aws_s3_buckets Resource
Use the aws_s3_buckets
InSpec audit resource to list all buckets in a single account.
For additional information, including details on parameters and properties, see the AWS documentation on S3 Buckets.
Installation
This resource is available in the Chef InSpec AWS resource pack.
See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.
Syntax
An aws_s3_buckets
resource block takes no arguments
describe aws_s3_buckets do
it { should exist }
end
Parameters
This resource does not require any parameters.
Properties
bucket_names
- An Array of bucket names.
tags
- An hash with each key-value pair corresponding to a tag associated with the entity.
entries
- Provides access to the raw results of the query, which can be treated as an array of hashes.
Examples
Examine what buckets have been created.
describe aws_s3_buckets do
its('bucket_names') { should eq ['my_bucket'] }
**OR.**
its('bucket_names') { should include 'my_bucket' }
end
Check the tags on buckets .
describe aws_s3_buckets.where( bucket_names: 'my-bucket' ) do
its('tags') { should include(:Environment => 'env-name',
:Name => 'bucket-name')}
end
Matchers
exist
The control will pass if the resource contains at least one bucket.
# Test if there are any buckets
describe aws_s3_buckets
it { should exist }
end
AWS Permissions
Your Principal will need the S3:Client:ListBucketsOutput
action with Effect
set to Allow
.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon S3.