Skip to main content

aws_ssm_parameters resource

[edit on GitHub]

Use the aws_ssm_parameters InSpec audit resource to test properties of a collection of AWS SSM parameters.


Ensure you have exactly 3 SSM Parameters

describe aws_ssm_parameters do
  its('names.count') { should cmp 3 }


This resource does not expect any parameters.

See also the AWS documentation on SSM.


Property Description
names Provides the name of the parameter.
types Provides the type of the parameter.
key_ids Provides the key id of the parameter.
last_modified_dates Provides the date the parameter was last changed or updated and the parameter version was created.
last_modified_users Provides the user that last changed or updated the parameter.
descriptions Provides the description of the parameter.
versions Provides the version of the parameter.
tiers Provides the tier of the parameter.

For a comprehensive list of properties available, see the API reference documentation


Ensure Name of a SSM Parameter exists

describe aws_ssm_parameters do
  its('names') { should include 'ssm-parameter-name' }


For a full list of available matchers, please visit our Universal Matchers page.


The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe aws_ssm_parameters.where( <property>: <value> ) do
  it { should exist }

describe aws_ssm_parameters.where( <property>: <value> ) do
  it { should_not exist }

AWS Permissions

Your Principal will need the ssm:DescribeParameters action with Effect set to Allow.

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon Systems Manager.

Was this page helpful?


Search Results