inspec-aws icon indicating copy to clipboard operation
inspec-aws copied to clipboard
verified publisher icon inspec

Add GuardDuty Resource

Open Wraiith32 opened this issue 6 years ago • 0 comments

Detailed Description

Add the ability to use GuardDuty as a resource for control checks.

Context

Guard Duty provides valuable security insights into organizations that have many AWS accounts. We want to have a control that ensures it is enabled and paired with the master GuardDuty account.

Possible Implementation

Psuedo Inspec Control

    detector_ids = aws_guardduty_detectors.detector_ids
    if !detector_ids.empty?
        detector_ids.each do |detector|
            describe aws_guardduty_detector(detector) do
                it { should exist }
                its('status') { should eq "ENABLED" }
                its('master_account') { should eq '1234567890' }
                its('master_relationship') { should eq 'Enabled' }
            end
        end
    else
        describe "GuardDuty Configured" do
            it { should exist }
        end
    end

Wraiith32 avatar Aug 30 '19 16:08 Wraiith32