Update_111224_1

[nbuckingham72]

Minor IAM permissions update

[github-actions]

Trivy Scan Success

Show Output

```hcl

---

Trivy will check the following folders:
terraform/environments/ppud

---

Running Trivy in terraform/environments/ppud
2024-12-11T15:27:04Z INFO [vulndb] Need to update DB
2024-12-11T15:27:04Z INFO [vulndb] Downloading vulnerability DB...
2024-12-11T15:27:04Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-11T15:27:06Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-11T15:27:06Z INFO [vuln] Vulnerability scanning is enabled
2024-12-11T15:27:06Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-11T15:27:06Z INFO [misconfig] Need to update the built-in checks
2024-12-11T15:27:06Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-12-11T15:27:06Z INFO [secret] Secret scanning is enabled
2024-12-11T15:27:06Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-11T15:27:06Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-11T15:27:08Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-11T15:27:08Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.Memory_percentage_Committed_Bytes_In_Use" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.Windows_IIS_check" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.cpu" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.cpu_usage_iowait" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.instance_health_check" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.linux_cpu" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.linux_cpu_usage_iowait" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.linux_ec2_high_memory_usage" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.linux_instance_health_check" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.linux_system_health_check" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.low_disk_space_C_volume" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.low_disk_space_D_volume" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.low_disk_space_root_volume" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.malware_event_behavior_detected" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.malware_event_engine_out_of_date" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.malware_event_engine_update_failed" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.malware_event_scan_failed" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.malware_event_signature_update_failed" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.malware_event_state_detected" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.system_health_check" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_instance.linux_instance_details" value="cty.NilVal"
2024-12-11T15:27:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_instance.windows_instance_details" value="cty.NilVal"
2024-12-11T15:27:09Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="s3.tf:119-132"
2024-12-11T15:27:09Z INFO [terraform executor] Ignore finding rule="aws-s3-enable-bucket-encryption" range="s3.tf:119-132"
2024-12-11T15:27:09Z INFO [terraform executor] Ignore finding rule="aws-elb-alb-not-public" range="alb_external.tf:89"
2024-12-11T15:27:09Z INFO [terraform executor] Ignore finding rule="aws-iam-no-user-attached-policies" range="iam.tf:924-931"
2024-12-11T15:27:10Z INFO Number of language-specific files num=0
2024-12-11T15:27:10Z INFO Detected config files num=6
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/ppud

*****************************

Running Checkov in terraform/environments/ppud
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 1278, Failed checks: 0, Skipped checks: 177


checkov_exitcode=0

CTFLint Scan Failed

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/ppud

*****************************

Running tflint in terraform/environments/ppud
Excluding the following checks: terraform_unused_declarations
2 issue(s) found:

Warning: Missing version constraint for provider "archive" in `required_providers` (terraform_required_providers)

  on terraform/environments/ppud/certificate_mgmt.tf line 201:
 201: data "archive_file" "zip_the_certificate_expiry_prod" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.md

Warning: Missing version constraint for provider "random" in `required_providers` (terraform_required_providers)

  on terraform/environments/ppud/secrets.tf line 7:
   7: resource "random_password" "password" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.md

tflint_exitcode=2

Trivy Scan Success

Show Output

*****************************

Trivy will check the following folders:
terraform/environments/ppud

*****************************

Running Trivy in terraform/environments/ppud
2024-12-11T15:27:04Z	INFO	[vulndb] Need to update DB
2024-12-11T15:27:04Z	INFO	[vulndb] Downloading vulnerability DB...
2024-12-11T15:27:04Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-11T15:27:06Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-11T15:27:06Z	INFO	[vuln] Vulnerability scanning is enabled
2024-12-11T15:27:06Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-12-11T15:27:06Z	INFO	[misconfig] Need to update the built-in checks
2024-12-11T15:27:06Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-12-11T15:27:06Z	INFO	[secret] Secret scanning is enabled
2024-12-11T15:27:06Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-11T15:27:06Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-11T15:27:08Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-12-11T15:27:08Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.Memory_percentage_Committed_Bytes_In_Use" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.Windows_IIS_check" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.cpu" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.cpu_usage_iowait" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.instance_health_check" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.linux_cpu" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.linux_cpu_usage_iowait" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.linux_ec2_high_memory_usage" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.linux_instance_health_check" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.linux_system_health_check" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.low_disk_space_C_volume" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.low_disk_space_D_volume" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.low_disk_space_root_volume" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.malware_event_behavior_detected" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.malware_event_engine_out_of_date" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.malware_event_engine_update_failed" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.malware_event_scan_failed" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.malware_event_signature_update_failed" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.malware_event_state_detected" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.system_health_check" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="data.aws_instance.linux_instance_details" value="cty.NilVal"
2024-12-11T15:27:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="data.aws_instance.windows_instance_details" value="cty.NilVal"
2024-12-11T15:27:09Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="s3.tf:119-132"
2024-12-11T15:27:09Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-enable-bucket-encryption" range="s3.tf:119-132"
2024-12-11T15:27:09Z	INFO	[terraform executor] Ignore finding	rule="aws-elb-alb-not-public" range="alb_external.tf:89"
2024-12-11T15:27:09Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-user-attached-policies" range="iam.tf:924-931"
2024-12-11T15:27:10Z	INFO	Number of language-specific files	num=0
2024-12-11T15:27:10Z	INFO	Detected config files	num=6
trivy_exitcode=0