Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it. We invite you to submit your ideas using the form below. Please be sure to include the problem for which you are solving and the benefits of implementing the idea.

We do our best to implement as many Ideas as we can. Our Product team will evaluate all submitted ideas in a timely manner and will disposition each into one of the following categories: will integrate into the product roadmap, further research is needed, unlikely to implement.

Thanks for collaborating with us!

Build out more resources from the AWS CLI for use natively in Inspec

There are many things that are low hanging fruit to put as native resources within Inspec from the AWS CLI. Things regarding AMI creation for a start. It's very similar to EC2 CLI commands. This would be extremely beneficial for us because we would like to Check AWS account level config using the AWS integration in Automate, but that makes using CLI commands via Inspec not straight forward. 

  • Guest
  • Aug 27 2019
  • Currently Declined
  • Attach files
  • Guest commented
    8 Jul, 2020 01:50am

    I’m totally okay with that. That is actually what I was hoping for all along. I assumed these would be added into the Inspec resource list like the existing AWS resources.

  • Keka Ichinose commented
    8 Jul, 2020 01:28am

    @Brittany, a follow-up question. The only reason we could think of to go down the AWS CLI integration route would be if some functionality was only exposed at the AWS CLI level, but that doesn't seem to be the case based on the list of resources you've provided. With that said, would you be good with the equivalent resources being added to the existing AWS resource pack rather than embarking on the integration route?

  • Saurabh Dhage commented
    13 Nov, 2019 09:36am

    Describe the status of MFA Delete for the S3 bucket

  • Guest commented
    10 Oct, 2019 01:46pm

    So a top 5 would be:
    • Describe Images for AMIs (aws cli describe-images) that way one can reasonably iterate over a list of available image-ids to gather CreationDate)
    • guardduty list-detectors
    • aws shield describe-subscription
    • aws dynamodb (ability to itierate through a list of tables to ensure there is nothing unencrypted or exposed to the public)
    • aws sqs to iterate through regions and ensure get-queue-attributes returns a kms cmk id
    • aws waf to determine whether a WAF is in use or not
    (That's actually 6 but that's some of the things to I'd like to get working in a compliance profile to scan accounts).

  • Keka Ichinose commented
    3 Oct, 2019 05:00pm

    @brittany, if you had to prioritize like a Top 5 list of resources, what would those be?