| title | platform |
|---|---|
About the aws_amis Resource |
aws |
Use the aws_amis InSpec audit resource to test properties of some or all AWS AMIs.
Ensure you have exactly 3 AMIs available to you.
describe aws_amis(all_amis: 'true') do
its('image_ids.count') { should cmp 3 }
end
Check if you have a public AMI for the Linux/UNIX platform available to you.
describe aws_amis(is_public: 'true', platform_details: 'Linux/UNIX') do
it { should exist }
end
This resource must be provided with the parameter 'all_amis' (returns ALL AMIs available to you) OR a combination of the following.
OR
- Scopes the results to images with the specified owners. You can specify a combination of AWS account IDs, `self`, `amazon`, and `aws-marketplace`.
If you omit this parameter, the results include all images for which you have launch permissions, regardless of ownership.
This can be passed either as a string or as a all_amis: 'value' key-value entry in a hash.
| Property | Description |
|---|---|
| architectures | The architecture of the image. |
| creation_dates | The date and time the image was created. |
| image_ids | The ID of the AMI. |
| image_locations | The location of the AMI. |
| image_types | The type of image. |
| public | Indicates whether the image has public launch permissions. |
| kernel_ids | The kernel associated with the image, if any. Only applicable for machine images. |
| owner_ids | The AWS account ID of the image owner. |
| platforms | This value is set to windows for Windows AMIs; otherwise, it is blank. |
| platform_details | The platform details associated with the billing code of the AMI. |
| usage_operations | The operation of the Amazon EC2 instance and the billing code that is associated with the AMI. |
| product_codes | Any product codes associated with the AMI. |
| ramdisk_ids | The RAM disk associated with the image, if any. Only applicable for machine images. |
| states | The state of the AMI. |
| block_device_mappings | Any block device mapping entries. |
| descriptions | The description of the AMI that was provided during image creation. |
| ena_support | Specifies whether enhanced networking with ENA is enabled. |
| hypervisors | The hypervisor type of the image. |
| image_owner_alias | The AWS account alias or the AWS account ID of the AMI owner. |
| names | The name of the AMI that was provided during image creation. |
| root_device_names | The device name of the root device volume. |
| root_device_types | The type of root device used by the AMI. |
| sriov_net_supports | Specifies whether enhanced networking with the Intel 82599 Virtual Function interface is enabled. |
| state_reasons | Provides the reason for the state change. |
| tags | Provides any tags assigned to the image. |
| virtualization_types | The type of virtualization of the AMI. |
describe aws_amis(all_amis: 'true') do
its('image_ids') { should include 'image-id-43542' }
end
describe aws_amis(owners: 'self') do
its('owner_ids.uniq.size') { should be 1 }
its('owner_ids.uniq.first') { should eq 12345678 }
end
describe aws_amis(owners: ['self', 'amazon']) do
it { should exist }
end
For a full list of available matchers, please visit our Universal Matchers page.
The control will pass if the describe returns at least one result.
Use should_not to test the entity should not exist.
describe aws_amis(all_amis: 'true').where( <property>: <value>) do
it { should exist }
end
describe aws_amis(all_amis: 'true').where( <property>: <value>) do
it { should_not exist }
end
Your Principal will need the ec2:DescribeImages.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EC2.