Skip to main content

aws_hosted_zone Resource

[edit on GitHub]

Use the aws_hosted_zone resource to test a specific hosted zone configuration.

Installation

This resource is available in the Chef InSpec AWS resource pack.

See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.

Syntax

describe aws_hosted_zone('zone-name') do
    it { should exist }
    its ('name_servers.count') { should eq 4 }
    its ('private_zone') { should be false }
    its ('record_names') { should include 'sid-james.carry-on.films.com' }
end

Parameters

zone_name

This resource takes one parameter, the name of the hosted zone to validate.

Properties

name
The name of the hosted zone.
id
It’s id.
name_servers
List of the associated name servers.
private_zone
If the hosted zone if private or public.
record_count
Number of associated records.
records
The associated records, flattens the list, so each rule will have multiple records for each type.

Examples

Ensure a specific hosted zone exists.

describe aws_hosted_zone('zone-name') do
    it { should exist }
end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.

exist

The control will pass if the describe passes all tests.

Use exist to validate the hosted zone exists

describe aws_hosted_zone('zone-name') do
    it { should exist }
end

Use should_not to test the entity should not exist.

describe aws_hosted_zone('zone-name') do
    it { should_not exist }
end

should

The control will pass if the describe passes all tests.

Use should to validate the hosted zone if public or private, the number of name servers is correct or that a specific record exists e.g.

describe aws_hosted_zone('zone-name') do
    it { should exist }
    its ('name_servers.count') { should eq 4 }
    its ('private_zone') { should be false }
    its ('record_names') { should include 'sid-james.carry-on.films.com' }
end

AWS Permissions

Your Principal will need the Route53:Client:GetHostedZoneResponse action with Effect set to Allow.

You can find detailed documentation at Amazon Route 53

Was this page helpful?

×









Search Results