DNS - Notify if DNS Managed Zone has no DNSSECΒΆ

A ManagedZone is a resource that represents a DNS zone hosted by the Cloud DNS service. Custodian can check if DNSSEC is disabled in DNS Managed Zone which may violate security policy of an organization.

Note that the notify action requires a Pub/Sub topic to be configured. To configure Cloud Pub/Sub messaging please take a look at the Generic Actions page.

    - name: gcp-dns-managed-zones-notify-if-no-dnssec
      resource: gcp.dns-managed-zone
        - type: value
          key: dnssecConfig.state
          # off without quotes is treated as bool False
          value: "off"
        - type: notify
            - email@email
          format: json
            type: pubsub
            topic: projects/cloud-custodian/topics/dns