aws_hosted_zone resource
Use the aws_hosted_zone resource to test a specific hosted zone configuration.
Syntax
describe aws_hosted_zone('zone-name') do
it { should exist }
its ('name_servers.count') { should eq 4 }
its ('private_zone') { should be false }
its ('record_names') { should include 'sid-james.carry-on.films.com' }
end
Parameters
This resource takes one parameter, the name of the hosted zone to validate.
Properties
| Property | Description |
|---|---|
| name | The name of the hosted zone. |
| id | It’s id. |
| name_servers | List of the associated name servers |
| private_zone | If the hosted zone if private or public |
| record_count | Number of associated records |
| records | The associated records, flattens the list, so each rule will have multiple records for each type |
Examples
Ensure a specific hosted zone exists
describe aws_hosted_zone('zone-name') do
it { should exist }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.
exist
The control will pass if the describe passes all tests.
Use exist to validate the hosted zone exists
describe aws_hosted_zone('zone-name') do
it { should exist }
end
Use should_not to test the entity should not exist.
describe aws_hosted_zone('zone-name') do
it { should_not exist }
end
should
The control will pass if the describe passes all tests.
Use should to validate the hosted zone if public or private, the number of name
servers is correct or that a specific record exists e.g.
describe aws_hosted_zone('zone-name') do
it { should exist }
its ('name_servers.count') { should eq 4 }
its ('private_zone') { should be false }
its ('record_names') { should include 'sid-james.carry-on.films.com' }
end
AWS Permissions
Your Principal
will need the route53:ListHostedZones action with Effect set to Allow.
You can find detailed documentation at Amazon Route 53