--- policy: /ce/ca/aws/dms/replication-instance-auto-minor-upgrade logic: /ce/ca/aws/dms/replication-instance-auto-minor-upgrade/prod.logic.yaml executionTime: 2026-06-06T12:02:37.801839916Z generationMs: 52 executionMs: 979 rows: - id: test1 match: true status: expected: DISAPPEARED actual: DISAPPEARED conditionIndex: expected: 99 actual: 99 conditionText: expected: isDisappeared(CA10A1__disappearanceTime__c) actual: isDisappeared(CA10A1__disappearanceTime__c) runtimeError: {} - id: test2 match: true status: expected: INCOMPLIANT actual: INCOMPLIANT conditionIndex: expected: 199 actual: 199 conditionText: expected: not(extract('CA10A1__minorVersionAutomaricUpdate__c')) actual: not(extract('CA10A1__minorVersionAutomaricUpdate__c')) runtimeError: {} - id: test3 match: true status: expected: COMPLIANT actual: COMPLIANT conditionIndex: expected: 200 actual: 200 conditionText: expected: otherwise actual: otherwise runtimeError: {} usedFiles: - path: /ce/ca/aws/dms/replication-instance-auto-minor-upgrade/policy.yaml md5Hash: 5B35B698A6DC158201A27A4AB4462052 content: | --- names: full: AWS DMS Replication Instance Auto Minor Version Upgrade is not enabled contextual: Replication Instance Auto Minor Version Upgrade is not enabled description: > Ensure that AWS DMS Replication Instances have the Auto Minor Version Upgrade feature enabled to automatically receive the latest minor engine upgrades, which include security patches, bug fixes, and new features. type: COMPLIANCE_POLICY categories: - RELIABILITY frameworkMappings: - "/frameworks/cloudaware/resource-reliability/infrastructure-modernization" - "/frameworks/aws-fsbp-v1.0.0/dms/06" - "/frameworks/aws-well-architected/ops/05/05" similarPolicies: awsSecurityHub: - name: "[DMS.6] DMS replication instances should have automatic minor version upgrade enabled" url: "https://docs.aws.amazon.com/securityhub/latest/userguide/dms-controls.html#dms-6" internal: - "dec-x-0d66ed99" - path: /ce/ca/aws/dms/replication-instance-auto-minor-upgrade/prod.logic.yaml md5Hash: 8B59E4549B927B50FA0023F99FAFED4D content: | --- inputType: "CA10A1__CaAwsDmsReplicationInstance__c" importExtracts: - file: /types/CA10A1__CaAwsDmsReplicationInstance__c/object.extracts.yaml testData: - file: "test-data.json" conditions: - status: "INCOMPLIANT" currentStateMessage: "Auto minor version upgrade is not enabled for the DMS replication instance." remediationMessage: "Enable auto minor version upgrade for this DMS replication instance." check: NOT: arg: EXTRACT: "CA10A1__minorVersionAutomaricUpdate__c" otherwise: status: "COMPLIANT" currentStateMessage: "Auto minor version upgrade is enabled for the DMS replication instance." - path: /ce/ca/aws/dms/replication-instance-auto-minor-upgrade/test-data.json md5Hash: 8DDEC8A346D382CB2F3EA00E6E247961 content: |- [ { "expectedResult": { "status": "DISAPPEARED", "conditionIndex": "99", "conditionText": "isDisappeared(CA10A1__disappearanceTime__c)", "runtimeError": null }, "context": { "snapshotTime": "2025-07-09T20:13:51Z" }, "Id": "test1", "CA10A1__disappearanceTime__c": "2025-07-09T13:41:52Z", "CA10A1__minorVersionAutomaricUpdate__c": false }, { "expectedResult": { "status": "INCOMPLIANT", "conditionIndex": "199", "conditionText": "not(extract('CA10A1__minorVersionAutomaricUpdate__c'))", "runtimeError": null }, "context": { "snapshotTime": "2025-07-09T20:13:51Z" }, "Id": "test2", "CA10A1__disappearanceTime__c": null, "CA10A1__minorVersionAutomaricUpdate__c": false }, { "expectedResult": { "status": "COMPLIANT", "conditionIndex": "200", "conditionText": "otherwise", "runtimeError": null }, "context": { "snapshotTime": "2025-07-09T20:13:51Z" }, "Id": "test3", "CA10A1__disappearanceTime__c": null, "CA10A1__minorVersionAutomaricUpdate__c": true } ] - path: /types/CA10A1__CaAwsDmsReplicationInstance__c/object.extracts.yaml md5Hash: 3053881A20CD44B23F396A758DE90778 content: "---\nextracts:\n# Checkbox. Values: true/false. Can't have no access,\ \ retrieved via dms:DescribeReplicationInstances\n - name: CA10A1__publiclyAccessible__c\n\ \ value: \n FIELD:\n path: CA10A1__publiclyAccessible__c\n# Checkbox.\ \ Values: true/false. Can't have no access, retrieved via dms:DescribeReplicationInstances\n\ \ - name: CA10A1__minorVersionAutomaricUpdate__c\n value: \n FIELD:\n\ \ path: CA10A1__minorVersionAutomaricUpdate__c\n# Checkbox. Values: true/false.\ \ Can't have no access, retrieved via dms:DescribeReplicationInstances\n -\ \ name: CA10A1__multiAz__c\n value: \n FIELD:\n path: CA10A1__multiAz__c\n" script: |- CREATE TEMP FUNCTION mock_ExpectedResult() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "Id" : "test1", "expectedResult" : { "status" : "DISAPPEARED", "conditionIndex" : "99", "conditionText" : "isDisappeared(CA10A1__disappearanceTime__c)", "runtimeError" : null } }, { "Id" : "test2", "expectedResult" : { "status" : "INCOMPLIANT", "conditionIndex" : "199", "conditionText" : "not(extract('CA10A1__minorVersionAutomaricUpdate__c'))", "runtimeError" : null } }, { "Id" : "test3", "expectedResult" : { "status" : "COMPLIANT", "conditionIndex" : "200", "conditionText" : "otherwise", "runtimeError" : null } } ]; """; CREATE TEMP FUNCTION mock_CA10A1__CaAwsDmsReplicationInstance__c() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "context" : { "snapshotTime" : new Date("2025-07-09T20:13:51Z") }, "CA10A1__disappearanceTime__c" : new Date("2025-07-09T13:41:52Z"), "CA10A1__minorVersionAutomaricUpdate__c" : false, "Id" : "test1" }, { "context" : { "snapshotTime" : new Date("2025-07-09T20:13:51Z") }, "CA10A1__minorVersionAutomaricUpdate__c" : false, "Id" : "test2" }, { "context" : { "snapshotTime" : new Date("2025-07-09T20:13:51Z") }, "CA10A1__minorVersionAutomaricUpdate__c" : true, "Id" : "test3" } ]; """; CREATE TEMP FUNCTION process_CA10A1__CaAwsDmsReplicationInstance__c( obj STRUCT< CA10A1__disappearanceTime__c TIMESTAMP, CA10A1__minorVersionAutomaricUpdate__c BOOLEAN, Id STRING >, snapshotTime TIMESTAMP ) RETURNS STRUCT DETERMINISTIC LANGUAGE js AS r""" var references1 = []; // condition[0], conditionIndex:[0..99] references1.push('Deleted From AWS [CA10A1__disappearanceTime__c]: ' + obj.CA10A1__disappearanceTime__c); if (obj.CA10A1__disappearanceTime__c != null) { return {status: 'DISAPPEARED', conditionIndex: 99, conditionText: "isDisappeared(CA10A1__disappearanceTime__c)", currentStateMessage: "Object is deleted in the source", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } // condition[1], conditionIndex:[100..199] function extract3() { if (!this.out) { this.out = obj.CA10A1__minorVersionAutomaricUpdate__c; } return this.out; }; references1.push('Minor Version Automatic Update [obj.CA10A1__minorVersionAutomaricUpdate__c]: ' + obj.CA10A1__minorVersionAutomaricUpdate__c); if (!extract3.call(extract3)) { return {status: 'INCOMPLIANT', conditionIndex: 199, conditionText: "not(extract('CA10A1__minorVersionAutomaricUpdate__c'))", currentStateMessage: "Auto minor version upgrade is not enabled for the DMS replication instance.", currentStateReferences: references1.join('\n'), remediation: "Enable auto minor version upgrade for this DMS replication instance.", runtimeError: null}; } return {status: 'COMPLIANT', conditionIndex: 200, conditionText: "otherwise", currentStateMessage: "Auto minor version upgrade is enabled for the DMS replication instance.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; """; SELECT expectedResult.Id as Id, IF ( IFNULL(expectedResult.expectedResult.status, '') = IFNULL(sObject.result.status, '') AND IFNULL(expectedResult.expectedResult.conditionIndex, -1) = IFNULL(sObject.result.conditionIndex, -1) AND IFNULL(expectedResult.expectedResult.conditionText, '') = IFNULL(sObject.result.conditionText, '') AND IFNULL(expectedResult.expectedResult.runtimeError, '') = IFNULL(sObject.result.runtimeError, ''), "MATCH", "FAIL" ) as match, expectedResult.expectedResult.status as expectedStatus, sObject.result.status as actualStatus, expectedResult.expectedResult.conditionIndex as expectedConditionIndex, sObject.result.conditionIndex as actualConditionIndex, expectedResult.expectedResult.conditionText as expectedConditionText, sObject.result.conditionText as actualConditionText, expectedResult.expectedResult.runtimeError as expectedRuntimeError, sObject.result.runtimeError as actualRuntimeError FROM UNNEST(mock_ExpectedResult()) expectedResult LEFT JOIN ( SELECT sObject.CA10A1__disappearanceTime__c AS CA10A1__disappearanceTime__c, sObject.CA10A1__minorVersionAutomaricUpdate__c AS CA10A1__minorVersionAutomaricUpdate__c, sObject.Id AS Id, process_CA10A1__CaAwsDmsReplicationInstance__c( STRUCT( sObject.CA10A1__disappearanceTime__c AS CA10A1__disappearanceTime__c, sObject.CA10A1__minorVersionAutomaricUpdate__c AS CA10A1__minorVersionAutomaricUpdate__c, sObject.Id AS Id ), sObject.context.snapshotTime ) as result FROM UNNEST(mock_CA10A1__CaAwsDmsReplicationInstance__c()) AS sObject ) sObject ON sObject.Id = expectedResult.Id;