Using aws and os resources in same profile

How would one combine aws resources e.g. vpc, ec2.. with host resources to verify resolvability and reachability?

I tried to use a host resource to verify resolving but got an error:

× [DNS] loadbalancer-1.0: Ensure DNS Records are created and resolvable
× Control Source Code Error test/controls/route53.rb:10
Unsupported resource/backend combination: host / aws. Exiting.
:heavy_check_mark: [ALB] loadbalancer-1.0: Ensure Loadbalancer is created and active
:heavy_check_mark: AWS ALB test should exist
:heavy_check_mark: AWS ALB test availability_zones.count should be > 2

Any ideas on how to do this?

1 Like

I've only every done this with separate profiles. Do you have any specific reason not to split the profiles between OS and cloud layers?

Ah yes i suspected that would be needed. From a functional point of view i'm verifying my cloud infra and need to verify my dns records have been created and are resolvable. I expected to be able to mix and match resources within a profile. But perhaps we need a aws_route53 resource in this case

At this time, InSpec is limited to one "backend" at a time, and the "platform support" of the resources is entirely determined by the backend.

So, phrasing this differently, could the host resource be loosened to no longer require an "os"-type backend?

Not really, or at least not without a major overhaul and re-purposing. The host resource is intended to determine reachablity of a host from the audit target, and so uses command-line tools on the audit target like ping, nc and so on. Those concepts don't make sense in an AWS world.

We could add a "local mode" to host (this was done for a time on http) - in which the machine running inspec would use local CLI tools to try to resolve the host.

Simplest workaround in the meantime is separate profiles (or one profile with conditionals) and separate InSpec runs.

Or maybe you want a Route 53 resource....