🧠 AWS Account Root User has active access keys - prod.logic.yaml🟢

Contextual name: 🧠 prod.logic.yaml🟢
ID: /ce/ca/aws/iam/delete-root-user-access-keys/prod.logic.yaml
Tags:
- 🟢 Logic test success
- 🟢 Logic with extracts
- 🟢 Logic with test data

Uses

📗 AWS IAM User
🔌 AWS IAM User - credReport.extracts.yaml
🔌 AWS IAM User - object.extracts.yaml
🧪 test-data.json

Test Results 🟢

Generated at: 2026-02-10T22:32:57.374704344Z Open

Result	Id	Condition Index	Condition Text	Runtime Error
🟢	a01	✔️ `99`	✔️ `isDisappeared(CA10__disappearanceTime__c)`	✔️ `null`
🟢	a02	✔️ `199`	✔️ `extract('CA10__userName__c') != 'root'`	✔️ `null`
🟢	a03I	✔️ `299`	✔️ `extract('CA10__credReportAccessKey1Active__c') == true \|\| extract('CA10__credReportAccessKey2Active__c') == true`	✔️ `null`
🟢	a03	✔️ `300`	✔️ `otherwise`	✔️ `null`

Generation Bundle

	File	MD5
Open	`/ce/ca/aws/iam/delete-root-user-access-keys/policy.yaml`	`4E46571A7C53A9D6C644EB044FFD5048`
Open	`/ce/ca/aws/iam/delete-root-user-access-keys/prod.logic.yaml`	`AE22FFA6EA36A924817A45B4703ABFAD`
Open	`/ce/ca/aws/iam/delete-root-user-access-keys/test-data.json`	`28ACF37626AC89A1F2A44EBD680FA511`
Open	`/types/CA10__CaAwsUser__c/credReport.extracts.yaml`	`F6D383D933A0B64268B39ADE7012508C`
Open	`/types/CA10__CaAwsUser__c/object.extracts.yaml`	`131CCD980BE5290B2C296CE093A686DC`

Available Commands

repo-manager policies generate FULL /ce/ca/aws/iam/delete-root-user-access-keys/prod.logic.yaml
repo-manager policies generate DEBUG /ce/ca/aws/iam/delete-root-user-access-keys/prod.logic.yaml
repo-manager policies generate CAPTURE_TEST_DATA /ce/ca/aws/iam/delete-root-user-access-keys/prod.logic.yaml
repo-manager policies generate TESTS /ce/ca/aws/iam/delete-root-user-access-keys/prod.logic.yaml
# Execute tests
repo-manager policies test /ce/ca/aws/iam/delete-root-user-access-keys/prod.logic.yaml

Content

Open File

---
inputType: "CA10__CaAwsUser__c"
testData:
  - file: test-data.json
importExtracts:
  - file: /types/CA10__CaAwsUser__c/credReport.extracts.yaml
  - file: /types/CA10__CaAwsUser__c/object.extracts.yaml
conditions:
  - status: "INAPPLICABLE"
    currentStateMessage: "This policy applies only to the root user."
    check:
      NOT_EQUAL:
        left:
          EXTRACT: CA10__userName__c
        right:
          TEXT: "root"
  - status: "INCOMPLIANT"
    currentStateMessage: "Either one or both access keys are active for the root user."
    remediationMessage: "Disable any active access keys for the root user."
    check:
      OR:
        args:
          - IS_EQUAL:
              left:
                EXTRACT: CA10__credReportAccessKey1Active__c
              right:
                BOOLEAN: true
          - IS_EQUAL:
              left:
                EXTRACT: CA10__credReportAccessKey2Active__c
              right:
                BOOLEAN: true
otherwise:
  status: "COMPLIANT"
  currentStateMessage: "The root user does not have any active access keys."

Uses​

Test Results 🟢​

Generation Bundle​

Available Commands​

Content​

Uses

Test Results 🟢

Generation Bundle

Available Commands

Content