--- inputType: "CA10__CaAwsAccount__c" testData: - file: "test-data.json" conditions: - status: "INCOMPLIANT" currentStateMessage: "The account does not have Security Hub enabled in any region." check: IS_EQUAL: left: RELATED_LIST_COUNT: status: "COMPLIANT" relationshipName: "CA10A1__AWS_Security_Hubs__r" right: NUMBER: 0.0 - status: "COMPLIANT" currentStateMessage: "Security Hub is enabled in all active regions." check: IS_EQUAL: left: RELATED_LIST_COUNT: status: "COMPLIANT" relationshipName: "CA10A1__AWS_Security_Hubs__r" right: RELATED_LIST_COUNT: status: "COMPLIANT" relationshipName: "CA10__AWS_Account_Regions__r" - status: "COMPLIANT" currentStateMessage: "Security Hub is enabled in all regions including inactive regions." check: GREATER_THAN: left: RELATED_LIST_COUNT: status: "COMPLIANT" relationshipName: "CA10A1__AWS_Security_Hubs__r" right: RELATED_LIST_COUNT: status: "COMPLIANT" relationshipName: "CA10__AWS_Account_Regions__r" otherwise: status: "INCOMPLIANT" currentStateMessage: "Security Hub is not enabled in all active regions." remediationMessage: "Enable Security Hub in all active regions." relatedLists: - relationshipName: "CA10A1__AWS_Security_Hubs__r" conditions: [] otherwise: status: "COMPLIANT" currentStateMessage: "Security Hub is enabled." - relationshipName: "CA10__AWS_Account_Regions__r" importExtracts: - file: /types/CA10__CaAwsAccountRegion__c/object.extracts.yaml conditions: - status: "COMPLIANT" currentStateMessage: "Active AWS account region." check: NOT_EQUAL: left: EXTRACT: "CA10__status__c" right: TEXT: "not-opted-in" otherwise: status: "INAPPLICABLE" currentStateMessage: "This AWS account region is not active."