The Center for Internet Security (CIS) released guidelines for AWS and I thought it’d be interesting to describe these in Gherkin. I could then back the statements with small Python scripts to run the checks through the use of the the Behave package.
As you can see in the example feature below, the Gherkin syntax is reasonably readable:
@kms Feature: AWS Key Management Services @cis @level_2 Scenario: CIS 2.8 Ensure rotation for customer created CMKs is enabled Then all KMS keys must be set to rotate annually
The statements then map to Python functions that do the actual work. Calling
behave against the
set of tests generates JUnit-based XML output so I then pass them through junit2html
for easier reviews.
Overall it’s an interesting approach and gives you a user-friendly description of the tests and output that could be analysed by non-developers. Better yet, failed tests could raise an alarm.
A good chunk of the tests work but it’s definitely not finished. Check out the code.