aws_iam_saml_provider

Use the aws_iam_saml_provider InSpec audit resource to test properties of an AWS IAM SAML Provider.

Parameters

saml_provider_arn (required)

This resource accepts a single parameter, the ARN of the SAML Provider. This can be passed either as a string or as a saml_provider_arn: 'value' key-value entry in a hash.

Properties

Property Description
provider The provider.
arn The arn of the provider.
saml_metadata_document Metadata document associated with the saml provider.
valid_until The expiration date and time for the SAML provider.
create_date The date and time, in ISO 8601 date-time format , when the role was created.

Syntax

An aws_iam_saml_provider resource block declares the tests for a single AWS IAM SAML Provider by Provider ARN.

describe aws_iam_saml_provider('arn:aws:iam::123456789012:saml-provider/FANCY') do
    it { should exist }
end

Examples

Ensure we have at least one provider currently valid

  describe aws_iam_saml_provider("arn:aws:iam::123456789012:saml-provider/FANCY") do
    it { should exist }
    its("arn") { should match("arn:aws:iam::.*:saml-provider\/FANCY") }
    its("valid_until") { should be > Time.now + 90 * 86400 }
end


Matchers

For a full list of available matchers, please visit our matchers page.

exists

The exists matcher tests if the filtered IAM SAML Provider(s) exists.

  describe aws_iam_saml_provider('arn:aws:iam::123456789012:saml-provider/FANCY') do
    it { should exist }
  end

You may also use it { should_not exist }.

AWS Permissions

Your Principal will need the following permissions set to Allow: iam:GetSamlProvider