Skip to main content

aws_ssm_parameters resource

[edit on GitHub]

Use the aws_ssm_parameters InSpec audit resource to test properties of a collection of AWS SSM parameters.


Ensure you have exactly 3 SSM Parameters

describe aws_ssm_parameters do
  its('names.count') { should cmp 3 }


This resource does not expect any parameters.

See also the AWS documentation on SSM.


namesProvides the name of the parameter.
typesProvides the type of the parameter.
key_idsProvides the key id of the parameter.
last_modified_datesProvides the date the parameter was last changed or updated and the parameter version was created.
last_modified_usersProvides the user that last changed or updated the parameter.
descriptionsProvides the description of the parameter.
versionsProvides the version of the parameter.
tiersProvides the tier of the parameter.

For a comprehensive list of properties available, see the API reference documentation


Ensure Name of a SSM Parameter exists

describe aws_ssm_parameters do
  its('names') { should include 'ssm-parameter-name' }


For a full list of available matchers, please visit our Universal Matchers page.


The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_ssm_parameters.where( <property>: <value> ) do
  it { should exist }

describe aws_ssm_parameters.where( <property>: <value> ) do
  it { should_not exist }

AWS Permissions

Your Principal will need the ssm:DescribeParameters action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Systems Manager.

Was this page helpful?


Search Results