π§ AWS S3 Bucket Lifecycle Configuration is not enabled - prod.logic.yamlπ’
- Contextual name: π§ prod.logic.yamlπ’
- ID:
/ce/ca/aws/s3/bucket-lifecycle-configuration/prod.logic.yaml - Tags:
- π’ Logic test success
- π’ Logic with extracts
- π’ Logic with test data
Usesβ
- π AWS S3 Bucket
- π AWS S3 Bucket - object.extracts.yaml
- π§ͺ test-data.json
Test Results π’β
Generated at: 2026-02-10T22:33:17.282536279Z Open
| Result | Id | Condition Index | Condition Text | Runtime Error |
|---|---|---|---|---|
| π’ | test1 | βοΈ 99 | βοΈ isDisappeared(CA10__disappearanceTime__c) | βοΈ null |
| π’ | test2 | βοΈ 199 | βοΈ extract('CA10__versioningMfaDeleteEnabled__c') == true | βοΈ null |
| π’ | test3 | βοΈ 399 | βοΈ not(extract('caJsonBoolean__lifecycleRulesJsonStatusEnabled__c')) | βοΈ null |
| π’ | test4 | βοΈ 499 | βοΈ extract('caJsonBoolean__lifecycleRulesJsonStatusEnabled__c') | βοΈ null |
| π’ | test5 | βοΈ 299 | βοΈ extract('CA10__lifecycleRulesJson__c').isEmpty() | βοΈ null |
| π’ | test6 | βοΈ 101 | βοΈ CA10__versioningMfaDeleteEnabled__c.delegatedTo(CA10__versioningStatus__c).isEmpty() | βοΈ null |
| π’ | test7 | βοΈ 301 | βοΈ extract('CA10__lifecycleRulesJson__c').asJson().isInvalid() | βοΈ Expected property name or '}' in JSON at position 2 (line 1 column 3) |
Generation Bundleβ
| File | MD5 | |
|---|---|---|
| Open | /ce/ca/aws/s3/bucket-lifecycle-configuration/policy.yaml | 11A9CAC2774B3A6151FE51DE4F9CCC88 |
| Open | /ce/ca/aws/s3/bucket-lifecycle-configuration/prod.logic.yaml | 0B5BDC43FBB189EF12C9F0E5150CDF6B |
| Open | /ce/ca/aws/s3/bucket-lifecycle-configuration/test-data.json | D33B968D1A1563E5B087347AE8A1B629 |
| Open | /types/CA10__CaAwsBucket__c/object.extracts.yaml | F56AFA293B0B19D4F39C1EBB70F4C56F |
Available Commandsβ
repo-manager policies generate FULL /ce/ca/aws/s3/bucket-lifecycle-configuration/prod.logic.yaml
repo-manager policies generate DEBUG /ce/ca/aws/s3/bucket-lifecycle-configuration/prod.logic.yaml
repo-manager policies generate CAPTURE_TEST_DATA /ce/ca/aws/s3/bucket-lifecycle-configuration/prod.logic.yaml
repo-manager policies generate TESTS /ce/ca/aws/s3/bucket-lifecycle-configuration/prod.logic.yaml
# Execute tests
repo-manager policies test /ce/ca/aws/s3/bucket-lifecycle-configuration/prod.logic.yaml
Contentβ
---
# This policy is based on ce:ca:aws:s3:enable-bucket-lifecycle-configuration.
# We're able to determine if the Lifecycle configuration is enabled on a bucket
# using the CA10__lifecycleRulesJson__c field.
# Lifecycle configuration is not supported for MFA-enabled buckets and directory buckets.
inputType: "CA10__CaAwsBucket__c"
testData:
- file: "test-data.json"
importExtracts:
- file: "/types/CA10__CaAwsBucket__c/object.extracts.yaml"
conditions:
# Lifecycle configuration on multi-factor authentication (MFA)-enabled buckets is not supported.
# https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-and-other-bucket-config.html#lifecycle-general-considerations-mfa-enabled-bucket
- status: "INAPPLICABLE"
currentStateMessage: "Lifecycle configuration on multi-factor authentication (MFA)-enabled buckets is not supported."
check:
IS_EQUAL:
left:
EXTRACT: "CA10__versioningMfaDeleteEnabled__c"
right:
BOOLEAN: true
- status: "INCOMPLIANT"
currentStateMessage: "The bucket does not have a lifecycle configuration."
remediationMessage: "Create an S3 lifecycle configuration for the bucket."
check:
IS_EMPTY:
arg:
EXTRACT: "CA10__lifecycleRulesJson__c"
- status: "INCOMPLIANT"
currentStateMessage: "Bucket lifecycle configuration rules are disabled."
remediationMessage: "Enable or adding active rules to the bucket lifecycle configuration."
check:
NOT:
arg:
EXTRACT: "caJsonBoolean__lifecycleRulesJsonStatusEnabled__c"
- status: "COMPLIANT"
currentStateMessage: "The bucket lifecycle configuration is enabled."
check:
EXTRACT: "caJsonBoolean__lifecycleRulesJsonStatusEnabled__c"
otherwise:
status: "UNDETERMINED"
currentStateMessage: "Unexpected values in the fields."