{"id":20979610,"url":"https://github.com/alexpop/ec2-instance-profile","last_synced_at":"2025-05-14T15:30:26.107Z","repository":{"id":43626768,"uuid":"71672757","full_name":"alexpop/ec2-instance-profile","owner":"alexpop","description":"A library InSpec compliance profile containing a custom `ec2_instance` resource that can be used to test `meta-data` and `user-data` for AWS EC2 nodes.","archived":false,"fork":false,"pushed_at":"2020-08-20T14:28:49.000Z","size":7,"stargazers_count":4,"open_issues_count":0,"forks_count":5,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-02T19:47:00.304Z","etag":null,"topics":["inspec"],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alexpop.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-10-23T00:12:58.000Z","updated_at":"2021-09-16T00:03:48.000Z","dependencies_parsed_at":"2022-09-13T11:11:40.204Z","dependency_job_id":null,"html_url":"https://github.com/alexpop/ec2-instance-profile","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexpop%2Fec2-instance-profile","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexpop%2Fec2-instance-profile/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexpop%2Fec2-instance-profile/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexpop%2Fec2-instance-profile/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alexpop","download_url":"https://codeload.github.com/alexpop/ec2-instance-profile/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254171510,"owners_count":22026455,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["inspec"],"created_at":"2024-11-19T05:13:58.885Z","updated_at":"2025-05-14T15:30:25.362Z","avatar_url":"https://github.com/alexpop.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# EC2 Instance - InSpec Profile\n\n## Description\n\nA library InSpec compliance profile containing a custom `ec2_instance` resource that can be used to test `meta-data` and `user-data` for AWS EC2 nodes. It does not require AWS API credentials since the resource is retrieving the data on the target ec2 nodes using the `http://169.254.169.254/` metadata API.\n\nInSpec is an open-source run-time framework and rule language used to specify compliance, security, and policy requirements for testing any node in your infrastructure.\n\nThe controls you find in the `./controls` directory are sample ones to demonstrate how to use the `ec2_instance` resource.\n\n### Requirements\n\n* [InSpec](https://github.com/chef/inspec)\n\n### Platforms\n\n- Linux\n- Windows\n\n## Usage\n\n- Add this to your profile's `inspec.yml` to ensure a correct InSpec version and define the profile dependency:\n\n```yaml\nsupports:\n  - inspec: '~\u003e 1.0'\ndepends:\n  - name: ec2-instance-profile\n    git: https://github.com/alexpop/ec2-instance-profile\n    version: '~\u003e 0.1'\n```\n\n### Examples\n\n- Use the `ec2_instance` resource in your profiles, the same way you'd use core InSpec resources like file, service, command, etc.\n\n```ruby\ncontrol 'ec2-instance-1.1' do\n  impact 1.0\n  title 'Ensure no sensitive information is passed via the user-data'\n  describe ec2_instance do\n    it { should exist }\n    its('user-data') { should_not match /password|secret.?access/i }\n  end\nend\n\ncontrol 'ec2-instance-1.2' do\n  impact 0.6\n  title 'Test the IP addresses by specifying meta-data API version'\n  describe ec2_instance(version: '2016-06-30') do\n    it { should exist }\n    its('meta-data/public-ipv4') { should eq '' }\n    its('meta-data/local-ipv4') { should match /^172\\.31\\..+/ }\n  end\nend\n```\n\n\n### `ec2_instance` resource parameters:\n\nName | Required | Type | Description\n--- | --- | --- | ---\nversion | no | String | Defaults to 'latest' if not specified. Call this on your EC2 instance to find out all available versions: `http://169.254.169.254/`\ntimeout | no | Numeric | Number of seconds to wait for the HTTP connection to open. The default value is 2 seconds.\ncurl_path | no | String | Defaults to `curl` in `$PATH` if not specified.\nwget_path | no | String | Defaults to `wget` in `$PATH` if not specified.\n\nAn HTTP client is required on the target node in order for the resource to work. `curl`, `wget` and `Invoke-WebRequest`(Windows) are currently supported.\n\nExample of instantiating the resource with a Hash of the above parameters:\n\n```ruby\ndescribe ec2_instance(version: '2016-06-30', timeout: 3, curl_path: '/usr/bin/curl') do\n  it { should exist }\nend\n```\n\n\n### `ec2_instance` resource tests:\n\n```ruby\ndescribe ec2_instance do\n  # Returns true if the node is indeed an EC2 instance\n  it { should exist }\n  # Test the value returned by 'http://169.254.169.254/latest/SOMETHING', see examples below:\n  its('SOMETHING') { should match /hello-world/i }\n  # Test 'http://169.254.169.254/latest/meta-data/local-ipv4' if we write:\n  its('meta-data/public-ipv4') { should eq '' }\n  # Test 'http://169.254.169.254/latest/meta-data/instance-id' if we write:\n  its('meta-data/instance-id') { should match /^.{19}+$/ }\nend\n```\n\n\n## License and Author\n\n* Author: [Alex Pop](https://github.com/alexpop)\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falexpop%2Fec2-instance-profile","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falexpop%2Fec2-instance-profile","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falexpop%2Fec2-instance-profile/lists"}