From e75c8924a7c40cdc19902e9df9edec0743e5b9c1 Mon Sep 17 00:00:00 2001 From: Michael Krieg Date: Mon, 25 Jan 2021 20:54:13 +0100 Subject: [PATCH] Update to InSpec 4.25 + AWS Resource Pack v1.33.0 --- Gemfile | 4 ++-- README.md | 35 ++++++++++++++++++++++++++++------- inspec.yml | 6 +++--- 3 files changed, 33 insertions(+), 12 deletions(-) diff --git a/Gemfile b/Gemfile index f62d1ac..fed0d4e 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source 'https://rubygems.org' gem 'highline', '~> 2.0.2' -gem 'inspec', '~> 4.18' -gem 'inspec-bin', '~> 4.18' +gem 'inspec', '~> 4.25' +gem 'inspec-bin', '~> 4.25' gem 'rubocop', '~> 0.79.0' diff --git a/README.md b/README.md index 9a824a8..a5be7a6 100644 --- a/README.md +++ b/README.md @@ -3,12 +3,14 @@ **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* - [InSpec AWS Baseline Profile](#inspec-aws-baseline-profile) - - [Usage](#usage) - - [IAM Permissions](#iam-permissions) - - [Profile Execution](#profile-execution) - - [AWS Organizations](#aws-organizations) - - [Further Information](#further-information) - - [The Importance of Compliance Results](#the-importance-of-compliance-results) + - [Usage](#usage) + - [IAM Permissions](#iam-permissions) + - [Profile Execution - variant A](#profile-execution-variant-a) + - [Profile Execution - variant B](#profile-execution-variant-b) + - [Re-Vendor Dependencies](#re-vendor-dependencies) + - [AWS Organizations](#aws-organizations) + - [Further Information](#further-information) + - [The Importance of Compliance Results](#the-importance-of-compliance-results) @@ -50,7 +52,7 @@ Make sure your Auditor IAM User has the following managed policy attached: It is also possible to use higher privileged policies, such as `arn:aws:iam::aws:policy/ReadOnlyAccess`. -### Profile Execution +### Profile Execution - variant A You can easily use this InSpec profile from Github: @@ -64,6 +66,25 @@ You can easily use this InSpec profile from Github: ``` +### Profile Execution - variant B + +Call InSpec with AWS region + your local configured Profile: + +``` + + inspec exec -t aws://eu-central-1/my-named-profile --show-progress \ + https://github.com/centriascolocation/inspec-aws-baseline/archive/master.tar.gz + +``` + +### Re-Vendor Dependencies + +``` + + inspec vendor --overwrite . + +``` + ## AWS Organizations You can also check if a given account is part of AWS Organizations (Master or Member). This feature is disabled by default. diff --git a/inspec.yml b/inspec.yml index fb91639..3e06305 100644 --- a/inspec.yml +++ b/inspec.yml @@ -5,13 +5,13 @@ copyright: Centrias Colocation GmbH copyright_email: support@centrias.net license: Apache-2.0 summary: InSpec Baseline Profile for AWS account setup verification -version: 1.4.0 +version: 1.4.1 supports: - platform: aws -inspec_version: ">= 4.18" +inspec_version: ">= 4.25" depends: - name: inspec-aws - url: https://github.com/inspec/inspec-aws/archive/v1.26.1.tar.gz + url: https://github.com/inspec/inspec-aws/archive/v1.33.0.tar.gz inputs: - name: cis_level type: Numeric