title | platform |
---|---|
About the aws_s3_bucket_policy Resource |
aws |
Use the aws_s3_bucket_policy
Chef InSpec audit resource to test properties of a single AWS S3 bucket policy.
The AWS::S3::BucketPolicy
resource type applies an Amazon S3 bucket policy to an Amazon S3 bucket.
Ensure that an S3 bucket policy exists.
describe aws_s3_bucket_policy(bucket: 'BUCKET_NAME') do
it { should exist }
end
bucket
(required)
The name of the Amazon S3 bucket to which the policy applies.
For additional information, see the AWS documentation on the AWS::S3::BucketPolicy
resource.
Property | Description |
---|---|
Effect | The effect of the policy. |
Sid | The policy statement ID of the S3 bucket. |
Condition | The policy condition key of the S3 bucket. |
Action | The policy action of the S3 bucket. |
Resource | The policy resource type of the S3 bucket. |
Principal | The policy principal of the S3 bucket. |
describe aws_s3_bucket_policy(bucket: 'BUCKET_NAME') do
its('Sid') { should eq 'SID' }
end
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.
The controls will pass if the get
method returns at least one result.
Use should
to test that the entity exists.
describe aws_s3_bucket_policy(bucket: 'BUCKET_NAME') do
it { should exist }
end
Use should_not
to test the entity does not exist.
describe aws_s3_bucket_policy(bucket: 'BUCKET_NAME') do
it { should_not exist }
end
Use should
to check if the entity is available.
describe aws_s3_bucket_policy(bucket: 'BUCKET_NAME') do
it { should be_available }
end
Your Principal will need the S3:Client:GetBucketPolicyOutput
action with Effect
set to Allow
.