inspec-aws icon indicating copy to clipboard operation
inspec-aws copied to clipboard
verified publisher icon inspec

Build out more resources from the AWS CLI for use natively in Chef InSpec

Open kekaichinose opened this issue 6 years ago • 0 comments

🎛 Description

Per customer ask, there are many things that are low hanging fruit to put as native resources within Chef InSpec from the AWS CLI. Things regarding AMI creation for a start. It's very similar to EC2 CLI commands. This would be extremely beneficial for us because we would like to Check AWS account level config using the AWS integration in Automate, but that makes using CLI commands via Chef InSpec not straight forward.

A Top 5 list of resources we'd like to see added:

  • Describe Images for AMIs (aws cli describe-images) that way one can reasonably iterate over a list of available image-ids to gather CreationDate)
  • guardduty list-detectors
  • aws shield describe-subscription
  • aws dynamodb (ability to itierate through a list of tables to ensure there is nothing unencrypted or exposed to the public)
  • aws sqs to iterate through regions and ensure get-queue-attributes returns a kms cmk id
  • aws waf to determine whether a WAF is in use or not (That's actually 6 but that's some of the things to I'd like to get working in a compliance profile to scan accounts).

Related Links

  • Aha! Ideas Portal: https://chef-software.ideas.aha.io/ideas/INSPEC-I-11

kekaichinose avatar Oct 30 '19 20:10 kekaichinose