Skip to main content

aws_securityhub_hub Resource

Use the aws_securityhub_hub InSpec audit resource to test properties of a single AWS Security Hub.

For additional information, including details on parameters and properties, see the AWS documentation on AWS Security Hub.

Installation

This resource is available in the Chef InSpec AWS resource pack.

See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.

Syntax

Ensure that the hub exists.

describe aws_securityhub_hub(hub_arn: 'HUB_ARN') do
  it { should exist }
end

Parameters

hub_arn (required)

The ARN of the Hub resource that was retrieved.

Properties

hub_arn
The ARN of the Hub resource that was retrieved.
subscribed_at
The date and time when Security Hub was enabled in the account.
auto_enable_controls
Whether to automatically enable new controls when they are added to standards that are enabled.

Examples

Ensure an auto enable controls is true.

describe aws_securityhub_hub(hub_arn: 'HUB_ARN') do
  its('auto_enable_controls') { should eq true }
end

Ensure a hub ARN is available.

describe aws_securityhub_hub(hub_arn: 'HUB_ARN') do
    its('hub_arn') { should eq 'HUB_ARN' }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.

The controls will pass if the describe method returns at least one result.

exist

Use should to test that the entity exists.

describe aws_securityhub_hub(hub_arn: 'HUB_ARN') do
  it { should exist }
end

Use should_not to test the entity does not exist.

describe aws_securityhub_hub(hub_arn: 'HUB_ARN') do
  it { should_not exist }
end

be_available

Use should to check if the entity is available.

describe aws_securityhub_hub(hub_arn: 'HUB_ARN') do
  it { should be_available }
end

AWS Permissions

Your Principal will need the SecurityHub:Client:DescribeHubResponse action with Effect set to Allow.

Edit this page on GitHub.

Thank you for your feedback!

×









Search Results