Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

removed id store #8317

Merged
merged 4 commits into from
Oct 18, 2024
Merged

removed id store #8317

merged 4 commits into from
Oct 18, 2024

Conversation

markgov
Copy link
Contributor

@markgov markgov commented Oct 17, 2024

made change to plan works locally

@markgov markgov requested a review from a team as a code owner October 17, 2024 08:38
@github-actions github-actions bot added the environments-repository Used to exclude PRs from this repo in our Slack PR update label Oct 17, 2024
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/example

Running Trivy in terraform/environments/example
2024-10-17T08:39:19Z INFO [vulndb] Need to update DB
2024-10-17T08:39:19Z INFO [vulndb] Downloading vulnerability DB...
2024-10-17T08:39:19Z INFO [vulndb] Downloading artifact... repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-17T08:39:22Z INFO [vulndb] Artifact successfully downloaded repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-17T08:39:22Z INFO [vuln] Vulnerability scanning is enabled
2024-10-17T08:39:22Z INFO [misconfig] Misconfiguration scanning is enabled
2024-10-17T08:39:22Z INFO [misconfig] Need to update the built-in checks
2024-10-17T08:39:22Z INFO [misconfig] Downloading the built-in checks...
2024-10-17T08:39:22Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 234.216µs, allowed: 44000/minute\n\n"
2024-10-17T08:39:22Z INFO [secret] Secret scanning is enabled
2024-10-17T08:39:22Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-17T08:39:22Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-17T08:39:23Z INFO [terraform scanner] Scanning root module file_path="."
2024-10-17T08:39:23Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-10-17T08:39:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-10-17T08:39:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-10-17T08:39:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-10-17T08:39:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-10-17T08:39:23Z INFO Number of language-specific files num=0
2024-10-17T08:39:23Z INFO Detected config files num=1
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/example

*****************************

Running Checkov in terraform/environments/example
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 9, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/example

*****************************

Running tflint in terraform/environments/example
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/example

*****************************

Running Trivy in terraform/environments/example
2024-10-17T08:39:19Z	INFO	[vulndb] Need to update DB
2024-10-17T08:39:19Z	INFO	[vulndb] Downloading vulnerability DB...
2024-10-17T08:39:19Z	INFO	[vulndb] Downloading artifact...	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-17T08:39:22Z	INFO	[vulndb] Artifact successfully downloaded	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-17T08:39:22Z	INFO	[vuln] Vulnerability scanning is enabled
2024-10-17T08:39:22Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-10-17T08:39:22Z	INFO	[misconfig] Need to update the built-in checks
2024-10-17T08:39:22Z	INFO	[misconfig] Downloading the built-in checks...
2024-10-17T08:39:22Z	ERROR	[misconfig] Falling back to embedded checks	err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 234.216µs, allowed: 44000/minute\n\n"
2024-10-17T08:39:22Z	INFO	[secret] Secret scanning is enabled
2024-10-17T08:39:22Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-17T08:39:22Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-17T08:39:23Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-10-17T08:39:23Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-10-17T08:39:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-10-17T08:39:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-10-17T08:39:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-10-17T08:39:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-10-17T08:39:23Z	INFO	Number of language-specific files	num=0
2024-10-17T08:39:23Z	INFO	Detected config files	num=1
trivy_exitcode=0

@markgov markgov had a problem deploying to example-development October 18, 2024 13:46 — with GitHub Actions Failure
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Failed

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/example

Running Trivy in terraform/environments/example
2024-10-18T13:47:04Z INFO [vulndb] Need to update DB
2024-10-18T13:47:04Z INFO [vulndb] Downloading vulnerability DB...
2024-10-18T13:47:04Z INFO [vulndb] Downloading artifact... repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-18T13:47:04Z ERROR [vulndb] Failed to download artifact repo="ghcr.io/aquasecurity/trivy-db:2" err="oci download error: failed to fetch the layer: GET https://ghcr.io/v2/aquasecurity/trivy-db/blobs/sha256:d4ba4d2ef37f027755a641f538cdb8dfee482277cae975674a150b65655dc42e: TOOMANYREQUESTS: retry-after: 58.889µs, allowed: 44000/minute"
2024-10-18T13:47:04Z FATAL Fatal error init error: DB error: failed to download vulnerability DB: OCI artifact error: failed to download vulnerability DB: failed to download artifact from any source
trivy_exitcode=1

</details> #### `Checkov Scan` Failed
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/example

*****************************

Running Checkov in terraform/environments/example
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-10-18 13:47:07,329 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3f454e2014a62990aacd5d68c64d026f11:None (for external modules, the --download-external-modules flag is required)
2024-10-18 13:47:07,329 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 77, Failed checks: 2, Skipped checks: 10

Check: CKV_AWS_378: "Ensure AWS Load Balancer doesn't use HTTP protocol"
	FAILED for resource: aws_lb_target_group.target_group
	File: /loadbalancer.tf:60-85

		60 | resource "aws_lb_target_group" "target_group" {
		61 |   name                 = "${local.application_name}-tg-${local.environment}"
		62 |   port                 = local.application_data.accounts[local.environment].server_port
		63 |   protocol             = "HTTP"
		64 |   vpc_id               = data.aws_vpc.shared.id
		65 |   target_type          = "instance"
		66 |   deregistration_delay = 30
		67 | 
		68 |   stickiness {
		69 |     type = "lb_cookie"
		70 |   }
		71 |   #checkov:skip=CKV_AWS_261: "health_check defined below, but not picked up"
		72 |   health_check {
		73 |     healthy_threshold   = "5"
		74 |     interval            = "120"
		75 |     protocol            = "HTTP"
		76 |     unhealthy_threshold = "2"
		77 |     matcher             = "200-499"
		78 |     timeout             = "5"
		79 |   }
		80 | 
		81 |   tags = { Name = "${local.application_name}-tg-${local.environment}" }
		82 |   lifecycle {
		83 |     create_before_destroy = true
		84 |   }
		85 | }

Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
	FAILED for resource: aws_lb.certificate_example_lb
	File: /certificates.tf:63-83
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf

		63 | resource "aws_lb" "certificate_example_lb" {
		64 |   name               = "certificate-example-loadbalancer"
		65 |   load_balancer_type = "application"
		66 |   subnets            = data.aws_subnets.shared-public.ids
		67 |   #checkov:skip=CKV_AWS_150:Short-lived example environment, hence no need for deletion protection
		68 |   enable_deletion_protection = false
		69 |   # allow 60*4 seconds before 504 gateway timeout for long-running DB operations
		70 |   idle_timeout               = 240
		71 |   drop_invalid_header_fields = true
		72 | 
		73 |   security_groups = [aws_security_group.certificate_example_load_balancer_sg.id]
		74 | 
		75 |   access_logs {
		76 |     bucket  = module.s3-bucket-lb.bucket.id
		77 |     prefix  = "test-lb"
		78 |     enabled = true
		79 |   }
		80 | 
		81 |   tags       = { Name = "${local.application_name}-external-loadbalancer" }
		82 |   depends_on = [aws_security_group.certificate_example_load_balancer_sg]
		83 | }


checkov_exitcode=1

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/example

*****************************

Running tflint in terraform/environments/example
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Failed

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/example

*****************************

Running Trivy in terraform/environments/example
2024-10-18T13:47:04Z	INFO	[vulndb] Need to update DB
2024-10-18T13:47:04Z	INFO	[vulndb] Downloading vulnerability DB...
2024-10-18T13:47:04Z	INFO	[vulndb] Downloading artifact...	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-18T13:47:04Z	ERROR	[vulndb] Failed to download artifact	repo="ghcr.io/aquasecurity/trivy-db:2" err="oci download error: failed to fetch the layer: GET https://ghcr.io/v2/aquasecurity/trivy-db/blobs/sha256:d4ba4d2ef37f027755a641f538cdb8dfee482277cae975674a150b65655dc42e: TOOMANYREQUESTS: retry-after: 58.889µs, allowed: 44000/minute"
2024-10-18T13:47:04Z	FATAL	Fatal error	init error: DB error: failed to download vulnerability DB: OCI artifact error: failed to download vulnerability DB: failed to download artifact from any source
trivy_exitcode=1

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Failed

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/example

Running Trivy in terraform/environments/example
2024-10-18T13:58:50Z INFO [vulndb] Need to update DB
2024-10-18T13:58:50Z INFO [vulndb] Downloading vulnerability DB...
2024-10-18T13:58:50Z INFO [vulndb] Downloading artifact... repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-18T13:58:52Z INFO [vulndb] Artifact successfully downloaded repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-18T13:58:52Z INFO [vuln] Vulnerability scanning is enabled
2024-10-18T13:58:52Z INFO [misconfig] Misconfiguration scanning is enabled
2024-10-18T13:58:52Z INFO [misconfig] Need to update the built-in checks
2024-10-18T13:58:52Z INFO [misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-10-18T13:58:53Z INFO [secret] Secret scanning is enabled
2024-10-18T13:58:53Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-18T13:58:53Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-18T13:58:54Z INFO [terraform scanner] Scanning root module file_path="."
2024-10-18T13:58:54Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-10-18T13:58:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_traffic_lb" value="cty.NilVal"
2024-10-18T13:58:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_traffic_lb" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.data.aws_subnet.local_account" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.dynamic.tag" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.dynamic.tag" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.expiration" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.transition" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.principals" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.condition" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.expiration" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.transition" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.principals" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.condition" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.shield.aws_wafv2_web_acl_association.this" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.shield.dynamic.action" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.shield.dynamic.action" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.shield.dynamic.action" value="cty.NilVal"
2024-10-18T13:58:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.shield.dynamic.action" value="cty.NilVal"
2024-10-18T13:58:57Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3f454e2014a62990aacd5d68c64d026f11/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-10-18T13:58:57Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-10-18T13:58:57Z INFO [terraform executor] Ignore finding rule="aws-elb-alb-not-public" range="loadbalancer.tf:38-58"
2024-10-18T13:58:57Z INFO [terraform executor] Ignore finding rule="aws-elb-alb-not-public" range="certificates.tf:63-83"
2024-10-18T13:58:57Z INFO Number of language-specific files num=0
2024-10-18T13:58:57Z INFO Detected config files num=5

loadbalancer.tf (terraform)

Tests: 2 (SUCCESSES: 0, FAILURES: 1, EXCEPTIONS: 1)
Failures: 1 (HIGH: 1, CRITICAL: 0)

HIGH: Root block device is not encrypted.
════════════════════════════════════════
Block devices should be encrypted to ensure sensitive data is held securely at rest.

See https://avd.aquasec.com/misconfig/avd-aws-0131
────────────────────────────────────────
loadbalancer.tf:329-346
────────────────────────────────────────
329 ┌ resource "aws_instance" "lb_example_instance" {
330 │ #checkov:skip=CKV2_AWS_41:"IAM role is not implemented for this example EC2. SSH/AWS keys are not used either."
331 │ #checkov:skip=CKV_AWS_8: "Encryption not required for example instance"
332 │ # Specify the instance type and ami to be used (this is the Amazon free tier option)
333 │ instance_type = local.application_data.accounts[local.environment].instance_type
334 │ ami = local.application_data.accounts[local.environment].ami_image_id
335 │ vpc_security_group_ids = [aws_security_group.example_load_balancer_sg.id]
336 │ subnet_id = data.aws_subnet.private_subnets_a.id
337 └ monitoring = true
...
────────────────────────────────────────

trivy_exitcode=1

</details> #### `Checkov Scan` Failed
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/example

*****************************

Running Checkov in terraform/environments/example
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-10-18 13:58:59,845 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3f454e2014a62990aacd5d68c64d026f11:None (for external modules, the --download-external-modules flag is required)
2024-10-18 13:58:59,845 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 77, Failed checks: 2, Skipped checks: 10

Check: CKV_AWS_378: "Ensure AWS Load Balancer doesn't use HTTP protocol"
	FAILED for resource: aws_lb_target_group.target_group
	File: /loadbalancer.tf:60-85

		60 | resource "aws_lb_target_group" "target_group" {
		61 |   name                 = "${local.application_name}-tg-${local.environment}"
		62 |   port                 = local.application_data.accounts[local.environment].server_port
		63 |   protocol             = "HTTP"
		64 |   vpc_id               = data.aws_vpc.shared.id
		65 |   target_type          = "instance"
		66 |   deregistration_delay = 30
		67 | 
		68 |   stickiness {
		69 |     type = "lb_cookie"
		70 |   }
		71 |   #checkov:skip=CKV_AWS_261: "health_check defined below, but not picked up"
		72 |   health_check {
		73 |     healthy_threshold   = "5"
		74 |     interval            = "120"
		75 |     protocol            = "HTTP"
		76 |     unhealthy_threshold = "2"
		77 |     matcher             = "200-499"
		78 |     timeout             = "5"
		79 |   }
		80 | 
		81 |   tags = { Name = "${local.application_name}-tg-${local.environment}" }
		82 |   lifecycle {
		83 |     create_before_destroy = true
		84 |   }
		85 | }

Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
	FAILED for resource: aws_lb.certificate_example_lb
	File: /certificates.tf:63-83
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf

		63 | resource "aws_lb" "certificate_example_lb" {
		64 |   name               = "certificate-example-loadbalancer"
		65 |   load_balancer_type = "application"
		66 |   subnets            = data.aws_subnets.shared-public.ids
		67 |   #checkov:skip=CKV_AWS_150:Short-lived example environment, hence no need for deletion protection
		68 |   enable_deletion_protection = false
		69 |   # allow 60*4 seconds before 504 gateway timeout for long-running DB operations
		70 |   idle_timeout               = 240
		71 |   drop_invalid_header_fields = true
		72 | 
		73 |   security_groups = [aws_security_group.certificate_example_load_balancer_sg.id]
		74 | 
		75 |   access_logs {
		76 |     bucket  = module.s3-bucket-lb.bucket.id
		77 |     prefix  = "test-lb"
		78 |     enabled = true
		79 |   }
		80 | 
		81 |   tags       = { Name = "${local.application_name}-external-loadbalancer" }
		82 |   depends_on = [aws_security_group.certificate_example_load_balancer_sg]
		83 | }


checkov_exitcode=1

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/example

*****************************

Running tflint in terraform/environments/example
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Failed

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/example

*****************************

Running Trivy in terraform/environments/example
2024-10-18T13:58:50Z	INFO	[vulndb] Need to update DB
2024-10-18T13:58:50Z	INFO	[vulndb] Downloading vulnerability DB...
2024-10-18T13:58:50Z	INFO	[vulndb] Downloading artifact...	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-18T13:58:52Z	INFO	[vulndb] Artifact successfully downloaded	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-18T13:58:52Z	INFO	[vuln] Vulnerability scanning is enabled
2024-10-18T13:58:52Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-10-18T13:58:52Z	INFO	[misconfig] Need to update the built-in checks
2024-10-18T13:58:52Z	INFO	[misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-10-18T13:58:53Z	INFO	[secret] Secret scanning is enabled
2024-10-18T13:58:53Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-18T13:58:53Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-18T13:58:54Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-10-18T13:58:54Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-10-18T13:58:54Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_traffic_lb" value="cty.NilVal"
2024-10-18T13:58:54Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_traffic_lb" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.data.aws_subnet.local_account" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.dynamic.tag" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.dynamic.tag" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.expiration" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.transition" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.principals" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.condition" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.expiration" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.transition" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.principals" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.condition" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.shield.aws_wafv2_web_acl_association.this" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.shield.dynamic.action" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.shield.dynamic.action" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.shield.dynamic.action" value="cty.NilVal"
2024-10-18T13:58:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.shield.dynamic.action" value="cty.NilVal"
2024-10-18T13:58:57Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3f454e2014a62990aacd5d68c64d026f11/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-10-18T13:58:57Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-10-18T13:58:57Z	INFO	[terraform executor] Ignore finding	rule="aws-elb-alb-not-public" range="loadbalancer.tf:38-58"
2024-10-18T13:58:57Z	INFO	[terraform executor] Ignore finding	rule="aws-elb-alb-not-public" range="certificates.tf:63-83"
2024-10-18T13:58:57Z	INFO	Number of language-specific files	num=0
2024-10-18T13:58:57Z	INFO	Detected config files	num=5

loadbalancer.tf (terraform)
===========================
Tests: 2 (SUCCESSES: 0, FAILURES: 1, EXCEPTIONS: 1)
Failures: 1 (HIGH: 1, CRITICAL: 0)

HIGH: Root block device is not encrypted.
════════════════════════════════════════
Block devices should be encrypted to ensure sensitive data is held securely at rest.


See https://avd.aquasec.com/misconfig/avd-aws-0131
────────────────────────────────────────
 loadbalancer.tf:329-346
────────────────────────────────────────
 329resource "aws_instance" "lb_example_instance" {
 330#checkov:skip=CKV2_AWS_41:"IAM role is not implemented for this example EC2. SSH/AWS keys are not used either."
 331#checkov:skip=CKV_AWS_8: "Encryption not required for example instance"
 332# Specify the instance type and ami to be used (this is the Amazon free tier option)
 333instance_type          = local.application_data.accounts[local.environment].instance_type
 334ami                    = local.application_data.accounts[local.environment].ami_image_id
 335vpc_security_group_ids = [aws_security_group.example_load_balancer_sg.id]
 336subnet_id              = data.aws_subnet.private_subnets_a.id
 337monitoring             = true
 ...   
────────────────────────────────────────


trivy_exitcode=1

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Failed

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/example

Running Trivy in terraform/environments/example
2024-10-18T14:06:42Z INFO [vulndb] Need to update DB
2024-10-18T14:06:42Z INFO [vulndb] Downloading vulnerability DB...
2024-10-18T14:06:42Z INFO [vulndb] Downloading artifact... repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-18T14:06:42Z ERROR [vulndb] Failed to download artifact repo="ghcr.io/aquasecurity/trivy-db:2" err="oci download error: failed to fetch the layer: GET https://ghcr.io/v2/aquasecurity/trivy-db/blobs/sha256:d4ba4d2ef37f027755a641f538cdb8dfee482277cae975674a150b65655dc42e: TOOMANYREQUESTS: retry-after: 201.702µs, allowed: 44000/minute"
2024-10-18T14:06:42Z FATAL Fatal error init error: DB error: failed to download vulnerability DB: OCI artifact error: failed to download vulnerability DB: failed to download artifact from any source
trivy_exitcode=1

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/example

*****************************

Running Checkov in terraform/environments/example
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-10-18 14:06:45,283 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3f454e2014a62990aacd5d68c64d026f11:None (for external modules, the --download-external-modules flag is required)
2024-10-18 14:06:45,283 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 77, Failed checks: 0, Skipped checks: 12


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/example

*****************************

Running tflint in terraform/environments/example
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Failed

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/example

*****************************

Running Trivy in terraform/environments/example
2024-10-18T14:06:42Z	INFO	[vulndb] Need to update DB
2024-10-18T14:06:42Z	INFO	[vulndb] Downloading vulnerability DB...
2024-10-18T14:06:42Z	INFO	[vulndb] Downloading artifact...	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-18T14:06:42Z	ERROR	[vulndb] Failed to download artifact	repo="ghcr.io/aquasecurity/trivy-db:2" err="oci download error: failed to fetch the layer: GET https://ghcr.io/v2/aquasecurity/trivy-db/blobs/sha256:d4ba4d2ef37f027755a641f538cdb8dfee482277cae975674a150b65655dc42e: TOOMANYREQUESTS: retry-after: 201.702µs, allowed: 44000/minute"
2024-10-18T14:06:42Z	FATAL	Fatal error	init error: DB error: failed to download vulnerability DB: OCI artifact error: failed to download vulnerability DB: failed to download artifact from any source
trivy_exitcode=1

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Failed

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/example

Running Trivy in terraform/environments/example
2024-10-18T14:12:43Z INFO [vulndb] Need to update DB
2024-10-18T14:12:43Z INFO [vulndb] Downloading vulnerability DB...
2024-10-18T14:12:43Z INFO [vulndb] Downloading artifact... repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-18T14:12:45Z INFO [vulndb] Artifact successfully downloaded repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-18T14:12:45Z INFO [vuln] Vulnerability scanning is enabled
2024-10-18T14:12:45Z INFO [misconfig] Misconfiguration scanning is enabled
2024-10-18T14:12:45Z INFO [misconfig] Need to update the built-in checks
2024-10-18T14:12:45Z INFO [misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-10-18T14:12:46Z INFO [secret] Secret scanning is enabled
2024-10-18T14:12:46Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-18T14:12:46Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-18T14:12:47Z INFO [terraform scanner] Scanning root module file_path="."
2024-10-18T14:12:47Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.egress_traffic_lb" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_security_group_rule.ingress_traffic_lb" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.data.aws_subnet.local_account" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.dynamic.tag" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.dynamic.tag" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.expiration" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.transition" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.principals" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.condition" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.expiration" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.transition" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.principals" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-lb.dynamic.condition" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.shield.aws_wafv2_web_acl_association.this" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.shield.dynamic.action" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.shield.dynamic.action" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.shield.dynamic.action" value="cty.NilVal"
2024-10-18T14:12:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.shield.dynamic.action" value="cty.NilVal"
2024-10-18T14:12:48Z INFO [terraform executor] Ignore finding rule="aws-elb-alb-not-public" range="loadbalancer.tf:38-58"
2024-10-18T14:12:48Z INFO [terraform executor] Ignore finding rule="aws-elb-alb-not-public" range="certificates.tf:63-84"
2024-10-18T14:12:48Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3f454e2014a62990aacd5d68c64d026f11/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-10-18T14:12:48Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-10-18T14:12:48Z INFO Number of language-specific files num=0
2024-10-18T14:12:48Z INFO Detected config files num=5

loadbalancer.tf (terraform)

Tests: 2 (SUCCESSES: 0, FAILURES: 1, EXCEPTIONS: 1)
Failures: 1 (HIGH: 1, CRITICAL: 0)

HIGH: Root block device is not encrypted.
════════════════════════════════════════
Block devices should be encrypted to ensure sensitive data is held securely at rest.

See https://avd.aquasec.com/misconfig/avd-aws-0131
────────────────────────────────────────
loadbalancer.tf:330-347
────────────────────────────────────────
330 ┌ resource "aws_instance" "lb_example_instance" {
331 │ #checkov:skip=CKV2_AWS_41:"IAM role is not implemented for this example EC2. SSH/AWS keys are not used either."
332 │ #checkov:skip=CKV_AWS_8: "Encryption not required for example instance"
333 │ # Specify the instance type and ami to be used (this is the Amazon free tier option)
334 │ instance_type = local.application_data.accounts[local.environment].instance_type
335 │ ami = local.application_data.accounts[local.environment].ami_image_id
336 │ vpc_security_group_ids = [aws_security_group.example_load_balancer_sg.id]
337 │ subnet_id = data.aws_subnet.private_subnets_a.id
338 └ monitoring = true
...
────────────────────────────────────────

trivy_exitcode=1

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/example

*****************************

Running Checkov in terraform/environments/example
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-10-18 14:12:51,399 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3f454e2014a62990aacd5d68c64d026f11:None (for external modules, the --download-external-modules flag is required)
2024-10-18 14:12:51,399 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 77, Failed checks: 0, Skipped checks: 12


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/example

*****************************

Running tflint in terraform/environments/example
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Failed

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/example

*****************************

Running Trivy in terraform/environments/example
2024-10-18T14:12:43Z	INFO	[vulndb] Need to update DB
2024-10-18T14:12:43Z	INFO	[vulndb] Downloading vulnerability DB...
2024-10-18T14:12:43Z	INFO	[vulndb] Downloading artifact...	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-18T14:12:45Z	INFO	[vulndb] Artifact successfully downloaded	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-18T14:12:45Z	INFO	[vuln] Vulnerability scanning is enabled
2024-10-18T14:12:45Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-10-18T14:12:45Z	INFO	[misconfig] Need to update the built-in checks
2024-10-18T14:12:45Z	INFO	[misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-10-18T14:12:46Z	INFO	[secret] Secret scanning is enabled
2024-10-18T14:12:46Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-18T14:12:46Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-18T14:12:47Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-10-18T14:12:47Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.egress_traffic_lb" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_security_group_rule.ingress_traffic_lb" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.data.aws_subnet.local_account" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.dynamic.tag" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.dynamic.tag" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.expiration" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.transition" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.principals" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.bastion_linux.module.s3-bucket.dynamic.condition" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.expiration" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.transition" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.principals" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.condition" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.expiration" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.transition" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.noncurrent_version_expiration" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.noncurrent_version_transition" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.principals" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-lb.dynamic.condition" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.shield.aws_wafv2_web_acl_association.this" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.shield.dynamic.action" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.shield.dynamic.action" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.shield.dynamic.action" value="cty.NilVal"
2024-10-18T14:12:47Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.shield.dynamic.action" value="cty.NilVal"
2024-10-18T14:12:48Z	INFO	[terraform executor] Ignore finding	rule="aws-elb-alb-not-public" range="loadbalancer.tf:38-58"
2024-10-18T14:12:48Z	INFO	[terraform executor] Ignore finding	rule="aws-elb-alb-not-public" range="certificates.tf:63-84"
2024-10-18T14:12:48Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3f454e2014a62990aacd5d68c64d026f11/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-10-18T14:12:48Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-10-18T14:12:48Z	INFO	Number of language-specific files	num=0
2024-10-18T14:12:48Z	INFO	Detected config files	num=5

loadbalancer.tf (terraform)
===========================
Tests: 2 (SUCCESSES: 0, FAILURES: 1, EXCEPTIONS: 1)
Failures: 1 (HIGH: 1, CRITICAL: 0)

HIGH: Root block device is not encrypted.
════════════════════════════════════════
Block devices should be encrypted to ensure sensitive data is held securely at rest.


See https://avd.aquasec.com/misconfig/avd-aws-0131
────────────────────────────────────────
 loadbalancer.tf:330-347
────────────────────────────────────────
 330resource "aws_instance" "lb_example_instance" {
 331#checkov:skip=CKV2_AWS_41:"IAM role is not implemented for this example EC2. SSH/AWS keys are not used either."
 332#checkov:skip=CKV_AWS_8: "Encryption not required for example instance"
 333# Specify the instance type and ami to be used (this is the Amazon free tier option)
 334instance_type          = local.application_data.accounts[local.environment].instance_type
 335ami                    = local.application_data.accounts[local.environment].ami_image_id
 336vpc_security_group_ids = [aws_security_group.example_load_balancer_sg.id]
 337subnet_id              = data.aws_subnet.private_subnets_a.id
 338monitoring             = true
 ...   
────────────────────────────────────────


trivy_exitcode=1

@markgov markgov had a problem deploying to example-development October 18, 2024 14:27 — with GitHub Actions Failure
@markgov markgov merged commit f22bdd5 into main Oct 18, 2024
8 of 10 checks passed
@markgov markgov deleted the clnp/modify-example-account branch October 18, 2024 14:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ep-93 ep-93 ep-93 approved these changes

Assignees
No one assigned
Labels
environments-repository Used to exclude PRs from this repo in our Slack PR update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@markgov @ep-93