Test_Instance_140923

[nbuckingham72]

No description provided.

[github-actions]

TFSEC Scan Success

Show Output

*****************************

TFSEC will check the following folders:
terraform/environments/hmpps-oem terraform/environments/nomis terraform/modules/baseline terraform/modules/baseline_presets

*****************************

Running TFSEC in terraform/environments/hmpps-oem
Excluding the following checks: AWS095

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             6.991758ms
  parsing              176.457809ms
  adaptation           118.401µs
  checks               7.230561ms
  total                190.798529ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    5
  blocks processed     263
  files read           69

  results
  ──────────────────────────────────────────
  passed               1
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

*****************************

Running TFSEC in terraform/environments/nomis
Excluding the following checks: AWS095

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             1.678815ms
  parsing              279.006085ms
  adaptation           354.703µs
  checks               11.583899ms
  total                292.623502ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    5
  blocks processed     274
  files read           73

  results
  ──────────────────────────────────────────
  passed               37
  ignored              4
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

*****************************

Running TFSEC in terraform/modules/baseline
Excluding the following checks: AWS095

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             482.404µs
  parsing              33.442087ms
  adaptation           81.301µs
  checks               8.538073ms
  total                42.543865ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     109
  files read           23

  results
  ──────────────────────────────────────────
  passed               0
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

*****************************

Running TFSEC in terraform/modules/baseline_presets
Excluding the following checks: AWS095

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             335.201µs
  parsing              20.970951ms
  adaptation           89.701µs
  checks               11.538341ms
  total                32.934194ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     37
  files read           17

  results
  ──────────────────────────────────────────
  passed               0
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output

*****************************

Checkov will check the following folders:
terraform/environments/hmpps-oem terraform/environments/nomis terraform/modules/baseline terraform/modules/baseline_presets

*****************************

Running Checkov in terraform/environments/hmpps-oem
terraform scan results:

Passed checks: 90, Failed checks: 4, Skipped checks: 15

Check: CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS"
	FAILED for resource: module.baseline.aws_cloudwatch_log_group.route53
	File: /../../modules/baseline/route53.tf:156-167
	Calling File: /main.tf:33-159
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-cloudwatch-log-group-is-encrypted-by-kms.html

		156 | resource "aws_cloudwatch_log_group" "route53" {
		157 |   for_each = local.route53_zones_to_create
		158 | 
		159 |   provider = aws.us-east-1
		160 | 
		161 |   name              = "/route53/${each.key}"
		162 |   retention_in_days = 30
		163 | 
		164 |   tags = merge(local.tags, {
		165 |     Name = "aws/route53/${each.key}"
		166 |   })
		167 | }

Check: CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year"
	FAILED for resource: module.baseline.aws_cloudwatch_log_group.route53
	File: /../../modules/baseline/route53.tf:156-167
	Calling File: /main.tf:33-159

		156 | resource "aws_cloudwatch_log_group" "route53" {
		157 |   for_each = local.route53_zones_to_create
		158 | 
		159 |   provider = aws.us-east-1
		160 | 
		161 |   name              = "/route53/${each.key}"
		162 |   retention_in_days = 30
		163 | 
		164 |   tags = merge(local.tags, {
		165 |     Name = "aws/route53/${each.key}"
		166 |   })
		167 | }

Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
	FAILED for resource: module.baseline.module.db_instance.aws_db_instance.this
	File: /../../modules/rds_instance/main.tf:5-58
	Calling File: /../../modules/baseline/rds_instance.tf:1-34

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
	FAILED for resource: module.baseline.module.db_instance.aws_db_instance.this
	File: /../../modules/rds_instance/main.tf:5-58
	Calling File: /../../modules/baseline/rds_instance.tf:1-34

		Code lines for this resource are too many. Please use IDE of your choice to review the file.

checkov_exitcode=1

*****************************

Running Checkov in terraform/environments/nomis
terraform scan results:

Passed checks: 121, Failed checks: 7, Skipped checks: 15

Check: CKV_AWS_113: "Ensure Session Manager logs are enabled and encrypted"
	FAILED for resource: aws_ssm_document.session_manager_settings
	File: /ec2_common.tf:5-33
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-networking-62.html

		5  | resource "aws_ssm_document" "session_manager_settings" {
		6  |   name            = "SSM-SessionManagerRunShell"
		7  |   document_type   = "Session"
		8  |   document_format = "JSON"
		9  | 
		10 |   content = jsonencode(
		11 |     {
		12 |       schemaVersion = "1.0"
		13 |       description   = "Document to hold regional settings for Session Manager"
		14 |       sessionType   = "Standard_Stream",
		15 |       inputs = {
		16 |         cloudWatchLogGroupName      = "session-manager-logs"
		17 |         cloudWatchEncryptionEnabled = false
		18 |         cloudWatchStreamingEnabled  = true
		19 |         s3BucketName                = ""
		20 |         s3KeyPrefix                 = ""
		21 |         s3EncryptionEnabled         = false
		22 |         idleSessionTimeout          = "20"
		23 |         kmsKeyId                    = "" # aws_kms_key.session_manager.arn
		24 |         runAsEnabled                = false
		25 |         runAsDefaultUser            = ""
		26 |         shellProfile = {
		27 |           windows = ""
		28 |           linux   = ""
		29 |         }
		30 |       }
		31 |     }
		32 |   )
		33 | }

Check: CKV_AWS_112: "Ensure Session Manager data is encrypted in transit"
	FAILED for resource: aws_ssm_document.session_manager_settings
	File: /ec2_common.tf:5-33
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-session-manager-data-is-encrypted-in-transit.html

		5  | resource "aws_ssm_document" "session_manager_settings" {
		6  |   name            = "SSM-SessionManagerRunShell"
		7  |   document_type   = "Session"
		8  |   document_format = "JSON"
		9  | 
		10 |   content = jsonencode(
		11 |     {
		12 |       schemaVersion = "1.0"
		13 |       description   = "Document to hold regional settings for Session Manager"
		14 |       sessionType   = "Standard_Stream",
		15 |       inputs = {
		16 |         cloudWatchLogGroupName      = "session-manager-logs"
		17 |         cloudWatchEncryptionEnabled = false
		18 |         cloudWatchStreamingEnabled  = true
		19 |         s3BucketName                = ""
		20 |         s3KeyPrefix                 = ""
		21 |         s3EncryptionEnabled         = false
		22 |         idleSessionTimeout          = "20"
		23 |         kmsKeyId                    = "" # aws_kms_key.session_manager.arn
		24 |         runAsEnabled                = false
		25 |         runAsDefaultUser            = ""
		26 |         shellProfile = {
		27 |           windows = ""
		28 |           linux   = ""
		29 |         }
		30 |       }
		31 |     }
		32 |   )
		33 | }

Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: aws_iam_policy_document.cloudwatch_datasource
	File: /ec2_common.tf:322-370

		322 | data "aws_iam_policy_document" "cloudwatch_datasource" {
		323 |   statement {
		324 |     sid    = "AllowReadingMetricsFromCloudWatch"
		325 |     effect = "Allow"
		326 |     actions = [
		327 |       "cloudwatch:DescribeAlarmsForMetric",
		328 |       "cloudwatch:DescribeAlarmHistory",
		329 |       "cloudwatch:DescribeAlarms",
		330 |       "cloudwatch:ListMetrics",
		331 |       "cloudwatch:GetMetricData",
		332 |       "cloudwatch:GetInsightRuleReport"
		333 |     ]
		334 |     #tfsec:ignore:aws-iam-no-policy-wildcards
		335 |     resources = ["*"]
		336 |   }
		337 |   statement {
		338 |     sid    = "AllowReadingLogsFromCloudWatch"
		339 |     effect = "Allow"
		340 |     actions = [
		341 |       "logs:DescribeLogGroups",
		342 |       "logs:GetLogGroupFields",
		343 |       "logs:StartQuery",
		344 |       "logs:StopQuery",
		345 |       "logs:GetQueryResults",
		346 |       "logs:GetLogEvents"
		347 |     ]
		348 |     #tfsec:ignore:aws-iam-no-policy-wildcards
		349 |     resources = ["*"]
		350 |   }
		351 |   statement {
		352 |     sid    = "AllowReadingTagsInstancesRegionsFromEC2"
		353 |     effect = "Allow"
		354 |     actions = [
		355 |       "ec2:DescribeTags",
		356 |       "ec2:DescribeInstances",
		357 |       "ec2:DescribeRegions"
		358 |     ]
		359 |     resources = ["*"]
		360 |   }
		361 |   statement {
		362 |     sid    = "AllowReadingResourcesForTags"
		363 |     effect = "Allow"
		364 |     actions = [
		365 |       "tag:GetResources"
		366 |     ]
		367 |     resources = ["*"]
		368 |   }
		369 | 
		370 | }

Check: CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS"
	FAILED for resource: module.baseline.aws_cloudwatch_log_group.route53
	File: /../../modules/baseline/route53.tf:156-167
	Calling File: /main.tf:33-164
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-cloudwatch-log-group-is-encrypted-by-kms.html

		156 | resource "aws_cloudwatch_log_group" "route53" {
		157 |   for_each = local.route53_zones_to_create
		158 | 
		159 |   provider = aws.us-east-1
		160 | 
		161 |   name              = "/route53/${each.key}"
		162 |   retention_in_days = 30
		163 | 
		164 |   tags = merge(local.tags, {
		165 |     Name = "aws/route53/${each.key}"
		166 |   })
		167 | }

Check: CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year"
	FAILED for resource: module.baseline.aws_cloudwatch_log_group.route53
	File: /../../modules/baseline/route53.tf:156-167
	Calling File: /main.tf:33-164

		156 | resource "aws_cloudwatch_log_group" "route53" {
		157 |   for_each = local.route53_zones_to_create
		158 | 
		159 |   provider = aws.us-east-1
		160 | 
		161 |   name              = "/route53/${each.key}"
		162 |   retention_in_days = 30
		163 | 
		164 |   tags = merge(local.tags, {
		165 |     Name = "aws/route53/${each.key}"
		166 |   })
		167 | }

Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
	FAILED for resource: module.baseline.module.db_instance.aws_db_instance.this
	File: /../../modules/rds_instance/main.tf:5-58
	Calling File: /../../modules/baseline/rds_instance.tf:1-34

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
	FAILED for resource: module.baseline.module.db_instance.aws_db_instance.this
	File: /../../modules/rds_instance/main.tf:5-58
	Calling File: /../../modules/baseline/rds_instance.tf:1-34

		Code lines for this resource are too many. Please use IDE of your choice to review the file.

checkov_exitcode=2

*****************************

Running Checkov in terraform/modules/baseline
2023-09-14 06:42:35,264 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-ec2-autoscaling-group?ref=v2.1.1:None (for external modules, the --download-external-modules flag is required)
2023-09-14 06:42:35,264 [MainThread  ] [WARNI]  Failed to download module git::https://github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.0.0:None (for external modules, the --download-external-modules flag is required)
2023-09-14 06:42:35,265 [MainThread  ] [WARNI]  Failed to download module git::https://github.com/ministryofjustice/modernisation-platform-terraform-loadbalancer.git?ref=v3.0.0:None (for external modules, the --download-external-modules flag is required)
2023-09-14 06:42:35,265 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=v4.0.0:None (for external modules, the --download-external-modules flag is required)
2023-09-14 06:42:35,265 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=v2.1.1:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 83, Failed checks: 5, Skipped checks: 15

Check: CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS"
	FAILED for resource: aws_cloudwatch_log_group.route53
	File: /route53.tf:156-167
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-cloudwatch-log-group-is-encrypted-by-kms.html

		156 | resource "aws_cloudwatch_log_group" "route53" {
		157 |   for_each = local.route53_zones_to_create
		158 | 
		159 |   provider = aws.us-east-1
		160 | 
		161 |   name              = "/route53/${each.key}"
		162 |   retention_in_days = 30
		163 | 
		164 |   tags = merge(local.tags, {
		165 |     Name = "aws/route53/${each.key}"
		166 |   })
		167 | }

Check: CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year"
	FAILED for resource: aws_cloudwatch_log_group.route53
	File: /route53.tf:156-167

		156 | resource "aws_cloudwatch_log_group" "route53" {
		157 |   for_each = local.route53_zones_to_create
		158 | 
		159 |   provider = aws.us-east-1
		160 | 
		161 |   name              = "/route53/${each.key}"
		162 |   retention_in_days = 30
		163 | 
		164 |   tags = merge(local.tags, {
		165 |     Name = "aws/route53/${each.key}"
		166 |   })
		167 | }

Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
	FAILED for resource: module.db_instance.aws_db_instance.this
	File: /../rds_instance/main.tf:5-58
	Calling File: /rds_instance.tf:1-34

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
	FAILED for resource: module.db_instance.aws_db_instance.this
	File: /../rds_instance/main.tf:5-58
	Calling File: /rds_instance.tf:1-34

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
	FAILED for resource: module.lb_listener.aws_lb_listener.this
	File: /../lb_listener/main.tf:1-61
	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html

		Code lines for this resource are too many. Please use IDE of your choice to review the file.

checkov_exitcode=3

*****************************

Running Checkov in terraform/modules/baseline_presets

checkov_exitcode=3

CTFLint Scan Failed

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
terraform/environments/hmpps-oem terraform/environments/nomis terraform/modules/baseline terraform/modules/baseline_presets

*****************************

Running tflint in terraform/environments/hmpps-oem
Excluding the following checks: terraform_unused_declarations
6 issue(s) found:

Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)

  on terraform/environments/hmpps-oem/locals_security_groups.tf line 5:
   5:       "${module.ip_addresses.mp_cidr[module.environment.vpc_name]}",

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_deprecated_interpolation.md

Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)

  on terraform/environments/hmpps-oem/locals_security_groups.tf line 8:
   8:       "${module.ip_addresses.mp_cidr[module.environment.vpc_name]}",

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_deprecated_interpolation.md

Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)

  on terraform/environments/hmpps-oem/locals_security_groups.tf line 12:
  12:       "${module.ip_addresses.mp_cidr[module.environment.vpc_name]}",

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_deprecated_interpolation.md

Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)

  on terraform/environments/hmpps-oem/locals_security_groups.tf line 17:
  17:       "${module.ip_addresses.mp_cidr[module.environment.vpc_name]}",

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_deprecated_interpolation.md

Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)

  on terraform/environments/hmpps-oem/locals_security_groups.tf line 20:
  20:       "${module.ip_addresses.mp_cidr[module.environment.vpc_name]}",

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_deprecated_interpolation.md

Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)

  on terraform/environments/hmpps-oem/locals_security_groups.tf line 24:
  24:       "${module.ip_addresses.mp_cidr[module.environment.vpc_name]}",

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_deprecated_interpolation.md

tflint_exitcode=2

*****************************

Running tflint in terraform/environments/nomis
Excluding the following checks: terraform_unused_declarations
6 issue(s) found:

Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)

  on terraform/environments/nomis/locals_security_groups.tf line 22:
  22:       "${module.ip_addresses.mp_cidr[module.environment.vpc_name]}",

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_deprecated_interpolation.md

Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)

  on terraform/environments/nomis/locals_security_groups.tf line 37:
  37:       "${module.ip_addresses.mp_cidr[module.environment.vpc_name]}",

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_deprecated_interpolation.md

Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)

  on terraform/environments/nomis/locals_security_groups.tf line 41:
  41:       "${module.ip_addresses.mp_cidr[module.environment.vpc_name]}",

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_deprecated_interpolation.md

Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)

  on terraform/environments/nomis/locals_security_groups.tf line 50:
  50:       "${module.ip_addresses.mp_cidr[module.environment.vpc_name]}",

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_deprecated_interpolation.md

Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)

  on terraform/environments/nomis/locals_security_groups.tf line 65:
  65:       "${module.ip_addresses.mp_cidr[module.environment.vpc_name]}",

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_deprecated_interpolation.md

Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)

  on terraform/environments/nomis/locals_security_groups.tf line 69:
  69:       "${module.ip_addresses.mp_cidr[module.environment.vpc_name]}",

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_deprecated_interpolation.md

tflint_exitcode=4

*****************************

Running tflint in terraform/modules/baseline
Excluding the following checks: terraform_unused_declarations
1 issue(s) found:

Warning: `environment` variable has no type (terraform_typed_variables)

  on terraform/modules/baseline/variables.tf line 476:
 476: variable "environment" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

tflint_exitcode=6

*****************************

Running tflint in terraform/modules/baseline_presets
Excluding the following checks: terraform_unused_declarations
4 issue(s) found:

Warning: Missing version constraint for provider "aws" in "required_providers" (terraform_required_providers)

  on terraform/modules/baseline_presets/sns_topics.tf line 13:
  13: data "aws_ssm_parameter" "sns_topics_email" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_required_providers.md

Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)

  on terraform/modules/baseline_presets/sns_topics.tf line 25:
  25:         "${key}" = {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_deprecated_interpolation.md

Warning: `environment` variable has no type (terraform_typed_variables)

  on terraform/modules/baseline_presets/variables.tf line 1:
   1: variable "environment" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

Warning: `ip_addresses` variable has no type (terraform_typed_variables)

  on terraform/modules/baseline_presets/variables.tf line 5:
   5: variable "ip_addresses" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.2.1/docs/rules/terraform_typed_variables.md

tflint_exitcode=8