π§ AWS IAM User Access Keys are not rotated every 90 days or less - prod.logic.yaml π’
- Contextual name: π§ prod.logic.yaml π’
- ID:
/ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/prod.logic.yaml - Located in: π AWS IAM User Access Keys are not rotated every 90 days or less π’
Flagsβ
- π’ Logic test success
- π’ Logic with extracts
- π’ Logic with test data
Input Typeβ
| Type | API Name | Extracts | Extract Files | Logic Files | |
|---|---|---|---|---|---|
| π | π AWS IAM User | CA10__CaAwsUser__c | 13 | 2 | 8 |
Usesβ
Test Results π’β
Generated at: 2025-04-24T23:44:59.149209027Z Open
| Result | Id | Condition Index | Condition Text | Runtime Error |
|---|---|---|---|---|
| π’ | a01 | βοΈ 199 | βοΈ extract('CA10__credReportAccessKey1Active__c') == false && extract('CA10__credReportAccessKey2Active__c') == false | βοΈ null |
| π’ | a02 | βοΈ 299 | βοΈ extract('CA10__credReportAccessKey1Active__c') == true && extract('CA10__credReportAccessKey1LastRotated__c').beyondLastDays(90) | βοΈ null |
| π’ | a03 | βοΈ 399 | βοΈ extract('CA10__credReportAccessKey2Active__c') == true && extract('CA10__credReportAccessKey2LastRotated__c').beyondLastDays(90) | βοΈ null |
| π’ | a04 | βοΈ 400 | βοΈ otherwise | βοΈ null |
Generationβ
| File | MD5 | |
|---|---|---|
| Open | /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/policy.yaml | B4E98E8270B2D69A0FAD38B3484C14C6 |
| Open | /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/prod.logic.yaml | 910961FD9A9CBDBDBB99747B1C89F4A2 |
| Open | /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/test-data.json | 5784E5E64674F7948A9F2AD8210E7614 |
| Open | /types/CA10__CaAwsUser__c/credReport.extracts.yaml | 8152C61E7FBD5E63E054E986AF83B52F |
Generate FULL scriptβ
java -jar repo-manager.jar policies generate FULL /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/prod.logic.yaml
Generate DEBUG scriptβ
java -jar repo-manager.jar policies generate DEBUG /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/prod.logic.yaml
Generate CAPTURE_TEST_DATA scriptβ
java -jar repo-manager.jar policies generate CAPTURE_TEST_DATA /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/prod.logic.yaml
Generate TESTS scriptβ
java -jar repo-manager.jar policies generate TESTS /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/prod.logic.yaml
Execute testsβ
java -jar repo-manager.jar policies test /ce/ca/aws/iam/user-access-keys-are-not-rotated-every-90-days/prod.logic.yaml
Contentβ
---
inputType: "CA10__CaAwsUser__c"
testData:
- file: test-data.json
importExtracts:
- file: /types/CA10__CaAwsUser__c/credReport.extracts.yaml
conditions:
- status: "INAPPLICABLE"
currentStateMessage: "This user doesn't have active access keys."
check:
AND:
args:
- IS_EQUAL:
left:
EXTRACT: CA10__credReportAccessKey1Active__c
right:
BOOLEAN: false
- IS_EQUAL:
left:
EXTRACT: CA10__credReportAccessKey2Active__c
right:
BOOLEAN: false
- status: "INCOMPLIANT"
currentStateMessage: "Access Key 1 hasn't been rotated for over 90 days."
check:
AND:
args:
- IS_EQUAL:
left:
EXTRACT: CA10__credReportAccessKey1Active__c
right:
BOOLEAN: true
- IS_BEYOND_LAST_DAYS:
offsetDays: 90
arg:
EXTRACT: CA10__credReportAccessKey1LastRotated__c
- status: "INCOMPLIANT"
currentStateMessage: "Access Key 2 hasn't been rotated for over 90 days."
check:
AND:
args:
- IS_EQUAL:
left:
EXTRACT: CA10__credReportAccessKey2Active__c
right:
BOOLEAN: true
- IS_BEYOND_LAST_DAYS:
offsetDays: 90
arg:
EXTRACT: CA10__credReportAccessKey2LastRotated__c
otherwise:
status: "COMPLIANT"
currentStateMessage: "All access keys are regularly rotated."