aws_s3_buckets
Use the aws_s3_buckets
InSpec audit resource to list all buckets in a single account.
Syntax
An aws_s3_buckets
resource block takes no arguments
describe aws_s3_buckets do
it { should exist }
end
Parameters
This resource does not expect any parameters.
See also the AWS documentation on S3 Buckets.
Properties
Property | Description |
---|---|
bucket_names | An Array of bucket names. |
tags | An hash with each key-value pair corresponding to a tag associated with the entity |
entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
Examples
Examine what buckets have been created.
describe aws_s3_buckets do
its('bucket_names') { should eq ['my_bucket'] }
# OR
its('bucket_names') { should include 'my_bucket' }
end
Check the tags on buckets
describe aws_s3_buckets.where( bucket_names: 'my-bucket' ) do
its('tags') { should include(:Environment => 'env-name',
:Name => 'bucket-name')}
end
Matchers
exists
The control will pass if the resource contains at least one bucket.
# Test if there are any buckets
describe aws_s3_buckets
it { should exist }
end
AWS Permissions
Your Principal will need the s3:ListAllMyBuckets
action with Effect set to Allow.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon S3.