π§ AWS Backup Vault contains unencrypted Recovery Points - prod.logic.yaml π’
- Contextual name: π§ prod.logic.yaml π’
- ID:
/ce/ca/aws/backup/vault-contains-unencrypted-recovery-points/prod.logic.yaml - Located in: π AWS Backup Vault contains unencrypted Recovery Points π’
Flagsβ
- π’ Logic test success
- π’ Logic with extracts
- π’ Logic with test data
Input Typeβ
| Type | API Name | Extracts | Extract Files | Logic Files | |
|---|---|---|---|---|---|
| π | π AWS Backup Backup Vault | CA10A1__CaAwsBackupBackupVault__c | 1 |
Usesβ
Test Results π’β
Generated at: 2025-06-25T13:41:09.554641803Z Open
| Result | Id | Condition Index | Condition Text | Runtime Error |
|---|---|---|---|---|
| π’ | test1 | βοΈ 99 | βοΈ isDisappeared(CA10A1__disappearanceTime__c) | βοΈ null |
| π’ | test2 | βοΈ 200 | βοΈ otherwise | βοΈ null |
| π’ | test3 | βοΈ 199 | βοΈ CA10A1__AWS_Backup_Recovery_Points__r.has(INCOMPLIANT) | βοΈ null |
| π’ | test4 | βοΈ 200 | βοΈ otherwise | βοΈ null |
| π’ | test5 | βοΈ 200 | βοΈ otherwise | βοΈ null |
Generationβ
| File | MD5 | |
|---|---|---|
| Open | /ce/ca/aws/backup/vault-contains-unencrypted-recovery-points/policy.yaml | 0DDB007D223F95A82002339BC3D6A010 |
| Open | /ce/ca/aws/backup/vault-contains-unencrypted-recovery-points/prod.logic.yaml | 492CAB216CF5CF41D36C1EDF3D9AED27 |
| Open | /types/CA10A1__CaAwsBackupRecoveryPoint__c/object.extracts.yaml | C4B6C10EA9486A6080860FBE1C6E1BD8 |
| Open | /ce/ca/aws/backup/vault-contains-unencrypted-recovery-points/test-data.json | 6E39716EE48F994F12AEA7F4AC5B9B22 |
Generate FULL scriptβ
java -jar repo-manager.jar policies generate FULL /ce/ca/aws/backup/vault-contains-unencrypted-recovery-points/prod.logic.yaml
Generate DEBUG scriptβ
java -jar repo-manager.jar policies generate DEBUG /ce/ca/aws/backup/vault-contains-unencrypted-recovery-points/prod.logic.yaml
Generate CAPTURE_TEST_DATA scriptβ
java -jar repo-manager.jar policies generate CAPTURE_TEST_DATA /ce/ca/aws/backup/vault-contains-unencrypted-recovery-points/prod.logic.yaml
Generate TESTS scriptβ
java -jar repo-manager.jar policies generate TESTS /ce/ca/aws/backup/vault-contains-unencrypted-recovery-points/prod.logic.yaml
Execute testsβ
java -jar repo-manager.jar policies test /ce/ca/aws/backup/vault-contains-unencrypted-recovery-points/prod.logic.yaml
Contentβ
---
inputType: "CA10A1__CaAwsBackupBackupVault__c"
testData:
- file: "test-data.json"
conditions:
- status: "INCOMPLIANT"
currentStateMessage: "The Backup Vault contains one or more unencrypted Recovery Points."
remediationMessage: "Ensure all Recovery Points are encrypted. This might require configuring the source resource's encryption settings."
check:
RELATED_LIST_HAS:
status: "INCOMPLIANT"
relationshipName: "CA10A1__AWS_Backup_Recovery_Points__r"
otherwise:
status: "COMPLIANT"
currentStateMessage: "All Recovery Points in this Backup Vault are encrypted."
relatedLists:
- relationshipName: "CA10A1__AWS_Backup_Recovery_Points__r"
importExtracts:
- file: "/types/CA10A1__CaAwsBackupRecoveryPoint__c/object.extracts.yaml"
conditions:
- status: "INCOMPLIANT"
currentStateMessage: "The Recovery Point is not encrypted with a KMS key."
remediationMessage: "Consider encrypting this Recovery Point."
check:
IS_EMPTY:
arg:
EXTRACT: "CA10A1__kmsMasterKeyId__c"
otherwise:
status: "COMPLIANT"
currentStateMessage: "The Recovery Point is encrypted with a KMS."