🧠 AWS EC2 Default Security Group does not restrict all traffic - prod.logic.yaml🟢
- Contextual name: 🧠 prod.logic.yaml🟢
- ID:
/ce/ca/aws/ec2/default-security-group-does-not-restrict-all-traffic/prod.logic.yaml - Tags:
Uses
Test Results 🟢
Generated at: 2026-02-10T22:32:40.188673164Z Open
| Result | Id | Condition Index | Condition Text | Runtime Error |
|---|---|---|---|---|
| 🟢 | test1 | ✔️ 99 | ✔️ isDisappeared(CA10__disappearanceTime__c) | ✔️ null |
| 🟢 | test2 | ✔️ 199 | ✔️ extract('Name') != 'default' | ✔️ null |
| 🟢 | test3 | ✔️ 299 | ✔️ CA10__AWS_EC2_Security_Group_Rules__r.has(INCOMPLIANT) && CA10__AWS_EC2_Instance_FWs__r.has(INCOMPLIANT) | ✔️ null |
| 🟢 | test4 | ✔️ 399 | ✔️ CA10__AWS_EC2_Security_Group_Rules__r.has(INCOMPLIANT) | ✔️ null |
| 🟢 | test5 | ✔️ 499 | ✔️ CA10__AWS_EC2_Instance_FWs__r.has(INCOMPLIANT) | ✔️ null |
| 🟢 | test6 | ✔️ 500 | ✔️ otherwise | ✔️ null |
| 🟢 | test7 | ✔️ 199 | ✔️ extract('Name') != 'default' | ✔️ null |
Generation Bundle
| File | MD5 | |
|---|---|---|
| Open | /ce/ca/aws/ec2/default-security-group-does-not-restrict-all-traffic/policy.yaml | 0EBDF28466945D5D1B78764891EBE3D7 |
| Open | /ce/ca/aws/ec2/default-security-group-does-not-restrict-all-traffic/prod.logic.yaml | 515C1ABC6336891AD01210F80ED2084F |
| Open | /ce/ca/aws/ec2/default-security-group-does-not-restrict-all-traffic/test-data.json | 37B04986D084BE0C7061311BAC7AE919 |
| Open | /types/CA10__CaAwsSecurityGroup__c/object.extracts.yaml | A2471F2057DC88C21DECC644AE04DF58 |
Available Commands
repo-manager policies generate FULL /ce/ca/aws/ec2/default-security-group-does-not-restrict-all-traffic/prod.logic.yaml
repo-manager policies generate DEBUG /ce/ca/aws/ec2/default-security-group-does-not-restrict-all-traffic/prod.logic.yaml
repo-manager policies generate CAPTURE_TEST_DATA /ce/ca/aws/ec2/default-security-group-does-not-restrict-all-traffic/prod.logic.yaml
repo-manager policies generate TESTS /ce/ca/aws/ec2/default-security-group-does-not-restrict-all-traffic/prod.logic.yaml
# Execute tests
repo-manager policies test /ce/ca/aws/ec2/default-security-group-does-not-restrict-all-traffic/prod.logic.yaml
Content
---
inputType: "CA10__CaAwsSecurityGroup__c"
testData:
- file: "test-data.json"
importExtracts:
- file: "/types/CA10__CaAwsSecurityGroup__c/object.extracts.yaml"
conditions:
- status: "INAPPLICABLE"
currentStateMessage: "This is not a default security group."
check:
NOT_EQUAL:
left:
EXTRACT: "Name"
right:
TEXT: "default"
- status: "INCOMPLIANT"
currentStateMessage: "This default security group doesn't restrict all traffic and is attached to an EC2 instance."
remediationMessage: "Remove all rules from this security group and detach it from all EC2 instances to restrict all traffic."
check:
AND:
args:
- RELATED_LIST_HAS:
status: "INCOMPLIANT"
relationshipName: "CA10__AWS_EC2_Security_Group_Rules__r"
- RELATED_LIST_HAS:
status: "INCOMPLIANT"
relationshipName: "CA10__AWS_EC2_Instance_FWs__r"
- status: "INCOMPLIANT"
currentStateMessage: "This default security group doesn't restrict all traffic."
remediationMessage: "Remove all rules from this security group to restrict all traffic."
check:
RELATED_LIST_HAS:
status: "INCOMPLIANT"
relationshipName: "CA10__AWS_EC2_Security_Group_Rules__r"
- status: "INCOMPLIANT"
currentStateMessage: "This default security group is attached to an EC2 instance."
remediationMessage: "Remove the default security group from all EC2 instances."
check:
RELATED_LIST_HAS:
status: "INCOMPLIANT"
relationshipName: "CA10__AWS_EC2_Instance_FWs__r"
otherwise:
status: "COMPLIANT"
currentStateMessage: "The default security group restricts all traffic."
relatedLists:
- relationshipName: "CA10__AWS_EC2_Security_Group_Rules__r"
conditions: []
otherwise:
status: "INCOMPLIANT"
currentStateMessage: "This is a security group rule."
remediationMessage: "Remove this rule."
- relationshipName: "CA10__AWS_EC2_Instance_FWs__r"
conditions: []
otherwise:
status: "INCOMPLIANT"
currentStateMessage: "This security group is attached to an EC2 instance."
remediationMessage: "Remove the default security group from the EC2 instance."