π§ AWS WAF Web ACL has no WAF Rules or WAF Rule Groups - prod.logic.yamlπ π’
- Contextual name: π§ prod.logic.yamlπ π’
- ID:
/ce/ca/aws/waf/web-acl-without-rules/prod.logic.yaml - Tags:
- π’ Logic test success
- π’ Logic with test data
- π Logic without extracts
Usesβ
- π AWS WAF Web ACL
- π§ͺ test-data.json
Test Results π’β
Generated at: 2025-10-25T12:02:05.203163459Z Open
| Result | Id | Condition Index | Condition Text | Runtime Error |
|---|---|---|---|---|
| π’ | test1 | βοΈ 199 | βοΈ CA10__AWS_WAF_Rules__r.hasNo(COMPLIANT) && CA10A1__AWS_WAF_Rule_Groups__r.hasNo(COMPLIANT) && CA10__AWS_WAF_Web_ACL_Activated_Rules__r.hasNo(COMPLIANT) | βοΈ null |
| π’ | test2 | βοΈ 200 | βοΈ otherwise | βοΈ null |
Generation Bundleβ
| File | MD5 | |
|---|---|---|
| Open | /ce/ca/aws/waf/web-acl-without-rules/policy.yaml | 1FC18725633901D4FC1712B00592F130 |
| Open | /ce/ca/aws/waf/web-acl-without-rules/prod.logic.yaml | 9971A3B861349379583FE222AC1E464B |
| Open | /ce/ca/aws/waf/web-acl-without-rules/test-data.json | F1A216EB5D9756F336EBF9AEDA483AB6 |
Available Commandsβ
repo-manager policies generate FULL /ce/ca/aws/waf/web-acl-without-rules/prod.logic.yaml
repo-manager policies generate DEBUG /ce/ca/aws/waf/web-acl-without-rules/prod.logic.yaml
repo-manager policies generate CAPTURE_TEST_DATA /ce/ca/aws/waf/web-acl-without-rules/prod.logic.yaml
repo-manager policies generate TESTS /ce/ca/aws/waf/web-acl-without-rules/prod.logic.yaml
# Execute tests
repo-manager policies test /ce/ca/aws/waf/web-acl-without-rules/prod.logic.yaml
Contentβ
---
inputType: "CA10__CaAwsWafWebAcl__c"
testData:
- file: "test-data.json"
conditions:
- status: "INCOMPLIANT"
currentStateMessage: "The WAF web ACL does not have any rules or rule groups configured."
remediationMessage: "Add at least one rule or rule group to the web ACL to provide protection."
check:
AND:
args:
- RELATED_LIST_HAS_NO:
status: "COMPLIANT"
relationshipName: "CA10__AWS_WAF_Rules__r"
- RELATED_LIST_HAS_NO:
status: "COMPLIANT"
relationshipName: "CA10A1__AWS_WAF_Rule_Groups__r"
- RELATED_LIST_HAS_NO:
status: "COMPLIANT"
relationshipName: "CA10__AWS_WAF_Web_ACL_Activated_Rules__r"
otherwise:
status: "COMPLIANT"
currentStateMessage: "The WAF web ACL has at least one rule or rule group configured."
relatedLists:
- relationshipName: "CA10__AWS_WAF_Rules__r"
conditions: []
otherwise:
status: "COMPLIANT"
currentStateMessage: "Rule exists."
- relationshipName: "CA10A1__AWS_WAF_Rule_Groups__r"
conditions: []
otherwise:
status: "COMPLIANT"
currentStateMessage: "Rule group exists."
- relationshipName: "CA10__AWS_WAF_Web_ACL_Activated_Rules__r"
conditions: []
otherwise:
status: "COMPLIANT"
currentStateMessage: "Rule exists."