About the Chef InSpec Alibaba Cloud resource pack
Chef InSpec has resources for auditing Alibaba.
You will need to install Alibaba Cloud SDK version 0.8.0 and require Alibaba Cloud credentials to use the Chef InSpec Alibaba Cloud resources.
Prerequisites
Before you begin you will need to:
Use the Alibaba Cloud resources
To use these resources in your controls, follow these steps:
Define your Alibaba Cloud credentials in an
envrcfile or export them in your shell.# Example Alibaba Cloud Configuration export ALICLOUD_ACCESS_KEY="<ALICLOUD_ACCESS_KEY>" export ALICLOUD_SECRET_KEY="<ALICLOUD_SECRET_KEY>" export ALICLOUD_REGION="eu-west-1"Create a profile:
inspec init profile --platform Alibaba Cloud <PROFILE_NAME>In the generated profile,
inspec.ymldefines theinspec/inspec-alicloudrepository tar file as a dependency:name: <PROFILE_NAME> title: Ali Cloud InSpec Profile maintainer: The Authors copyright: The Authors copyright_email: you@example.com license: Apache-2.0 summary: An InSpec Compliance Profile For Ali CLoud version: 0.1.0 inspec_version: '~> 5' depends: - name: inspec-alicloud url: https://github.com/inspec/inspec-alicloud/archive/main.tar.gz supports: - platform: alicloudIn the controls directory, add controls using the InSpec Alibaba Cloud resources listed below to audit your Alibaba Cloud resources.
Run the profile:
inspec exec <PROFILE_NAME> -t alicloud://
Alibaba Cloud resources
The following Chef InSpec Alibaba Cloud resources are available in this resource pack.
- alicloud_apsaradb_rds_instance resource
- alicloud_apsaradb_rds_instances resource
- alicloud_disk resource
- alicloud_disks resource
- alicloud_ecs_instance resource
- alicloud_ecs_instances resource
- alicloud_ims_user resource
- alicloud_ram_policies resource
- alicloud_ram_policy resource
- alicloud_ram_user resource
- alicloud_ram_user_mfa resource
- alicloud_ram_users resource