🧠 AWS Account Root User MFA is not enabled. - prod.logic.yaml 🟢

• Contextual name: 🧠 prod.logic.yaml 🟢
• ID: /ce/ca/aws/iam/root-user-mfa/prod.logic.yaml
• Located in: 📝 AWS Account Root User MFA is not enabled. 🟢

Flags

• 🟢 Logic test success
• 🟢 Logic with extracts
• 🟢 Logic with test data

Input Type

	Type	API Name	Extracts	Extract Files	Logic Files
🔒	📕 AWS IAM User	CA10__CaAwsUser__c	13	2	8

Uses

• 🔌 AWS IAM User - object.extracts.yaml
• 🔌 AWS IAM User - credReport.extracts.yaml
• 🧪 test-data.json

Test Results 🟢

Generated at: 2025-04-24T23:44:58.336496355Z Open

Result	Id	Condition Index	Condition Text	Runtime Error
🟢	a0	✔️ 99	✔️ isDisappeared(CA10__disappearanceTime__c)	✔️ null
🟢	a01	✔️ 199	✔️ extract('CA10__userName__c') != 'root'	✔️ null
🟢	a02	✔️ 299	✔️ extract('CA10__credReportMfaActive__c') == true	✔️ null
🟢	a03	✔️ 399	✔️ extract('CA10__credReportPasswordEnabled__c') != true	✔️ null
🟢	a04	✔️ 399	✔️ extract('CA10__credReportPasswordEnabled__c') != true	✔️ null
🟢	a05	✔️ 400	✔️ otherwise	✔️ null

Generation

	File	MD5
Open	/ce/ca/aws/iam/root-user-mfa/policy.yaml	633EF93BE55352C49752A27E82AC0770
Open	/ce/ca/aws/iam/root-user-mfa/prod.logic.yaml	D543092754223B4C6F6E7D5A9B76D344
Open	/ce/ca/aws/iam/root-user-mfa/test-data.json	FB9550FA93296F834FD234D624FF47E6
Open	/types/CA10__CaAwsUser__c/object.extracts.yaml	2D04C00E6C59E96198CA5A6E62D0A180
Open	/types/CA10__CaAwsUser__c/credReport.extracts.yaml	8152C61E7FBD5E63E054E986AF83B52F

Generate FULL script

java -jar repo-manager.jar policies generate FULL /ce/ca/aws/iam/root-user-mfa/prod.logic.yaml

Generate DEBUG script

java -jar repo-manager.jar policies generate DEBUG /ce/ca/aws/iam/root-user-mfa/prod.logic.yaml

Generate CAPTURE_TEST_DATA script

java -jar repo-manager.jar policies generate CAPTURE_TEST_DATA /ce/ca/aws/iam/root-user-mfa/prod.logic.yaml

Generate TESTS script

java -jar repo-manager.jar policies generate TESTS /ce/ca/aws/iam/root-user-mfa/prod.logic.yaml

Execute tests

java -jar repo-manager.jar policies test /ce/ca/aws/iam/root-user-mfa/prod.logic.yaml

Content

Open File

---
inputType: "CA10__CaAwsUser__c"
testData:
  - file: test-data.json
importExtracts:
  - file: /types/CA10__CaAwsUser__c/credReport.extracts.yaml
  - file: /types/CA10__CaAwsUser__c/object.extracts.yaml
conditions:
  - status: "INAPPLICABLE"
    currentStateMessage: "Requirements of this policy are applicable only to root users."
    check:
      NOT_EQUAL:
        left:
          EXTRACT: CA10__userName__c
        right:
          TEXT: "root"
  - status: "COMPLIANT"
    currentStateMessage: "The root user has MFA enabled."
    check:
      IS_EQUAL:
        left:
          EXTRACT: CA10__credReportMfaActive__c
        right:
          BOOLEAN: true
  - status: "COMPLIANT"
    currentStateMessage: "The root user doesn't have credentials."
    check:
      NOT_EQUAL:
        left:
          EXTRACT: CA10__credReportPasswordEnabled__c
        right:
          BOOLEAN: true
otherwise:
  status: "INCOMPLIANT"
  currentStateMessage: "The root user does not have MFA enabled."
  remediationMessage: "Consider enabling MFA for the root user."