| title | About the aws_ami Resource |
|---|---|
| platform | aws |
Use the aws_ami InSpec audit resource to test properties of a single AWS AMI.
An aws_ami resource block declares the tests for a single AWS AMI by image id.
describe aws_ami(image_id: 'aki-2349e94458a507') do
it { should exist }
end
This resource accepts a single parameter, the AMI Image ID.
This can be passed either as a string or as a image_id: 'value' key-value entry in a hash.
See also the AWS documentation on EC2 Amazon Machine Images.
| Property | Description |
|---|---|
| architecture | The architecture of the image. |
| creation_date | The date and time the image was created. |
| image_id | The ID of the AMI. |
| image_location | The location of the AMI. |
| image_type | The type of image. |
| public | Indicates whether the image has public launch permissions. |
| kernel_id | The kernel associated with the image, if any. Only applicable for machine images. |
| owner_id | The AWS account ID of the image owner. |
| platform | This value is set to windows for Windows AMIs; otherwise, it is blank. |
| platform_details | The platform details associated with the billing code of the AMI. |
| usage_operation | The operation of the Amazon EC2 instance and the billing code that is associated with the AMI. |
| product_codes | Any product codes associated with the AMI. |
| ramdisk_id | The RAM disk associated with the image, if any. Only applicable for machine images. |
| state | The state of the AMI. |
| block_device_mappings | Any block device mapping entries. |
| description | The description of the AMI that was provided during image creation. |
| ena_support | Specifies whether enhanced networking with ENA is enabled. |
| hypervisor | The hypervisor type of the image. |
| image_owner_alias | The AWS account alias or the AWS account ID of the AMI owner. |
| name | The name of the AMI that was provided during image creation. |
| root_device_name | The device name of the root device volume. |
| root_device_type | The type of root device used by the AMI. |
| sriov_net_support | Specifies whether enhanced networking with the Intel 82599 Virtual Function interface is enabled. |
| state_reason | Provides the reason for the state change. |
| tags | Provides any tags assigned to the image. |
| virtualization_type | The type of virtualization of the AMI. |
There are also additional properties available. For a comprehensive list, see the API reference documentation
describe aws_ami(image_id: 'aki-25348fd4323') do
it { should be_public }
end
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.
The be_public matcher tests if the AMI has public launch permissons.
describe aws_ami(image_id: 'aki-1234') do
it { should be_public }
end
describe aws_ami(image_id: 'aki-6789') do
it { should_not be_public }
end
The control will pass if the describe returns at least one result.
Use should_not to test the entity should not exist.
describe aws_ami(image_id: 'aki-1234') do
it { should exist }
end
describe aws_ami(image_id: 'aki-6789') do
it { should_not exist }
end
Your Principal will need the ec2:DescribeImages action set to allow.
You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon EC2.