0

Trying to clean up some testing for IaC using Inspec, But hardcoding security_group_ids is a no go for obvious reasons.

Im trying to use the ruby sdk instead to pull down the id based of a name (ie like you do with Terraform data resources).

But we work from aws named profiles and while Inspec can connect to named profiles when i run the test ie :

inspec exec . -t aws://prod_account

Is it possible from Inspec to link the call to aws named profiles to ruby code within a control?

Mr.
  • 9,429
  • 13
  • 58
  • 82
Staggerlee011
  • 847
  • 2
  • 13
  • 23

1 Answers1

0

since inspec is written in ruby, you can embed any ruby code within your spec files. for instance, you can have a ruby code with an array and for each array have a spec code.

thus, you can implement a logic for collecting the security group ids and then iterate over them.

Mr.
  • 9,429
  • 13
  • 58
  • 82
  • Hi, yes the code runs, but unless i have a default profile set up the ruby sdk code errors unable to connect. I can set up a named profile hardcoded in the ruby but inspec ignore thats Ive tried running `lumigo-cli switch-profile` to use `inspec exec . -t aws://` but all the inspec is now failing and the ruby working :( – Staggerlee011 Mar 10 '21 at 11:16
  • did you try to use an environment variable and fetch it within your ruby code? – Mr. Mar 10 '21 at 11:42