---
inputType: "CA10__CaAwsIamPolicy__c"
testData:
  - file: "test-data.json"
importExtracts:
  - file: "/types/CA10__CaAwsIamPolicy__c/object.extracts.yaml"
conditions:
  - status: "INAPPLICABLE"
    currentStateMessage: "This is not an AWSCloudShellFullAccess policy."
    check:
      NOT_EQUAL:
        left:
          EXTRACT: "CA10__name__c"
        right:
          TEXT: "AWSCloudShellFullAccess"
  - status: "INCOMPLIANT"
    currentStateMessage: "AWSCloudShellFullAccess policy is attached to a role."
    remediationMessage: "Detach the AWSCloudShellFullAccess policy from roles where it is not required."
    check:
      RELATED_LIST_HAS:
        status: "INCOMPLIANT"
        relationshipName: "CA10__AWS_IAM_Role_Policy_Attachments__r"
otherwise:
  status: "COMPLIANT"
  currentStateMessage: "AWSCloudShellFullAccess policy is not attached."
relatedLists:
  - relationshipName: "CA10__AWS_IAM_Role_Policy_Attachments__r"
    conditions:
      - status: "INCOMPLIANT"
        currentStateMessage: "AWSCloudShellFullAccess policy is attached to a role."
        remediationMessage: "Detach the AWSCloudShellFullAccess policy from this role."
        check:
          NOT_EMPTY_LOOKUP: "CA10__role__r"
    otherwise:
      status: "COMPLIANT"
      currentStateMessage: "AWSCloudShellFullAccess policy is not attached."