aws_emr_security_configurationss Resource
Use the aws_emr_security_configurations
resource to test the properties of collection for AWS EMR security configuration.
For additional information, including details on parameters and properties, see the AWS documentation on AWS EMR security configuration.
Installation
This resource is available in the Chef InSpec AWS resource pack.
See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.
Syntax
describe aws_emr_security_configurations do
it { should exist }
end
Parameters
This resource does not require any parameters.
Properties
security_configuration_names
- The name of the security configuration.
Field:
name
encryption_at_rest
- Specifies whether at-rest encryption is enabled for the cluster.
Field:
security_configuration(EncryptionConfiguration(EnableAtRestEncryption))
encryption_in_transit
- Specifies whether in-transit encryption is enabled for the cluster.
Field:
security_configuration(EncryptionConfiguration(EnableInTransitEncryption))
local_disk_encryption
- Specifies whether local-disk encryption is enabled for the cluster.
Field:
security_configuration(EncryptionConfiguration(AtRestEncryptionConfiguration(LocalDiskEncryptionConfiguration)))
Examples
Ensure AWS EMR security configurations exists.
describe aws_emr_security_configurations do
it { should exist }
its('encryption_at_rests') { should include encryption_at_rest }
its('encryption_in_transits') { should include encryption_in_transit }
its('local_disk_encryptions') { should include local_disk_encryption }
end
Matchers
For a full list of available matchers, please visit our matchers page.
exist
Use should
to test an entity that should exist.
describe aws_emr_security_configurations.where(security_configuration_name: 'SECURITY_CONFIGURATION_NAME') do
it { should exist }
end
Use should_not
to test an entity that should not exist.
describe aws_emr_security_configurations.where(security_configuration_name: 'INVALID_SECURITY_CONFIGURATION_NAME') do
it { should_not exist }
end
AWS Permissions
Your Principal will need the EMR:Client:DescribeSecurityConfigurationOutput
action with Effect
set to Allow
.