DNS - Notify if DNS Managed Zone has no DNSSEC¶
A ManagedZone is a resource that represents a DNS zone hosted by the Cloud DNS service. Custodian can check if DNSSEC is disabled in DNS Managed Zone which may violate security policy of an organization.
Note that the
notify action requires a Pub/Sub topic to be configured. To configure Cloud Pub/Sub messaging please take a look at the Generic Actions page.
policies: - name: gcp-dns-managed-zones-notify-if-no-dnssec resource: gcp.dns-managed-zone filters: - type: value key: dnssecConfig.state # off without quotes is treated as bool False value: "off" actions: - type: notify to: - email@email format: json transport: type: pubsub topic: projects/cloud-custodian/topics/dns