Exclude EIP protection from Equip WAF ACL

[dms1981]

• Add exclusion for protection that can't be associated with WAFv2 ACL rule
• Remove import block now it's served its purpose

[github-actions]

Trivy Scan Failed

Show Output

```hcl

---

Trivy will check the following folders:
terraform/environments/equip

---

Running Trivy in terraform/environments/equip
2024-09-11T13:50:25Z INFO [db] Need to update DB
2024-09-11T13:50:25Z INFO [db] Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-09-11T13:50:27Z INFO [vuln] Vulnerability scanning is enabled
2024-09-11T13:50:27Z INFO [misconfig] Misconfiguration scanning is enabled
2024-09-11T13:50:27Z INFO Need to update the built-in policies
2024-09-11T13:50:27Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-09-11T13:50:27Z INFO [secret] Secret scanning is enabled
2024-09-11T13:50:27Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-09-11T13:50:27Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.55/docs/scanner/secret#recommendation for faster secret detection
2024-09-11T13:50:28Z INFO [terraform scanner] Scanning root module file_path="."
2024-09-11T13:50:28Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_alb_to_citrix-adc-snip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_alb_to_citrix-adc-vip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_alb_to_ctx_host_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_alb_to_equip_host_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_alb_to_spotfire_host_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_all_hosts_to_domain_controller_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_all_hosts_to_proxies" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_citrix-adc-mgmt_to_ctx_host" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_citrix-adc-mgmt_to_domain_controllers" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_citrix-adc-mgmt_to_equip" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_citrix-adc-mgmt_to_sf" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_citrix-adc-snip_to_ctx-host" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_citrix-adc-snip_to_domain_controller_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_citrix-adc-snip_to_equip" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_citrix-adc-snip_to_spotfire" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_citrix-adc-vip_to_domain_controller_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_ctx_host_internal_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_ctx_host_to_citrix-adc-mgmt" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_ctx_host_to_citrix-adc-snip" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_ctx_host_to_citrix-adc-vip" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_ctx_host_to_equip" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_ctx_host_to_spotfire" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_dns_endpoint_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_domain_controller_internal_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_domain_controller_to_all_hosts_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_domain_controller_to_proxies" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_equip_internal_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_equip_to_SES_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_equip_to_spotfire_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_proxy_host_to_citrix-adc-mgmt" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_soc_to_equip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_spotfire_internal_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_spotfire_to_equip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_alb_to_citrix-adc-snip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_alb_to_citrix-adc-vip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_alb_to_ctx-host_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_alb_to_equip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_alb_to_spotfire_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_azures_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_citrix-adc-mgmt_to_ctx-host_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_citrix-adc-mgmt_to_domain_controller_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_citrix-adc-mgmt_to_equip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_citrix-adc-mgmt_to_spotfire_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_citrix-adc-snip_to_ctx-host_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_citrix-adc-snip_to_domain_controller_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_citrix-adc-snip_to_equip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_citrix-adc-snip_to_spotfire_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_citrix-adc-vip_to_domain_controller_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_ctx-host_to_citrix-adc-snip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_ctx-host_to_citrix-adc-vip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_ctx_host_internal_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_ctx_host_to_citrix-adc-mgmt" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_ctx_hosts_to_equip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_ctx_hosts_to_spotfire_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_dns_endpoint_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_dns_endpoints_to_domain_controller_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_domain_controller_internal_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_domain_controller_to_all_hosts_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_domain_controllers_to_proxies_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_equip_internal_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_equip_to_spotfire_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_hosts_to_domain_controller_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_hosts_to_proxies_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_internet_to_alb_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_internet_to_citrix-adc-vip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_proxy_host_to_citrix-adc-mgmt" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_soc_to_equip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_spotfire_internal_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_spotfire_to_equip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.PowerBI_server["COR-A-GW01"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.PowerBI_server["COR-A-GW01"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2016_multiple["COR-A-CTX01"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2016_multiple["COR-A-CTX01"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2016_multiple["COR-A-CTX02"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2016_multiple["COR-A-CTX02"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2016_multiple["COR-A-CTX03"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2016_multiple["COR-A-CTX03"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2016_multiple["COR-A-DC01"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2016_multiple["COR-A-DC01"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2016_multiple["COR-A-DC02"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2016_multiple["COR-A-DC02"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2016_multiple["COR-A-PXY01"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2016_multiple["COR-A-PXY01"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2016_multiple["COR-A-TST01"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2016_multiple["COR-A-TST01"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2019_SQL_multiple["COR-A-SF02"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2019_SQL_multiple["COR-A-SF02"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2022_STD_multiple["COR-A-EQP04"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2022_STD_multiple["COR-A-EQP04"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2022_STD_multiple["COR-A-EQP05"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.win2022_STD_multiple["COR-A-EQP05"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="citrix_adc.tf:56"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-iam-no-user-attached-policies" range="iam.tf:2-8"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:63-74"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:63-74"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:63-74"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:63-74"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:63-74"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:63-74"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:63-74"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:63-74"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-elb-alb-not-public" range="alb.tf:15-38"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="policy.tf:28-50"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="policy.tf:28-50"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="policy.tf:28-50"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="policy.tf:28-50"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="policy.tf:28-50"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="policy.tf:28-50"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="policy.tf:28-50"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="policy.tf:29"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="policy.tf:29"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="policy.tf:29"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="policy.tf:28-50"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="policy.tf:28-50"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="policy.tf:29"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:22-31"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:29"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-s3-block-public-acls" range="s3-awslogs.tf:10-17"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-s3-block-public-policy" range="s3-awslogs.tf:10-17"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-s3-enable-bucket-encryption" range="s3-awslogs.tf:10-17"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-s3-enable-versioning" range="s3-awslogs.tf:10-17"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="s3-awslogs.tf:59-67"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-s3-ignore-public-acls" range="s3-awslogs.tf:10-17"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-s3-no-public-buckets" range="s3-awslogs.tf:10-17"
2024-09-11T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-s3-specify-public-access-block" range="s3-awslogs.tf:10-17"
2024-09-11T13:50:28Z INFO Number of language-specific files num=0
2024-09-11T13:50:28Z INFO Detected config files num=9

securitygroup.tf (terraform)

Tests: 4 (SUCCESSES: 0, FAILURES: 4, EXCEPTIONS: 0)
Failures: 4 (HIGH: 0, CRITICAL: 4)

CRITICAL: Security group rule allows egress to multiple public internet addresses.
════════════════════════════════════════
Opening up ports to connect out to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.

See https://avd.aquasec.com/misconfig/avd-aws-0104
────────────────────────────────────────
securitygroup.tf:841
via securitygroup.tf:834-843 (aws_security_group_rule.aws_domain_security_group_egress_1)
────────────────────────────────────────
834 resource "aws_security_group_rule" "aws_domain_security_group_egress_1" {
835 type = "egress"
836 protocol = "-1"
837 description = "Open all outbound ports"
838 from_port = 0
839 to_port = 0
840 #tfsec:ignore:AWS009
841 [ cidr_blocks = ["0.0.0.0/0", ]
842 security_group_id = aws_security_group.aws_domain_security_group.id
843 }
────────────────────────────────────────

CRITICAL: Security group rule allows egress to multiple public internet addresses.
════════════════════════════════════════
Opening up ports to connect out to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.

See https://avd.aquasec.com/misconfig/avd-aws-0104
────────────────────────────────────────
securitygroup.tf:571-573
via securitygroup.tf:564-575 (aws_security_group_rule.aws_equip_security_group_egress_1)
────────────────────────────────────────
564 resource "aws_security_group_rule" "aws_equip_security_group_egress_1" {
565 type = "egress"
566 protocol = "-1"
567 description = "Open all outbound ports"
568 from_port = 0
569 to_port = 0
570 #tfsec:ignore:AWS009
571 ┌ cidr_blocks = [
572 └ "0.0.0.0/0",
...
────────────────────────────────────────

CRITICAL: Security group rule allows egress to multiple public internet addresses.
════════════════════════════════════════
Opening up ports to connect out to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.

See https://avd.aquasec.com/misconfig/avd-aws-0104
────────────────────────────────────────
securitygroup.tf:740
via securitygroup.tf:733-742 (aws_security_group_rule.aws_proxy_security_group_egress_1)
────────────────────────────────────────
733 resource "aws_security_group_rule" "aws_proxy_security_group_egress_1" {
734 type = "egress"
735 protocol = "-1"
736 description = "Open all outbound ports"
737 from_port = 0
738 to_port = 0
739 #tfsec:ignore:AWS009
740 [ cidr_blocks = ["0.0.0.0/0"]
741 security_group_id = aws_security_group.aws_proxy_security_group.id
742 }
────────────────────────────────────────

CRITICAL: Security group rule allows egress to multiple public internet addresses.
════════════════════════════════════════
Opening up ports to connect out to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.

See https://avd.aquasec.com/misconfig/avd-aws-0104
────────────────────────────────────────
securitygroup.tf:684
via securitygroup.tf:677-686 (aws_security_group_rule.aws_spotfire_security_group_egress_1)
────────────────────────────────────────
677 resource "aws_security_group_rule" "aws_spotfire_security_group_egress_1" {
678 type = "egress"
679 protocol = "-1"
680 description = "Open all outbound ports"
681 from_port = 0
682 to_port = 0
683 #tfsec:ignore:AWS009
684 [ cidr_blocks = ["0.0.0.0/0"]
685 security_group_id = aws_security_group.aws_spotfire_security_group.id
686 }
────────────────────────────────────────

trivy_exitcode=1

</details> #### `Checkov Scan` Failed
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/equip

*****************************

Running Checkov in terraform/environments/equip
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-09-11 13:50:31,328 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 435, Failed checks: 23, Skipped checks: 10

Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: aws_iam_policy_document.kms_policy
	File: /data.tf:8-83
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-356

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
	FAILED for resource: module.PowerBI_server.aws_instance.this
	File: /ec2-instance-module/main.tf:6-133
	Calling File: /main.tf:569-595
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-31

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
	FAILED for resource: module.win2016_multiple.aws_instance.this
	File: /ec2-instance-module/main.tf:6-133
	Calling File: /main.tf:214-241
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-31

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
	FAILED for resource: module.win2019_SQL_multiple.aws_instance.this
	File: /ec2-instance-module/main.tf:6-133
	Calling File: /main.tf:367-395
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-31

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
	FAILED for resource: module.win2022_STD_multiple.aws_instance.this
	File: /ec2-instance-module/main.tf:6-133
	Calling File: /main.tf:501-527
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-31

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_290: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: aws_iam_policy.citrix_adc_instance_policy
	File: /policy.tf:24-51
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-290

		24 | resource "aws_iam_policy" "citrix_adc_instance_policy" {
		25 |   name        = "citrix_adc_instance_policy"
		26 |   path        = "/"
		27 |   description = "Policy for Citrix NetScaler instance"
		28 |   policy = jsonencode({
		29 |     "Version" : "2012-10-17",
		30 |     "Statement" : [
		31 |       {
		32 |         "Effect" : "Allow",
		33 |         "Action" : [
		34 |           "ec2:DescribeInstances",
		35 |           "ec2:DescribeNetworkInterfaces",
		36 |           "ec2:DetachNetworkInterface",
		37 |           "ec2:AttachNetworkInterface",
		38 |           "ec2:StartInstances",
		39 |           "ec2:StopInstances",
		40 |           "ec2:RebootInstances",
		41 |           "autoscaling:*",
		42 |           "sns:*",
		43 |           "sqs:*",
		44 |           "iam:SimulatePrincipalPolicy",
		45 |           "iam:GetRole"
		46 |         ],
		47 |         "Resource" : "*"
		48 |       }
		49 |     ]
		50 |   })
		51 | }

Check: CKV_AWS_355: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: aws_iam_policy.citrix_adc_instance_policy
	File: /policy.tf:24-51
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-355

		24 | resource "aws_iam_policy" "citrix_adc_instance_policy" {
		25 |   name        = "citrix_adc_instance_policy"
		26 |   path        = "/"
		27 |   description = "Policy for Citrix NetScaler instance"
		28 |   policy = jsonencode({
		29 |     "Version" : "2012-10-17",
		30 |     "Statement" : [
		31 |       {
		32 |         "Effect" : "Allow",
		33 |         "Action" : [
		34 |           "ec2:DescribeInstances",
		35 |           "ec2:DescribeNetworkInterfaces",
		36 |           "ec2:DetachNetworkInterface",
		37 |           "ec2:AttachNetworkInterface",
		38 |           "ec2:StartInstances",
		39 |           "ec2:StopInstances",
		40 |           "ec2:RebootInstances",
		41 |           "autoscaling:*",
		42 |           "sns:*",
		43 |           "sqs:*",
		44 |           "iam:SimulatePrincipalPolicy",
		45 |           "iam:GetRole"
		46 |         ],
		47 |         "Resource" : "*"
		48 |       }
		49 |     ]
		50 |   })
		51 | }

Check: CKV_AWS_289: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
	FAILED for resource: aws_iam_policy.citrix_adc_instance_policy
	File: /policy.tf:24-51
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-289

		24 | resource "aws_iam_policy" "citrix_adc_instance_policy" {
		25 |   name        = "citrix_adc_instance_policy"
		26 |   path        = "/"
		27 |   description = "Policy for Citrix NetScaler instance"
		28 |   policy = jsonencode({
		29 |     "Version" : "2012-10-17",
		30 |     "Statement" : [
		31 |       {
		32 |         "Effect" : "Allow",
		33 |         "Action" : [
		34 |           "ec2:DescribeInstances",
		35 |           "ec2:DescribeNetworkInterfaces",
		36 |           "ec2:DetachNetworkInterface",
		37 |           "ec2:AttachNetworkInterface",
		38 |           "ec2:StartInstances",
		39 |           "ec2:StopInstances",
		40 |           "ec2:RebootInstances",
		41 |           "autoscaling:*",
		42 |           "sns:*",
		43 |           "sqs:*",
		44 |           "iam:SimulatePrincipalPolicy",
		45 |           "iam:GetRole"
		46 |         ],
		47 |         "Resource" : "*"
		48 |       }
		49 |     ]
		50 |   })
		51 | }

Check: CKV_AWS_300: "Ensure S3 lifecycle configuration sets period for aborting failed uploads"
	FAILED for resource: aws_s3_bucket_lifecycle_configuration.bucket-config
	File: /s3-awslogs.tf:19-51
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-300

		19 | resource "aws_s3_bucket_lifecycle_configuration" "bucket-config" {
		20 |   bucket = aws_s3_bucket.this.bucket
		21 | 
		22 |   rule {
		23 |     id = "log_deletion"
		24 | 
		25 |     expiration {
		26 |       days = 90
		27 |     }
		28 | 
		29 |     filter {
		30 |       and {
		31 |         prefix = "AWSLogs/${data.aws_caller_identity.current.account_id}/"
		32 | 
		33 |         tags = {
		34 |           rule      = "log-deletion"
		35 |           autoclean = "true"
		36 |         }
		37 |       }
		38 |     }
		39 |     status = "Enabled"
		40 | 
		41 |     transition {
		42 |       days          = 30
		43 |       storage_class = "STANDARD_IA"
		44 |     }
		45 | 
		46 |     transition {
		47 |       days          = 60
		48 |       storage_class = "GLACIER"
		49 |     }
		50 |   }
		51 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: s3-bucket-ukcloud-replica
	File: /s3-ukcloud-replica.tf:1-54
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: equip-s3-bucket
	File: /s3.tf:1-54
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV2_AWS_6: "Ensure that S3 bucket has a Public Access block"
	FAILED for resource: aws_s3_bucket.this
	File: /s3-awslogs.tf:10-17
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/s3-bucket-should-have-public-access-blocks-defaults-to-false-if-the-public-access-block-is-not-attached

		10 | resource "aws_s3_bucket" "this" {
		11 |   bucket_prefix = "moj-alb-citrix-access-logs-bucket"
		12 | 
		13 |   tags = {
		14 |     Environment = "Development"
		15 |     Name        = "S3 Access Logs for ALB"
		16 |   }
		17 | }

Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled"
	FAILED for resource: aws_s3_bucket.this
	File: /s3-awslogs.tf:10-17
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-16-enable-versioning

		10 | resource "aws_s3_bucket" "this" {
		11 |   bucket_prefix = "moj-alb-citrix-access-logs-bucket"
		12 | 
		13 |   tags = {
		14 |     Environment = "Development"
		15 |     Name        = "S3 Access Logs for ALB"
		16 |   }
		17 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: aws_security_group.azures_ingres
	File: /securitygroup.tf:218-225
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis

		218 | resource "aws_security_group" "azures_ingres" {
		219 |   name        = lower(format("secg-%s-%s-azures-ingress", local.application_name, local.environment))
		220 |   description = "Security Group for azures ingress connections"
		221 |   vpc_id      = data.aws_vpc.shared.id
		222 |   tags = merge(local.tags,
		223 |     { Name = lower(format("secg-%s-%s-azures-ingress", local.application_name, local.environment)) }
		224 |   )
		225 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: aws_security_group.aws_citrix_security_group
	File: /securitygroup.tf:322-329
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis

		322 | resource "aws_security_group" "aws_citrix_security_group" {
		323 |   name        = "aws_citrix_security_group"
		324 |   description = "Security Group for AWS_Citrix "
		325 |   vpc_id      = data.aws_vpc.shared.id
		326 |   tags = merge(local.tags,
		327 |     { Name = lower(format("secg-%s-%s-citrix-host", local.application_name, local.environment)) }
		328 |   )
		329 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: aws_security_group.aws_equip_security_group
	File: /securitygroup.tf:445-452
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis

		445 | resource "aws_security_group" "aws_equip_security_group" {
		446 |   name        = lower(format("secg-%s-%s-equip", local.application_name, local.environment))
		447 |   description = "Security Group for AWS_Equip"
		448 |   vpc_id      = data.aws_vpc.shared.id
		449 |   tags = merge(local.tags,
		450 |     { Name = lower(format("secg-%s-%s-equip", local.application_name, local.environment)) }
		451 |   )
		452 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: aws_security_group.aws_spotfire_security_group
	File: /securitygroup.tf:580-587
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis

		580 | resource "aws_security_group" "aws_spotfire_security_group" {
		581 |   name        = "aws_spotfire_security_group"
		582 |   description = "Security Group for AWS_SpotFire"
		583 |   vpc_id      = data.aws_vpc.shared.id
		584 |   tags = merge(local.tags,
		585 |     { Name = lower(format("secg-%s-%s-spotfire", local.application_name, local.environment)) }
		586 |   )
		587 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: aws_security_group.aws_domain_security_group
	File: /securitygroup.tf:748-755
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis

		748 | resource "aws_security_group" "aws_domain_security_group" {
		749 |   name        = "aws_domain_security_group"
		750 |   description = "Security Group for AWS_Domain"
		751 |   vpc_id      = data.aws_vpc.shared.id
		752 |   tags = merge(local.tags,
		753 |     { Name = lower(format("secg-%s-%s-domain-controller", local.application_name, local.environment)) }
		754 |   )
		755 | }

Check: CKV_AWS_18: "Ensure the S3 bucket has access logging enabled"
	FAILED for resource: aws_s3_bucket.this
	File: /s3-awslogs.tf:10-17
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-13-enable-logging

		10 | resource "aws_s3_bucket" "this" {
		11 |   bucket_prefix = "moj-alb-citrix-access-logs-bucket"
		12 | 
		13 |   tags = {
		14 |     Environment = "Development"
		15 |     Name        = "S3 Access Logs for ALB"
		16 |   }
		17 | }

Check: CKV2_AWS_62: "Ensure S3 buckets should have event notifications enabled"
	FAILED for resource: aws_s3_bucket.this
	File: /s3-awslogs.tf:10-17
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-2-62

		10 | resource "aws_s3_bucket" "this" {
		11 |   bucket_prefix = "moj-alb-citrix-access-logs-bucket"
		12 | 
		13 |   tags = {
		14 |     Environment = "Development"
		15 |     Name        = "S3 Access Logs for ALB"
		16 |   }
		17 | }

Check: CKV_AWS_145: "Ensure that S3 buckets are encrypted with KMS by default"
	FAILED for resource: aws_s3_bucket.this
	File: /s3-awslogs.tf:10-17
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-buckets-are-encrypted-with-kms-by-default

		10 | resource "aws_s3_bucket" "this" {
		11 |   bucket_prefix = "moj-alb-citrix-access-logs-bucket"
		12 | 
		13 |   tags = {
		14 |     Environment = "Development"
		15 |     Name        = "S3 Access Logs for ALB"
		16 |   }
		17 | }

Check: CKV_AWS_144: "Ensure that S3 bucket has cross-region replication enabled"
	FAILED for resource: aws_s3_bucket.this
	File: /s3-awslogs.tf:10-17
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-bucket-has-cross-region-replication-enabled

		10 | resource "aws_s3_bucket" "this" {
		11 |   bucket_prefix = "moj-alb-citrix-access-logs-bucket"
		12 | 
		13 |   tags = {
		14 |     Environment = "Development"
		15 |     Name        = "S3 Access Logs for ALB"
		16 |   }
		17 | }

Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
	FAILED for resource: aws_lb.citrix_alb
	File: /alb.tf:15-38
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf

		15 | resource "aws_lb" "citrix_alb" {
		16 | 
		17 |   name               = format("alb-%s-%s-citrix", local.application_name, local.environment)
		18 |   load_balancer_type = "application"
		19 |   security_groups    = [aws_security_group.alb_sg.id]
		20 |   subnets            = [data.aws_subnet.public_subnets_a.id, data.aws_subnet.public_subnets_b.id]
		21 | 
		22 |   enable_deletion_protection = true
		23 |   drop_invalid_header_fields = true
		24 |   enable_waf_fail_open       = true
		25 |   ip_address_type            = "ipv4"
		26 | 
		27 |   tags = merge(local.tags,
		28 |     { Name = format("alb-%s-%s-citrix", local.application_name, local.environment)
		29 |       Role = "Equip public load balancer"
		30 |     }
		31 |   )
		32 | 
		33 |   access_logs {
		34 |     bucket  = aws_s3_bucket.this.id
		35 |     enabled = "true"
		36 |   }
		37 | 
		38 | }


checkov_exitcode=1

CTFLint Scan Failed

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
terraform/environments/equip

*****************************

Running tflint in terraform/environments/equip
Excluding the following checks: terraform_unused_declarations
3 issue(s) found:

Warning: Missing version constraint for provider "template" in `required_providers` (terraform_required_providers)

  on terraform/environments/equip/instance_userdata.tf line 1:
   1: data "template_file" "windows-userdata" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_required_providers.md

Warning: Missing version constraint for provider "tls" in `required_providers` (terraform_required_providers)

  on terraform/environments/equip/main.tf line 19:
  19: resource "tls_private_key" "key" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_required_providers.md

Warning: Missing version constraint for provider "random" in `required_providers` (terraform_required_providers)

  on terraform/environments/equip/s3-awslogs.tf line 3:
   3: resource "random_string" "bucket_suffix" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_required_providers.md

tflint_exitcode=2

Trivy Scan Failed

Show Output

*****************************

Trivy will check the following folders:
terraform/environments/equip

*****************************

Running Trivy in terraform/environments/equip
2024-09-11T13:50:25Z	INFO	[db] Need to update DB
2024-09-11T13:50:25Z	INFO	[db] Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-09-11T13:50:27Z	INFO	[vuln] Vulnerability scanning is enabled
2024-09-11T13:50:27Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-09-11T13:50:27Z	INFO	Need to update the built-in policies
2024-09-11T13:50:27Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-09-11T13:50:27Z	INFO	[secret] Secret scanning is enabled
2024-09-11T13:50:27Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-09-11T13:50:27Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.55/docs/scanner/secret#recommendation for faster secret detection
2024-09-11T13:50:28Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-09-11T13:50:28Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_alb_to_citrix-adc-snip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_alb_to_citrix-adc-vip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_alb_to_ctx_host_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_alb_to_equip_host_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_alb_to_spotfire_host_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_all_hosts_to_domain_controller_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_all_hosts_to_proxies" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_citrix-adc-mgmt_to_ctx_host" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_citrix-adc-mgmt_to_domain_controllers" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_citrix-adc-mgmt_to_equip" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_citrix-adc-mgmt_to_sf" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_citrix-adc-snip_to_ctx-host" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_citrix-adc-snip_to_domain_controller_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_citrix-adc-snip_to_equip" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_citrix-adc-snip_to_spotfire" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_citrix-adc-vip_to_domain_controller_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_ctx_host_internal_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_ctx_host_to_citrix-adc-mgmt" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_ctx_host_to_citrix-adc-snip" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_ctx_host_to_citrix-adc-vip" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_ctx_host_to_equip" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_ctx_host_to_spotfire" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_dns_endpoint_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_domain_controller_internal_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_domain_controller_to_all_hosts_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_domain_controller_to_proxies" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_equip_internal_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_equip_to_SES_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_equip_to_spotfire_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_proxy_host_to_citrix-adc-mgmt" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_soc_to_equip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_spotfire_internal_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_spotfire_to_equip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_alb_to_citrix-adc-snip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_alb_to_citrix-adc-vip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_alb_to_ctx-host_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_alb_to_equip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_alb_to_spotfire_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_azures_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_citrix-adc-mgmt_to_ctx-host_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_citrix-adc-mgmt_to_domain_controller_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_citrix-adc-mgmt_to_equip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_citrix-adc-mgmt_to_spotfire_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_citrix-adc-snip_to_ctx-host_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_citrix-adc-snip_to_domain_controller_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_citrix-adc-snip_to_equip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_citrix-adc-snip_to_spotfire_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_citrix-adc-vip_to_domain_controller_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_ctx-host_to_citrix-adc-snip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_ctx-host_to_citrix-adc-vip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_ctx_host_internal_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_ctx_host_to_citrix-adc-mgmt" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_ctx_hosts_to_equip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_ctx_hosts_to_spotfire_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_dns_endpoint_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_dns_endpoints_to_domain_controller_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_domain_controller_internal_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_domain_controller_to_all_hosts_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_domain_controllers_to_proxies_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_equip_internal_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_equip_to_spotfire_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_hosts_to_domain_controller_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_hosts_to_proxies_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_internet_to_alb_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_internet_to_citrix-adc-vip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_proxy_host_to_citrix-adc-mgmt" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_soc_to_equip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_spotfire_internal_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_spotfire_to_equip_traffic" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.PowerBI_server[\"COR-A-GW01\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.PowerBI_server[\"COR-A-GW01\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2016_multiple[\"COR-A-CTX01\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2016_multiple[\"COR-A-CTX01\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2016_multiple[\"COR-A-CTX02\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2016_multiple[\"COR-A-CTX02\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2016_multiple[\"COR-A-CTX03\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2016_multiple[\"COR-A-CTX03\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2016_multiple[\"COR-A-DC01\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2016_multiple[\"COR-A-DC01\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2016_multiple[\"COR-A-DC02\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2016_multiple[\"COR-A-DC02\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2016_multiple[\"COR-A-PXY01\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2016_multiple[\"COR-A-PXY01\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2016_multiple[\"COR-A-TST01\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2016_multiple[\"COR-A-TST01\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2019_SQL_multiple[\"COR-A-SF02\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2019_SQL_multiple[\"COR-A-SF02\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2022_STD_multiple[\"COR-A-EQP04\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2022_STD_multiple[\"COR-A-EQP04\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2022_STD_multiple[\"COR-A-EQP05\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.win2022_STD_multiple[\"COR-A-EQP05\"].dynamic.capacity_reservation_target" value="cty.NilVal"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enforce-http-token-imds" range="citrix_adc.tf:56"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-user-attached-policies" range="iam.tf:2-8"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:63-74"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:63-74"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:63-74"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:63-74"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:63-74"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:63-74"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:6-133"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:63-74"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enable-at-rest-encryption" range="ec2-instance-module/main.tf:63-74"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-elb-alb-not-public" range="alb.tf:15-38"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="policy.tf:28-50"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="policy.tf:28-50"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="policy.tf:28-50"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="policy.tf:28-50"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="policy.tf:28-50"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="policy.tf:28-50"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="policy.tf:28-50"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="policy.tf:29"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="policy.tf:29"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="policy.tf:29"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="policy.tf:28-50"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="policy.tf:28-50"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="policy.tf:29"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:22-31"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:29"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-block-public-acls" range="s3-awslogs.tf:10-17"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-block-public-policy" range="s3-awslogs.tf:10-17"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-enable-bucket-encryption" range="s3-awslogs.tf:10-17"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-enable-versioning" range="s3-awslogs.tf:10-17"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="s3-awslogs.tf:59-67"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-ignore-public-acls" range="s3-awslogs.tf:10-17"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-no-public-buckets" range="s3-awslogs.tf:10-17"
2024-09-11T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-specify-public-access-block" range="s3-awslogs.tf:10-17"
2024-09-11T13:50:28Z	INFO	Number of language-specific files	num=0
2024-09-11T13:50:28Z	INFO	Detected config files	num=9

securitygroup.tf (terraform)
============================
Tests: 4 (SUCCESSES: 0, FAILURES: 4, EXCEPTIONS: 0)
Failures: 4 (HIGH: 0, CRITICAL: 4)

CRITICAL: Security group rule allows egress to multiple public internet addresses.
════════════════════════════════════════
Opening up ports to connect out to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.

See https://avd.aquasec.com/misconfig/avd-aws-0104
────────────────────────────────────────
 securitygroup.tf:841
   via securitygroup.tf:834-843 (aws_security_group_rule.aws_domain_security_group_egress_1)
────────────────────────────────────────
 834   resource "aws_security_group_rule" "aws_domain_security_group_egress_1" {
 835     type        = "egress"
 836     protocol    = "-1"
 837     description = "Open all outbound ports"
 838     from_port   = 0
 839     to_port     = 0
 840     #tfsec:ignore:AWS009
 841 [   cidr_blocks       = ["0.0.0.0/0", ]
 842     security_group_id = aws_security_group.aws_domain_security_group.id
 843   }
────────────────────────────────────────


CRITICAL: Security group rule allows egress to multiple public internet addresses.
════════════════════════════════════════
Opening up ports to connect out to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.

See https://avd.aquasec.com/misconfig/avd-aws-0104
────────────────────────────────────────
 securitygroup.tf:571-573
   via securitygroup.tf:564-575 (aws_security_group_rule.aws_equip_security_group_egress_1)
────────────────────────────────────────
 564   resource "aws_security_group_rule" "aws_equip_security_group_egress_1" {
 565     type        = "egress"
 566     protocol    = "-1"
 567     description = "Open all outbound ports"
 568     from_port   = 0
 569     to_port     = 0
 570     #tfsec:ignore:AWS009
 571 ┌   cidr_blocks = [
 572 └     "0.0.0.0/0",
 ...   
────────────────────────────────────────


CRITICAL: Security group rule allows egress to multiple public internet addresses.
════════════════════════════════════════
Opening up ports to connect out to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.

See https://avd.aquasec.com/misconfig/avd-aws-0104
────────────────────────────────────────
 securitygroup.tf:740
   via securitygroup.tf:733-742 (aws_security_group_rule.aws_proxy_security_group_egress_1)
────────────────────────────────────────
 733   resource "aws_security_group_rule" "aws_proxy_security_group_egress_1" {
 734     type        = "egress"
 735     protocol    = "-1"
 736     description = "Open all outbound ports"
 737     from_port   = 0
 738     to_port     = 0
 739     #tfsec:ignore:AWS009
 740 [   cidr_blocks       = ["0.0.0.0/0"]
 741     security_group_id = aws_security_group.aws_proxy_security_group.id
 742   }
────────────────────────────────────────


CRITICAL: Security group rule allows egress to multiple public internet addresses.
════════════════════════════════════════
Opening up ports to connect out to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.

See https://avd.aquasec.com/misconfig/avd-aws-0104
────────────────────────────────────────
 securitygroup.tf:684
   via securitygroup.tf:677-686 (aws_security_group_rule.aws_spotfire_security_group_egress_1)
────────────────────────────────────────
 677   resource "aws_security_group_rule" "aws_spotfire_security_group_egress_1" {
 678     type        = "egress"
 679     protocol    = "-1"
 680     description = "Open all outbound ports"
 681     from_port   = 0
 682     to_port     = 0
 683     #tfsec:ignore:AWS009
 684 [   cidr_blocks       = ["0.0.0.0/0"]
 685     security_group_id = aws_security_group.aws_spotfire_security_group.id
 686   }
────────────────────────────────────────


trivy_exitcode=1