π§ AWS CloudFront Web Distribution uses legacy Security Policy - prod.logic.yamlπ’
- Contextual name: π§ prod.logic.yamlπ’
- ID:
/ce/ca/aws/cloudfront/distribution-security-policy/prod.logic.yaml - Tags:
- π’ Logic test success
- π’ Logic with extracts
- π’ Logic with test data
Usesβ
- π AWS CloudFront Distribution
- π AWS CloudFront Distribution - object.extracts.yaml
- π§ͺ test-data.json
Test Results π’β
Generated at: 2025-12-27T12:01:42.297645304Z Open
| Result | Id | Condition Index | Condition Text | Runtime Error |
|---|---|---|---|---|
| π’ | 001 | βοΈ 299 | βοΈ extract('CA10__viewerCertificateMinimumProtocolVersion__c').isEmpty() | βοΈ null |
| π’ | 002 | βοΈ 399 | βοΈ setOfText(['SSLv3', 'TLSv1', 'TLSv1_2016', 'TLSv1.1_2016', 'TLSv1.2_2018', 'TLSv1.2_2019']).contains(extract('CA10__viewerCertificateMinimumProtocolVersion__c')) | βοΈ null |
| π’ | 003 | βοΈ 400 | βοΈ otherwise | βοΈ null |
Generation Bundleβ
| File | MD5 | |
|---|---|---|
| Open | /ce/ca/aws/cloudfront/distribution-security-policy/policy.yaml | BD440DBEF14778586CD51131F04899D5 |
| Open | /ce/ca/aws/cloudfront/distribution-security-policy/prod.logic.yaml | B0AC9435F919294FA2F89F16AD1DF9E1 |
| Open | /ce/ca/aws/cloudfront/distribution-security-policy/test-data.json | BB7A373679CB77721ADAD7D7732EFFED |
| Open | /types/CA10__CaAwsDistribution__c/object.extracts.yaml | 9BBABDA14FE5FD983E28F77F5CC80BF9 |
Available Commandsβ
repo-manager policies generate FULL /ce/ca/aws/cloudfront/distribution-security-policy/prod.logic.yaml
repo-manager policies generate DEBUG /ce/ca/aws/cloudfront/distribution-security-policy/prod.logic.yaml
repo-manager policies generate CAPTURE_TEST_DATA /ce/ca/aws/cloudfront/distribution-security-policy/prod.logic.yaml
repo-manager policies generate TESTS /ce/ca/aws/cloudfront/distribution-security-policy/prod.logic.yaml
# Execute tests
repo-manager policies test /ce/ca/aws/cloudfront/distribution-security-policy/prod.logic.yaml
Contentβ
---
inputType: "CA10__CaAwsDistribution__c"
importExtracts:
- file: "/types/CA10__CaAwsDistribution__c/object.extracts.yaml"
testData:
- file: "test-data.json"
recordTypes:
- "caWebDistribution"
conditions:
- status: "INCOMPLIANT"
currentStateMessage: "Protocol version isn't set."
remediationMessage: "Consider creating a security policy."
check:
IS_EMPTY:
arg:
EXTRACT: "CA10__viewerCertificateMinimumProtocolVersion__c"
- status: "INCOMPLIANT"
currentStateMessage: "The CloudFront Distribution uses a legacy Security Policy."
remediationMessage: "Update the Security Policy to a version enforcing at least TLSv1.2_2021."
check:
CONTAINS:
arg:
SET:
itemType: TEXT
items:
- "SSLv3"
- "TLSv1"
- "TLSv1_2016"
- "TLSv1.1_2016"
- "TLSv1.2_2018"
- "TLSv1.2_2019"
search:
EXTRACT: "CA10__viewerCertificateMinimumProtocolVersion__c"
otherwise:
status: "COMPLIANT"
currentStateMessage: "The CloudFront Distribution uses a current Security Policy."