aws_s3_bucket_policy resource
Use the aws_s3_bucket_policy Chef InSpec audit resource to test properties of a single AWS S3 bucket policy.
The AWS::S3::BucketPolicy resource type applies an Amazon S3 bucket policy to an Amazon S3 bucket.
For additional information, including details on parameters and properties, see the AWS documentation on the AWS::S3::BucketPolicy resource.
Syntax
Ensure that an S3 bucket policy exists.
describe aws_s3_bucket_policy(bucket: 'BUCKET_NAME') do
it { should exist }
end
Parameters
bucket(required)The name of the Amazon S3 bucket to which the policy applies.
Properties
Effect- The effect of the policy.
Sid- The policy statement ID of the S3 bucket.
Condition- The policy condition key of the S3 bucket.
Action- The policy action of the S3 bucket.
Resource- The policy resource type of the S3 bucket.
Principal- The policy principal of the S3 bucket.
Examples
Ensure a policy is available:
describe aws_s3_bucket_policy(bucket: 'BUCKET_NAME') do
its('Sid') { should eq 'SID' }
end
Matchers
For a full list of available matchers, see our Universal Matchers page.This resource has the following special matchers.
exist
Use should to test that the entity exists.
describe aws_s3_bucket_policy(bucket: 'BUCKET_NAME') do
it { should exist }
end
Use should_not to test the entity does not exist.
describe aws_s3_bucket_policy(bucket: 'BUCKET_NAME') do
it { should_not exist }
end
be_available
Use should to check if the entity is available.
describe aws_s3_bucket_policy(bucket: 'BUCKET_NAME') do
it { should be_available }
end
AWS Permissions
Your AWS principal will need the S3:Client:GetBucketPolicyOutput action with Effect set to Allow.