π§ AWS Backup Vault contains unencrypted Recovery Points - prod.logic.yamlπ’
- Contextual name: π§ prod.logic.yamlπ’
- ID:
/ce/ca/aws/backup/vault-contains-unencrypted-recovery-points/prod.logic.yaml - Tags:
- π’ Logic test success
- π’ Logic with extracts
- π’ Logic with test data
Usesβ
- π AWS Backup Backup Vault
- π AWS Backup Recovery Point - object.extracts.yaml
- π§ͺ test-data.json
Test Results π’β
Generated at: 2026-02-10T22:32:34.392330409Z Open
| Result | Id | Condition Index | Condition Text | Runtime Error |
|---|---|---|---|---|
| π’ | test1 | βοΈ 99 | βοΈ isDisappeared(CA10A1__disappearanceTime__c) | βοΈ null |
| π’ | test2 | βοΈ 200 | βοΈ otherwise | βοΈ null |
| π’ | test3 | βοΈ 199 | βοΈ CA10A1__AWS_Backup_Recovery_Points__r.has(INCOMPLIANT) | βοΈ null |
| π’ | test4 | βοΈ 200 | βοΈ otherwise | βοΈ null |
| π’ | test5 | βοΈ 200 | βοΈ otherwise | βοΈ null |
Generation Bundleβ
| File | MD5 | |
|---|---|---|
| Open | /ce/ca/aws/backup/vault-contains-unencrypted-recovery-points/policy.yaml | ED057226DCABF818CB329D20CFAAF4DB |
| Open | /ce/ca/aws/backup/vault-contains-unencrypted-recovery-points/prod.logic.yaml | 09A47702D3E4F53707F0A491A3CF5239 |
| Open | /ce/ca/aws/backup/vault-contains-unencrypted-recovery-points/test-data.json | 6E39716EE48F994F12AEA7F4AC5B9B22 |
| Open | /types/CA10A1__CaAwsBackupRecoveryPoint__c/object.extracts.yaml | 03645351ED418265EF3EFF8207F505A7 |
Available Commandsβ
repo-manager policies generate FULL /ce/ca/aws/backup/vault-contains-unencrypted-recovery-points/prod.logic.yaml
repo-manager policies generate DEBUG /ce/ca/aws/backup/vault-contains-unencrypted-recovery-points/prod.logic.yaml
repo-manager policies generate CAPTURE_TEST_DATA /ce/ca/aws/backup/vault-contains-unencrypted-recovery-points/prod.logic.yaml
repo-manager policies generate TESTS /ce/ca/aws/backup/vault-contains-unencrypted-recovery-points/prod.logic.yaml
# Execute tests
repo-manager policies test /ce/ca/aws/backup/vault-contains-unencrypted-recovery-points/prod.logic.yaml
Contentβ
---
inputType: "CA10A1__CaAwsBackupBackupVault__c"
testData:
- file: "test-data.json"
conditions:
- status: "INCOMPLIANT"
currentStateMessage: "The Backup Vault contains one or more unencrypted Recovery Points."
remediationMessage: "Ensure all Recovery Points are encrypted. This may require configuring the source resource's encryption settings."
check:
RELATED_LIST_HAS:
status: "INCOMPLIANT"
relationshipName: "CA10A1__AWS_Backup_Recovery_Points__r"
otherwise:
status: "COMPLIANT"
currentStateMessage: "All Recovery Points in this Backup Vault are encrypted."
relatedLists:
- relationshipName: "CA10A1__AWS_Backup_Recovery_Points__r"
importExtracts:
- file: "/types/CA10A1__CaAwsBackupRecoveryPoint__c/object.extracts.yaml"
conditions:
- status: "INCOMPLIANT"
currentStateMessage: "The Recovery Point is not encrypted with a KMS key."
remediationMessage: "Encrypt this Recovery Point."
check:
IS_EMPTY:
arg:
EXTRACT: "CA10A1__kmsMasterKeyId__c"
otherwise:
status: "COMPLIANT"
currentStateMessage: "The Recovery Point is encrypted with a KMS key."