWS root user has Hardware Multi-Factor Authentication device enabled, requiring them to enter a secondary code when they login to the web console.
+
+    it { should have_hardware_mfa_enabled }
+
+### have\_virtual\_mfa\_enabled
+
+The `have_virtual_mfa_enabled` matcher tests if the AWS root user has Virtual Multi-Factor Authentication device enabled, requiring them to enter a secondary code when they login to the web console.
+
+    it { should have_virtual_mfa_enabled }
+
+### have\_access\_key
+
+The `have_access_key` matcher tests if the AWS root user has at least one access key.
+
+    it { should have_access_key }
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:GetAccountSummary` action with Effect set to Allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).

data/docs/resources/aws_iam_user.md.erb

@@ -1,120 +1,120 @@
----
-title: About the aws_iam_user Resource
-platform: aws
----
-
-# aws\_iam\_user
-
-Use the `aws_iam_user` InSpec audit resource to test properties of a single AWS IAM user.
-
-To test properties of more than one user, use the `aws_iam_users` resource.
-
-To test properties of the special AWS root user (which owns the account), use the `aws_iam_root_user` resource.
-
-<br>
-
-## Resource Parameters
-
-An `aws_iam_user` resource block declares a user by name, and then lists tests to be performed.
-
-    describe aws_iam_user(username: 'test_user') do
-      it { should exist }
-    end
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test that a user does not exist
-
-    describe aws_iam_user(username: 'gone') do
-      it { should_not exist }
-    end
-
-### Test that a user has multi-factor authentication enabled
-
-    describe aws_iam_user(username: 'test_user') do
-      it { should have_mfa_enabled }
-    end
-
-### Test that a service user does not have a password
-
-    describe aws_iam_user(username: 'test_user') do
-      it { should have_console_password }
-    end
-
-<br>
-
-## Properties
-
-### attached\_policy\_arns
-
-Returns a list of IAM Managed Policy ARNs as strings that identify the policies that are attached to the user. If there are no attached policies, returns an empty list.
-
-    describe aws_iam_user('bob') do
-      # This is a customer-managed policy
-      its('attached_policy_arns') { should include 'arn:aws:iam::123456789012:policy/test-inline-policy-01' }
-      # This is an AWS-managed policy
-      its('attached_policy_arns') { should include 'arn:aws:iam::aws:policy/AlexaForBusinessGatewayExecution' }
-    end
-
-### attached\_policy\_names
-
-Returns a list of IAM Managed Policy Names as strings that identify the policies that are attached to the user. If there are no attached policies, returns an empty list.
-
-    describe aws_iam_user('bob') do
-      # This is a customer-managed policy
-      its('attached_policy_names') { should include 'test-inline-policy-01' }
-      # This is an AWS-managed policy
-      its('attached_policy_names') { should include 'AlexaForBusinessGatewayExecution' }
-    end
-
-### inline\_policy\_names
-
-Returns a list of IAM Inline Policy Names as strings that identify the inline policies that are directly embedded in the user. If there are no embedded policies, returns an empty list.
-
-    describe aws_iam_user('bob') do
-      its('inline_policy_names') { should include 'test-inline-policy-01' }
-      its('inline_policy_names.count') { should eq 1 }
-    end
-
-
-## Matchers
-
-This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [universal matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### have\_attached\_policies
-
-The `have\_attached\_policies` matcher tests if the user has at least one IAM managed policy attached to the user.
-
-    describe aws_iam_user('bob') do
-      it { should_not have_attached_policies }
-    end
-
-### have\_console\_password
-
-The `have_console_password` matcher tests if the user has a password that could be used to log into the AWS web console.
-
-    it { should have_console_password }
-
-### have\_inline\_policies
-
-The `have\_inline\_policies` matcher tests if the user has at least one IAM policy embedded directly in the user record.
-
-    describe aws_iam_user('bob') do
-      it { should_not have_inline_policies }
-    end
-
-### have\_mfa\_enabled
-
-The `have_mfa_enabled` matcher tests if the user has Multi-Factor Authentication enabled, requiring them to enter a secondary code when they login to the web console.
-
-    it { should have_mfa_enabled }
-
-## AWS Permissions
-
-Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:GetUser`, `iam:GetLoginProfile`, `iam:ListMFADevices`, `iam:ListAccessKeys`, `iam:ListUserPolicies`, and `iam:ListAttachedUserPolicies` actions set to allow.
-
-You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).
+---
+title: About the aws_iam_user Resource
+platform: aws
+---
+
+# aws\_iam\_user
+
+Use the `aws_iam_user` InSpec audit resource to test properties of a single AWS IAM user.
+
+To test properties of more than one user, use the `aws_iam_users` resource.
+
+To test properties of the special AWS root user (which owns the account), use the `aws_iam_root_user` resource.
+
+<br>
+
+## Resource Parameters
+
+An `aws_iam_user` resource block declares a user by name, and then lists tests to be performed.
+
+    describe aws_iam_user(username: 'test_user') do
+      it { should exist }
+    end
+
+<br>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test that a user does not exist
+
+    describe aws_iam_user(username: 'gone') do
+      it { should_not exist }
+    end
+
+### Test that a user has multi-factor authentication enabled
+
+    describe aws_iam_user(username: 'test_user') do
+      it { should have_mfa_enabled }
+    end
+
+### Test that a service user does not have a password
+
+    describe aws_iam_user(username: 'test_user') do
+      it { should have_console_password }
+    end
+
+<br>
+
+## Properties
+
+### attached\_policy\_arns
+
+Returns a list of IAM Managed Policy ARNs as strings that identify the policies that are attached to the user. If there are no attached policies, returns an empty list.
+
+    describe aws_iam_user('bob') do
+      # This is a customer-managed policy
+      its('attached_policy_arns') { should include 'arn:aws:iam::123456789012:policy/test-inline-policy-01' }
+      # This is an AWS-managed policy
+      its('attached_policy_arns') { should include 'arn:aws:iam::aws:policy/AlexaForBusinessGatewayExecution' }
+    end
+
+### attached\_policy\_names
+
+Returns a list of IAM Managed Policy Names as strings that identify the policies that are attached to the user. If there are no attached policies, returns an empty list.
+
+    describe aws_iam_user('bob') do
+      # This is a customer-managed policy
+      its('attached_policy_names') { should include 'test-inline-policy-01' }
+      # This is an AWS-managed policy
+      its('attached_policy_names') { should include 'AlexaForBusinessGatewayExecution' }
+    end
+
+### inline\_policy\_names
+
+Returns a list of IAM Inline Policy Names as strings that identify the inline policies that are directly embedded in the user. If there are no embedded policies, returns an empty list.
+
+    describe aws_iam_user('bob') do
+      its('inline_policy_names') { should include 'test-inline-policy-01' }
+      its('inline_policy_names.count') { should eq 1 }
+    end
+
+
+## Matchers
+
+This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [universal matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### have\_attached\_policies
+
+The `have\_attached\_policies` matcher tests if the user has at least one IAM managed policy attached to the user.
+
+    describe aws_iam_user('bob') do
+      it { should_not have_attached_policies }
+    end
+
+### have\_console\_password
+
+The `have_console_password` matcher tests if the user has a password that could be used to log into the AWS web console.
+
+    it { should have_console_password }
+
+### have\_inline\_policies
+
+The `have\_inline\_policies` matcher tests if the user has at least one IAM policy embedded directly in the user record.
+
+    describe aws_iam_user('bob') do
+      it { should_not have_inline_policies }
+    end
+
+### have\_mfa\_enabled
+
+The `have_mfa_enabled` matcher tests if the user has Multi-Factor Authentication enabled, requiring them to enter a secondary code when they login to the web console.
+
+    it { should have_mfa_enabled }
+
+## AWS Permissions
+
+Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `iam:GetUser`, `iam:GetLoginProfile`, `iam:ListMFADevices`, `iam:ListAccessKeys`, `iam:ListUserPolicies`, and `iam:ListAttachedUserPolicies` actions set to allow.
+
+You can find detailed documentation at [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).