I'm trying to test whether my functional IAM user exists on my AWS accounts, I noticed that when the IAM user doesn't exist the control throws an error instead of just reporting as a failed control.
Describe the problem
Versions:
inspec: 5.18.14
inspec-aws: 1.83.53
OS: windows 11 / WSL2 (Debian)
I'm expecting this control:
describe aws_iam_user('my-aws-iam-user') do
it { should exist }
end
to return below message when it doesn't actually exist
× is expected to exist
...
Test Summary: 0 successful, 1 failures, 0 skipped
But instead I'm receiving this output:
inspec exec lt-aws-profile -t aws://
[2022-12-23T09:25:51-03:00] WARN: AWS Service Error encountered running a control with Resource aws_iam_user. Error message: The user with name my-aws-iam-user cannot be found.. You should address this error to ensure your controls are behaving as expected.
Profile: AWS InSpec Profile (lt-aws-profile)
Version: 0.1.0
Target: aws://
Target ID: 0e766696-fc0b-5900-8def-279a5a75c984
AWS IAM User
↺ undefined method `arn' for nil:NilClass
Profile: Amazon Web Services Resource Pack (inspec-aws)
Version: 1.83.53
Target: aws://
Target ID: 0e766696-fc0b-5900-8def-279a5a75c984
No tests executed.
Test Summary: 0 successful, 0 failures, 1 skipped
As you can see you can easily reproduce the problem by just specifying any IAM user you know in advance it doesn't exist in your AWS account.
I'm trying to test whether my functional IAM user exists on my AWS accounts, I noticed that when the IAM user doesn't exist the control throws an error instead of just reporting as a failed control.
Describe the problem
Versions:
I'm expecting this control:
to return below message when it doesn't actually exist
But instead I'm receiving this output:
As you can see you can easily reproduce the problem by just specifying any IAM user you know in advance it doesn't exist in your AWS account.
Possible Solution
N/A