Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access to Delius application secrets #8162

Merged
merged 2 commits into from
Oct 10, 2024
Merged

Access to Delius application secrets #8162

merged 2 commits into from
Oct 10, 2024

Conversation

ranbeersingh1
Copy link
Contributor

No description provided.

@ranbeersingh1 ranbeersingh1 requested review from a team as code owners October 10, 2024 14:43
@github-actions github-actions bot added the environments-repository Used to exclude PRs from this repo in our Slack PR update label Oct 10, 2024
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Failed

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/delius-mis/modules/mis_environment

Running Trivy in terraform/environments/delius-mis/modules/mis_environment
2024-10-10T15:12:55Z INFO [vulndb] Need to update DB
2024-10-10T15:12:55Z INFO [vulndb] Downloading vulnerability DB...
2024-10-10T15:12:55Z INFO [vulndb] Downloading artifact... repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-10T15:12:57Z INFO [vulndb] Artifact successfully downloaded repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-10T15:12:57Z INFO [vuln] Vulnerability scanning is enabled
2024-10-10T15:12:57Z INFO [misconfig] Misconfiguration scanning is enabled
2024-10-10T15:12:57Z INFO [misconfig] Need to update the built-in checks
2024-10-10T15:12:57Z INFO [misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-10-10T15:12:58Z INFO [secret] Secret scanning is enabled
2024-10-10T15:12:58Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-10T15:12:58Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-10T15:12:59Z INFO [terraform scanner] Scanning root module file_path="."
2024-10-10T15:12:59Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="account_config, account_info, app_name, bastion_config, bcs_config, boe_db_config, bps_config, bws_config, dis_config, dsd_db_config, env_name, environment_config, fsx_config, mis_db_config, platform_vars, tags"
2024-10-10T15:12:59Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="dynamic.ip_address" value="cty.NilVal"
2024-10-10T15:12:59Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="dynamic.target_ip" value="cty.NilVal"
2024-10-10T15:12:59Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="dynamic.ip_address" value="cty.NilVal"
2024-10-10T15:12:59Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="dynamic.target_ip" value="cty.NilVal"
2024-10-10T15:13:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-10T15:13:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.data.aws_subnet.local_account" value="cty.NilVal"
2024-10-10T15:13:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.dynamic.tag" value="cty.NilVal"
2024-10-10T15:13:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.dynamic.tag" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.pagerduty_core_alerts.data.aws_sns_topic.alarm_topics" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3_bucket_ssm_sessions.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3_bucket_ssm_sessions.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3_bucket_ssm_sessions.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3_bucket_ssm_sessions.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3_bucket_ssm_sessions.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3_bucket_ssm_sessions.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3_bucket_ssm_sessions.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3_bucket_ssm_sessions.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3_bucket_ssm_sessions.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3_bucket_ssm_sessions.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3_bucket_ssm_sessions.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3_bucket_ssm_sessions.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bcs_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bcs_instance[0].dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bcs_instance[0].dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bcs_instance[0].dynamic.private_dns_name_options" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bcs_instance[0].dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bcs_instance[0].dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bcs_instance[0].dynamic.private_dns_name_options" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bps_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bps_instance[0].dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bps_instance[0].dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bps_instance[0].dynamic.private_dns_name_options" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bps_instance[0].dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bps_instance[0].dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bps_instance[0].dynamic.private_dns_name_options" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bws_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bws_instance[0].dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bws_instance[0].dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bws_instance[0].dynamic.private_dns_name_options" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bws_instance[0].dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bws_instance[0].dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bws_instance[0].dynamic.private_dns_name_options" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dis_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dis_instance[0].dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dis_instance[0].dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dis_instance[0].dynamic.private_dns_name_options" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dis_instance[0].dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dis_instance[0].dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dis_instance[0].dynamic.private_dns_name_options" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_boe[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_boe[0].module.instance.dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_boe[0].module.instance.dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_boe[0].module.instance.dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_boe[0].module.instance.dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_dsd[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_dsd[0].module.instance.dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_dsd[0].module.instance.dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_dsd[0].module.instance.dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_dsd[0].module.instance.dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_mis[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_mis[0].module.instance.dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_mis[0].module.instance.dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_mis[0].module.instance.dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_mis[0].module.instance.dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_oracledb_backups.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_oracledb_backups.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_oracledb_backups.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_oracledb_backups.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_oracledb_backups.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_oracledb_backups.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_oracledb_backups.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_oracledb_backups.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_ssh_keys.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_ssh_keys.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_ssh_keys.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_ssh_keys.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_ssh_keys.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_ssh_keys.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_ssh_keys.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].module.s3_bucket_ssh_keys.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_oracledb_backups.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_oracledb_backups.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_oracledb_backups.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_oracledb_backups.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_oracledb_backups.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_oracledb_backups.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_oracledb_backups.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_oracledb_backups.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_ssh_keys.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_ssh_keys.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_ssh_keys.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_ssh_keys.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_ssh_keys.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_ssh_keys.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_ssh_keys.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].module.s3_bucket_ssh_keys.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_oracledb_backups.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_oracledb_backups.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_oracledb_backups.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_oracledb_backups.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_oracledb_backups.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_oracledb_backups.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_oracledb_backups.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_oracledb_backups.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_ssh_keys.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_ssh_keys.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_ssh_keys.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_ssh_keys.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_ssh_keys.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_ssh_keys.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_ssh_keys.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].module.s3_bucket_ssh_keys.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:08Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance/main.tf:22"
2024-10-10T15:13:08Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance/main.tf:22"
2024-10-10T15:13:08Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance/main.tf:22"
2024-10-10T15:13:08Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance/main.tf:22"
2024-10-10T15:13:08Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance/main.tf:22"
2024-10-10T15:13:08Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance/main.tf:22"
2024-10-10T15:13:08Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance/main.tf:22"
2024-10-10T15:13:08Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:3-9"
2024-10-10T15:13:08Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:12-18"
2024-10-10T15:13:08Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=c918b2189d9f81d224e07e98fa1bc9ff38e4ba12/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-10-10T15:13:08Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0/main.tf:171-179"
2024-10-10T15:13:08Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:15"
2024-10-10T15:13:08Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:15"
2024-10-10T15:13:08Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:15"
2024-10-10T15:13:08Z INFO Number of language-specific files num=0
2024-10-10T15:13:08Z INFO Detected config files num=17

../../../delius-core/modules/components/oracle_db_shared/s3.tf (terraform)

Tests: 1 (SUCCESSES: 0, FAILURES: 1, EXCEPTIONS: 0)
Failures: 1 (HIGH: 1, CRITICAL: 0)

HIGH: Bucket does not encrypt data with a customer managed key.
════════════════════════════════════════
Encryption using AWS keys provides protection for your S3 buckets. To increase control of the encryption and manage factors like rotation use customer managed keys.

See https://avd.aquasec.com/misconfig/avd-aws-0132
────────────────────────────────────────
../../../delius-core/modules/components/oracle_db_shared/s3.tf:204-212
via databases.tf:13-37 (module.oracle_db_shared["boe-db"])
────────────────────────────────────────
204 ┌ resource "aws_s3_bucket_server_side_encryption_configuration" "oracledb_backups_inventory" {
205 │ bucket = aws_s3_bucket.s3_bucket_oracledb_backups_inventory.id
206 │ rule {
207 │ apply_server_side_encryption_by_default {
208 │ kms_master_key_id = var.account_config.kms_keys.general_shared
209 │ sse_algorithm = "aws:kms"
210 │ }
211 │ }
212 └ }
────────────────────────────────────────

pagerduty.tf (terraform)

Tests: 1 (SUCCESSES: 0, FAILURES: 1, EXCEPTIONS: 0)
Failures: 1 (HIGH: 1, CRITICAL: 0)

HIGH: Topic does not have encryption enabled.
════════════════════════════════════════
Topics should be encrypted to protect their contents.

See https://avd.aquasec.com/misconfig/avd-aws-0095
────────────────────────────────────────
pagerduty.tf:1-10
────────────────────────────────────────
1 ┌ resource "aws_sns_topic" "delius_mis_alarms" {
2 │ name = "${var.app_name}-${var.env_name}-sns-topic"
3 │
4 │ tags = merge(
5 │ var.tags,
6 │ {
7 │ Name = "${var.app_name}-${var.env_name}-sns-topic"
8 │ }
9 │ )
10 └ }
────────────────────────────────────────

sg_shared.tf (terraform)

Tests: 4 (SUCCESSES: 0, FAILURES: 1, EXCEPTIONS: 3)
Failures: 1 (HIGH: 1, CRITICAL: 0)

HIGH: Security group rule allows ingress from public internet.
════════════════════════════════════════
Security groups provide stateful filtering of ingress and egress network traffic to AWS
resources. It is recommended that no security group allows unrestricted ingress access to
remote server administration ports, such as SSH to port 22 and RDP to port 3389.

See https://avd.aquasec.com/misconfig/avd-aws-0107
────────────────────────────────────────
sg_shared.tf:28
via sg_shared.tf:26-32 (aws_vpc_security_group_ingress_rule.fleet_manager)
────────────────────────────────────────
26 resource "aws_vpc_security_group_ingress_rule" "fleet_manager" {
27 security_group_id = aws_security_group.mis_ec2_shared.id
28 [ cidr_ipv4 = "0.0.0.0/0"
29 ip_protocol = "tcp"
30 from_port = 3389
31 to_port = 3389
32 }
────────────────────────────────────────

trivy_exitcode=1

</details> #### `Checkov Scan` Failed
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/delius-mis/modules/mis_environment

*****************************

Running Checkov in terraform/environments/delius-mis/modules/mis_environment
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-10-10 15:13:11,279 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0:None (for external modules, the --download-external-modules flag is required)
2024-10-10 15:13:11,279 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance:None (for external modules, the --download-external-modules flag is required)
2024-10-10 15:13:11,279 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=c918b2189d9f81d224e07e98fa1bc9ff38e4ba12:None (for external modules, the --download-external-modules flag is required)
2024-10-10 15:13:11,279 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=v2.0.0:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 828, Failed checks: 112, Skipped checks: 2

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.oracle_db_boe.instance
	File: /../../../delius-core/modules/components/oracle_db_instance/instance.tf:23-66
	Calling File: /databases.tf:94-145
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		23 | module "instance" {
		24 |   source = "github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance"
		25 | 
		26 |   providers = {
		27 |     aws.core-vpc = aws.core-vpc # core-vpc-(environment) holds the networking for all accounts
		28 |   }
		29 | 
		30 |   name = "${var.account_info.application_name}-${var.env_name}-${var.db_suffix}-${local.instance_name_index}" # e.g. dev-boe-db-1
		31 | 
		32 |   ami_name                      = data.aws_ami.oracle_db.name
		33 |   ami_owner                     = var.db_ami.owner
		34 |   instance                      = local.instance_config
		35 |   ebs_kms_key_id                = var.account_config.kms_keys.general_shared
		36 |   ebs_volumes_copy_all_from_ami = true
		37 |   ebs_volume_config             = var.ebs_volume_config
		38 |   ebs_volumes                   = var.ebs_volumes
		39 |   ebs_volume_tags               = var.tags
		40 |   # route53_records               = merge(local.ec2_test.route53_records, lookup(each.value, "route53_records", {})) # revist
		41 |   route53_records = {
		42 |     create_internal_record = false
		43 |     create_external_record = false
		44 |   }
		45 |   iam_resource_names_prefix = "instance"
		46 |   instance_profile_policies = var.instance_profile_policies
		47 | 
		48 |   user_data_raw = base64encode(var.user_data)
		49 | 
		50 |   business_unit     = var.account_info.business_unit
		51 |   application_name  = var.account_info.application_name
		52 |   environment       = var.account_info.mp_environment
		53 |   region            = "eu-west-2"
		54 |   availability_zone = var.availability_zone
		55 |   subnet_id         = var.subnet_id
		56 |   tags = merge(var.tags,
		57 |     { Name = "${var.account_info.application_name}-${var.env_name}-${var.db_suffix}-${local.instance_name_index}" },
		58 |     { server-type = var.server_type_tag },
		59 |     { database = local.database_tag },
		60 |     var.enable_platform_backups != null ? { "backup" = var.enable_platform_backups ? "true" : "false" } : {}
		61 |   )
		62 | 
		63 |   cloudwatch_metric_alarms = merge(
		64 |     local.cloudwatch_metric_alarms.ec2
		65 |   )
		66 | }

Check: CKV_TF_2: "Ensure Terraform module sources use a tag with a version number"
	FAILED for resource: module.oracle_db_boe.instance
	File: /../../../delius-core/modules/components/oracle_db_instance/instance.tf:23-66
	Calling File: /databases.tf:94-145
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-tag

		23 | module "instance" {
		24 |   source = "github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance"
		25 | 
		26 |   providers = {
		27 |     aws.core-vpc = aws.core-vpc # core-vpc-(environment) holds the networking for all accounts
		28 |   }
		29 | 
		30 |   name = "${var.account_info.application_name}-${var.env_name}-${var.db_suffix}-${local.instance_name_index}" # e.g. dev-boe-db-1
		31 | 
		32 |   ami_name                      = data.aws_ami.oracle_db.name
		33 |   ami_owner                     = var.db_ami.owner
		34 |   instance                      = local.instance_config
		35 |   ebs_kms_key_id                = var.account_config.kms_keys.general_shared
		36 |   ebs_volumes_copy_all_from_ami = true
		37 |   ebs_volume_config             = var.ebs_volume_config
		38 |   ebs_volumes                   = var.ebs_volumes
		39 |   ebs_volume_tags               = var.tags
		40 |   # route53_records               = merge(local.ec2_test.route53_records, lookup(each.value, "route53_records", {})) # revist
		41 |   route53_records = {
		42 |     create_internal_record = false
		43 |     create_external_record = false
		44 |   }
		45 |   iam_resource_names_prefix = "instance"
		46 |   instance_profile_policies = var.instance_profile_policies
		47 | 
		48 |   user_data_raw = base64encode(var.user_data)
		49 | 
		50 |   business_unit     = var.account_info.business_unit
		51 |   application_name  = var.account_info.application_name
		52 |   environment       = var.account_info.mp_environment
		53 |   region            = "eu-west-2"
		54 |   availability_zone = var.availability_zone
		55 |   subnet_id         = var.subnet_id
		56 |   tags = merge(var.tags,
		57 |     { Name = "${var.account_info.application_name}-${var.env_name}-${var.db_suffix}-${local.instance_name_index}" },
		58 |     { server-type = var.server_type_tag },
		59 |     { database = local.database_tag },
		60 |     var.enable_platform_backups != null ? { "backup" = var.enable_platform_backups ? "true" : "false" } : {}
		61 |   )
		62 | 
		63 |   cloudwatch_metric_alarms = merge(
		64 |     local.cloudwatch_metric_alarms.ec2
		65 |   )
		66 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.oracle_db_dsd.instance
	File: /../../../delius-core/modules/components/oracle_db_instance/instance.tf:23-66
	Calling File: /databases.tf:39-91
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		23 | module "instance" {
		24 |   source = "github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance"
		25 | 
		26 |   providers = {
		27 |     aws.core-vpc = aws.core-vpc # core-vpc-(environment) holds the networking for all accounts
		28 |   }
		29 | 
		30 |   name = "${var.account_info.application_name}-${var.env_name}-${var.db_suffix}-${local.instance_name_index}" # e.g. dev-boe-db-1
		31 | 
		32 |   ami_name                      = data.aws_ami.oracle_db.name
		33 |   ami_owner                     = var.db_ami.owner
		34 |   instance                      = local.instance_config
		35 |   ebs_kms_key_id                = var.account_config.kms_keys.general_shared
		36 |   ebs_volumes_copy_all_from_ami = true
		37 |   ebs_volume_config             = var.ebs_volume_config
		38 |   ebs_volumes                   = var.ebs_volumes
		39 |   ebs_volume_tags               = var.tags
		40 |   # route53_records               = merge(local.ec2_test.route53_records, lookup(each.value, "route53_records", {})) # revist
		41 |   route53_records = {
		42 |     create_internal_record = false
		43 |     create_external_record = false
		44 |   }
		45 |   iam_resource_names_prefix = "instance"
		46 |   instance_profile_policies = var.instance_profile_policies
		47 | 
		48 |   user_data_raw = base64encode(var.user_data)
		49 | 
		50 |   business_unit     = var.account_info.business_unit
		51 |   application_name  = var.account_info.application_name
		52 |   environment       = var.account_info.mp_environment
		53 |   region            = "eu-west-2"
		54 |   availability_zone = var.availability_zone
		55 |   subnet_id         = var.subnet_id
		56 |   tags = merge(var.tags,
		57 |     { Name = "${var.account_info.application_name}-${var.env_name}-${var.db_suffix}-${local.instance_name_index}" },
		58 |     { server-type = var.server_type_tag },
		59 |     { database = local.database_tag },
		60 |     var.enable_platform_backups != null ? { "backup" = var.enable_platform_backups ? "true" : "false" } : {}
		61 |   )
		62 | 
		63 |   cloudwatch_metric_alarms = merge(
		64 |     local.cloudwatch_metric_alarms.ec2
		65 |   )
		66 | }

Check: CKV_TF_2: "Ensure Terraform module sources use a tag with a version number"
	FAILED for resource: module.oracle_db_dsd.instance
	File: /../../../delius-core/modules/components/oracle_db_instance/instance.tf:23-66
	Calling File: /databases.tf:39-91
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-tag

		23 | module "instance" {
		24 |   source = "github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance"
		25 | 
		26 |   providers = {
		27 |     aws.core-vpc = aws.core-vpc # core-vpc-(environment) holds the networking for all accounts
		28 |   }
		29 | 
		30 |   name = "${var.account_info.application_name}-${var.env_name}-${var.db_suffix}-${local.instance_name_index}" # e.g. dev-boe-db-1
		31 | 
		32 |   ami_name                      = data.aws_ami.oracle_db.name
		33 |   ami_owner                     = var.db_ami.owner
		34 |   instance                      = local.instance_config
		35 |   ebs_kms_key_id                = var.account_config.kms_keys.general_shared
		36 |   ebs_volumes_copy_all_from_ami = true
		37 |   ebs_volume_config             = var.ebs_volume_config
		38 |   ebs_volumes                   = var.ebs_volumes
		39 |   ebs_volume_tags               = var.tags
		40 |   # route53_records               = merge(local.ec2_test.route53_records, lookup(each.value, "route53_records", {})) # revist
		41 |   route53_records = {
		42 |     create_internal_record = false
		43 |     create_external_record = false
		44 |   }
		45 |   iam_resource_names_prefix = "instance"
		46 |   instance_profile_policies = var.instance_profile_policies
		47 | 
		48 |   user_data_raw = base64encode(var.user_data)
		49 | 
		50 |   business_unit     = var.account_info.business_unit
		51 |   application_name  = var.account_info.application_name
		52 |   environment       = var.account_info.mp_environment
		53 |   region            = "eu-west-2"
		54 |   availability_zone = var.availability_zone
		55 |   subnet_id         = var.subnet_id
		56 |   tags = merge(var.tags,
		57 |     { Name = "${var.account_info.application_name}-${var.env_name}-${var.db_suffix}-${local.instance_name_index}" },
		58 |     { server-type = var.server_type_tag },
		59 |     { database = local.database_tag },
		60 |     var.enable_platform_backups != null ? { "backup" = var.enable_platform_backups ? "true" : "false" } : {}
		61 |   )
		62 | 
		63 |   cloudwatch_metric_alarms = merge(
		64 |     local.cloudwatch_metric_alarms.ec2
		65 |   )
		66 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.oracle_db_mis.instance
	File: /../../../delius-core/modules/components/oracle_db_instance/instance.tf:23-66
	Calling File: /databases.tf:148-199
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		23 | module "instance" {
		24 |   source = "github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance"
		25 | 
		26 |   providers = {
		27 |     aws.core-vpc = aws.core-vpc # core-vpc-(environment) holds the networking for all accounts
		28 |   }
		29 | 
		30 |   name = "${var.account_info.application_name}-${var.env_name}-${var.db_suffix}-${local.instance_name_index}" # e.g. dev-boe-db-1
		31 | 
		32 |   ami_name                      = data.aws_ami.oracle_db.name
		33 |   ami_owner                     = var.db_ami.owner
		34 |   instance                      = local.instance_config
		35 |   ebs_kms_key_id                = var.account_config.kms_keys.general_shared
		36 |   ebs_volumes_copy_all_from_ami = true
		37 |   ebs_volume_config             = var.ebs_volume_config
		38 |   ebs_volumes                   = var.ebs_volumes
		39 |   ebs_volume_tags               = var.tags
		40 |   # route53_records               = merge(local.ec2_test.route53_records, lookup(each.value, "route53_records", {})) # revist
		41 |   route53_records = {
		42 |     create_internal_record = false
		43 |     create_external_record = false
		44 |   }
		45 |   iam_resource_names_prefix = "instance"
		46 |   instance_profile_policies = var.instance_profile_policies
		47 | 
		48 |   user_data_raw = base64encode(var.user_data)
		49 | 
		50 |   business_unit     = var.account_info.business_unit
		51 |   application_name  = var.account_info.application_name
		52 |   environment       = var.account_info.mp_environment
		53 |   region            = "eu-west-2"
		54 |   availability_zone = var.availability_zone
		55 |   subnet_id         = var.subnet_id
		56 |   tags = merge(var.tags,
		57 |     { Name = "${var.account_info.application_name}-${var.env_name}-${var.db_suffix}-${local.instance_name_index}" },
		58 |     { server-type = var.server_type_tag },
		59 |     { database = local.database_tag },
		60 |     var.enable_platform_backups != null ? { "backup" = var.enable_platform_backups ? "true" : "false" } : {}
		61 |   )
		62 | 
		63 |   cloudwatch_metric_alarms = merge(
		64 |     local.cloudwatch_metric_alarms.ec2
		65 |   )
		66 | }

Check: CKV_TF_2: "Ensure Terraform module sources use a tag with a version number"
	FAILED for resource: module.oracle_db_mis.instance
	File: /../../../delius-core/modules/components/oracle_db_instance/instance.tf:23-66
	Calling File: /databases.tf:148-199
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-tag

		23 | module "instance" {
		24 |   source = "github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance"
		25 | 
		26 |   providers = {
		27 |     aws.core-vpc = aws.core-vpc # core-vpc-(environment) holds the networking for all accounts
		28 |   }
		29 | 
		30 |   name = "${var.account_info.application_name}-${var.env_name}-${var.db_suffix}-${local.instance_name_index}" # e.g. dev-boe-db-1
		31 | 
		32 |   ami_name                      = data.aws_ami.oracle_db.name
		33 |   ami_owner                     = var.db_ami.owner
		34 |   instance                      = local.instance_config
		35 |   ebs_kms_key_id                = var.account_config.kms_keys.general_shared
		36 |   ebs_volumes_copy_all_from_ami = true
		37 |   ebs_volume_config             = var.ebs_volume_config
		38 |   ebs_volumes                   = var.ebs_volumes
		39 |   ebs_volume_tags               = var.tags
		40 |   # route53_records               = merge(local.ec2_test.route53_records, lookup(each.value, "route53_records", {})) # revist
		41 |   route53_records = {
		42 |     create_internal_record = false
		43 |     create_external_record = false
		44 |   }
		45 |   iam_resource_names_prefix = "instance"
		46 |   instance_profile_policies = var.instance_profile_policies
		47 | 
		48 |   user_data_raw = base64encode(var.user_data)
		49 | 
		50 |   business_unit     = var.account_info.business_unit
		51 |   application_name  = var.account_info.application_name
		52 |   environment       = var.account_info.mp_environment
		53 |   region            = "eu-west-2"
		54 |   availability_zone = var.availability_zone
		55 |   subnet_id         = var.subnet_id
		56 |   tags = merge(var.tags,
		57 |     { Name = "${var.account_info.application_name}-${var.env_name}-${var.db_suffix}-${local.instance_name_index}" },
		58 |     { server-type = var.server_type_tag },
		59 |     { database = local.database_tag },
		60 |     var.enable_platform_backups != null ? { "backup" = var.enable_platform_backups ? "true" : "false" } : {}
		61 |   )
		62 | 
		63 |   cloudwatch_metric_alarms = merge(
		64 |     local.cloudwatch_metric_alarms.ec2
		65 |   )
		66 | }

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_iam_policy_document.allow_access_to_ssm_parameter_store
	File: /../../../delius-core/modules/components/oracle_db_shared/iam.tf:90-99
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint

		90 | data "aws_iam_policy_document" "allow_access_to_ssm_parameter_store" {
		91 |   statement {
		92 |     sid    = "AllowAccessToSsmParameterStore"
		93 |     effect = "Allow"
		94 |     actions = [
		95 |       "ssm:PutParameter"
		96 |     ]
		97 |     resources = ["*"]
		98 |   }
		99 | }

Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_iam_policy_document.allow_access_to_ssm_parameter_store
	File: /../../../delius-core/modules/components/oracle_db_shared/iam.tf:90-99
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-356

		90 | data "aws_iam_policy_document" "allow_access_to_ssm_parameter_store" {
		91 |   statement {
		92 |     sid    = "AllowAccessToSsmParameterStore"
		93 |     effect = "Allow"
		94 |     actions = [
		95 |       "ssm:PutParameter"
		96 |     ]
		97 |     resources = ["*"]
		98 |   }
		99 | }

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_iam_policy_document.instance_ssm
	File: /../../../delius-core/modules/components/oracle_db_shared/iam.tf:170-220
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_iam_policy_document.instance_ssm
	File: /../../../delius-core/modules/components/oracle_db_shared/iam.tf:170-220
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-data-exfiltration

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_iam_policy_document.instance_ssm
	File: /../../../delius-core/modules/components/oracle_db_shared/iam.tf:170-220
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-356

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.oracle_db_shared["mis-db"].s3_bucket_oracledb_backups
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:22-62
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		22 | module "s3_bucket_oracledb_backups" {
		23 |   source              = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0"
		24 |   bucket_name         = local.oracle_backup_bucket_prefix
		25 |   versioning_enabled  = false
		26 |   ownership_controls  = "BucketOwnerEnforced"
		27 |   replication_enabled = false
		28 |   custom_kms_key      = var.account_config.kms_keys.general_shared
		29 |   bucket_policy = try([data.aws_iam_policy_document.s3_bucket_oracledb_backups[0].json], [
		30 |     "{}"
		31 |   ])
		32 | 
		33 |   providers = {
		34 |     aws.bucket-replication = aws.bucket-replication
		35 |   }
		36 | 
		37 |   lifecycle_rule = [
		38 |     {
		39 |       id      = "main"
		40 |       enabled = "Enabled"
		41 |       prefix  = ""
		42 | 
		43 |       tags = {
		44 |         rule      = "log"
		45 |         autoclean = "true"
		46 |       }
		47 | 
		48 |       transition = [
		49 |         {
		50 |           days          = 90
		51 |           storage_class = "STANDARD_IA"
		52 |         }
		53 |       ]
		54 | 
		55 |       expiration = {
		56 |         days = 365
		57 |       }
		58 |     }
		59 |   ]
		60 | 
		61 |   tags = var.tags
		62 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.oracle_db_shared["mis-db"].s3_bucket_oracle_statistics
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:334-375
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		334 | module "s3_bucket_oracle_statistics" {
		335 |   count = var.deploy_oracle_stats ? 1 : 0
		336 | 
		337 |   source              = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.0.0"
		338 |   bucket_name         = "${var.account_info.application_name}-${var.env_name}-oracle-${var.db_suffix}-statistics-backup-data"
		339 |   versioning_enabled  = false
		340 |   ownership_controls  = "BucketOwnerEnforced"
		341 |   replication_enabled = false
		342 |   custom_kms_key      = var.account_config.kms_keys.general_shared
		343 |   bucket_policy = try([data.aws_iam_policy_document.s3_bucket_oracle_statistics[0].json], [
		344 |     "{}"
		345 |   ])
		346 |   providers = {
		347 |     aws.bucket-replication = aws.bucket-replication
		348 |   }
		349 | 
		350 |   lifecycle_rule = [
		351 |     {
		352 |       id      = "main"
		353 |       enabled = "Enabled"
		354 |       prefix  = ""
		355 | 
		356 |       tags = {
		357 |         rule      = "log"
		358 |         autoclean = "true"
		359 |       }
		360 | 
		361 |       transition = [
		362 |         {
		363 |           days          = 90
		364 |           storage_class = "STANDARD_IA"
		365 |         }
		366 |       ]
		367 | 
		368 |       expiration = {
		369 |         days = 365
		370 |       }
		371 |     }
		372 |   ]
		373 | 
		374 |   tags = var.tags
		375 | }

Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_iam_policy_document.database_dba_passwords
	File: /../../../delius-core/modules/components/oracle_db_shared/secrets.tf:15-26
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-data-exfiltration

		15 | data "aws_iam_policy_document" "database_dba_passwords" {
		16 |   statement {
		17 |     sid    = "OemAWSAccountToReadTheSecret"
		18 |     effect = "Allow"
		19 |     principals {
		20 |       type        = "AWS"
		21 |       identifiers = ["arn:aws:iam::${local.oem_account_id}:role/EC2OracleEnterpriseManagementSecretsRole"]
		22 |     }
		23 |     actions   = ["secretsmanager:GetSecretValue"]
		24 |     resources = ["*"]
		25 |   }
		26 | }

Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_iam_policy_document.database_dba_passwords
	File: /../../../delius-core/modules/components/oracle_db_shared/secrets.tf:15-26
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-356

		15 | data "aws_iam_policy_document" "database_dba_passwords" {
		16 |   statement {
		17 |     sid    = "OemAWSAccountToReadTheSecret"
		18 |     effect = "Allow"
		19 |     principals {
		20 |       type        = "AWS"
		21 |       identifiers = ["arn:aws:iam::${local.oem_account_id}:role/EC2OracleEnterpriseManagementSecretsRole"]
		22 |     }
		23 |     actions   = ["secretsmanager:GetSecretValue"]
		24 |     resources = ["*"]
		25 |   }
		26 | }

Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_vpc_security_group_ingress_rule.delius_db_security_group_ssh_ingress_bastion
	File: /../../../delius-core/modules/components/oracle_db_shared/sg.tf:76-83
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-1-port-security

		76 | resource "aws_vpc_security_group_ingress_rule" "delius_db_security_group_ssh_ingress_bastion" {
		77 |   security_group_id            = aws_security_group.db_ec2.id
		78 |   description                  = "bastion to testing db"
		79 |   from_port                    = 22
		80 |   to_port                      = 22
		81 |   ip_protocol                  = "tcp"
		82 |   referenced_security_group_id = var.bastion_sg_id
		83 | }

Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_vpc_security_group_ingress_rule.delius_db_oem_db
	File: /../../../delius-core/modules/components/oracle_db_shared/sg.tf:85-91
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		85 | resource "aws_vpc_security_group_ingress_rule" "delius_db_oem_db" {
		86 |   ip_protocol       = "tcp"
		87 |   from_port         = local.db_port
		88 |   to_port           = local.db_tcps_port
		89 |   cidr_ipv4         = var.account_config.shared_vpc_cidr
		90 |   security_group_id = aws_security_group.db_ec2.id
		91 | }

Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_vpc_security_group_ingress_rule.delius_db_oem_agent
	File: /../../../delius-core/modules/components/oracle_db_shared/sg.tf:105-111
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		105 | resource "aws_vpc_security_group_ingress_rule" "delius_db_oem_agent" {
		106 |   ip_protocol       = "tcp"
		107 |   from_port         = 3872
		108 |   to_port           = 3872
		109 |   cidr_ipv4         = var.account_config.shared_vpc_cidr
		110 |   security_group_id = aws_security_group.db_ec2.id
		111 | }

Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_vpc_security_group_egress_rule.delius_db_oem_upload
	File: /../../../delius-core/modules/components/oracle_db_shared/sg.tf:113-119
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		113 | resource "aws_vpc_security_group_egress_rule" "delius_db_oem_upload" {
		114 |   ip_protocol       = "tcp"
		115 |   from_port         = 4903
		116 |   to_port           = 4903
		117 |   cidr_ipv4         = var.account_config.shared_vpc_cidr
		118 |   security_group_id = aws_security_group.db_ec2.id
		119 | }

Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_vpc_security_group_egress_rule.delius_db_oem_console
	File: /../../../delius-core/modules/components/oracle_db_shared/sg.tf:121-128
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		121 | resource "aws_vpc_security_group_egress_rule" "delius_db_oem_console" {
		122 |   ip_protocol = "tcp"
		123 |   from_port   = 7803
		124 |   to_port     = 7803
		125 |   cidr_ipv4   = var.account_config.shared_vpc_cidr
		126 | 
		127 |   security_group_id = aws_security_group.db_ec2.id
		128 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.oracle_db_shared["mis-db"].s3_bucket_ssh_keys
	File: /../../../delius-core/modules/components/oracle_db_shared/ssh_keys.tf:2-45
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		2  | module "s3_bucket_ssh_keys" {
		3  | 
		4  |   source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0"
		5  | 
		6  |   bucket_name = "${var.account_info.application_name}-${var.env_name}-oracle-${var.db_suffix}-ssh-keys"
		7  | 
		8  |   versioning_enabled  = false
		9  |   ownership_controls  = "BucketOwnerEnforced"
		10 |   replication_enabled = false
		11 |   custom_kms_key      = var.account_config.kms_keys.general_shared
		12 | 
		13 |   providers = {
		14 |     aws.bucket-replication = aws.bucket-replication
		15 |   }
		16 | 
		17 |   lifecycle_rule = [
		18 |     {
		19 |       id      = "main"
		20 |       enabled = "Enabled"
		21 |       prefix  = ""
		22 | 
		23 |       tags = {
		24 |         rule      = "log"
		25 |         autoclean = "true"
		26 |       }
		27 | 
		28 |       noncurrent_version_transition = [
		29 |         {
		30 |           days          = 90
		31 |           storage_class = "STANDARD_IA"
		32 |           }, {
		33 |           days          = 365
		34 |           storage_class = "GLACIER"
		35 |         }
		36 |       ]
		37 | 
		38 |       noncurrent_version_expiration = {
		39 |         days = 730
		40 |       }
		41 |     }
		42 |   ]
		43 | 
		44 |   tags = var.tags
		45 | }

Check: CKV_AWS_337: "Ensure SSM parameters are using KMS CMK"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_ssm_parameter.rman_password
	File: /../../../delius-core/modules/components/oracle_db_shared/ssm.tf:1-10
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-337

		1  | resource "aws_ssm_parameter" "rman_password" {
		2  |   name  = "/${var.account_info.application_name}-${var.env_name}/delius/oracle-${var.db_suffix}-operation/rman/rman_password"
		3  |   type  = "SecureString"
		4  |   value = "REPLACE"
		5  |   lifecycle {
		6  |     ignore_changes = [
		7  |       value,
		8  |     ]
		9  |   }
		10 | }

Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: aws_security_group.bcs
	File: /bcs.tf:1-4
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		1 | resource "aws_security_group" "bcs" {
		2 |   name_prefix = "${var.env_name}-bcs"
		3 |   vpc_id      = var.account_info.vpc_id
		4 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: bcs_instance
	File: /bcs.tf:6-61
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_TF_2: "Ensure Terraform module sources use a tag with a version number"
	FAILED for resource: bcs_instance
	File: /bcs.tf:6-61
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-tag

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: aws_security_group.bps
	File: /bps.tf:1-4
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		1 | resource "aws_security_group" "bps" {
		2 |   name_prefix = "${var.env_name}-bps"
		3 |   vpc_id      = var.account_info.vpc_id
		4 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: bps_instance
	File: /bps.tf:6-61
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_TF_2: "Ensure Terraform module sources use a tag with a version number"
	FAILED for resource: bps_instance
	File: /bps.tf:6-61
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-tag

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: aws_security_group.bws
	File: /bws.tf:1-4
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		1 | resource "aws_security_group" "bws" {
		2 |   name_prefix = "${var.env_name}-bws"
		3 |   vpc_id      = var.account_info.vpc_id
		4 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: bws_instance
	File: /bws.tf:6-61
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_TF_2: "Ensure Terraform module sources use a tag with a version number"
	FAILED for resource: bws_instance
	File: /bws.tf:6-61
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-tag

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_149: "Ensure that Secrets Manager secret is encrypted using KMS CMK"
	FAILED for resource: aws_secretsmanager_secret.ad_admin_password
	File: /directory_service.tf:29-39
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-secrets-manager-secret-is-encrypted-using-kms

		29 | resource "aws_secretsmanager_secret" "ad_admin_password" {
		30 |   name                    = "${var.app_name}-${var.env_name}-ad-admin-password"
		31 |   recovery_window_in_days = 0
		32 | 
		33 |   tags = merge(
		34 |     var.tags,
		35 |     {
		36 |       Name = "${var.app_name}-${var.env_name}-ad-admin-password"
		37 |     }
		38 |   )
		39 | }

Check: CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year"
	FAILED for resource: aws_cloudwatch_log_group.active_directory
	File: /directory_service.tf:49-52
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-338

		49 | resource "aws_cloudwatch_log_group" "active_directory" {
		50 |   name              = "/aws/directoryservice/${aws_directory_service_directory.mis_ad.id}"
		51 |   retention_in_days = 14
		52 | }

Check: CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS"
	FAILED for resource: aws_cloudwatch_log_group.active_directory
	File: /directory_service.tf:49-52
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-cloudwatch-log-group-is-encrypted-by-kms

		49 | resource "aws_cloudwatch_log_group" "active_directory" {
		50 |   name              = "/aws/directoryservice/${aws_directory_service_directory.mis_ad.id}"
		51 |   retention_in_days = 14
		52 | }

Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: aws_security_group.dis
	File: /dis.tf:1-4
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		1 | resource "aws_security_group" "dis" {
		2 |   name_prefix = "${var.env_name}-dis"
		3 |   vpc_id      = var.account_info.vpc_id
		4 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: dis_instance
	File: /dis.tf:6-61
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_TF_2: "Ensure Terraform module sources use a tag with a version number"
	FAILED for resource: dis_instance
	File: /dis.tf:6-61
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-tag

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_26: "Ensure all data stored in the SNS topic is encrypted"
	FAILED for resource: aws_sns_topic.delius_mis_alarms
	File: /pagerduty.tf:1-10
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-15

		1  | resource "aws_sns_topic" "delius_mis_alarms" {
		2  |   name = "${var.app_name}-${var.env_name}-sns-topic"
		3  | 
		4  |   tags = merge(
		5  |     var.tags,
		6  |     {
		7  |       Name = "${var.app_name}-${var.env_name}-sns-topic"
		8  |     }
		9  |   )
		10 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: pagerduty_core_alerts
	File: /pagerduty.tf:12-21
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		12 | module "pagerduty_core_alerts" {
		13 | 
		14 |   depends_on = [
		15 |     aws_sns_topic.delius_mis_alarms
		16 |   ]
		17 | 
		18 |   source                    = "github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=v2.0.0"
		19 |   sns_topics                = [aws_sns_topic.delius_mis_alarms.name]
		20 |   pagerduty_integration_key = var.pagerduty_integration_key
		21 | }

Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: aws_vpc_security_group_ingress_rule.icmp
	File: /sg_legacy.tf:8-14
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		8  | resource "aws_vpc_security_group_ingress_rule" "icmp" {
		9  |   security_group_id = aws_security_group.legacy.id
		10 |   cidr_ipv4         = var.environment_config.legacy_counterpart_vpc_cidr
		11 |   ip_protocol       = "icmp"
		12 |   from_port         = -1
		13 |   to_port           = -1
		14 | }

Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: aws_vpc_security_group_egress_rule.icmp
	File: /sg_legacy.tf:16-22
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		16 | resource "aws_vpc_security_group_egress_rule" "icmp" {
		17 |   security_group_id = aws_security_group.legacy.id
		18 |   cidr_ipv4         = var.environment_config.legacy_counterpart_vpc_cidr
		19 |   ip_protocol       = "icmp"
		20 |   from_port         = -1
		21 |   to_port           = -1
		22 | }

Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: aws_vpc_security_group_egress_rule.http_s
	File: /sg_shared.tf:8-16
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		8  | resource "aws_vpc_security_group_egress_rule" "http_s" {
		9  |   for_each = toset(["80", "443"])
		10 | 
		11 |   security_group_id = aws_security_group.mis_ec2_shared.id
		12 |   cidr_ipv4         = "0.0.0.0/0"
		13 |   ip_protocol       = "tcp"
		14 |   from_port         = each.key
		15 |   to_port           = each.key
		16 | }

Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: aws_vpc_security_group_egress_rule.fleet_manager
	File: /sg_shared.tf:18-24
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		18 | resource "aws_vpc_security_group_egress_rule" "fleet_manager" {
		19 |   security_group_id = aws_security_group.mis_ec2_shared.id
		20 |   cidr_ipv4         = "0.0.0.0/0"
		21 |   ip_protocol       = "tcp"
		22 |   from_port         = 3389
		23 |   to_port           = 3389
		24 | }

Check: CKV_AWS_25: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389"
	FAILED for resource: aws_vpc_security_group_ingress_rule.fleet_manager
	File: /sg_shared.tf:26-32
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-2

		26 | resource "aws_vpc_security_group_ingress_rule" "fleet_manager" {
		27 |   security_group_id = aws_security_group.mis_ec2_shared.id
		28 |   cidr_ipv4         = "0.0.0.0/0"
		29 |   ip_protocol       = "tcp"
		30 |   from_port         = 3389
		31 |   to_port           = 3389
		32 | }

Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: aws_vpc_security_group_ingress_rule.fleet_manager
	File: /sg_shared.tf:26-32
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		26 | resource "aws_vpc_security_group_ingress_rule" "fleet_manager" {
		27 |   security_group_id = aws_security_group.mis_ec2_shared.id
		28 |   cidr_ipv4         = "0.0.0.0/0"
		29 |   ip_protocol       = "tcp"
		30 |   from_port         = 3389
		31 |   to_port           = 3389
		32 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: s3_bucket_ssm_sessions
	File: /ssm.tf:4-16
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		4  | module "s3_bucket_ssm_sessions" {
		5  | 
		6  |   source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0"
		7  | 
		8  |   bucket_prefix      = "${var.account_info.application_name}-${var.env_name}-ssm-sessions"
		9  |   versioning_enabled = false
		10 | 
		11 |   providers = {
		12 |     aws.bucket-replication = aws
		13 |   }
		14 | 
		15 |   tags = var.tags
		16 | }

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_iam_policy_document.allow_access_to_ssm_parameter_store
	File: /../../../delius-core/modules/components/oracle_db_shared/iam.tf:90-99
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint

		90 | data "aws_iam_policy_document" "allow_access_to_ssm_parameter_store" {
		91 |   statement {
		92 |     sid    = "AllowAccessToSsmParameterStore"
		93 |     effect = "Allow"
		94 |     actions = [
		95 |       "ssm:PutParameter"
		96 |     ]
		97 |     resources = ["*"]
		98 |   }
		99 | }

Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_iam_policy_document.allow_access_to_ssm_parameter_store
	File: /../../../delius-core/modules/components/oracle_db_shared/iam.tf:90-99
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-356

		90 | data "aws_iam_policy_document" "allow_access_to_ssm_parameter_store" {
		91 |   statement {
		92 |     sid    = "AllowAccessToSsmParameterStore"
		93 |     effect = "Allow"
		94 |     actions = [
		95 |       "ssm:PutParameter"
		96 |     ]
		97 |     resources = ["*"]
		98 |   }
		99 | }

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_iam_policy_document.instance_ssm
	File: /../../../delius-core/modules/components/oracle_db_shared/iam.tf:170-220
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_iam_policy_document.instance_ssm
	File: /../../../delius-core/modules/components/oracle_db_shared/iam.tf:170-220
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-data-exfiltration

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_iam_policy_document.instance_ssm
	File: /../../../delius-core/modules/components/oracle_db_shared/iam.tf:170-220
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-356

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.oracle_db_shared["boe-db"].s3_bucket_oracledb_backups
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:22-62
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		22 | module "s3_bucket_oracledb_backups" {
		23 |   source              = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0"
		24 |   bucket_name         = local.oracle_backup_bucket_prefix
		25 |   versioning_enabled  = false
		26 |   ownership_controls  = "BucketOwnerEnforced"
		27 |   replication_enabled = false
		28 |   custom_kms_key      = var.account_config.kms_keys.general_shared
		29 |   bucket_policy = try([data.aws_iam_policy_document.s3_bucket_oracledb_backups[0].json], [
		30 |     "{}"
		31 |   ])
		32 | 
		33 |   providers = {
		34 |     aws.bucket-replication = aws.bucket-replication
		35 |   }
		36 | 
		37 |   lifecycle_rule = [
		38 |     {
		39 |       id      = "main"
		40 |       enabled = "Enabled"
		41 |       prefix  = ""
		42 | 
		43 |       tags = {
		44 |         rule      = "log"
		45 |         autoclean = "true"
		46 |       }
		47 | 
		48 |       transition = [
		49 |         {
		50 |           days          = 90
		51 |           storage_class = "STANDARD_IA"
		52 |         }
		53 |       ]
		54 | 
		55 |       expiration = {
		56 |         days = 365
		57 |       }
		58 |     }
		59 |   ]
		60 | 
		61 |   tags = var.tags
		62 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.oracle_db_shared["boe-db"].s3_bucket_oracle_statistics
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:334-375
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		334 | module "s3_bucket_oracle_statistics" {
		335 |   count = var.deploy_oracle_stats ? 1 : 0
		336 | 
		337 |   source              = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.0.0"
		338 |   bucket_name         = "${var.account_info.application_name}-${var.env_name}-oracle-${var.db_suffix}-statistics-backup-data"
		339 |   versioning_enabled  = false
		340 |   ownership_controls  = "BucketOwnerEnforced"
		341 |   replication_enabled = false
		342 |   custom_kms_key      = var.account_config.kms_keys.general_shared
		343 |   bucket_policy = try([data.aws_iam_policy_document.s3_bucket_oracle_statistics[0].json], [
		344 |     "{}"
		345 |   ])
		346 |   providers = {
		347 |     aws.bucket-replication = aws.bucket-replication
		348 |   }
		349 | 
		350 |   lifecycle_rule = [
		351 |     {
		352 |       id      = "main"
		353 |       enabled = "Enabled"
		354 |       prefix  = ""
		355 | 
		356 |       tags = {
		357 |         rule      = "log"
		358 |         autoclean = "true"
		359 |       }
		360 | 
		361 |       transition = [
		362 |         {
		363 |           days          = 90
		364 |           storage_class = "STANDARD_IA"
		365 |         }
		366 |       ]
		367 | 
		368 |       expiration = {
		369 |         days = 365
		370 |       }
		371 |     }
		372 |   ]
		373 | 
		374 |   tags = var.tags
		375 | }

Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_iam_policy_document.database_dba_passwords
	File: /../../../delius-core/modules/components/oracle_db_shared/secrets.tf:15-26
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-data-exfiltration

		15 | data "aws_iam_policy_document" "database_dba_passwords" {
		16 |   statement {
		17 |     sid    = "OemAWSAccountToReadTheSecret"
		18 |     effect = "Allow"
		19 |     principals {
		20 |       type        = "AWS"
		21 |       identifiers = ["arn:aws:iam::${local.oem_account_id}:role/EC2OracleEnterpriseManagementSecretsRole"]
		22 |     }
		23 |     actions   = ["secretsmanager:GetSecretValue"]
		24 |     resources = ["*"]
		25 |   }
		26 | }

Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_iam_policy_document.database_dba_passwords
	File: /../../../delius-core/modules/components/oracle_db_shared/secrets.tf:15-26
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-356

		15 | data "aws_iam_policy_document" "database_dba_passwords" {
		16 |   statement {
		17 |     sid    = "OemAWSAccountToReadTheSecret"
		18 |     effect = "Allow"
		19 |     principals {
		20 |       type        = "AWS"
		21 |       identifiers = ["arn:aws:iam::${local.oem_account_id}:role/EC2OracleEnterpriseManagementSecretsRole"]
		22 |     }
		23 |     actions   = ["secretsmanager:GetSecretValue"]
		24 |     resources = ["*"]
		25 |   }
		26 | }

Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_vpc_security_group_ingress_rule.delius_db_security_group_ssh_ingress_bastion
	File: /../../../delius-core/modules/components/oracle_db_shared/sg.tf:76-83
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-1-port-security

		76 | resource "aws_vpc_security_group_ingress_rule" "delius_db_security_group_ssh_ingress_bastion" {
		77 |   security_group_id            = aws_security_group.db_ec2.id
		78 |   description                  = "bastion to testing db"
		79 |   from_port                    = 22
		80 |   to_port                      = 22
		81 |   ip_protocol                  = "tcp"
		82 |   referenced_security_group_id = var.bastion_sg_id
		83 | }

Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_vpc_security_group_ingress_rule.delius_db_oem_db
	File: /../../../delius-core/modules/components/oracle_db_shared/sg.tf:85-91
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		85 | resource "aws_vpc_security_group_ingress_rule" "delius_db_oem_db" {
		86 |   ip_protocol       = "tcp"
		87 |   from_port         = local.db_port
		88 |   to_port           = local.db_tcps_port
		89 |   cidr_ipv4         = var.account_config.shared_vpc_cidr
		90 |   security_group_id = aws_security_group.db_ec2.id
		91 | }

Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_vpc_security_group_ingress_rule.delius_db_oem_agent
	File: /../../../delius-core/modules/components/oracle_db_shared/sg.tf:105-111
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		105 | resource "aws_vpc_security_group_ingress_rule" "delius_db_oem_agent" {
		106 |   ip_protocol       = "tcp"
		107 |   from_port         = 3872
		108 |   to_port           = 3872
		109 |   cidr_ipv4         = var.account_config.shared_vpc_cidr
		110 |   security_group_id = aws_security_group.db_ec2.id
		111 | }

Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_vpc_security_group_egress_rule.delius_db_oem_upload
	File: /../../../delius-core/modules/components/oracle_db_shared/sg.tf:113-119
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		113 | resource "aws_vpc_security_group_egress_rule" "delius_db_oem_upload" {
		114 |   ip_protocol       = "tcp"
		115 |   from_port         = 4903
		116 |   to_port           = 4903
		117 |   cidr_ipv4         = var.account_config.shared_vpc_cidr
		118 |   security_group_id = aws_security_group.db_ec2.id
		119 | }

Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_vpc_security_group_egress_rule.delius_db_oem_console
	File: /../../../delius-core/modules/components/oracle_db_shared/sg.tf:121-128
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		121 | resource "aws_vpc_security_group_egress_rule" "delius_db_oem_console" {
		122 |   ip_protocol = "tcp"
		123 |   from_port   = 7803
		124 |   to_port     = 7803
		125 |   cidr_ipv4   = var.account_config.shared_vpc_cidr
		126 | 
		127 |   security_group_id = aws_security_group.db_ec2.id
		128 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.oracle_db_shared["boe-db"].s3_bucket_ssh_keys
	File: /../../../delius-core/modules/components/oracle_db_shared/ssh_keys.tf:2-45
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		2  | module "s3_bucket_ssh_keys" {
		3  | 
		4  |   source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0"
		5  | 
		6  |   bucket_name = "${var.account_info.application_name}-${var.env_name}-oracle-${var.db_suffix}-ssh-keys"
		7  | 
		8  |   versioning_enabled  = false
		9  |   ownership_controls  = "BucketOwnerEnforced"
		10 |   replication_enabled = false
		11 |   custom_kms_key      = var.account_config.kms_keys.general_shared
		12 | 
		13 |   providers = {
		14 |     aws.bucket-replication = aws.bucket-replication
		15 |   }
		16 | 
		17 |   lifecycle_rule = [
		18 |     {
		19 |       id      = "main"
		20 |       enabled = "Enabled"
		21 |       prefix  = ""
		22 | 
		23 |       tags = {
		24 |         rule      = "log"
		25 |         autoclean = "true"
		26 |       }
		27 | 
		28 |       noncurrent_version_transition = [
		29 |         {
		30 |           days          = 90
		31 |           storage_class = "STANDARD_IA"
		32 |           }, {
		33 |           days          = 365
		34 |           storage_class = "GLACIER"
		35 |         }
		36 |       ]
		37 | 
		38 |       noncurrent_version_expiration = {
		39 |         days = 730
		40 |       }
		41 |     }
		42 |   ]
		43 | 
		44 |   tags = var.tags
		45 | }

Check: CKV_AWS_337: "Ensure SSM parameters are using KMS CMK"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_ssm_parameter.rman_password
	File: /../../../delius-core/modules/components/oracle_db_shared/ssm.tf:1-10
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-337

		1  | resource "aws_ssm_parameter" "rman_password" {
		2  |   name  = "/${var.account_info.application_name}-${var.env_name}/delius/oracle-${var.db_suffix}-operation/rman/rman_password"
		3  |   type  = "SecureString"
		4  |   value = "REPLACE"
		5  |   lifecycle {
		6  |     ignore_changes = [
		7  |       value,
		8  |     ]
		9  |   }
		10 | }

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_iam_policy_document.allow_access_to_ssm_parameter_store
	File: /../../../delius-core/modules/components/oracle_db_shared/iam.tf:90-99
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint

		90 | data "aws_iam_policy_document" "allow_access_to_ssm_parameter_store" {
		91 |   statement {
		92 |     sid    = "AllowAccessToSsmParameterStore"
		93 |     effect = "Allow"
		94 |     actions = [
		95 |       "ssm:PutParameter"
		96 |     ]
		97 |     resources = ["*"]
		98 |   }
		99 | }

Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_iam_policy_document.allow_access_to_ssm_parameter_store
	File: /../../../delius-core/modules/components/oracle_db_shared/iam.tf:90-99
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-356

		90 | data "aws_iam_policy_document" "allow_access_to_ssm_parameter_store" {
		91 |   statement {
		92 |     sid    = "AllowAccessToSsmParameterStore"
		93 |     effect = "Allow"
		94 |     actions = [
		95 |       "ssm:PutParameter"
		96 |     ]
		97 |     resources = ["*"]
		98 |   }
		99 | }

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_iam_policy_document.instance_ssm
	File: /../../../delius-core/modules/components/oracle_db_shared/iam.tf:170-220
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_iam_policy_document.instance_ssm
	File: /../../../delius-core/modules/components/oracle_db_shared/iam.tf:170-220
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-data-exfiltration

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_iam_policy_document.instance_ssm
	File: /../../../delius-core/modules/components/oracle_db_shared/iam.tf:170-220
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-356

		Code lines for this resource are too many. Please use IDE of your choice to review the file.
Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.oracle_db_shared["dsd-db"].s3_bucket_oracledb_backups
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:22-62
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		22 | module "s3_bucket_oracledb_backups" {
		23 |   source              = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0"
		24 |   bucket_name         = local.oracle_backup_bucket_prefix
		25 |   versioning_enabled  = false
		26 |   ownership_controls  = "BucketOwnerEnforced"
		27 |   replication_enabled = false
		28 |   custom_kms_key      = var.account_config.kms_keys.general_shared
		29 |   bucket_policy = try([data.aws_iam_policy_document.s3_bucket_oracledb_backups[0].json], [
		30 |     "{}"
		31 |   ])
		32 | 
		33 |   providers = {
		34 |     aws.bucket-replication = aws.bucket-replication
		35 |   }
		36 | 
		37 |   lifecycle_rule = [
		38 |     {
		39 |       id      = "main"
		40 |       enabled = "Enabled"
		41 |       prefix  = ""
		42 | 
		43 |       tags = {
		44 |         rule      = "log"
		45 |         autoclean = "true"
		46 |       }
		47 | 
		48 |       transition = [
		49 |         {
		50 |           days          = 90
		51 |           storage_class = "STANDARD_IA"
		52 |         }
		53 |       ]
		54 | 
		55 |       expiration = {
		56 |         days = 365
		57 |       }
		58 |     }
		59 |   ]
		60 | 
		61 |   tags = var.tags
		62 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.oracle_db_shared["dsd-db"].s3_bucket_oracle_statistics
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:334-375
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		334 | module "s3_bucket_oracle_statistics" {
		335 |   count = var.deploy_oracle_stats ? 1 : 0
		336 | 
		337 |   source              = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.0.0"
		338 |   bucket_name         = "${var.account_info.application_name}-${var.env_name}-oracle-${var.db_suffix}-statistics-backup-data"
		339 |   versioning_enabled  = false
		340 |   ownership_controls  = "BucketOwnerEnforced"
		341 |   replication_enabled = false
		342 |   custom_kms_key      = var.account_config.kms_keys.general_shared
		343 |   bucket_policy = try([data.aws_iam_policy_document.s3_bucket_oracle_statistics[0].json], [
		344 |     "{}"
		345 |   ])
		346 |   providers = {
		347 |     aws.bucket-replication = aws.bucket-replication
		348 |   }
		349 | 
		350 |   lifecycle_rule = [
		351 |     {
		352 |       id      = "main"
		353 |       enabled = "Enabled"
		354 |       prefix  = ""
		355 | 
		356 |       tags = {
		357 |         rule      = "log"
		358 |         autoclean = "true"
		359 |       }
		360 | 
		361 |       transition = [
		362 |         {
		363 |           days          = 90
		364 |           storage_class = "STANDARD_IA"
		365 |         }
		366 |       ]
		367 | 
		368 |       expiration = {
		369 |         days = 365
		370 |       }
		371 |     }
		372 |   ]
		373 | 
		374 |   tags = var.tags
		375 | }

Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_iam_policy_document.database_dba_passwords
	File: /../../../delius-core/modules/components/oracle_db_shared/secrets.tf:15-26
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-data-exfiltration

		15 | data "aws_iam_policy_document" "database_dba_passwords" {
		16 |   statement {
		17 |     sid    = "OemAWSAccountToReadTheSecret"
		18 |     effect = "Allow"
		19 |     principals {
		20 |       type        = "AWS"
		21 |       identifiers = ["arn:aws:iam::${local.oem_account_id}:role/EC2OracleEnterpriseManagementSecretsRole"]
		22 |     }
		23 |     actions   = ["secretsmanager:GetSecretValue"]
		24 |     resources = ["*"]
		25 |   }
		26 | }

Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_iam_policy_document.database_dba_passwords
	File: /../../../delius-core/modules/components/oracle_db_shared/secrets.tf:15-26
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-356

		15 | data "aws_iam_policy_document" "database_dba_passwords" {
		16 |   statement {
		17 |     sid    = "OemAWSAccountToReadTheSecret"
		18 |     effect = "Allow"
		19 |     principals {
		20 |       type        = "AWS"
		21 |       identifiers = ["arn:aws:iam::${local.oem_account_id}:role/EC2OracleEnterpriseManagementSecretsRole"]
		22 |     }
		23 |     actions   = ["secretsmanager:GetSecretValue"]
		24 |     resources = ["*"]
		25 |   }
		26 | }

Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_vpc_security_group_ingress_rule.delius_db_security_group_ssh_ingress_bastion
	File: /../../../delius-core/modules/components/oracle_db_shared/sg.tf:76-83
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-1-port-security

		76 | resource "aws_vpc_security_group_ingress_rule" "delius_db_security_group_ssh_ingress_bastion" {
		77 |   security_group_id            = aws_security_group.db_ec2.id
		78 |   description                  = "bastion to testing db"
		79 |   from_port                    = 22
		80 |   to_port                      = 22
		81 |   ip_protocol                  = "tcp"
		82 |   referenced_security_group_id = var.bastion_sg_id
		83 | }

Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_vpc_security_group_ingress_rule.delius_db_oem_db
	File: /../../../delius-core/modules/components/oracle_db_shared/sg.tf:85-91
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		85 | resource "aws_vpc_security_group_ingress_rule" "delius_db_oem_db" {
		86 |   ip_protocol       = "tcp"
		87 |   from_port         = local.db_port
		88 |   to_port           = local.db_tcps_port
		89 |   cidr_ipv4         = var.account_config.shared_vpc_cidr
		90 |   security_group_id = aws_security_group.db_ec2.id
		91 | }

Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_vpc_security_group_ingress_rule.delius_db_oem_agent
	File: /../../../delius-core/modules/components/oracle_db_shared/sg.tf:105-111
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		105 | resource "aws_vpc_security_group_ingress_rule" "delius_db_oem_agent" {
		106 |   ip_protocol       = "tcp"
		107 |   from_port         = 3872
		108 |   to_port           = 3872
		109 |   cidr_ipv4         = var.account_config.shared_vpc_cidr
		110 |   security_group_id = aws_security_group.db_ec2.id
		111 | }

Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_vpc_security_group_egress_rule.delius_db_oem_upload
	File: /../../../delius-core/modules/components/oracle_db_shared/sg.tf:113-119
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		113 | resource "aws_vpc_security_group_egress_rule" "delius_db_oem_upload" {
		114 |   ip_protocol       = "tcp"
		115 |   from_port         = 4903
		116 |   to_port           = 4903
		117 |   cidr_ipv4         = var.account_config.shared_vpc_cidr
		118 |   security_group_id = aws_security_group.db_ec2.id
		119 | }

Check: CKV_AWS_23: "Ensure every security group and rule has a description"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_vpc_security_group_egress_rule.delius_db_oem_console
	File: /../../../delius-core/modules/components/oracle_db_shared/sg.tf:121-128
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31

		121 | resource "aws_vpc_security_group_egress_rule" "delius_db_oem_console" {
		122 |   ip_protocol = "tcp"
		123 |   from_port   = 7803
		124 |   to_port     = 7803
		125 |   cidr_ipv4   = var.account_config.shared_vpc_cidr
		126 | 
		127 |   security_group_id = aws_security_group.db_ec2.id
		128 | }

Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
	FAILED for resource: module.oracle_db_shared["dsd-db"].s3_bucket_ssh_keys
	File: /../../../delius-core/modules/components/oracle_db_shared/ssh_keys.tf:2-45
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision

		2  | module "s3_bucket_ssh_keys" {
		3  | 
		4  |   source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0"
		5  | 
		6  |   bucket_name = "${var.account_info.application_name}-${var.env_name}-oracle-${var.db_suffix}-ssh-keys"
		7  | 
		8  |   versioning_enabled  = false
		9  |   ownership_controls  = "BucketOwnerEnforced"
		10 |   replication_enabled = false
		11 |   custom_kms_key      = var.account_config.kms_keys.general_shared
		12 | 
		13 |   providers = {
		14 |     aws.bucket-replication = aws.bucket-replication
		15 |   }
		16 | 
		17 |   lifecycle_rule = [
		18 |     {
		19 |       id      = "main"
		20 |       enabled = "Enabled"
		21 |       prefix  = ""
		22 | 
		23 |       tags = {
		24 |         rule      = "log"
		25 |         autoclean = "true"
		26 |       }
		27 | 
		28 |       noncurrent_version_transition = [
		29 |         {
		30 |           days          = 90
		31 |           storage_class = "STANDARD_IA"
		32 |           }, {
		33 |           days          = 365
		34 |           storage_class = "GLACIER"
		35 |         }
		36 |       ]
		37 | 
		38 |       noncurrent_version_expiration = {
		39 |         days = 730
		40 |       }
		41 |     }
		42 |   ]
		43 | 
		44 |   tags = var.tags
		45 | }

Check: CKV_AWS_337: "Ensure SSM parameters are using KMS CMK"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_ssm_parameter.rman_password
	File: /../../../delius-core/modules/components/oracle_db_shared/ssm.tf:1-10
	Calling File: /databases.tf:13-37
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-337

		1  | resource "aws_ssm_parameter" "rman_password" {
		2  |   name  = "/${var.account_info.application_name}-${var.env_name}/delius/oracle-${var.db_suffix}-operation/rman/rman_password"
		3  |   type  = "SecureString"
		4  |   value = "REPLACE"
		5  |   lifecycle {
		6  |     ignore_changes = [
		7  |       value,
		8  |     ]
		9  |   }
		10 | }

Check: CKV2_AWS_57: "Ensure Secrets Manager secrets should have automatic rotation enabled"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_secretsmanager_secret.database_dba_passwords
	File: /../../../delius-core/modules/components/oracle_db_shared/secrets.tf:3-8
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-57

		3 | resource "aws_secretsmanager_secret" "database_dba_passwords" {
		4 |   name        = local.dba_secret_name
		5 |   description = "DBA Users Credentials"
		6 |   kms_key_id  = var.account_config.kms_keys.general_shared
		7 |   tags        = var.tags
		8 | }

Check: CKV2_AWS_57: "Ensure Secrets Manager secrets should have automatic rotation enabled"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_secretsmanager_secret.database_application_passwords
	File: /../../../delius-core/modules/components/oracle_db_shared/secrets.tf:34-39
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-57

		34 | resource "aws_secretsmanager_secret" "database_application_passwords" {
		35 |   name        = local.application_secret_name
		36 |   description = "Application Users Credentials"
		37 |   kms_key_id  = var.account_config.kms_keys.general_shared
		38 |   tags        = var.tags
		39 | }

Check: CKV2_AWS_57: "Ensure Secrets Manager secrets should have automatic rotation enabled"
	FAILED for resource: aws_secretsmanager_secret.ad_admin_password
	File: /directory_service.tf:29-39
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-57

		29 | resource "aws_secretsmanager_secret" "ad_admin_password" {
		30 |   name                    = "${var.app_name}-${var.env_name}-ad-admin-password"
		31 |   recovery_window_in_days = 0
		32 | 
		33 |   tags = merge(
		34 |     var.tags,
		35 |     {
		36 |       Name = "${var.app_name}-${var.env_name}-ad-admin-password"
		37 |     }
		38 |   )
		39 | }

Check: CKV2_AWS_57: "Ensure Secrets Manager secrets should have automatic rotation enabled"
	FAILED for resource: aws_secretsmanager_secret.ad_username
	File: /secrets.tf:3-9
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-57

		3 | resource "aws_secretsmanager_secret" "ad_username" {
		4 |   #checkov:skip=CKV_AWS_149
		5 |   name                    = "${var.env_name}-legacy-ad-username"
		6 |   recovery_window_in_days = 0
		7 | 
		8 |   tags = var.tags
		9 | }

Check: CKV2_AWS_57: "Ensure Secrets Manager secrets should have automatic rotation enabled"
	FAILED for resource: aws_secretsmanager_secret.ad_password
	File: /secrets.tf:12-18
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-57

		12 | resource "aws_secretsmanager_secret" "ad_password" {
		13 |   #checkov:skip=CKV_AWS_149
		14 |   name                    = "${var.env_name}-legacy-ad-password"
		15 |   recovery_window_in_days = 0
		16 | 
		17 |   tags = var.tags
		18 | }

Check: CKV2_AWS_57: "Ensure Secrets Manager secrets should have automatic rotation enabled"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_secretsmanager_secret.database_dba_passwords
	File: /../../../delius-core/modules/components/oracle_db_shared/secrets.tf:3-8
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-57

		3 | resource "aws_secretsmanager_secret" "database_dba_passwords" {
		4 |   name        = local.dba_secret_name
		5 |   description = "DBA Users Credentials"
		6 |   kms_key_id  = var.account_config.kms_keys.general_shared
		7 |   tags        = var.tags
		8 | }

Check: CKV2_AWS_57: "Ensure Secrets Manager secrets should have automatic rotation enabled"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_secretsmanager_secret.database_application_passwords
	File: /../../../delius-core/modules/components/oracle_db_shared/secrets.tf:34-39
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-57

		34 | resource "aws_secretsmanager_secret" "database_application_passwords" {
		35 |   name        = local.application_secret_name
		36 |   description = "Application Users Credentials"
		37 |   kms_key_id  = var.account_config.kms_keys.general_shared
		38 |   tags        = var.tags
		39 | }

Check: CKV2_AWS_57: "Ensure Secrets Manager secrets should have automatic rotation enabled"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_secretsmanager_secret.database_dba_passwords
	File: /../../../delius-core/modules/components/oracle_db_shared/secrets.tf:3-8
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-57

		3 | resource "aws_secretsmanager_secret" "database_dba_passwords" {
		4 |   name        = local.dba_secret_name
		5 |   description = "DBA Users Credentials"
		6 |   kms_key_id  = var.account_config.kms_keys.general_shared
		7 |   tags        = var.tags
		8 | }

Check: CKV2_AWS_57: "Ensure Secrets Manager secrets should have automatic rotation enabled"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_secretsmanager_secret.database_application_passwords
	File: /../../../delius-core/modules/components/oracle_db_shared/secrets.tf:34-39
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-57

		34 | resource "aws_secretsmanager_secret" "database_application_passwords" {
		35 |   name        = local.application_secret_name
		36 |   description = "Application Users Credentials"
		37 |   kms_key_id  = var.account_config.kms_keys.general_shared
		38 |   tags        = var.tags
		39 | }

Check: CKV2_AWS_62: "Ensure S3 buckets should have event notifications enabled"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_s3_bucket.s3_bucket_oracledb_backups_inventory
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:188-200
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-2-62

		188 | resource "aws_s3_bucket" "s3_bucket_oracledb_backups_inventory" {
		189 | 
		190 |   bucket = "${local.oracle_backup_bucket_prefix}-inventory"
		191 |   tags = merge(
		192 |     var.tags,
		193 |     {
		194 |       "Name" = "${local.oracle_backup_bucket_prefix}-inventory"
		195 |     },
		196 |     {
		197 |       "Purpose" = "Inventory of Oracle DB Backup Pieces"
		198 |     },
		199 |   )
		200 | }

Check: CKV2_AWS_62: "Ensure S3 buckets should have event notifications enabled"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_s3_bucket.s3_bucket_oracledb_backups_inventory
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:188-200
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-2-62

		188 | resource "aws_s3_bucket" "s3_bucket_oracledb_backups_inventory" {
		189 | 
		190 |   bucket = "${local.oracle_backup_bucket_prefix}-inventory"
		191 |   tags = merge(
		192 |     var.tags,
		193 |     {
		194 |       "Name" = "${local.oracle_backup_bucket_prefix}-inventory"
		195 |     },
		196 |     {
		197 |       "Purpose" = "Inventory of Oracle DB Backup Pieces"
		198 |     },
		199 |   )
		200 | }

Check: CKV2_AWS_62: "Ensure S3 buckets should have event notifications enabled"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_s3_bucket.s3_bucket_oracledb_backups_inventory
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:188-200
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-2-62

		188 | resource "aws_s3_bucket" "s3_bucket_oracledb_backups_inventory" {
		189 | 
		190 |   bucket = "${local.oracle_backup_bucket_prefix}-inventory"
		191 |   tags = merge(
		192 |     var.tags,
		193 |     {
		194 |       "Name" = "${local.oracle_backup_bucket_prefix}-inventory"
		195 |     },
		196 |     {
		197 |       "Purpose" = "Inventory of Oracle DB Backup Pieces"
		198 |     },
		199 |   )
		200 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_security_group.db_ec2
	File: /../../../delius-core/modules/components/oracle_db_shared/sg.tf:1-11
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis

		1  | resource "aws_security_group" "db_ec2" {
		2  |   name        = "${var.account_info.application_name}-${var.env_name}-${var.db_suffix}-ec2-instance-sg"
		3  |   description = "Controls access to db ec2 instance"
		4  |   vpc_id      = var.account_config.shared_vpc_id
		5  |   tags = merge(var.tags,
		6  |     { Name = "${var.account_info.application_name}-${var.env_name}-${var.db_suffix}-ec2-instance-sg" }
		7  |   )
		8  |   lifecycle {
		9  |     create_before_destroy = true
		10 |   }
		11 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: aws_security_group.bcs
	File: /bcs.tf:1-4
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis

		1 | resource "aws_security_group" "bcs" {
		2 |   name_prefix = "${var.env_name}-bcs"
		3 |   vpc_id      = var.account_info.vpc_id
		4 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: aws_security_group.bps
	File: /bps.tf:1-4
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis

		1 | resource "aws_security_group" "bps" {
		2 |   name_prefix = "${var.env_name}-bps"
		3 |   vpc_id      = var.account_info.vpc_id
		4 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: aws_security_group.bws
	File: /bws.tf:1-4
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis

		1 | resource "aws_security_group" "bws" {
		2 |   name_prefix = "${var.env_name}-bws"
		3 |   vpc_id      = var.account_info.vpc_id
		4 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: aws_security_group.dis
	File: /dis.tf:1-4
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis

		1 | resource "aws_security_group" "dis" {
		2 |   name_prefix = "${var.env_name}-dis"
		3 |   vpc_id      = var.account_info.vpc_id
		4 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: aws_security_group.fsx
	File: /fsx.tf:22-26
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis

		22 | resource "aws_security_group" "fsx" {
		23 |   name        = "${var.app_name}-${var.env_name}-fsx"
		24 |   description = "Security group for FSx"
		25 |   vpc_id      = var.account_info.vpc_id
		26 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: aws_security_group.legacy
	File: /sg_legacy.tf:1-6
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis

		1 | resource "aws_security_group" "legacy" {
		2 |   name        = "${var.env_name}-allow-legacy-traffic"
		3 |   description = "Security group to allow connectivity with resources in legacy environments. To be removed once all components have been migrated"
		4 |   vpc_id      = var.account_info.vpc_id
		5 |   tags        = var.tags
		6 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: aws_security_group.mis_ec2_shared
	File: /sg_shared.tf:1-6
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis

		1 | resource "aws_security_group" "mis_ec2_shared" {
		2 |   name        = "${var.env_name}-mis-ec2-shared"
		3 |   description = "Security group to allow connectivity within MP"
		4 |   vpc_id      = var.account_info.vpc_id
		5 |   tags        = var.tags
		6 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_security_group.db_ec2
	File: /../../../delius-core/modules/components/oracle_db_shared/sg.tf:1-11
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis

		1  | resource "aws_security_group" "db_ec2" {
		2  |   name        = "${var.account_info.application_name}-${var.env_name}-${var.db_suffix}-ec2-instance-sg"
		3  |   description = "Controls access to db ec2 instance"
		4  |   vpc_id      = var.account_config.shared_vpc_id
		5  |   tags = merge(var.tags,
		6  |     { Name = "${var.account_info.application_name}-${var.env_name}-${var.db_suffix}-ec2-instance-sg" }
		7  |   )
		8  |   lifecycle {
		9  |     create_before_destroy = true
		10 |   }
		11 | }

Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_security_group.db_ec2
	File: /../../../delius-core/modules/components/oracle_db_shared/sg.tf:1-11
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis

		1  | resource "aws_security_group" "db_ec2" {
		2  |   name        = "${var.account_info.application_name}-${var.env_name}-${var.db_suffix}-ec2-instance-sg"
		3  |   description = "Controls access to db ec2 instance"
		4  |   vpc_id      = var.account_config.shared_vpc_id
		5  |   tags = merge(var.tags,
		6  |     { Name = "${var.account_info.application_name}-${var.env_name}-${var.db_suffix}-ec2-instance-sg" }
		7  |   )
		8  |   lifecycle {
		9  |     create_before_destroy = true
		10 |   }
		11 | }

Check: CKV_AWS_18: "Ensure the S3 bucket has access logging enabled"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_s3_bucket.s3_bucket_oracledb_backups_inventory
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:188-200
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-13-enable-logging

		188 | resource "aws_s3_bucket" "s3_bucket_oracledb_backups_inventory" {
		189 | 
		190 |   bucket = "${local.oracle_backup_bucket_prefix}-inventory"
		191 |   tags = merge(
		192 |     var.tags,
		193 |     {
		194 |       "Name" = "${local.oracle_backup_bucket_prefix}-inventory"
		195 |     },
		196 |     {
		197 |       "Purpose" = "Inventory of Oracle DB Backup Pieces"
		198 |     },
		199 |   )
		200 | }

Check: CKV_AWS_18: "Ensure the S3 bucket has access logging enabled"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_s3_bucket.s3_bucket_oracledb_backups_inventory
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:188-200
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-13-enable-logging

		188 | resource "aws_s3_bucket" "s3_bucket_oracledb_backups_inventory" {
		189 | 
		190 |   bucket = "${local.oracle_backup_bucket_prefix}-inventory"
		191 |   tags = merge(
		192 |     var.tags,
		193 |     {
		194 |       "Name" = "${local.oracle_backup_bucket_prefix}-inventory"
		195 |     },
		196 |     {
		197 |       "Purpose" = "Inventory of Oracle DB Backup Pieces"
		198 |     },
		199 |   )
		200 | }

Check: CKV_AWS_18: "Ensure the S3 bucket has access logging enabled"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_s3_bucket.s3_bucket_oracledb_backups_inventory
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:188-200
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-13-enable-logging

		188 | resource "aws_s3_bucket" "s3_bucket_oracledb_backups_inventory" {
		189 | 
		190 |   bucket = "${local.oracle_backup_bucket_prefix}-inventory"
		191 |   tags = merge(
		192 |     var.tags,
		193 |     {
		194 |       "Name" = "${local.oracle_backup_bucket_prefix}-inventory"
		195 |     },
		196 |     {
		197 |       "Purpose" = "Inventory of Oracle DB Backup Pieces"
		198 |     },
		199 |   )
		200 | }

Check: CKV2_AWS_61: "Ensure that an S3 bucket has a lifecycle configuration"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_s3_bucket.s3_bucket_oracledb_backups_inventory
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:188-200
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-2-61

		188 | resource "aws_s3_bucket" "s3_bucket_oracledb_backups_inventory" {
		189 | 
		190 |   bucket = "${local.oracle_backup_bucket_prefix}-inventory"
		191 |   tags = merge(
		192 |     var.tags,
		193 |     {
		194 |       "Name" = "${local.oracle_backup_bucket_prefix}-inventory"
		195 |     },
		196 |     {
		197 |       "Purpose" = "Inventory of Oracle DB Backup Pieces"
		198 |     },
		199 |   )
		200 | }

Check: CKV2_AWS_61: "Ensure that an S3 bucket has a lifecycle configuration"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_s3_bucket.s3_bucket_oracledb_backups_inventory
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:188-200
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-2-61

		188 | resource "aws_s3_bucket" "s3_bucket_oracledb_backups_inventory" {
		189 | 
		190 |   bucket = "${local.oracle_backup_bucket_prefix}-inventory"
		191 |   tags = merge(
		192 |     var.tags,
		193 |     {
		194 |       "Name" = "${local.oracle_backup_bucket_prefix}-inventory"
		195 |     },
		196 |     {
		197 |       "Purpose" = "Inventory of Oracle DB Backup Pieces"
		198 |     },
		199 |   )
		200 | }

Check: CKV2_AWS_61: "Ensure that an S3 bucket has a lifecycle configuration"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_s3_bucket.s3_bucket_oracledb_backups_inventory
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:188-200
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-2-61

		188 | resource "aws_s3_bucket" "s3_bucket_oracledb_backups_inventory" {
		189 | 
		190 |   bucket = "${local.oracle_backup_bucket_prefix}-inventory"
		191 |   tags = merge(
		192 |     var.tags,
		193 |     {
		194 |       "Name" = "${local.oracle_backup_bucket_prefix}-inventory"
		195 |     },
		196 |     {
		197 |       "Purpose" = "Inventory of Oracle DB Backup Pieces"
		198 |     },
		199 |   )
		200 | }

Check: CKV_AWS_144: "Ensure that S3 bucket has cross-region replication enabled"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_s3_bucket.s3_bucket_oracledb_backups_inventory
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:188-200
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-bucket-has-cross-region-replication-enabled

		188 | resource "aws_s3_bucket" "s3_bucket_oracledb_backups_inventory" {
		189 | 
		190 |   bucket = "${local.oracle_backup_bucket_prefix}-inventory"
		191 |   tags = merge(
		192 |     var.tags,
		193 |     {
		194 |       "Name" = "${local.oracle_backup_bucket_prefix}-inventory"
		195 |     },
		196 |     {
		197 |       "Purpose" = "Inventory of Oracle DB Backup Pieces"
		198 |     },
		199 |   )
		200 | }

Check: CKV_AWS_144: "Ensure that S3 bucket has cross-region replication enabled"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_s3_bucket.s3_bucket_oracledb_backups_inventory
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:188-200
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-bucket-has-cross-region-replication-enabled

		188 | resource "aws_s3_bucket" "s3_bucket_oracledb_backups_inventory" {
		189 | 
		190 |   bucket = "${local.oracle_backup_bucket_prefix}-inventory"
		191 |   tags = merge(
		192 |     var.tags,
		193 |     {
		194 |       "Name" = "${local.oracle_backup_bucket_prefix}-inventory"
		195 |     },
		196 |     {
		197 |       "Purpose" = "Inventory of Oracle DB Backup Pieces"
		198 |     },
		199 |   )
		200 | }

Check: CKV_AWS_144: "Ensure that S3 bucket has cross-region replication enabled"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_s3_bucket.s3_bucket_oracledb_backups_inventory
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:188-200
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-bucket-has-cross-region-replication-enabled

		188 | resource "aws_s3_bucket" "s3_bucket_oracledb_backups_inventory" {
		189 | 
		190 |   bucket = "${local.oracle_backup_bucket_prefix}-inventory"
		191 |   tags = merge(
		192 |     var.tags,
		193 |     {
		194 |       "Name" = "${local.oracle_backup_bucket_prefix}-inventory"
		195 |     },
		196 |     {
		197 |       "Purpose" = "Inventory of Oracle DB Backup Pieces"
		198 |     },
		199 |   )
		200 | }

Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled"
	FAILED for resource: module.oracle_db_shared["mis-db"].aws_s3_bucket.s3_bucket_oracledb_backups_inventory
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:188-200
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-16-enable-versioning

		188 | resource "aws_s3_bucket" "s3_bucket_oracledb_backups_inventory" {
		189 | 
		190 |   bucket = "${local.oracle_backup_bucket_prefix}-inventory"
		191 |   tags = merge(
		192 |     var.tags,
		193 |     {
		194 |       "Name" = "${local.oracle_backup_bucket_prefix}-inventory"
		195 |     },
		196 |     {
		197 |       "Purpose" = "Inventory of Oracle DB Backup Pieces"
		198 |     },
		199 |   )
		200 | }

Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled"
	FAILED for resource: module.oracle_db_shared["boe-db"].aws_s3_bucket.s3_bucket_oracledb_backups_inventory
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:188-200
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-16-enable-versioning

		188 | resource "aws_s3_bucket" "s3_bucket_oracledb_backups_inventory" {
		189 | 
		190 |   bucket = "${local.oracle_backup_bucket_prefix}-inventory"
		191 |   tags = merge(
		192 |     var.tags,
		193 |     {
		194 |       "Name" = "${local.oracle_backup_bucket_prefix}-inventory"
		195 |     },
		196 |     {
		197 |       "Purpose" = "Inventory of Oracle DB Backup Pieces"
		198 |     },
		199 |   )
		200 | }

Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled"
	FAILED for resource: module.oracle_db_shared["dsd-db"].aws_s3_bucket.s3_bucket_oracledb_backups_inventory
	File: /../../../delius-core/modules/components/oracle_db_shared/s3.tf:188-200
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-16-enable-versioning

		188 | resource "aws_s3_bucket" "s3_bucket_oracledb_backups_inventory" {
		189 | 
		190 |   bucket = "${local.oracle_backup_bucket_prefix}-inventory"
		191 |   tags = merge(
		192 |     var.tags,
		193 |     {
		194 |       "Name" = "${local.oracle_backup_bucket_prefix}-inventory"
		195 |     },
		196 |     {
		197 |       "Purpose" = "Inventory of Oracle DB Backup Pieces"
		198 |     },
		199 |   )
		200 | }


checkov_exitcode=1

CTFLint Scan Failed

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/delius-mis/modules/mis_environment

*****************************

Running tflint in terraform/environments/delius-mis/modules/mis_environment
Excluding the following checks: terraform_unused_declarations
4 issue(s) found:

Warning: Module source "github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance" is not pinned (terraform_module_pinned_source)

  on terraform/environments/delius-mis/modules/mis_environment/bcs.tf line 7:
   7:   source = "github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance"

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_module_pinned_source.md

Warning: Module source "github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance" is not pinned (terraform_module_pinned_source)

  on terraform/environments/delius-mis/modules/mis_environment/bps.tf line 7:
   7:   source = "github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance"

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_module_pinned_source.md

Warning: Module source "github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance" is not pinned (terraform_module_pinned_source)

  on terraform/environments/delius-mis/modules/mis_environment/bws.tf line 7:
   7:   source = "github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance"

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_module_pinned_source.md

Warning: Module source "github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance" is not pinned (terraform_module_pinned_source)

  on terraform/environments/delius-mis/modules/mis_environment/dis.tf line 7:
   7:   source = "github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance"

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_module_pinned_source.md

tflint_exitcode=2

Trivy Scan Failed

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/delius-mis/modules/mis_environment

*****************************

Running Trivy in terraform/environments/delius-mis/modules/mis_environment
2024-10-10T15:12:55Z	INFO	[vulndb] Need to update DB
2024-10-10T15:12:55Z	INFO	[vulndb] Downloading vulnerability DB...
2024-10-10T15:12:55Z	INFO	[vulndb] Downloading artifact...	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-10T15:12:57Z	INFO	[vulndb] Artifact successfully downloaded	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-10T15:12:57Z	INFO	[vuln] Vulnerability scanning is enabled
2024-10-10T15:12:57Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-10-10T15:12:57Z	INFO	[misconfig] Need to update the built-in checks
2024-10-10T15:12:57Z	INFO	[misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-10-10T15:12:58Z	INFO	[secret] Secret scanning is enabled
2024-10-10T15:12:58Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-10T15:12:58Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-10T15:12:59Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-10-10T15:12:59Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="account_config, account_info, app_name, bastion_config, bcs_config, boe_db_config, bps_config, bws_config, dis_config, dsd_db_config, env_name, environment_config, fsx_config, mis_db_config, platform_vars, tags"
2024-10-10T15:12:59Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="dynamic.ip_address" value="cty.NilVal"
2024-10-10T15:12:59Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="dynamic.target_ip" value="cty.NilVal"
2024-10-10T15:12:59Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="dynamic.ip_address" value="cty.NilVal"
2024-10-10T15:12:59Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="dynamic.target_ip" value="cty.NilVal"
2024-10-10T15:13:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-10T15:13:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.data.aws_subnet.local_account" value="cty.NilVal"
2024-10-10T15:13:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.dynamic.tag" value="cty.NilVal"
2024-10-10T15:13:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.dynamic.tag" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.pagerduty_core_alerts.data.aws_sns_topic.alarm_topics" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3_bucket_ssm_sessions.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3_bucket_ssm_sessions.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3_bucket_ssm_sessions.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3_bucket_ssm_sessions.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3_bucket_ssm_sessions.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3_bucket_ssm_sessions.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3_bucket_ssm_sessions.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3_bucket_ssm_sessions.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3_bucket_ssm_sessions.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3_bucket_ssm_sessions.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3_bucket_ssm_sessions.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3_bucket_ssm_sessions.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bcs_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bcs_instance[0].dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bcs_instance[0].dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bcs_instance[0].dynamic.private_dns_name_options" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bcs_instance[0].dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bcs_instance[0].dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bcs_instance[0].dynamic.private_dns_name_options" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bps_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bps_instance[0].dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bps_instance[0].dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bps_instance[0].dynamic.private_dns_name_options" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bps_instance[0].dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bps_instance[0].dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bps_instance[0].dynamic.private_dns_name_options" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bws_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bws_instance[0].dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bws_instance[0].dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bws_instance[0].dynamic.private_dns_name_options" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bws_instance[0].dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bws_instance[0].dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bws_instance[0].dynamic.private_dns_name_options" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.dis_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.dis_instance[0].dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.dis_instance[0].dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.dis_instance[0].dynamic.private_dns_name_options" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.dis_instance[0].dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.dis_instance[0].dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.dis_instance[0].dynamic.private_dns_name_options" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_boe[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_boe[0].module.instance.dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_boe[0].module.instance.dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_boe[0].module.instance.dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_boe[0].module.instance.dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_dsd[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_dsd[0].module.instance.dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_dsd[0].module.instance.dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_dsd[0].module.instance.dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_dsd[0].module.instance.dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_mis[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_mis[0].module.instance.dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_mis[0].module.instance.dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_mis[0].module.instance.dynamic.ephemeral_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_mis[0].module.instance.dynamic.ebs_block_device" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_oracledb_backups.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_oracledb_backups.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_oracledb_backups.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_oracledb_backups.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_oracledb_backups.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_oracledb_backups.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_oracledb_backups.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_oracledb_backups.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_ssh_keys.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_ssh_keys.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_ssh_keys.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_ssh_keys.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_ssh_keys.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_ssh_keys.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_ssh_keys.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"boe-db\"].module.s3_bucket_ssh_keys.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_oracledb_backups.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_oracledb_backups.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_oracledb_backups.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_oracledb_backups.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_oracledb_backups.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_oracledb_backups.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_oracledb_backups.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_oracledb_backups.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_ssh_keys.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_ssh_keys.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_ssh_keys.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_ssh_keys.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_ssh_keys.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_ssh_keys.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_ssh_keys.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"dsd-db\"].module.s3_bucket_ssh_keys.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_oracledb_backups.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_oracledb_backups.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_oracledb_backups.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_oracledb_backups.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_oracledb_backups.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_oracledb_backups.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_oracledb_backups.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_oracledb_backups.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_oracledb_backups.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_ssh_keys.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_ssh_keys.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_ssh_keys.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_ssh_keys.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_ssh_keys.dynamic.expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_ssh_keys.dynamic.transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_ssh_keys.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_ssh_keys.dynamic.principals" value="cty.NilVal"
2024-10-10T15:13:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.oracle_db_shared[\"mis-db\"].module.s3_bucket_ssh_keys.dynamic.condition" value="cty.NilVal"
2024-10-10T15:13:08Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance/main.tf:22"
2024-10-10T15:13:08Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance/main.tf:22"
2024-10-10T15:13:08Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance/main.tf:22"
2024-10-10T15:13:08Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance/main.tf:22"
2024-10-10T15:13:08Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance/main.tf:22"
2024-10-10T15:13:08Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance/main.tf:22"
2024-10-10T15:13:08Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance/main.tf:22"
2024-10-10T15:13:08Z	INFO	[terraform executor] Ignore finding	rule="aws-ssm-secret-use-customer-key" range="secrets.tf:3-9"
2024-10-10T15:13:08Z	INFO	[terraform executor] Ignore finding	rule="aws-ssm-secret-use-customer-key" range="secrets.tf:12-18"
2024-10-10T15:13:08Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=c918b2189d9f81d224e07e98fa1bc9ff38e4ba12/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-10-10T15:13:08Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0/main.tf:171-179"
2024-10-10T15:13:08Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-egress-sgr" range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:15"
2024-10-10T15:13:08Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-egress-sgr" range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:15"
2024-10-10T15:13:08Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-egress-sgr" range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:15"
2024-10-10T15:13:08Z	INFO	Number of language-specific files	num=0
2024-10-10T15:13:08Z	INFO	Detected config files	num=17

../../../delius-core/modules/components/oracle_db_shared/s3.tf (terraform)
==========================================================================
Tests: 1 (SUCCESSES: 0, FAILURES: 1, EXCEPTIONS: 0)
Failures: 1 (HIGH: 1, CRITICAL: 0)

HIGH: Bucket does not encrypt data with a customer managed key.
════════════════════════════════════════
Encryption using AWS keys provides protection for your S3 buckets. To increase control of the encryption and manage factors like rotation use customer managed keys.


See https://avd.aquasec.com/misconfig/avd-aws-0132
────────────────────────────────────────
 ../../../delius-core/modules/components/oracle_db_shared/s3.tf:204-212
   via databases.tf:13-37 (module.oracle_db_shared["boe-db"])
────────────────────────────────────────
 204resource "aws_s3_bucket_server_side_encryption_configuration" "oracledb_backups_inventory" {
 205bucket = aws_s3_bucket.s3_bucket_oracledb_backups_inventory.id
 206rule {
 207apply_server_side_encryption_by_default {
 208kms_master_key_id = var.account_config.kms_keys.general_shared
 209sse_algorithm     = "aws:kms"
 210 │     }
 211 │   }
 212 └ }
────────────────────────────────────────



pagerduty.tf (terraform)
========================
Tests: 1 (SUCCESSES: 0, FAILURES: 1, EXCEPTIONS: 0)
Failures: 1 (HIGH: 1, CRITICAL: 0)

HIGH: Topic does not have encryption enabled.
════════════════════════════════════════
Topics should be encrypted to protect their contents.


See https://avd.aquasec.com/misconfig/avd-aws-0095
────────────────────────────────────────
 pagerduty.tf:1-10
────────────────────────────────────────
   1resource "aws_sns_topic" "delius_mis_alarms" {
   2name = "${var.app_name}-${var.env_name}-sns-topic"
   34tags = merge(
   5 │     var.tags,
   6 │     {
   7 │       Name = "${var.app_name}-${var.env_name}-sns-topic"
   8 │     }
   9 │   )
  10 └ }
────────────────────────────────────────



sg_shared.tf (terraform)
========================
Tests: 4 (SUCCESSES: 0, FAILURES: 1, EXCEPTIONS: 3)
Failures: 1 (HIGH: 1, CRITICAL: 0)

HIGH: Security group rule allows ingress from public internet.
════════════════════════════════════════
Security groups provide stateful filtering of ingress and egress network traffic to AWS
resources. It is recommended that no security group allows unrestricted ingress access to
remote server administration ports, such as SSH to port 22 and RDP to port 3389.


See https://avd.aquasec.com/misconfig/avd-aws-0107
────────────────────────────────────────
 sg_shared.tf:28
   via sg_shared.tf:26-32 (aws_vpc_security_group_ingress_rule.fleet_manager)
────────────────────────────────────────
  26   resource "aws_vpc_security_group_ingress_rule" "fleet_manager" {
  27     security_group_id = aws_security_group.mis_ec2_shared.id
  28 [   cidr_ipv4         = "0.0.0.0/0"
  29     ip_protocol       = "tcp"
  30     from_port         = 3389
  31     to_port           = 3389
  32   }
────────────────────────────────────────


trivy_exitcode=1

@ranbeersingh1 ranbeersingh1 merged commit 721aed2 into main Oct 10, 2024
12 of 14 checks passed
@ranbeersingh1 ranbeersingh1 deleted the DBA-721-DUPLICATE branch October 10, 2024 15:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewmooreio andrewmooreio andrewmooreio approved these changes

Assignees
No one assigned
Labels
environments-repository Used to exclude PRs from this repo in our Slack PR update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ranbeersingh1 @andrewmooreio