🧠 AWS ELB Load Balancer listener is configured with an outdated security policy - prod.logic.yaml🟢

Contextual name: 🧠 prod.logic.yaml🟢
ID: /ce/ca/aws/elb/load-balancer-listener-security-policy/prod.logic.yaml
Tags:
- 🟢 Logic test success
- 🟢 Logic with extracts
- 🟢 Logic with test data

Uses

📗 AWS ELB Load Balancer
🔌 AWS ELB Load Balancer - object.extracts.yaml
🔌 AWS ELB Load Balancer Listener - object.extracts.yaml
🧪 test-data.json

Test Results 🟢

Generated at: 2026-01-31T12:01:57.719074166Z Open

Result	Id	Condition Index	Condition Text	Runtime Error
🟢	001	✔️ `199`	✔️ `extract('CA10__type__c') != 'application' && extract('CA10__type__c') != 'network'`	✔️ `null`
🟢	002	✔️ `400`	✔️ `otherwise`	✔️ `null`
🟢	003	✔️ `299`	✔️ `CA10__AWS_EC2_Load_Balancer_Listeners__r.has(INCOMPLIANT)`	✔️ `null`
🟢	004	✔️ `399`	✔️ `CA10__AWS_EC2_Load_Balancer_Listeners__r.has(COMPLIANT)`	✔️ `null`
🟢	005	✔️ `400`	✔️ `otherwise`	✔️ `null`

Generation Bundle

	File	MD5
Open	`/ce/ca/aws/elb/load-balancer-listener-security-policy/policy.yaml`	`54B8AAC1BB856D26EED73B2C05A07DDD`
Open	`/ce/ca/aws/elb/load-balancer-listener-security-policy/prod.logic.yaml`	`96BB19B75FC72C0490ABB889BDB0C607`
Open	`/ce/ca/aws/elb/load-balancer-listener-security-policy/test-data.json`	`5833598F4A9787390F13A0D9D2616B00`
Open	`/types/CA10__CaAwsLoadBalancer__c/object.extracts.yaml`	`9895F1EB30DFD8DDB6D571F452C5A7DE`
Open	`/types/CA10__CaAwsLoadBalancerListener__c/object.extracts.yaml`	`B08DBF798158B3BBDAE5E17EB15C281B`

Available Commands

repo-manager policies generate FULL /ce/ca/aws/elb/load-balancer-listener-security-policy/prod.logic.yaml
repo-manager policies generate DEBUG /ce/ca/aws/elb/load-balancer-listener-security-policy/prod.logic.yaml
repo-manager policies generate CAPTURE_TEST_DATA /ce/ca/aws/elb/load-balancer-listener-security-policy/prod.logic.yaml
repo-manager policies generate TESTS /ce/ca/aws/elb/load-balancer-listener-security-policy/prod.logic.yaml
# Execute tests
repo-manager policies test /ce/ca/aws/elb/load-balancer-listener-security-policy/prod.logic.yaml

Content

Open File

---
inputType: "CA10__CaAwsLoadBalancer__c"
importExtracts:
  - file: "/types/CA10__CaAwsLoadBalancer__c/object.extracts.yaml"
testData:
  - file: "test-data.json"
conditions:
  - status: "INAPPLICABLE"
    currentStateMessage: "This policy only applies to Application and Network Load Balancers."
    check:
      AND:
        args:
          - NOT_EQUAL:
              left:
                EXTRACT: "CA10__type__c"
              right:
                TEXT: "application"
          - NOT_EQUAL:
              left:
                EXTRACT: "CA10__type__c"
              right:
                TEXT: "network"
  - status: "INCOMPLIANT"
    currentStateMessage: "The Load Balancer has at least one listener using an outdated security policy."
    remediationMessage: "Update the listener to use a recommended security policy."
    check:
      RELATED_LIST_HAS:
        status: "INCOMPLIANT"
        relationshipName: "CA10__AWS_EC2_Load_Balancer_Listeners__r"
  - status: "COMPLIANT"
    currentStateMessage: "All listeners are using recommended security policies."
    check:
      RELATED_LIST_HAS:
        status: "COMPLIANT"
        relationshipName: "CA10__AWS_EC2_Load_Balancer_Listeners__r"
otherwise:
  status: "COMPLIANT"
  currentStateMessage: "No HTTPS or TLS listeners are configured for this Load Balancer."
relatedLists:
  - relationshipName: "CA10__AWS_EC2_Load_Balancer_Listeners__r"
    importExtracts:
      - file: "/types/CA10__CaAwsLoadBalancerListener__c/object.extracts.yaml"
    conditions:
      - status: "COMPLIANT"
        currentStateMessage: "The Listener uses a recommended security policy."
        check:
          AND:
            args:
              - CONTAINS_ANY:
                  arg:
                    EXTRACT: "CA10__policyName__c"
                  search:
                    SET:
                      itemType: "TEXT"
                      items:
                        - "ELBSecurityPolicy-TLS13-1-2-2021-06"
                        - "ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04"
                        - "ELBSecurityPolicy-TLS13-1-3-2021-06"
                        - "ELBSecurityPolicy-TLS13-1-3-FIPS-2023-04"
                        - "ELBSecurityPolicy-TLS13-1-2-Res-2021-06 "
                        - "ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04"
              - CONTAINS_ANY:
                  arg:
                    EXTRACT: "CA10__protocol__c"
                  search:
                    SET:
                      itemType: "TEXT"
                      items:
                        - "HTTPS"
                        - "TLS"
      - status: "INCOMPLIANT"
        currentStateMessage: "The Listener uses an outdated security policy."
        remediationMessage: "Update Listener's security policy."
        check:
          CONTAINS_ANY:
            arg:
              EXTRACT: "CA10__protocol__c"
            search:
              SET:
                itemType: "TEXT"
                items:
                  - "HTTPS"
                  - "TLS"
    otherwise:
      status: "INAPPLICABLE"
      currentStateMessage: "This is not an HTTPS or TLS Listener."

Uses​

Test Results 🟢​

Generation Bundle​

Available Commands​

Content​

Uses

Test Results 🟢

Generation Bundle

Available Commands

Content