--- inputType: "CA10__CaAwsUser__c" testData: - file: test-data.json importExtracts: - file: /types/CA10__CaAwsUser__c/credReport.extracts.yaml conditions: - status: "INAPPLICABLE" currentStateMessage: "This policy applies only to users with an enabled console password or active access keys." check: AND: args: - IS_EQUAL: left: EXTRACT: CA10__credReportPasswordEnabled__c right: BOOLEAN: false - IS_EQUAL: left: EXTRACT: CA10__credReportAccessKey1Active__c right: BOOLEAN: false - IS_EQUAL: left: EXTRACT: CA10__credReportAccessKey2Active__c right: BOOLEAN: false - status: "INCOMPLIANT" currentStateMessage: "The password has not been used for over 45 days." remediationMessage: "Disable console access for the user." check: AND: args: - IS_EQUAL: left: EXTRACT: CA10__credReportPasswordEnabled__c right: BOOLEAN: true - NOT_EMPTY: arg: EXTRACT: CA10__credReportPasswordLastUsed__c - IS_BEYOND_LAST_DAYS: offsetDays: 45 arg: EXTRACT: CA10__credReportPasswordLastUsed__c - status: "INCOMPLIANT" currentStateMessage: "The password has not been changed for over 45 days." remediationMessage: "Disable console access for the user." check: AND: args: - IS_EQUAL: left: EXTRACT: CA10__credReportPasswordEnabled__c right: BOOLEAN: true - IS_EMPTY: arg: EXTRACT: CA10__credReportPasswordLastUsed__c - NOT_EMPTY: arg: EXTRACT: CA10__credReportPasswordLastChanged__c - IS_BEYOND_LAST_DAYS: offsetDays: 45 arg: EXTRACT: CA10__credReportPasswordLastChanged__c - status: "INCOMPLIANT" currentStateMessage: "Access key 1 has not been used for over 45 days." remediationMessage: "Deactivate access key 1." check: AND: args: - IS_EQUAL: left: EXTRACT: CA10__credReportAccessKey1Active__c right: BOOLEAN: true - NOT_EMPTY: arg: EXTRACT: CA10__credReportAccessKey1LastUsed__c - IS_BEYOND_LAST_DAYS: offsetDays: 45 arg: EXTRACT: CA10__credReportAccessKey1LastUsed__c - status: "INCOMPLIANT" currentStateMessage: "Access key 1 has not been rotated for over 45 days." remediationMessage: "Delete access key 1." check: AND: args: - IS_EQUAL: left: EXTRACT: CA10__credReportAccessKey1Active__c right: BOOLEAN: true - IS_EMPTY: arg: EXTRACT: CA10__credReportAccessKey1LastUsed__c - IS_BEYOND_LAST_DAYS: offsetDays: 45 arg: EXTRACT: CA10__credReportAccessKey1LastRotated__c - status: "INCOMPLIANT" currentStateMessage: "Access key 2 has not been used for over 45 days." remediationMessage: "Deactivate access key 2." check: AND: args: - IS_EQUAL: left: EXTRACT: CA10__credReportAccessKey2Active__c right: BOOLEAN: true - NOT_EMPTY: arg: EXTRACT: CA10__credReportAccessKey2LastUsed__c - IS_BEYOND_LAST_DAYS: offsetDays: 45 arg: EXTRACT: CA10__credReportAccessKey2LastUsed__c - status: "INCOMPLIANT" currentStateMessage: "Access key 2 has not been rotated for over 45 days." remediationMessage: "Delete access key 2." check: AND: args: - IS_EQUAL: left: EXTRACT: CA10__credReportAccessKey2Active__c right: BOOLEAN: true - IS_EMPTY: arg: EXTRACT: CA10__credReportAccessKey2LastUsed__c - IS_BEYOND_LAST_DAYS: offsetDays: 45 arg: EXTRACT: CA10__credReportAccessKey2LastRotated__c otherwise: status: "COMPLIANT" currentStateMessage: "All credentials unused for 45 days or longer have been removed or deactivated."