--- inputType: "CA10__CaAwsAccount__c" testData: - file: test-data.json importExtracts: - file: /types/CA10__CaAwsAccount__c/object.extracts.yaml conditions: - status: "COMPLIANT" currentStateMessage: "IAM Access Analyzer is enabled in all regions." check: IS_EQUAL: left: RELATED_LIST_COUNT: status: "COMPLIANT" relationshipName: "CA10A1__AWS_IAM_Access_Analyzers__r" right: RELATED_LIST_COUNT: status: "COMPLIANT" relationshipName: "CA10__AWS_Account_Regions__r" otherwise: status: "INCOMPLIANT" currentStateMessage: "IAM Access Analyzer is not enabled in all regions." remediationMessage: "Enable IAM Access Analyzer in each active region." relatedLists: - relationshipName: "CA10A1__AWS_IAM_Access_Analyzers__r" importExtracts: - file: /types/CA10A1__CaAwsIamAccessAnalyzer__c/object.extracts.yaml conditions: - status: "INAPPLICABLE" currentStateMessage: "This is not an external access analyzer." check: AND: args: - NOT_EQUAL: left: EXTRACT: "CA10A1__type__c" right: TEXT: "ACCOUNT" - NOT_EQUAL: left: EXTRACT: "CA10A1__type__c" right: TEXT: "ORGANIZATION" - status: "COMPLIANT" currentStateMessage: "Active IAM external access analyzer." check: IS_EQUAL: left: EXTRACT: "CA10A1__status__c" right: TEXT: "ACTIVE" otherwise: status: "INAPPLICABLE" currentStateMessage: "There is no active IAM external access analyzer." - relationshipName: "CA10__AWS_Account_Regions__r" importExtracts: - file: /types/CA10__CaAwsAccountRegion__c/object.extracts.yaml conditions: - status: "COMPLIANT" currentStateMessage: "Active AWS account region." check: NOT_EQUAL: left: EXTRACT: "CA10__status__c" right: TEXT: "not-opted-in" otherwise: status: "INAPPLICABLE" currentStateMessage: "This AWS account region is not active."