aws_servicecatalog_launch_role_constraints Resource
Use the aws_servicecatalog_launch_role_constraints
InSpec audit resource to test properties of multiple AWS Service Catalog launch constraint.
For additional information, including details on parameters and properties, see the AWS documentation on AWS ServiceCatalog LaunchRoleConstraint.
Installation
This resource is available in the Chef InSpec AWS resource pack.
See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.
Syntax
Ensure that a portfolio exists.
describe aws_servicecatalog_launch_role_constraints(portfolio_id: 'PORTFOLIO_ID') do
it { should exist }
end
Parameters
portfolio_id
(required)The identifier of the portfolio the product resides in.
Properties
constraint_ids
- The identifier of the constraint.
types
- The type of constraint. Valid values are:
LAUNCH
,NOTIFICATION
,RESOURCE_UPDATE
,STACKSET
, andTEMPLATE
. descriptions
- The description of the constraint.
owners
- The owner of the constraint.
product_ids
- The identifier of the product the constraint applies to. Note that a constraint applies to a specific instance of a product within a certain portfolio.
portfolio_ids
- The identifier of the portfolio the product resides in. The constraint applies only to the instance of the product that lives within this portfolio.
Examples
Ensure a constraint is available.
describe aws_servicecatalog_launch_role_constraints(portfolio_id: 'PORTFOLIO_ID') do
its('constraint_ids') { should include 'ID' }
end
Ensure that the type is ‘LAUNCH’.
describe aws_servicecatalog_launch_role_constraints(portfolio_id: 'PORTFOLIO_ID') do
its('types') { should include 'LAUNCH' }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.
The controls will pass if the list
method returns at least one result.
exist
Use should
to test that the entity exists.
describe aws_servicecatalog_launch_role_constraints(portfolio_id: 'PORTFOLIO_ID') do
it { should exist }
end
Use should_not
to test the entity does not exist.
describe aws_servicecatalog_launch_role_constraints(portfolio_id: 'PORTFOLIO_ID') do
it { should_not exist }
end
AWS Permissions
Your Principal will need the ServiceCatalog:Client:ListConstraintsForPortfolioOutput
action with Effect
set to Allow
.