Reputation: 41
Chef Inspec: undefined local variable or method `aws_region'
I am testing out basic Chef Inspec code. I am running it from a Mac using the API call:
inspec exec sg-disallow-ftp.rb -t aws://
Here is the Chef code for the profile:
title 'Test AWS Security Groups Across All Regions For an Account Disallow FTP'
control 'aws-multi-region-security-group-ftp-1.0' do
impact 1.0
title 'Ensure AWS Security Groups disallow FTP ingress from 0.0.0.0/0.'
aws_region.region_names.each do |region|
aws_security_groups(aws_region: region).group_ids.each do |security_group_id|
describe aws_security_group(aws_region: region, group_id: security_group_id) do
it { should exist }
it { should_not allow_in(ipv4_range: '0.0.0.0/0', port: 21) }
end
end
end
end
I am getting this error:
× aws-multi-region-security-group-ftp-1.0: Ensure AWS Security Groups disallow FTP ingress from 0.0.0.0/0.
× Control Source Code Error sg-disallow-ftp.rb:3
undefined local variable or method `aws_region' for #<#<Class:0x00007fc35a095158>:0x00007fc356ebd568>
Upvotes: 0
Views: 1014
Answers (2)
Reputation: 41
So finally figured it out I had to run inspect vendor --overwrite in the profile directory and the test executed
Upvotes: 1
Reputation: 10122
seems that you are missing few configurations.
i will assume that you have created an inspec profile named aws. you can create a profile by leveraging inspec init
$ inspec init profile aws
once you created the profile, you need to specify the dependecy on inspec-aws to use the resources. you will do this in aws/inspec.yml file, which will look something like:
name: aws
title: InSpec Profile
maintainer: The Authors
copyright: The Authors
copyright_email: [email protected]
license: Apache-2.0
summary: An InSpec Compliance Profile
version: 0.1.0
supports:
platform: aws
inspec_version: '>= 4.6.9'
depends:
- name: inspec-aws
url: https://github.com/inspec/inspec-aws/archive/v1.3.2.tar.gz
and you should be ready to go.
you can verify that it works by using inspec shell with conjunction of resource packs, like so:
$ inspec shell --depends aws -t aws://
Upvotes: 0
Related Questions
- Chef - ERROR: RuntimeError: Please set EDITOR environment variable
- Chef cookbook: undefined local variable or method
- Aws chef node not able to execute chef run list
- ERROR: undefined method `python' for #<Chef::Node::Attribute:0x00000003f78ef8>
- knife ec2 unknown region "ca-central-1"
- chef-recipe ArgumentError unknown directive: "\n"
- Chef uninitialized constant Chef::Recipe::AWS
- Getting an "uninitialized constant Chef::Provider::AwsS3File::RightAws" error when using aws cookbook
- Chef Server Installation error
- Chef and aws cookbook error