Skip to main content

aws_hosted_zone Resource

Use the aws_hosted_zone resource to test a specific hosted zone configuration.

Install

This resource is available in the Chef InSpec AWS resource pack.

For information on configuring your AWS environment for Chef InSpec and creating an InSpec profile that uses the InSpec AWS resource pack, see the Chef InSpec documentation on the AWS cloud platform.

Syntax

describe aws_hosted_zone('zone-name') do
    it { should exist }
    its ('name_servers.count') { should eq 4 }
    its ('private_zone') { should be false }
    its ('record_names') { should include 'sid-james.carry-on.films.com' }
end

Parameters

zone_name

This resource takes one parameter, the name of the hosted zone to validate.

Properties

name
The name of the hosted zone.
id
It’s id.
name_servers
List of the associated name servers.
private_zone
If the hosted zone if private or public.
record_count
Number of associated records.
records
The associated records, flattens the list, so each rule will have multiple records for each type.

Examples

Ensure a specific hosted zone exists.

describe aws_hosted_zone('zone-name') do
    it { should exist }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exist

The control will pass if the describe passes all tests.

Use exist to validate the hosted zone exists

describe aws_hosted_zone('zone-name') do
    it { should exist }
end

Use should_not to test the entity should not exist.

describe aws_hosted_zone('zone-name') do
    it { should_not exist }
end

should

The control will pass if the describe passes all tests.

Use should to validate the hosted zone if public or private, the number of name servers is correct or that a specific record exists e.g.

describe aws_hosted_zone('zone-name') do
    it { should exist }
    its ('name_servers.count') { should eq 4 }
    its ('private_zone') { should be false }
    its ('record_names') { should include 'sid-james.carry-on.films.com' }
end

AWS Permissions

Your Principal will need the Route53:Client:GetHostedZoneResponse action with Effect set to Allow.

You can find detailed documentation at Amazon Route 53

Edit this page on GitHub

Thank you for your feedback!

×