alicloud_ram_user_mfa Resource
Use the alicloud_ram_user_mfa
InSpec audit resource to test properties of a single Alicloud RAM user’s MFA settings.
Syntax
An alicloud_ram_user_mfa
resource block declares the tests for a single Alicloud RAM user’s MFA settings by user name.
describe alicloud_ram_user_mfa(user_name: 'rpatel') do
it { should exist }
end
Parameters
user_name
(required)This resource accepts a single parameter, the RAM user’s username which uniquely identifies the user.
This can be passed either as a string or as auser_name: 'value'
key-value entry in a hash.
See also the Alicloud documentation on RAM users.
Properties
user_name
- The RAM user’s username.
serial_number
- The serial number of the RAM User’s MFA device.
type
- The MFA type (VMFA: virtual NFA device, or U2F: Universal 2nd Factor security key).
Examples
The following example shows how to use this InSpec audit resource.
Test that a user has MFA configured.
describe alicloud_ram_user_mfa(user_name: 'jakobp') do
it { should exist }
its('serial_number') { should eq 'acs:ram::1234567890123456:mfa/jakobp' }
its('type') { should eq 'VMFA' }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.
exist
The control will pass if the describe returns at least one result.
it { should exist }
Use should_not
to test the entity should not exist.
it { should_not exist }
Alicloud Permissions
Your Principal will need the ram:GetUserMFAInfo
action with Effect
set to Allow
.
See the Alibaba Cloud Resource Access Management documentation.