๐ง AWS IAM User Access Keys are not rotated every 90 days or less - prod.logic.yaml๐ข
- Contextual name: ๐ง prod.logic.yaml๐ข
- ID:
/ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/prod.logic.yaml - Tags:
- ๐ข Logic test success
- ๐ข Logic with extracts
- ๐ข Logic with test data
Usesโ
- ๐ AWS IAM User
- ๐ AWS IAM User - credReport.extracts.yaml
- ๐งช test-data.json
Test Results ๐ขโ
Generated at: 2026-02-10T22:33:00.328515793Z Open
| Result | Id | Condition Index | Condition Text | Runtime Error |
|---|---|---|---|---|
| ๐ข | a01 | โ๏ธ 199 | โ๏ธ extract('CA10__credReportAccessKey1Active__c') == false && extract('CA10__credReportAccessKey2Active__c') == false | โ๏ธ null |
| ๐ข | a02 | โ๏ธ 299 | โ๏ธ extract('CA10__credReportAccessKey1Active__c') == true && extract('CA10__credReportAccessKey1LastRotated__c').beyondLastDays(90) | โ๏ธ null |
| ๐ข | a03 | โ๏ธ 399 | โ๏ธ extract('CA10__credReportAccessKey2Active__c') == true && extract('CA10__credReportAccessKey2LastRotated__c').beyondLastDays(90) | โ๏ธ null |
| ๐ข | a04 | โ๏ธ 400 | โ๏ธ otherwise | โ๏ธ null |
Generation Bundleโ
| File | MD5 | |
|---|---|---|
| Open | /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/policy.yaml | E3C41BA2C07E3BC3412721E43EF4E9AB |
| Open | /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/prod.logic.yaml | 3F97A1A2EE64964DEBA0B4C2DFDA45DD |
| Open | /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/test-data.json | 5784E5E64674F7948A9F2AD8210E7614 |
| Open | /types/CA10__CaAwsUser__c/credReport.extracts.yaml | F6D383D933A0B64268B39ADE7012508C |
Available Commandsโ
repo-manager policies generate FULL /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/prod.logic.yaml
repo-manager policies generate DEBUG /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/prod.logic.yaml
repo-manager policies generate CAPTURE_TEST_DATA /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/prod.logic.yaml
repo-manager policies generate TESTS /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/prod.logic.yaml
# Execute tests
repo-manager policies test /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/prod.logic.yaml
Contentโ
---
inputType: "CA10__CaAwsUser__c"
testData:
- file: test-data.json
importExtracts:
- file: /types/CA10__CaAwsUser__c/credReport.extracts.yaml
conditions:
- status: "INAPPLICABLE"
currentStateMessage: "This user does not have active access keys."
check:
AND:
args:
- IS_EQUAL:
left:
EXTRACT: CA10__credReportAccessKey1Active__c
right:
BOOLEAN: false
- IS_EQUAL:
left:
EXTRACT: CA10__credReportAccessKey2Active__c
right:
BOOLEAN: false
- status: "INCOMPLIANT"
currentStateMessage: "Access key 1 has not been rotated for over 90 days."
check:
AND:
args:
- IS_EQUAL:
left:
EXTRACT: CA10__credReportAccessKey1Active__c
right:
BOOLEAN: true
- IS_BEYOND_LAST_DAYS:
offsetDays: 90
arg:
EXTRACT: CA10__credReportAccessKey1LastRotated__c
- status: "INCOMPLIANT"
currentStateMessage: "Access key 2 has not been rotated for over 90 days."
check:
AND:
args:
- IS_EQUAL:
left:
EXTRACT: CA10__credReportAccessKey2Active__c
right:
BOOLEAN: true
- IS_BEYOND_LAST_DAYS:
offsetDays: 90
arg:
EXTRACT: CA10__credReportAccessKey2LastRotated__c
otherwise:
status: "COMPLIANT"
currentStateMessage: "All access keys are rotated regularly."