Skip to main content

🧠 AWS IAM User has more than one active access key - prod.logic.yaml 🟒

Flags​

Input Type​

TypeAPI NameExtractsExtract FilesLogic Files
πŸ”’πŸ“• AWS IAM UserCA10__CaAwsUser__c1328

Uses​

Test Results πŸŸ’β€‹

Generated at: 2025-04-24T23:44:59.909857601Z Open

ResultIdCondition IndexCondition TextRuntime Error
🟒a01βœ”οΈ 199βœ”οΈ extract('CA10__credReportAccessKey1Active__c') == false && extract('CA10__credReportAccessKey2Active__c') == falseβœ”οΈ null
🟒a02βœ”οΈ 300βœ”οΈ otherwiseβœ”οΈ null
🟒a03βœ”οΈ 299βœ”οΈ extract('CA10__credReportAccessKey1Active__c') == true && extract('CA10__credReportAccessKey2Active__c') == trueβœ”οΈ null

Generation​

FileMD5
Open/ce/ca/aws/iam/user-has-more-than-one-active-access-key/policy.yaml59F9724FAE7D1E4CBF8038B38CB70707
Open/ce/ca/aws/iam/user-has-more-than-one-active-access-key/prod.logic.yamlD670EFFCC08A0D37A390190B5A7967C5
Open/ce/ca/aws/iam/user-has-more-than-one-active-access-key/test-data.jsonC9D1F08BED12F98A84A2BEE7B1ED7D18
Open/types/CA10__CaAwsUser__c/credReport.extracts.yaml8152C61E7FBD5E63E054E986AF83B52F

Generate FULL script​

java -jar repo-manager.jar policies generate FULL /ce/ca/aws/iam/user-has-more-than-one-active-access-key/prod.logic.yaml

Generate DEBUG script​

java -jar repo-manager.jar policies generate DEBUG /ce/ca/aws/iam/user-has-more-than-one-active-access-key/prod.logic.yaml

Generate CAPTURE_TEST_DATA script​

java -jar repo-manager.jar policies generate CAPTURE_TEST_DATA /ce/ca/aws/iam/user-has-more-than-one-active-access-key/prod.logic.yaml

Generate TESTS script​

java -jar repo-manager.jar policies generate TESTS /ce/ca/aws/iam/user-has-more-than-one-active-access-key/prod.logic.yaml

Execute tests​

java -jar repo-manager.jar policies test /ce/ca/aws/iam/user-has-more-than-one-active-access-key/prod.logic.yaml

Content​

Open File

---
inputType: "CA10__CaAwsUser__c"
testData:
  - file: test-data.json
importExtracts:
  - file: /types/CA10__CaAwsUser__c/credReport.extracts.yaml
conditions:
  - status: "INAPPLICABLE"
    currentStateMessage: "The user doesn't have active access keys."
    check:
      AND:
        args:
        - IS_EQUAL:
            left:
              EXTRACT: CA10__credReportAccessKey1Active__c
            right:
              BOOLEAN: false
        - IS_EQUAL:
            left:
              EXTRACT: CA10__credReportAccessKey2Active__c
            right:
              BOOLEAN: false
  - status: "INCOMPLIANT"
    currentStateMessage: "More than one Active access key available for IAM user"
    remediationMessage: "Consider removing one of th access keys."
    check:
      AND:
        args:
        - IS_EQUAL:
            left:
              EXTRACT: CA10__credReportAccessKey1Active__c
            right:
              BOOLEAN: true
        - IS_EQUAL:
            left:
              EXTRACT: CA10__credReportAccessKey2Active__c
            right:
              BOOLEAN: true
otherwise:
  status:  "COMPLIANT"
  currentStateMessage: "This IAM user has only one active access key."