--- policy: /ce/ca/aws/rds/parameter-group-event-subscription logic: /ce/ca/aws/rds/parameter-group-event-subscription/prod.logic.yaml executionTime: 2026-05-09T12:03:44.783614098Z generationMs: 61 executionMs: 1744 rows: - id: '001' match: true status: expected: COMPLIANT actual: COMPLIANT conditionIndex: expected: 199 actual: 199 conditionText: expected: CA10__AWS_RDS_Event_Subscriptions__r.has(COMPLIANT) actual: CA10__AWS_RDS_Event_Subscriptions__r.has(COMPLIANT) runtimeError: {} - id: '002' match: true status: expected: INCOMPLIANT actual: INCOMPLIANT conditionIndex: expected: 200 actual: 200 conditionText: expected: otherwise actual: otherwise runtimeError: {} - id: '003' match: true status: expected: INCOMPLIANT actual: INCOMPLIANT conditionIndex: expected: 200 actual: 200 conditionText: expected: otherwise actual: otherwise runtimeError: {} usedFiles: - path: /ce/ca/aws/rds/parameter-group-event-subscription/policy.yaml md5Hash: 29069B5373B822C4184623AAD0A44D9A content: | --- names: full: "AWS RDS Parameter Group Event Subscription for critical events is not configured" contextual: "Parameter Group Event Subscription for critical events is not configured" description: "Ensure that your RDS event notification subscriptions are configured for critical Database Parameter Group events." type: "COMPLIANCE_POLICY" categories: - "RELIABILITY" frameworkMappings: - "/frameworks/cloudaware/logging-and-monitoring/alerting-and-notification" - "/frameworks/aws-fsbp-v1.0.0/rds/21" similarPolicies: cloudConformity: - url: "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/RDS/notifications.html" name: "RDS Event Notifications" - path: /ce/ca/aws/rds/parameter-group-event-subscription/prod.logic.yaml md5Hash: 0BC05782485BDE6986E364BECCF246A7 content: "---\ninputType: \"CA10__CaAwsAccount__c\"\ntestData:\n - file: test-data.json\n\ conditions:\n - status: \"COMPLIANT\"\n currentStateMessage: \"The RDS event\ \ subscription for critical parameter group events is configured.\"\n check:\n\ \ RELATED_LIST_HAS:\n relationshipName: \"CA10__AWS_RDS_Event_Subscriptions__r\"\ \n status: \"COMPLIANT\"\notherwise:\n status: \"INCOMPLIANT\"\n currentStateMessage:\ \ \"The RDS event subscription is not configured for critical parameter group\ \ events.\"\n remediationMessage: \"Configure an event subscription for critical\ \ parameter group events.\"\nrelatedLists:\n - relationshipName: \"CA10__AWS_RDS_Event_Subscriptions__r\"\ \n importExtracts:\n - file: /types/CA10__CaAwsDbEventSubscription__c/object.extracts.yaml\n\ \ conditions:\n - status: \"INAPPLICABLE\"\n currentStateMessage:\ \ \"This is not an active parameter group event subscription.\"\n check:\n\ \ NOT:\n arg:\n AND:\n args:\n\ \ - IS_EQUAL:\n left:\n \ \ EXTRACT: \"CA10__enabled__c\"\n right:\n \ \ BOOLEAN: true\n - IS_EQUAL:\n \ \ left:\n EXTRACT: \"CA10__sourceType__c\"\ \n right:\n TEXT: 'db-parameter-group'\n\ \ - status: \"COMPLIANT\"\n currentStateMessage: \"This is an event\ \ subscription for critical parameter group events.\"\n check:\n \ \ CONTAINS_ALL:\n arg:\n EXTRACT: \"CA10__eventCategories__c\"\ \ \n search:\n LIST:\n itemType: TEXT\n\ \ items: [\"configuration change\"]\n otherwise:\n status:\ \ \"INCOMPLIANT\"\n currentStateMessage: \"This is an event subscription\ \ for non-critical parameter group events.\"\n \n" - path: /ce/ca/aws/rds/parameter-group-event-subscription/test-data.json md5Hash: 1F724D1897168311220F47A0CE4E4FAF content: | [ { "expectedResult": { "status": "COMPLIANT", "conditionIndex": "199", "conditionText": "CA10__AWS_RDS_Event_Subscriptions__r.has(COMPLIANT)", "runtimeError": null }, "context": { "snapshotTime": "2025-11-25T10:00:40Z" }, "Id": "001", "CA10__AWS_RDS_Event_Subscriptions__r": [ { "CA10__disappearanceTime__c": null, "CA10__enabled__c": true, "CA10__sourceType__c": "db-instance", "CA10__eventCategories__c": "failover", "CA10__account__c": "001", "Id": "001-1" }, { "CA10__disappearanceTime__c": null, "CA10__enabled__c": true, "CA10__sourceType__c": "db-parameter-group", "CA10__eventCategories__c": "configuration change\ncreation\ndeletion\nfailover\nfailure\nlow storage\nmaintenance\nnotification\nrecovery\nrestoration\navailability", "CA10__account__c": "001", "Id": "001-2" }, { "CA10__disappearanceTime__c": null, "CA10__enabled__c": true, "CA10__sourceType__c": "db-instance", "CA10__eventCategories__c": "maintenance\nsecurity patching", "CA10__account__c": "001", "Id": "001-3" } ] }, { "expectedResult": { "status": "INCOMPLIANT", "conditionIndex": "200", "conditionText": "otherwise", "runtimeError": null }, "context": { "snapshotTime": "2025-11-25T10:00:40Z" }, "Id": "002", "CA10__AWS_RDS_Event_Subscriptions__r": [ { "CA10__disappearanceTime__c": null, "CA10__enabled__c": true, "CA10__sourceType__c": "db-instance", "CA10__eventCategories__c": "failover", "CA10__account__c": "002", "Id": "002-1" }, { "CA10__disappearanceTime__c": null, "CA10__enabled__c": true, "CA10__sourceType__c": "db-instance", "CA10__eventCategories__c": "configuration change\ncreation\ndeletion\nfailover\nfailure\nlow storage\nmaintenance\nnotification\nrecovery\nrestoration\navailability", "CA10__account__c": "002", "Id": "002-2" }, { "CA10__disappearanceTime__c": null, "CA10__enabled__c": true, "CA10__sourceType__c": "db-instance", "CA10__eventCategories__c": "maintenance\nsecurity patching", "CA10__account__c": "002", "Id": "002-3" } ] }, { "expectedResult": { "status": "INCOMPLIANT", "conditionIndex": "200", "conditionText": "otherwise", "runtimeError": null }, "context": { "snapshotTime": "2025-11-25T10:00:40Z" }, "Id": "003", "CA10__AWS_RDS_Event_Subscriptions__r": [] } ] - path: /types/CA10__CaAwsDbEventSubscription__c/object.extracts.yaml md5Hash: CFB79FB71BF9EF5147DA4CFCE1DE4747 content: "---\nextracts:\n# Nullable. \n - name: CA10__enabled__c\n value:\ \ \n FIELD:\n path: CA10__enabled__c\n# Nullable. \n - name: CA10__sourceType__c\n\ \ value: \n FIELD:\n path: CA10__sourceType__c\n# Nullable. Text.\n\ \ - name: CA10__eventCategories__c\n value: \n FIELD:\n path:\ \ CA10__eventCategories__c\n" script: |- CREATE TEMP FUNCTION mock_ExpectedResult() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "Id" : "001", "expectedResult" : { "status" : "COMPLIANT", "conditionIndex" : "199", "conditionText" : "CA10__AWS_RDS_Event_Subscriptions__r.has(COMPLIANT)", "runtimeError" : null } }, { "Id" : "002", "expectedResult" : { "status" : "INCOMPLIANT", "conditionIndex" : "200", "conditionText" : "otherwise", "runtimeError" : null } }, { "Id" : "003", "expectedResult" : { "status" : "INCOMPLIANT", "conditionIndex" : "200", "conditionText" : "otherwise", "runtimeError" : null } } ]; """; CREATE TEMP FUNCTION mock_CA10__CaAwsAccount__c() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "context" : { "snapshotTime" : new Date("2025-11-25T10:00:40Z") }, "Id" : "001" }, { "context" : { "snapshotTime" : new Date("2025-11-25T10:00:40Z") }, "Id" : "002" }, { "context" : { "snapshotTime" : new Date("2025-11-25T10:00:40Z") }, "Id" : "003" } ]; """; CREATE TEMP FUNCTION mock_CA10__CaAwsDbEventSubscription__c() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "context" : { "snapshotTime" : new Date("2025-11-25T10:00:40Z") }, "CA10__enabled__c" : true, "CA10__sourceType__c" : "db-instance", "CA10__eventCategories__c" : "failover", "CA10__account__c" : "001", "Id" : "001-1" }, { "context" : { "snapshotTime" : new Date("2025-11-25T10:00:40Z") }, "CA10__enabled__c" : true, "CA10__sourceType__c" : "db-parameter-group", "CA10__eventCategories__c" : "configuration change\ncreation\ndeletion\nfailover\nfailure\nlow storage\nmaintenance\nnotification\nrecovery\nrestoration\navailability", "CA10__account__c" : "001", "Id" : "001-2" }, { "context" : { "snapshotTime" : new Date("2025-11-25T10:00:40Z") }, "CA10__enabled__c" : true, "CA10__sourceType__c" : "db-instance", "CA10__eventCategories__c" : "maintenance\nsecurity patching", "CA10__account__c" : "001", "Id" : "001-3" }, { "context" : { "snapshotTime" : new Date("2025-11-25T10:00:40Z") }, "CA10__enabled__c" : true, "CA10__sourceType__c" : "db-instance", "CA10__eventCategories__c" : "failover", "CA10__account__c" : "002", "Id" : "002-1" }, { "context" : { "snapshotTime" : new Date("2025-11-25T10:00:40Z") }, "CA10__enabled__c" : true, "CA10__sourceType__c" : "db-instance", "CA10__eventCategories__c" : "configuration change\ncreation\ndeletion\nfailover\nfailure\nlow storage\nmaintenance\nnotification\nrecovery\nrestoration\navailability", "CA10__account__c" : "002", "Id" : "002-2" }, { "context" : { "snapshotTime" : new Date("2025-11-25T10:00:40Z") }, "CA10__enabled__c" : true, "CA10__sourceType__c" : "db-instance", "CA10__eventCategories__c" : "maintenance\nsecurity patching", "CA10__account__c" : "002", "Id" : "002-3" } ]; """; CREATE TEMP FUNCTION process_CA10__CaAwsAccount__c( obj STRUCT< Id STRING, CA10__AWS_RDS_Event_Subscriptions__r ARRAY >> >, snapshotTime TIMESTAMP ) RETURNS STRUCT DETERMINISTIC LANGUAGE js AS r""" var references1 = []; // condition[0], conditionIndex:[0..99] if (false) { return {status: 'DISAPPEARED', conditionIndex: 99, conditionText: "isDisappeared()", currentStateMessage: "Object is deleted in the source", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } var count_CA10__AWS_RDS_Event_Subscriptions__r_COMPLIANT2 = 0; if (obj.CA10__AWS_RDS_Event_Subscriptions__r != null) { for (var i3 = 0; i3 < obj.CA10__AWS_RDS_Event_Subscriptions__r.length; i3++) { if (typeof(obj.CA10__AWS_RDS_Event_Subscriptions__r[i3].status) !== 'undefined') { if (obj.CA10__AWS_RDS_Event_Subscriptions__r[i3].status == 'COMPLIANT') { count_CA10__AWS_RDS_Event_Subscriptions__r_COMPLIANT2 += obj.CA10__AWS_RDS_Event_Subscriptions__r[i3].count; } } else { if (obj.CA10__AWS_RDS_Event_Subscriptions__r[i3].result.status == 'COMPLIANT') { count_CA10__AWS_RDS_Event_Subscriptions__r_COMPLIANT2 += 1; } } } } // condition[1], conditionIndex:[100..199] references1.push('Related list [CA10__AWS_RDS_Event_Subscriptions__r] ' + (count_CA10__AWS_RDS_Event_Subscriptions__r_COMPLIANT2 > 0 ? 'has' : 'does not have') + ' objects in COMPLIANT status'); if (count_CA10__AWS_RDS_Event_Subscriptions__r_COMPLIANT2 > 0) { return {status: 'COMPLIANT', conditionIndex: 199, conditionText: "CA10__AWS_RDS_Event_Subscriptions__r.has(COMPLIANT)", currentStateMessage: "The RDS event subscription for critical parameter group events is configured.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } return {status: 'INCOMPLIANT', conditionIndex: 200, conditionText: "otherwise", currentStateMessage: "The RDS event subscription is not configured for critical parameter group events.", currentStateReferences: references1.join('\n'), remediation: "Configure an event subscription for critical parameter group events.", runtimeError: null}; """; CREATE TEMP FUNCTION process_CA10__AWS_RDS_Event_Subscriptions__r( obj STRUCT< CA10__disappearanceTime__c TIMESTAMP, CA10__enabled__c BOOLEAN, CA10__sourceType__c STRING, CA10__eventCategories__c STRING, CA10__account__c STRING, Id STRING >, snapshotTime TIMESTAMP ) RETURNS STRUCT DETERMINISTIC LANGUAGE js AS r""" var BytesLib = new function () { this.normalize = function(arg) { return arg == null ? '' : arg; }; this.isEmpty = function(arg) { return this.normalize(arg) == ''; }; this.isNotEmpty = function(arg) { return this.normalize(arg) != ''; }; this.equal = function(left, right) { return this.normalize(left) == this.normalize(right); }; this.notEqual = function(left, right) { return this.normalize(left) != this.normalize(right); }; this.startsWith = function(arg, substring) { return this.normalize(arg).startsWith(this.normalize(substring)); }; this.endsWith = function(arg, substring) { return this.normalize(arg).endsWith(this.normalize(substring)); }; this.contains = function(arg, substring) { return this.normalize(arg).includes(this.normalize(substring)); }; this.containsAll = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.every(sub => normalizedArg.includes(this.normalize(sub))); }; this.containsAny = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.some(sub => normalizedArg.includes(this.normalize(sub))); }; }(); var CollectionLib = new function () { this.parse = function(arg, separator, skipEmpty, skipDuplicates, sort, normalize) { if (arg == null) return []; let parts = arg.split(separator); return this.fromArray(parts, skipEmpty, skipDuplicates, sort, normalize); }; this.fromArray = function(arr, skipEmpty, skipDuplicates, sort, normalize) { if (arr == null) return []; let result = []; let seen = new Set(); arr.forEach(el => { let normalized = normalize ? TextLib.normalize(el) : BytesLib.normalize(el); if (!skipEmpty || (normalize ? TextLib.isNotEmpty(el) : BytesLib.isNotEmpty(el))) { if (!skipDuplicates || !seen.has(normalized)) { if (skipDuplicates) seen.add(normalized); result.push(normalized); } } }); if (sort) result.sort(); return result; }; this.equal = function(left, right) { left = left == null ? [] : left; right = right == null ? [] : right; if (left.length !== right.length) return false; for (let i = 0; i < left.length; i++) { if (left[i] !== right[i]) return false; } return true; }; this.notEqual = function(left, right) { return !this.equal(left, right); }; this.size = function(collection) { return collection == null ? 0 : collection.length; }; this.startsWith = function(collection, search, normalize) { if (collection == null || collection.length === 0) return false; let normalizedSearch = normalize ? TextLib.normalize(search) : BytesLib.normalize(search); return collection[0] === normalizedSearch; }; this.endsWith = function(collection, search, normalize) { if (collection == null || collection.length === 0) return false; let normalizedSearch = normalize ? TextLib.normalize(search) : BytesLib.normalize(search); return collection[collection.length - 1] === normalizedSearch; }; this.contains = function(collection, search, normalize) { if (collection == null || collection.length === 0) return false; return collection.includes(normalize ? TextLib.normalize(search) : BytesLib.normalize(search)); }; this.containsAll = function(collection, searchArray, normalize) { if (collection == null || collection.length === 0 || searchArray == null || searchArray.length === 0) return false; return searchArray.every(search => collection.includes(normalize ? TextLib.normalize(search) : BytesLib.normalize(search))); }; this.containsAny = function(collection, searchArray, normalize) { if (collection == null || collection.length === 0 || searchArray == null || searchArray.length === 0) return false; return searchArray.some(search => collection.includes(normalize ? TextLib.normalize(search) : BytesLib.normalize(search))); }; }(); var TextLib = new function () { this.normalize = function(arg) { return arg == null ? '' : arg.replace(/\s+/g, ' ').trim().toLowerCase(); }; this.isEmpty = function(arg) { return this.normalize(arg) == ''; }; this.isNotEmpty = function(arg) { return this.normalize(arg) != ''; }; this.equal = function(left, right) { return this.normalize(left) == this.normalize(right); }; this.notEqual = function(left, right) { return this.normalize(left) != this.normalize(right); }; this.startsWith = function(arg, substring) { return this.normalize(arg).startsWith(this.normalize(substring)); }; this.endsWith = function(arg, substring) { return this.normalize(arg).endsWith(this.normalize(substring)); }; this.contains = function(arg, substring) { return this.normalize(arg).includes(this.normalize(substring)); }; this.containsAll = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.every(sub => normalizedArg.includes(this.normalize(sub))); }; this.containsAny = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.some(sub => normalizedArg.includes(this.normalize(sub))); }; }(); var references1 = []; // condition[0], conditionIndex:[0..99] references1.push('Deleted From AWS [CA10__disappearanceTime__c]: ' + obj.CA10__disappearanceTime__c); if (obj.CA10__disappearanceTime__c != null) { return {status: 'DISAPPEARED', conditionIndex: 99, conditionText: "isDisappeared(CA10__disappearanceTime__c)", currentStateMessage: "Object is deleted in the source", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } // condition[1], conditionIndex:[100..199] function extract3() { if (!this.out) { this.out = obj.CA10__enabled__c; } return this.out; }; function extract6() { if (!this.out) { this.out = obj.CA10__sourceType__c; } return this.out; }; references1.push('Enabled [obj.CA10__enabled__c]: ' + obj.CA10__enabled__c); references1.push('Source Type [obj.CA10__sourceType__c]: ' + obj.CA10__sourceType__c); if (!(extract3.call(extract3) == true && TextLib.equal(extract6.call(extract6), 'db-parameter-group'))) { return {status: 'INAPPLICABLE', conditionIndex: 199, conditionText: "not(extract('CA10__enabled__c') == true && extract('CA10__sourceType__c') == 'db-parameter-group')", currentStateMessage: "This is not an active parameter group event subscription.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } // condition[2], conditionIndex:[200..299] function extract9() { if (!this.out) { this.out = obj.CA10__eventCategories__c; } return this.out; }; references1.push('Event Categories [obj.CA10__eventCategories__c]: ' + obj.CA10__eventCategories__c); if (TextLib.containsAll(extract9.call(extract9), CollectionLib.fromArray(['configuration change'], false, false, false, true))) { return {status: 'COMPLIANT', conditionIndex: 299, conditionText: "extract('CA10__eventCategories__c').containsAll(listOfText(['configuration change']))", currentStateMessage: "This is an event subscription for critical parameter group events.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } return {status: 'INCOMPLIANT', conditionIndex: 300, conditionText: "otherwise", currentStateMessage: "This is an event subscription for non-critical parameter group events.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; """; SELECT expectedResult.Id as Id, IF ( IFNULL(expectedResult.expectedResult.status, '') = IFNULL(sObject.result.status, '') AND IFNULL(expectedResult.expectedResult.conditionIndex, -1) = IFNULL(sObject.result.conditionIndex, -1) AND IFNULL(expectedResult.expectedResult.conditionText, '') = IFNULL(sObject.result.conditionText, '') AND IFNULL(expectedResult.expectedResult.runtimeError, '') = IFNULL(sObject.result.runtimeError, ''), "MATCH", "FAIL" ) as match, expectedResult.expectedResult.status as expectedStatus, sObject.result.status as actualStatus, expectedResult.expectedResult.conditionIndex as expectedConditionIndex, sObject.result.conditionIndex as actualConditionIndex, expectedResult.expectedResult.conditionText as expectedConditionText, sObject.result.conditionText as actualConditionText, expectedResult.expectedResult.runtimeError as expectedRuntimeError, sObject.result.runtimeError as actualRuntimeError FROM UNNEST(mock_ExpectedResult()) expectedResult LEFT JOIN ( SELECT sObject.Id AS Id, `CA10__AWS_RDS_Event_Subscriptions__r`.arr AS CA10__AWS_RDS_Event_Subscriptions__r, process_CA10__CaAwsAccount__c( STRUCT( sObject.Id AS Id, `CA10__AWS_RDS_Event_Subscriptions__r`.arr AS CA10__AWS_RDS_Event_Subscriptions__r ), sObject.context.snapshotTime ) as result FROM UNNEST(mock_CA10__CaAwsAccount__c()) AS sObject LEFT JOIN ( SELECT sObject.CA10__account__c, ARRAY_AGG( STRUCT( sObject.CA10__disappearanceTime__c AS CA10__disappearanceTime__c, sObject.CA10__enabled__c AS CA10__enabled__c, sObject.CA10__sourceType__c AS CA10__sourceType__c, sObject.CA10__eventCategories__c AS CA10__eventCategories__c, sObject.CA10__account__c AS CA10__account__c, sObject.Id AS Id, process_CA10__AWS_RDS_Event_Subscriptions__r( STRUCT( sObject.CA10__disappearanceTime__c AS CA10__disappearanceTime__c, sObject.CA10__enabled__c AS CA10__enabled__c, sObject.CA10__sourceType__c AS CA10__sourceType__c, sObject.CA10__eventCategories__c AS CA10__eventCategories__c, sObject.CA10__account__c AS CA10__account__c, sObject.Id AS Id ), sObject.context.snapshotTime ) as result ) ) AS arr FROM UNNEST(mock_CA10__CaAwsDbEventSubscription__c()) AS sObject GROUP BY sObject.CA10__account__c ) AS `CA10__AWS_RDS_Event_Subscriptions__r` ON sObject.Id = `CA10__AWS_RDS_Event_Subscriptions__r`.CA10__account__c ) sObject ON sObject.Id = expectedResult.Id;