--- inputType: "CA10__CaAwsSecurityGroup__c" testData: - file: "test-data.json" importExtracts: - file: "/types/CA10__CaAwsSecurityGroup__c/object.extracts.yaml" conditions: - status: "INAPPLICABLE" currentStateMessage: "This is not a default security group." check: NOT_EQUAL: left: EXTRACT: "Name" right: TEXT: "default" - status: "INCOMPLIANT" currentStateMessage: "This default security group doesn't restrict all traffic and is attached to an EC2 instance." remediationMessage: "Remove all rules from this security group and detach it from all EC2 instances to restrict all traffic." check: AND: args: - RELATED_LIST_HAS: status: "INCOMPLIANT" relationshipName: "CA10__AWS_EC2_Security_Group_Rules__r" - RELATED_LIST_HAS: status: "INCOMPLIANT" relationshipName: "CA10__AWS_EC2_Instance_FWs__r" - status: "INCOMPLIANT" currentStateMessage: "This default security group doesn't restrict all traffic." remediationMessage: "Remove all rules from this security group to restrict all traffic." check: RELATED_LIST_HAS: status: "INCOMPLIANT" relationshipName: "CA10__AWS_EC2_Security_Group_Rules__r" - status: "INCOMPLIANT" currentStateMessage: "This default security group is attached to an EC2 instance." remediationMessage: "Remove the default security group from all EC2 instances." check: RELATED_LIST_HAS: status: "INCOMPLIANT" relationshipName: "CA10__AWS_EC2_Instance_FWs__r" otherwise: status: "COMPLIANT" currentStateMessage: "The default security group restricts all traffic." relatedLists: - relationshipName: "CA10__AWS_EC2_Security_Group_Rules__r" conditions: [] otherwise: status: "INCOMPLIANT" currentStateMessage: "This is a security group rule." remediationMessage: "Remove this rule." - relationshipName: "CA10__AWS_EC2_Instance_FWs__r" conditions: [] otherwise: status: "INCOMPLIANT" currentStateMessage: "This security group is attached to an EC2 instance." remediationMessage: "Remove the default security group from the EC2 instance."