inspec 2.3.10 → 2.3.23

data/docs/resources/aws_ebs_volume.md.erb

@@ -1,76 +0,0 @@
----
-title: About the aws_ebs_volume Resource
-platform: aws
----
-
-# aws\_ebs\_volume
-
-Use the `aws_ebs_volume` InSpec audit resource to test properties of a single AWS EBS volume.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-## Syntax
-
-An `aws_ebs_volume` resource block declares the tests for a single AWS EBS volume by either name or id.
-
-    describe aws_ebs_volume('vol-01a2349e94458a507') do
-      it { should exist }
-    end
-
-    describe aws_ebs_volume(name: 'data-vol') do
-      it { should be_encrypted }
-    end
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test that an EBS Volume does not exist
-
-    describe aws_ebs_volume(name: 'data_vol') do
-      it { should_not exist }
-    end
-
-### Test that an EBS Volume is encrypted
-
-    describe aws_ebs_volume(name: 'secure_data_vol') do
-      it { should be_encrypted }
-    end
-
-### Test that an EBS Volume the correct size
-
-    describe aws_ebs_volume(name: 'data_vol') do
-      its('size') { should cmp 32 }
-    end
-
-<br>
-
-## Properties
-
-* `availability_zone`, `encrypted`, `iops`, `kms_key_id`, `size`, `snapshot_id`, `state`, `volume_type`
-
-<br>
-
-## Matchers
-
-This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### be\_encrypted
-
-The `be_encrypted` matcher tests if the described EBS Volume is encrypted.
-
-    it { should be_encrypted }
-
-## AWS Permissions
-
-Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeVolumes`, and `iam:GetInstanceProfile` actions set to allow.
-
-You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).

data/docs/resources/aws_ebs_volumes.md.erb

@@ -1,86 +0,0 @@
----
-title: About the aws_ebs_volumes Resource
-platform: aws
----
-
-# aws\_ebs\_volumes
-
-Use the `aws_ebs_volumes` InSpec audit resource to test properties of some or all AWS EBS volumes. To audit a single EBS volume, use `aws_ebs_volume` (singular).
-
-EBS volumes are persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud.
-
-Each EBS volume is uniquely identified by its ID.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-## Syntax
-
-An `aws_ebs_volumes` resource block collects a group of EBS volumes and then tests that group.
-
-    # Ensure you have exactly 3 volumes
-    describe aws_ebs_volumes do
-      its('volume_ids.count') { should cmp 3 }
-    end
-
-    # Use the InSpec resource to enumerate IDs, then test in-depth using `aws_ebs_volume`.
-    aws_ebs_volumes.volume_ids.each do |volume_id|
-      describe aws_ebs_volume(volume_id) do
-        it { should exist }
-        it { should be_encrypted }
-        its('size') { should cmp 8 }
-        its('iops') { should cmp 100 }
-      end
-    end
-
-<br>
-
-## Examples
-
-As this is the initial release of `aws_ebs_volumes`, its limited functionality precludes examples.
-
-<br>
-
-## Filter Criteria
-
-This resource currently does not support any filter criteria; it will always fetch all volumes in the region.
-
-## Properties
-
-### entries
-
-Provides access to the raw results of the query, which can be treated as an array of hashes. This can be useful for checking counts and other advanced operations.
-
-    # Allow at most 100 EBS volumes on the account
-    describe aws_ebs_volumes do
-      its('entries.count') { should be <= 100 }
-    end
-
-### volume_ids
-
-Provides a list of the volume ids that were found in the query.
-
-    describe aws_ebs_volumes do
-      its('volume_ids') { should include 'vol-12345678' }
-      its('volume_ids.count') { should cmp 3 }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). 
-
-### exist
-
-The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
-
-    # Verify that at least one EBS volume exists
-    describe aws_ebs_volumes do
-      it { should exist }
-    end   

data/docs/resources/aws_ec2_instance.md.erb

@@ -1,122 +0,0 @@
----
-title: About the aws_ec2_instance Resource
-platform: aws
----
-
-# aws\_ec2\_instance
-
-Use the `aws_ec2_instance` InSpec audit resource to test properties of a single AWS EC2 instance.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v2.0.16 of InSpec.
-
-## Syntax
-
-An `aws_ec2_instance` resource block declares the tests for a single AWS EC2 instance by either name or id.
-
-    describe aws_ec2_instance('i-01a2349e94458a507') do
-      it { should exist }
-    end
-
-    describe aws_ec2_instance(name: 'my-instance') do
-      it { should be_running }
-    end
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test that an EC2 instance does not exist
-
-    describe aws_ec2_instance(name: 'dev-server') do
-      it { should_not exist }
-    end
-
-### Test that an EC2 instance is running
-
-    describe aws_ec2_instance(name: 'prod-database') do
-      it { should be_running }
-    end
-
-### Test that an EC2 instance is using the correct image ID
-
-    describe aws_ec2_instance(name: 'my-instance') do
-      its('image_id') { should eq 'ami-27a58d5c' }
-    end
-
-### Test that an EC2 instance has the correct tag
-
-    describe aws_ec2_instance('i-090c29e4f4c165b74') do
-      its('tags') { should include(key: 'Contact', value: 'Gilfoyle') }
-    end
-
-<br>
-
-## Properties
-
-* `architecture`, `client_token`, `image_id`,`instance_type`, `key_name`, `launch_time`,`private_ip_address`,  `private_dns_name`, `public_dns_name`, `public_ip_address`,  `root_device_type`, `root_device_name`, `security_group_ids`, `subnet_id`, `tags`,`virtualization_type`, `vpc_id`
-
-<br>
-
-## Matchers
-
-This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-### be\_pending
-
-The `be_pending` matcher tests if the described EC2 instance state is `pending`. This indicates that an instance is provisioning. This state should be temporary.
-
-    it { should be_pending }
-
-### be\_running
-
-The `be_running` matcher tests if the described EC2 instance state is `running`. This indicates the instance is fully operational from AWS's perspective.
-
-    it { should be_running }
-
-### be\_shutting\_down
-
-The `be_shutting_down` matcher tests if the described EC2 instance state is `shutting-down`. This indicates the instance has received a termination command and is in the process of being permanently halted and de-provisioned. This state should be temporary.
-
-    it { should be_shutting_down }
-
-### be\_stopped
-
-The `be_stopped` matcher tests if the described EC2 instance state is `stopped`. This indicates that the instance is suspended and may be started again.
-
-    it { should be_stopped }
-
-### be\_stopping
-
-The `be_stopping` matcher tests if the described EC2 instance state is `stopping`. This indicates that an AWS stop command has been issued, which will suspend the instance in an OS-unaware manner. This state should be temporary.
-
-    it { should be_stopping }
-
-### be\_terminated
-
-The `be_terminated` matcher tests if the described EC2 instance state is `terminated`. This indicates the instance is permanently halted and will be removed from the instance listing in a short period. This state should be temporary.
-
-    it { should be_terminated }
-
-### be\_unknown
-
-The `be_unknown` matcher tests if the described EC2 instance state is `unknown`. This indicates an error condition in the AWS management system. This state should be temporary.
-
-    it { should be_unknown }
-
-## AWS Permissions
-
-Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `ec2:DescribeInstances`, and `iam:GetInstanceProfile` actions set to allow.
-
-You can find detailed documentation at [Actions, Resources, and Condition Keys for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html), and [Actions, Resources, and Condition Keys for Identity And Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html).

data/docs/resources/aws_ec2_instances.md.erb

@@ -1,89 +0,0 @@
----
-title: About the aws_ec2_instances Resource
-platform: aws
----
-
-# aws\_ec2\_instances
-
-Use the `aws_ec2_instances` InSpec audit resource to test properties of some or all AWS EC2 instances. To audit a single EC2 instance, use `aws_ec2_instance` (singular).
-
-EC2 instances are the basic unit of computing within AWS.  An instance is a virtual machine that contains a running OS, and may be created or destroyed by code.
-
-Each EC2 instance is uniquely identified by its ID.
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v2.1.72 of InSpec.
-
-## Syntax
-
-An `aws_ec2_instances` resource block collects a group of EC2 Instances and then tests that group.
-
-    # Ensure you have exactly 3 instances
-    describe aws_ec2_instances do
-      its('instance_ids.count') { should cmp 3 }
-    end
-
-    # Use the InSpec resource to enumerate IDs, then test in-depth using `aws_ec2_instance`.
-    aws_ec2_instances.instance_ids.each do |instance_id|
-      describe aws_ec2_instance(instance_id) do
-        its('key_name') { should cmp 'admin-ssh-key' }
-      end 
-    end
-
-<br>
-
-## Examples
-
-As this is the initial release of `aws_ec2_instances`, its limited functionality precludes examples.
-
-<br>
-
-## Filter Criteria
-
-This resource currently does not support any filter criteria; it will always fetch all instances in the region.
-
-## Properties
-
-### entries
-
-Provides access to the raw results of the query, which can be treated as an array of hashes. This can be useful for checking counts and other advanced operations.
-
-    # Allow at most 100 EC2 Instances on the account
-    describe aws_ec2_instances do
-      its('entries.count') { should be <= 100}
-    end
-
-
-### instance_ids
-
-Provides a list of the instance ids that were found in the query.
-
-    describe aws_ec2_instances do
-      its('instance_ids') { should include('i-12345678') }
-      its('instance_ids.count') { should cmp 3) }
-    end
-
-<br>
-
-## Matchers
-
-For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). 
-
-### exist
-
-The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
-
-    # Verify that at least one EC2 Instance exists.
-    describe aws_ec2_instances
-      it { should exist }
-    end   
-

data/docs/resources/aws_elb.md.erb

@@ -1,154 +0,0 @@
----
-title: About the aws_elb Resource
-platform: aws
----
-
-# aws\_elb
-
-Use the `aws_elb` InSpec audit resource to test properties of a single AWS Elastic Load Balancer (ELB, also known as a Classic Load Balancer).
-
-To audit ELBs in bulk or to search, use `aws_elbs` (plural).
-
-<br>
-
-## Availability
-
-### Installation
-
-This resource is distributed along with InSpec itself. You can use it automatically.
-
-### Version
-
-This resource first became available in v2.2.10 of InSpec.
-
-## Resource Parameters
-
-An `aws_elb` resource block declares the tests for a single AWS ELB by ELB name.
-
-    describe aws_elb('my-elb') do
-      it { should exist }
-    end
-
-    describe aws_elb(elb_name: 'my-elb') do
-      its('instance_ids.count') { should cmp 2 }
-    end
-
-<br>
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test that an ELB does not exist
-
-    describe aws_elb('bad-elb') do
-      it { should_not exist }
-    end
-
-### Test that an ELB has a presence in at least two availability zones
-
-    describe aws_elb('web') do
-      its('availability_zones.count') { should be > 1 }
-    end
-
-<br>
-
-## Properties
-
-### availability\_zones
-
-Returns an array of strings identifying which availability zones in which the load balancer is located.
-
-    # Verify we are in both us-east-2a and us-east-2b
-    describe aws_elb('web-elb') do
-      its('availability_zones') { should include 'us-east-2a' }
-      its('availability_zones') { should include 'us-east-2b' }
-    end
-
-### dns\_name
-
-Returns the FQDN of the load balancer.  This is the hostname which is exposed to the world.
-
-    # Ensure that the ELB has a DNS name
-    describe aws_elb('web-elb') do
-      its('dns_name') { should match /\.com/ }
-    end
-
-### elb\_name
-
-The name of the ELB within AWS. The ELB name is unique within the region.
-
-    # Ensure that the ELB's name is what we said it was
-    describe aws_elb('web-elb') do
-      its('elb_name') { should match /web-elb/ }
-    end
-
-### external\_ports
-
-Returns an array of integers reflecting the public-facing ports on which the load balancer will be listening for traffic.
-
-    # Ensure that we are listening on port 80 and nothing else
-    describe aws_elb('web-elb') do
-      its('external_ports') { should include 80 }
-      its('external_ports.count') { should cmp 1 }
-    end
-
-### instance\_ids
-
-Returns an array of strings reflecting the instance IDs of the EC2 instances attached to the ELB.
-
-    # Ensure that a specific instance is attached
-    describe aws_elb('web-elb') do
-      its('instance_ids') { should include 'i-12345678' }
-    end
-
-
-### internal\_ports
-
-Returns an array of integers reflecting the EC2-facing ports on which the load balancer will be sending traffic to.
-
-    # Ensure that we are sending traffic to port 80 on the instances and nothing else
-    describe aws_elb('web-elb') do
-      its('internal_ports') { should include 80 }
-      its('internal_ports.count') { should cmp 1 }
-    end
-
-### security\_group\_ids
-
-Returns an array of strings reflecting the security group IDs (firewall rule sets) assigned to the ELB.
-
-    # Ensure that a specific SG ID is assigned
-    describe aws_elb('web-elb') do
-      its('security_group_ids') { should include 'sg-12345678' }
-    end
-
-### subnet\_ids
-
-Returns an array of strings reflecting the subnet IDs on which the ELB is located.
-
-    # Ensure that the ELB is on a specific subnet
-    describe aws_elb('web-elb') do
-      its('subnet_ids') { should include 'subnet-12345678' }
-    end
-
-### vpc\_id
-
-Returns a String reflecting the ID of the VPC in which the ELB is located.
-
-    # Ensure that the ELB is on a specific VPC
-    describe aws_elb('web-elb') do
-      its('vpc_id') { should cmp 'vpc-12345678' }
-    end
-
-<br>
-
-## Matchers
-
-This InSpec audit resource has no special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/).
-
-
-## AWS Permissions
-
-Your [Principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) will need the `elasticloadbalancing:DescribeLoadBalancers` action set to Allow.
-
-You can find detailed documentation at [Authentication and Access Control for Your Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/load-balancer-authentication-access-control.html)