How would one combine aws resources e.g. vpc, ec2.. with host resources to verify resolvability and reachability?
I tried to use a host resource to verify resolving but got an error:
× [DNS] loadbalancer-1.0: Ensure DNS Records are created and resolvable
× Control Source Code Error test/controls/route53.rb:10
Unsupported resource/backend combination: host / aws. Exiting. [ALB] loadbalancer-1.0: Ensure Loadbalancer is created and active AWS ALB test should exist AWS ALB test availability_zones.count should be > 2
Ah yes i suspected that would be needed. From a functional point of view i'm verifying my cloud infra and need to verify my dns records have been created and are resolvable. I expected to be able to mix and match resources within a profile. But perhaps we need a aws_route53 resource in this case
At this time, InSpec is limited to one "backend" at a time, and the "platform support" of the resources is entirely determined by the backend.
So, phrasing this differently, could the host resource be loosened to no longer require an "os"-type backend?
Not really, or at least not without a major overhaul and re-purposing. The host resource is intended to determine reachablity of a host from the audit target, and so uses command-line tools on the audit target like ping, nc and so on. Those concepts don't make sense in an AWS world.
We could add a "local mode" to host (this was done for a time on http) - in which the machine running inspec would use local CLI tools to try to resolve the host.
Simplest workaround in the meantime is separate profiles (or one profile with conditionals) and separate InSpec runs.
[ALB] loadbalancer-1.0: Ensure Loadbalancer is created and active