aws_route53_record_set Resource
Use the aws_route53_record_set
InSpec audit resource to test properties of a single specific AWS Route53 record set.
The AWS::Route53::RecordSet
resource specifies information about the record that you want to create.
For additional information, including details on parameters and properties, see the AWS documentation on AWS Route53 Record Set.
Installation
This resource is available in the Chef InSpec AWS resource pack.
See the Chef InSpec documentation on cloud platforms for information on configuring your AWS environment for InSpec and creating an InSpec profile that uses the InSpec AWS resource pack.
Syntax
Ensure that a record exists.
describe aws_route53_record_set(hosted_zone_id: 'HOSTED_ZONE_ID', start_record_name: 'RECORD_SET_NAME') do
it { should exist }
end
Parameters
hosted_zone_id
_(required)The ID of the hosted zone that contains the resource record sets that you want to list.
start_record_name
(required)The name of the record set.
Properties
name
- The name of a record in the specified hosted zone.
type
- The DNS record type.
set_identifier
- In a group of resource record sets that have the same name and type, the value of SetIdentifier must be unique for each resource record set.
weight
- The weight element for every weighted resource record set.
region
- The Amazon EC2 Region of the record set.
geo_location (continent_code)
- The two-letter code for the continent. Amazon Route 53 supports the following continent codes:
AF
: Africa,AN
: Antarctica,AS
: Asia,EU
: Europe,OC
: Oceania,NA
: North America,SA
: South America. geo_location (country_code)
- The two-letter code for a country.
geo_location (subdivision_code)
- The two-letter code for a state of the United States.
failover
- The failover configuration of resource record set. Valid values are
PRIMARY
andSECONDARY
. multi_value_answer
- Whether the resource is a Multivalue answer resource record set. Valid values:
true
orfalse
. ttl
- The resource record cache time to live (TTL), in seconds.
resource_records
- Information about the resource records to act upon.
alias_target (hosted_zone_id)
- Alias resource record sets only: The hosted zone ID of the resource.
alias_target (dns_name)
- Alias resource record sets only: The applicable domain name for your API.
alias_target (evaluate_target_health)
- Applies only to alias, failover alias, geolocation alias, latency alias, and weighted alias resource record sets: When
EvaluateTargetHealth
istrue
, an alias resource record set inherits the health of the referenced AWS resource, such as an ELB load balancer or another resource record set in the hosted zone. Valid values:true
orfalse
. health_check_id
- The ID of a health check.
traffic_policy_instance_id
- The ID of the traffic policy instance. When you create a traffic policy instance, Amazon Route 53 automatically creates a resource record set.
TrafficPolicyInstanceId
is the ID of the traffic policy instance that Route 53 created this resource record set for.
Examples
Ensure a record is available.
describe aws_route53_record_set(hosted_zone_id: 'HOSTED_ZONE_ID', start_record_name: 'RECORD_SET_NAME') do
its('name') { should eq 'RECORD_SET_NAME' }
end
Ensure that the failover is PRIMARY
.
describe aws_route53_record_set(hosted_zone_id: 'HOSTED_ZONE_ID', start_record_name: 'RECORD_SET_NAME') do
its('failover') { should eq 'PRIMARY' }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.
The controls will pass if the list
method returns at least one result.
exist
Use should
to test that the entity exists.
describe aws_route53_record_set(hosted_zone_id: 'HOSTED_ZONE_ID', start_record_name: 'RECORD_SET_NAME') do
it { should exist }
end
Use should_not
to test the entity does not exist.
describe aws_route53_record_set(hosted_zone_id: 'HOSTED_ZONE_ID', start_record_name: 'RECORD_SET_NAME') do
it { should_not exist }
end
be_available
Use should
to check if the record name is available.
describe aws_route53_record_set(hosted_zone_id: 'HOSTED_ZONE_ID', start_record_name: 'RECORD_SET_NAME') do
it { should be_available }
end
AWS Permissions
Your Principal will need the Route53:Client:ListResourceRecordSetsResponse
action with Effect
set to Allow
.