Skip to content
This repository has been archived by the owner on Jan 8, 2024. It is now read-only.

Latest commit

 

History

History
78 lines (53 loc) · 3.01 KB

aws_ecr.md

File metadata and controls

78 lines (53 loc) · 3.01 KB
Raw
title platform
About the aws_ecr Resource
aws

WARNING: This resource is deprecated. Please use one of the following resources instead.

  • aws_ecr_image
  • aws_ecr_images
  • aws_ecr_repository
  • aws_ecr_repositories

aws_ecr

Use the aws_ecr InSpec audit resource to test properties of a single AWS Elastic Container Registry.

Syntax

An aws_ecr resource block declares the tests for a single AWS ECR by repository name.

  describe aws_ecr(repository_name: aws_ecr_name) do
    it                       { should exist }
    its ('repository_name')  { should eq aws_ecr_name }
  end

Parameters

The ECR repository_name must be provided.

repository_name (required)

The name of the repository This can be passed either as a string or as an repository_name: 'value' key-value entry in a hash.

Properties

Property Description
registry_id The AWS account ID associated with the registry
repository_arn The Amazon Resource Name of the repository
repository_name The name of the repository
repository_uri The uri of the repository
image_tags The tags associated with the image
image_digest A sha256 hash of the image
image_size_in_bytes The size of the image in bytes.
image_pushed_at The datetime as a string when the image was uploaded. 'yyyy-mm-dd hh:mm:ss tz'
image_uploaded_date The date as a string when the image was uploaded. 'yyyy-mm-dd'

Examples

Test that an ECR has the correct image properties
  describe aws_ecr(repository_name: aws_ecr_name).images do
    its ('image_tags')          { should include 'latest'}
    its ('image_digest')        { should eq 'sha256:6dce4a9c1635c4c9b6a2b645e6613fa0238182fe13929808ee2258370d0f3497'}
    its ('image_size_in_bytes') { should eq 764234}
    its ('image_uploaded_date') { should eq '2019-06-11'}
    its ('image_pushed_at')     { should eq '2019-06-11 15:08:29 +0100'}
  end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

  it { should exist }
  it { should_not exist }

AWS Permissions

Your Principal will need the ecr:DescribeRepositories and ecr:DescribeImages actions set to allow..

You can find detailed documentation at Actions, Resources, and Condition Keys for Amazon ECR, and Actions, Resources, and Condition Keys for Identity And Access Management.