Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it.  We invite you to submit your ideas using the form below.  Please be sure to include the problem for which you are solving and the benefits of implementing the idea.  Thanks for collaborating with us!

Build out more resources from the AWS CLI for use natively in Inspec

There are many things that are low hanging fruit to put as native resources within Inspec from the AWS CLI. Things regarding AMI creation for a start. It's very similar to EC2 CLI commands. This would be extremely beneficial for us because we would like to Check AWS account level config using the AWS integration in Automate, but that makes using CLI commands via Inspec not straight forward. 

  • Guest
  • Aug 27 2019
  • Researching
  • Attach files
  • Admin
    Keka Ichinose commented
    03 Oct 17:00

    @brittany, if you had to prioritize like a Top 5 list of resources, what would those be?

  • Guest commented
    10 Oct 13:46

    So a top 5 would be:
    • Describe Images for AMIs (aws cli describe-images) that way one can reasonably iterate over a list of available image-ids to gather CreationDate)
    • guardduty list-detectors
    • aws shield describe-subscription
    • aws dynamodb (ability to itierate through a list of tables to ensure there is nothing unencrypted or exposed to the public)
    • aws sqs to iterate through regions and ensure get-queue-attributes returns a kms cmk id
    • aws waf to determine whether a WAF is in use or not
    (That's actually 6 but that's some of the things to I'd like to get working in a compliance profile to scan accounts).