--- inputType: "CA10__CaAwsAccount__c" testData: - file: "test-data.json" conditions: - status: "INCOMPLIANT" currentStateMessage: "AWS Config is not enabled in all regions." remediationMessage: "Configure AWS Config in all regions." check: RELATED_LIST_HAS: status: "INCOMPLIANT" relationshipName: "CA10__AWS_Config_Settings__r" - status: "COMPLIANT" currentStateMessage: "AWS Config is enabled in all regions." check: RELATED_LIST_HAS: status: "COMPLIANT" relationshipName: "CA10__AWS_Config_Settings__r" - status: "INCOMPLIANT" currentStateMessage: "AWS Config does not have a recorder configured to include global resource types." remediationMessage: "Configure at least one AWS Config recorder to include global resource types." check: RELATED_LIST_HAS: status: "INAPPLICABLE" relationshipName: "CA10__AWS_Config_Settings__r" # There is a possibility that we don't have access to AWS Config Recorders otherwise: status: "INCOMPLIANT" currentStateMessage: "AWS Config is not enabled." remediationMessage: "Enable AWS Config in all regions." relatedLists: - relationshipName: "CA10__AWS_Config_Settings__r" importExtracts: - file: "/types/CA10__CaAwsConfigRecorder__c/object.extracts.yaml" conditions: - status: "INCOMPLIANT" currentStateMessage: "This AWS Config recorder is not configured correctly." remediationMessage: "Reconfigure at least one AWS Config recorder to include global resource types." check: OR: args: - IS_EQUAL: left: EXTRACT: "CA10__allSupported__c" right: BOOLEAN: false - IS_EQUAL: left: EXTRACT: "CA10__recording__c" right: BOOLEAN: false - NOT_EQUAL: left: EXTRACT: "CA10__lastStatus__c" right: TEXT: "SUCCESS" # At least one recorder has to have a CA10__includeGlobalResourceTypes__c enabled - status: "COMPLIANT" currentStateMessage: "This AWS Config recorder is configured to include global resource types." check: IS_EQUAL: left: EXTRACT: "CA10__includeGlobalResourceTypes__c" right: BOOLEAN: true otherwise: status: "INAPPLICABLE" currentStateMessage: "This AWS Config recorder is configured correctly."