inspec-ssm-reporter
Overview
This is a utility to transform InSpec JSON into an AWS Compliance document
- Parses JSON from STDIN
- Transforms into an AWS Compliance Document
- Reports to SSM Compliance
Background
The default AWS-provided pattern leverages the Ruby environment provided by ChefDK and installs aws-sdk-ssm
directly from Rubygems. Installing ChefDK for this is heavy-handed and not ideal at scale. Additionally, the scripts pull installation packages directly from the Internet which does not work in an air-gapped environment.
The goal here is to deploy InSpec by itself (much smaller package) and leverage this static Golang binary to handle the compliance reporting. This removes the need for a Ruby environment
AWS Equivalent
Calling Scripts
Usage
Linux
inspec exec . --reporter json | inspec-ssm-reporter
if [ $? -ne 0 ]; then
echo "Failed to execute InSpec tests: see stderr"
EXITCODE=2
fi
Windows
$results=inspec exec . --reporter json 2> errors.txt
$results | inspec-ssm-reporter
if(!$?) {
Write-Host "Failed to execute InSpec tests: see stderr"
$EXITCODE=2
}
Development
- Use gvm under WSL
- gvm install go1.15.1
- Run
gofmt
before committing
InSpec JSON Model