Use the aws_iam_account_alias InSpec audit resource to test properties of the AWS IAM account alias.
An aws_iam_account_alias resource block may be used to perform tests on details of the AWS account alias.
describe aws_iam_account_alias do
it { should exist }
end
This resource does not expect any parameters.
See also the AWS documentation on Account Aliases.
| Property | Description |
|---|---|
| alias | String containing the Alias of the account. |
describe aws_iam_account_alias do
it { should_not exist }
end
describe aws_iam_account_alias do
it { should exist }
its('alias') { should match /^chef-/ }
end
The control will pass if the describe returns at least one result.
Use should_not to test the entity should not exist.
describe aws_iam_account_alias do
it { should exist }
end
Your Principal will need the iam:ListAccountAliases action with Effect set to Allow.
© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
https://docs.chef.io/inspec/resources/aws_iam_account_alias/