Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add API Gateway authorizer IAM role and module configuration #9121

Merged
merged 4 commits into from
Dec 17, 2024
Merged

Add API Gateway authorizer IAM role and module configuration #9121

merged 4 commits into from
Dec 17, 2024
+60 −1

Conversation

matt-heery
Copy link
Contributor

Introduce an IAM role and module configuration for the API Gateway authorizer to enhance security and functionality.

@matt-heery matt-heery requested review from a team as code owners December 17, 2024 15:45
@github-actions github-actions bot added the environments-repository Used to exclude PRs from this repo in our Slack PR update label Dec 17, 2024
@matt-heery matt-heery temporarily deployed to electronic-monitoring-data-test December 17, 2024 15:47 — with GitHub Actions Inactive
@matt-heery matt-heery temporarily deployed to electronic-monitoring-data-development December 17, 2024 15:47 — with GitHub Actions Inactive
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/electronic-monitoring-data

Running Trivy in terraform/environments/electronic-monitoring-data
2024-12-17T15:48:06Z INFO [vulndb] Need to update DB
2024-12-17T15:48:06Z INFO [vulndb] Downloading vulnerability DB...
2024-12-17T15:48:06Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T15:48:08Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T15:48:08Z INFO [vuln] Vulnerability scanning is enabled
2024-12-17T15:48:08Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-17T15:48:08Z INFO [misconfig] Need to update the built-in checks
2024-12-17T15:48:08Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-12-17T15:48:09Z INFO [secret] Secret scanning is enabled
2024-12-17T15:48:09Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-17T15:48:09Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-17T15:48:11Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-17T15:48:11Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-12-17T15:48:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.api_gateway_authorizer.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.api_gateway_authorizer.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.calculate_checksum.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.calculate_checksum.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.format_json_fms_data.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.format_json_fms_data.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.rds_bastion.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-17T15:48:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.rds_bastion.data.aws_subnet.local_account" value="cty.NilVal"
2024-12-17T15:48:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.rds_bastion.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.rds_bastion.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.rotate_iam_key.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.rotate_iam_key.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-mdss-general-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-general-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-general-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-mdss-ho-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-ho-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-ho-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-ho-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-ho-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-mdss-specials-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-specials-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-specials-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-p1-export-bucket.module.push_lambda.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-p1-export-bucket.module.push_lambda.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z INFO [terraform scanner] Scanning root module file_path="glue-job/Archived"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-sns-topic-encryption-use-cmk" range="s3_sns.tf:36"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-sns-topic-encryption-use-cmk" range="s3_sns.tf:91"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-iam-no-user-attached-policies" range="modules/landing_bucket_iam_user_access/main.tf:2-10"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-iam-no-user-attached-policies" range="modules/landing_bucket_iam_user_access/main.tf:2-10"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="s3.tf:1133-1152"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-enable-logging" range="s3.tf:1133-1152"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-enable-bucket-encryption" range="s3.tf:1133-1152"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="modules/api_step_function/main.tf:281-286"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="modules/api_step_function/main.tf:407-411"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-s3-enable-versioning" range="s3.tf:1133-1152"
2024-12-17T15:48:23Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="analytical_platform_share.tf:50-68"
2024-12-17T15:48:23Z INFO Number of language-specific files num=0
2024-12-17T15:48:23Z INFO Detected config files num=14
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/electronic-monitoring-data

*****************************

Running Checkov in terraform/environments/electronic-monitoring-data
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-12-17 15:48:25,644 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3:None (for external modules, the --download-external-modules flag is required)
2024-12-17 15:48:25,644 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060:None (for external modules, the --download-external-modules flag is required)
2024-12-17 15:48:25,644 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-12-17 15:48:25,644 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/kms/aws:3.1.1 (for external modules, the --download-external-modules flag is required)
2024-12-17 15:48:25,644 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/secrets-manager/aws:1.3.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 2609, Failed checks: 0, Skipped checks: 115


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/electronic-monitoring-data

*****************************

Running tflint in terraform/environments/electronic-monitoring-data
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/electronic-monitoring-data

*****************************

Running Trivy in terraform/environments/electronic-monitoring-data
2024-12-17T15:48:06Z	INFO	[vulndb] Need to update DB
2024-12-17T15:48:06Z	INFO	[vulndb] Downloading vulnerability DB...
2024-12-17T15:48:06Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T15:48:08Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T15:48:08Z	INFO	[vuln] Vulnerability scanning is enabled
2024-12-17T15:48:08Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-12-17T15:48:08Z	INFO	[misconfig] Need to update the built-in checks
2024-12-17T15:48:08Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-12-17T15:48:09Z	INFO	[secret] Secret scanning is enabled
2024-12-17T15:48:09Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-17T15:48:09Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-17T15:48:11Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-12-17T15:48:11Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-12-17T15:48:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.api_gateway_authorizer.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.api_gateway_authorizer.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.calculate_checksum.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.calculate_checksum.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.format_json_fms_data.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.format_json_fms_data.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.rds_bastion.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-17T15:48:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.rds_bastion.data.aws_subnet.local_account" value="cty.NilVal"
2024-12-17T15:48:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.rds_bastion.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.rds_bastion.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.rotate_iam_key.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.rotate_iam_key.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-mdss-general-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-general-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-general-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-mdss-ho-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-ho-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-ho-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-ho-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-ho-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-mdss-specials-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-specials-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-specials-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-p1-export-bucket.module.push_lambda.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-p1-export-bucket.module.push_lambda.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T15:48:14Z	INFO	[terraform scanner] Scanning root module	file_path="glue-job/Archived"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-sns-topic-encryption-use-cmk" range="s3_sns.tf:36"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-sns-topic-encryption-use-cmk" range="s3_sns.tf:91"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-user-attached-policies" range="modules/landing_bucket_iam_user_access/main.tf:2-10"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-user-attached-policies" range="modules/landing_bucket_iam_user_access/main.tf:2-10"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="s3.tf:1133-1152"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-enable-logging" range="s3.tf:1133-1152"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-enable-bucket-encryption" range="s3.tf:1133-1152"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="modules/api_step_function/main.tf:281-286"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="modules/api_step_function/main.tf:407-411"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-enable-versioning" range="s3.tf:1133-1152"
2024-12-17T15:48:23Z	INFO	[terraform executor] Ignore finding	rule="aws-ssm-secret-use-customer-key" range="analytical_platform_share.tf:50-68"
2024-12-17T15:48:23Z	INFO	Number of language-specific files	num=0
2024-12-17T15:48:23Z	INFO	Detected config files	num=14
trivy_exitcode=0

@matt-heery matt-heery temporarily deployed to electronic-monitoring-data-test December 17, 2024 16:01 — with GitHub Actions Inactive
@matt-heery matt-heery temporarily deployed to electronic-monitoring-data-development December 17, 2024 16:01 — with GitHub Actions Inactive
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/electronic-monitoring-data

Running Trivy in terraform/environments/electronic-monitoring-data
2024-12-17T16:01:02Z INFO [vulndb] Need to update DB
2024-12-17T16:01:02Z INFO [vulndb] Downloading vulnerability DB...
2024-12-17T16:01:02Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T16:01:04Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T16:01:04Z INFO [vuln] Vulnerability scanning is enabled
2024-12-17T16:01:04Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-17T16:01:04Z INFO [misconfig] Need to update the built-in checks
2024-12-17T16:01:04Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-12-17T16:01:07Z INFO [secret] Secret scanning is enabled
2024-12-17T16:01:07Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-17T16:01:07Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-17T16:01:08Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-17T16:01:08Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-12-17T16:01:10Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.api_gateway_authorizer.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:10Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.api_gateway_authorizer.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:10Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.calculate_checksum.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:10Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.calculate_checksum.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:10Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.format_json_fms_data.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:10Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.format_json_fms_data.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:10Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:10Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:10Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.rds_bastion.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-17T16:01:10Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.rds_bastion.data.aws_subnet.local_account" value="cty.NilVal"
2024-12-17T16:01:10Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.rds_bastion.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:10Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.rds_bastion.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.rotate_iam_key.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.rotate_iam_key.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-mdss-general-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-general-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-general-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-mdss-ho-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-ho-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-ho-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-ho-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-ho-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-mdss-specials-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-specials-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-specials-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-p1-export-bucket.module.push_lambda.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-p1-export-bucket.module.push_lambda.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z INFO [terraform scanner] Scanning root module file_path="glue-job/Archived"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="s3.tf:1133-1152"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="modules/api_step_function/main.tf:281-286"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="modules/api_step_function/main.tf:407-411"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="analytical_platform_share.tf:50-68"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-iam-no-user-attached-policies" range="modules/landing_bucket_iam_user_access/main.tf:2-10"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-iam-no-user-attached-policies" range="modules/landing_bucket_iam_user_access/main.tf:2-10"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-enable-bucket-encryption" range="s3.tf:1133-1152"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-enable-logging" range="s3.tf:1133-1152"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-s3-enable-versioning" range="s3.tf:1133-1152"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-sns-topic-encryption-use-cmk" range="s3_sns.tf:36"
2024-12-17T16:01:22Z INFO [terraform executor] Ignore finding rule="aws-sns-topic-encryption-use-cmk" range="s3_sns.tf:91"
2024-12-17T16:01:22Z INFO Number of language-specific files num=0
2024-12-17T16:01:22Z INFO Detected config files num=14
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/electronic-monitoring-data

*****************************

Running Checkov in terraform/environments/electronic-monitoring-data
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-12-17 16:01:25,140 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3:None (for external modules, the --download-external-modules flag is required)
2024-12-17 16:01:25,140 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060:None (for external modules, the --download-external-modules flag is required)
2024-12-17 16:01:25,140 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-12-17 16:01:25,140 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/kms/aws:3.1.1 (for external modules, the --download-external-modules flag is required)
2024-12-17 16:01:25,140 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/secrets-manager/aws:1.3.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 2609, Failed checks: 0, Skipped checks: 115


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/electronic-monitoring-data

*****************************

Running tflint in terraform/environments/electronic-monitoring-data
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/electronic-monitoring-data

*****************************

Running Trivy in terraform/environments/electronic-monitoring-data
2024-12-17T16:01:02Z	INFO	[vulndb] Need to update DB
2024-12-17T16:01:02Z	INFO	[vulndb] Downloading vulnerability DB...
2024-12-17T16:01:02Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T16:01:04Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T16:01:04Z	INFO	[vuln] Vulnerability scanning is enabled
2024-12-17T16:01:04Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-12-17T16:01:04Z	INFO	[misconfig] Need to update the built-in checks
2024-12-17T16:01:04Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-12-17T16:01:07Z	INFO	[secret] Secret scanning is enabled
2024-12-17T16:01:07Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-17T16:01:07Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-17T16:01:08Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-12-17T16:01:08Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-12-17T16:01:10Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.api_gateway_authorizer.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:10Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.api_gateway_authorizer.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:10Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.calculate_checksum.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:10Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.calculate_checksum.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:10Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.format_json_fms_data.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:10Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.format_json_fms_data.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:10Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:10Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:10Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.rds_bastion.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-17T16:01:10Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.rds_bastion.data.aws_subnet.local_account" value="cty.NilVal"
2024-12-17T16:01:10Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.rds_bastion.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:10Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.rds_bastion.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.rotate_iam_key.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.rotate_iam_key.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-mdss-general-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-general-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-general-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-mdss-ho-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-ho-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-ho-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-ho-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-ho-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-mdss-specials-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-specials-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-specials-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-p1-export-bucket.module.push_lambda.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-p1-export-bucket.module.push_lambda.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:01:13Z	INFO	[terraform scanner] Scanning root module	file_path="glue-job/Archived"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="s3.tf:1133-1152"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="modules/api_step_function/main.tf:281-286"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="modules/api_step_function/main.tf:407-411"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ssm-secret-use-customer-key" range="analytical_platform_share.tf:50-68"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-user-attached-policies" range="modules/landing_bucket_iam_user_access/main.tf:2-10"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-user-attached-policies" range="modules/landing_bucket_iam_user_access/main.tf:2-10"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-enable-bucket-encryption" range="s3.tf:1133-1152"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-enable-logging" range="s3.tf:1133-1152"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-enable-versioning" range="s3.tf:1133-1152"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-sns-topic-encryption-use-cmk" range="s3_sns.tf:36"
2024-12-17T16:01:22Z	INFO	[terraform executor] Ignore finding	rule="aws-sns-topic-encryption-use-cmk" range="s3_sns.tf:91"
2024-12-17T16:01:22Z	INFO	Number of language-specific files	num=0
2024-12-17T16:01:22Z	INFO	Detected config files	num=14
trivy_exitcode=0

@matt-heery matt-heery had a problem deploying to electronic-monitoring-data-development December 17, 2024 16:24 — with GitHub Actions Failure
@matt-heery matt-heery had a problem deploying to electronic-monitoring-data-test December 17, 2024 16:24 — with GitHub Actions Failure
pricemg
pricemg previously approved these changes Dec 17, 2024
View reviewed changes
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/electronic-monitoring-data
terraform/environments/electronic-monitoring-data/modules/api_step_function

Running Trivy in terraform/environments/electronic-monitoring-data
2024-12-17T16:25:00Z INFO [vulndb] Need to update DB
2024-12-17T16:25:00Z INFO [vulndb] Downloading vulnerability DB...
2024-12-17T16:25:00Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T16:25:02Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T16:25:02Z INFO [vuln] Vulnerability scanning is enabled
2024-12-17T16:25:02Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-17T16:25:02Z INFO [misconfig] Need to update the built-in checks
2024-12-17T16:25:02Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-12-17T16:25:02Z INFO [secret] Secret scanning is enabled
2024-12-17T16:25:02Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-17T16:25:02Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-17T16:25:04Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-17T16:25:04Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-12-17T16:25:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.api_gateway_authorizer.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.api_gateway_authorizer.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.calculate_checksum.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.calculate_checksum.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.format_json_fms_data.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.format_json_fms_data.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.rds_bastion.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-17T16:25:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.rds_bastion.data.aws_subnet.local_account" value="cty.NilVal"
2024-12-17T16:25:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.rds_bastion.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.rds_bastion.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.rotate_iam_key.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.rotate_iam_key.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:07Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:07Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:07Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:07Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:07Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:07Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:07Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:07Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-mdss-general-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-general-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-general-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-mdss-ho-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-ho-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-ho-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-ho-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-ho-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-mdss-specials-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-specials-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-specials-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-p1-export-bucket.module.push_lambda.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-p1-export-bucket.module.push_lambda.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z INFO [terraform scanner] Scanning root module file_path="glue-job/Archived"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="analytical_platform_share.tf:50-68"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-enable-versioning" range="s3.tf:1133-1152"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-iam-no-user-attached-policies" range="modules/landing_bucket_iam_user_access/main.tf:2-10"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-iam-no-user-attached-policies" range="modules/landing_bucket_iam_user_access/main.tf:2-10"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-enable-logging" range="s3.tf:1133-1152"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="s3.tf:1133-1152"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-s3-enable-bucket-encryption" range="s3.tf:1133-1152"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-sns-topic-encryption-use-cmk" range="s3_sns.tf:36"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-sns-topic-encryption-use-cmk" range="s3_sns.tf:91"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="modules/api_step_function/main.tf:294-299"
2024-12-17T16:25:16Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="modules/api_step_function/main.tf:420-424"
2024-12-17T16:25:16Z INFO Number of language-specific files num=0
2024-12-17T16:25:16Z INFO Detected config files num=14
trivy_exitcode=0

Running Trivy in terraform/environments/electronic-monitoring-data/modules/api_step_function
2024-12-17T16:25:16Z INFO [vuln] Vulnerability scanning is enabled
2024-12-17T16:25:16Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-17T16:25:16Z INFO [secret] Secret scanning is enabled
2024-12-17T16:25:16Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-17T16:25:16Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-17T16:25:17Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-17T16:25:17Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="api_description, api_key_required, api_name, api_path, authorizer_role, lambda_function_invoke_arn, schema, stages, step_function"
2024-12-17T16:25:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_api_gateway_api_key.api_key" value="cty.NilVal"
2024-12-17T16:25:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_api_gateway_method_settings.settings" value="cty.NilVal"
2024-12-17T16:25:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_api_gateway_stage.stage" value="cty.NilVal"
2024-12-17T16:25:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_api_gateway_usage_plan.usage_plan" value="cty.NilVal"
2024-12-17T16:25:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_api_gateway_usage_plan_key.usage_plan_key" value="cty.NilVal"
2024-12-17T16:25:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_log_group.api_gateway_logs" value="cty.NilVal"
2024-12-17T16:25:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_iam_role_policy.cloudwatch" value="cty.NilVal"
2024-12-17T16:25:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_iam_role_policy_attachment.api_gateway_cloudwatch_role_policy" value="cty.NilVal"
2024-12-17T16:25:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_wafv2_web_acl_association.api_gateway_association" value="cty.NilVal"
2024-12-17T16:25:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_iam_policy_document.cloudwatch" value="cty.NilVal"
2024-12-17T16:25:17Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="main.tf:420-424"
2024-12-17T16:25:17Z INFO Number of language-specific files num=0
2024-12-17T16:25:17Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/electronic-monitoring-data
terraform/environments/electronic-monitoring-data/modules/api_step_function

*****************************

Running Checkov in terraform/environments/electronic-monitoring-data
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-12-17 16:25:20,407 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3:None (for external modules, the --download-external-modules flag is required)
2024-12-17 16:25:20,407 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060:None (for external modules, the --download-external-modules flag is required)
2024-12-17 16:25:20,407 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-12-17 16:25:20,407 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/kms/aws:3.1.1 (for external modules, the --download-external-modules flag is required)
2024-12-17 16:25:20,407 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/secrets-manager/aws:1.3.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 2610, Failed checks: 0, Skipped checks: 115


checkov_exitcode=0

*****************************

Running Checkov in terraform/environments/electronic-monitoring-data/modules/api_step_function
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 63, Failed checks: 0, Skipped checks: 4


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/electronic-monitoring-data
terraform/environments/electronic-monitoring-data/modules/api_step_function

*****************************

Running tflint in terraform/environments/electronic-monitoring-data
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

*****************************

Running tflint in terraform/environments/electronic-monitoring-data/modules/api_step_function
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/electronic-monitoring-data
terraform/environments/electronic-monitoring-data/modules/api_step_function

*****************************

Running Trivy in terraform/environments/electronic-monitoring-data
2024-12-17T16:25:00Z	INFO	[vulndb] Need to update DB
2024-12-17T16:25:00Z	INFO	[vulndb] Downloading vulnerability DB...
2024-12-17T16:25:00Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T16:25:02Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T16:25:02Z	INFO	[vuln] Vulnerability scanning is enabled
2024-12-17T16:25:02Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-12-17T16:25:02Z	INFO	[misconfig] Need to update the built-in checks
2024-12-17T16:25:02Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-12-17T16:25:02Z	INFO	[secret] Secret scanning is enabled
2024-12-17T16:25:02Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-17T16:25:02Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-17T16:25:04Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-12-17T16:25:04Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-12-17T16:25:06Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.api_gateway_authorizer.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.api_gateway_authorizer.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.calculate_checksum.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.calculate_checksum.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.format_json_fms_data.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.format_json_fms_data.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.rds_bastion.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-17T16:25:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.rds_bastion.data.aws_subnet.local_account" value="cty.NilVal"
2024-12-17T16:25:06Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.rds_bastion.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.rds_bastion.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.rotate_iam_key.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:06Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.rotate_iam_key.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:07Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:07Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:07Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:07Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:07Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:07Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:07Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:07Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-mdss-general-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-general-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-general-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-mdss-ho-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-ho-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-ho-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-ho-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-ho-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-mdss-specials-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-specials-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-specials-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-p1-export-bucket.module.push_lambda.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-p1-export-bucket.module.push_lambda.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:25:08Z	INFO	[terraform scanner] Scanning root module	file_path="glue-job/Archived"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-ssm-secret-use-customer-key" range="analytical_platform_share.tf:50-68"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-enable-versioning" range="s3.tf:1133-1152"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-user-attached-policies" range="modules/landing_bucket_iam_user_access/main.tf:2-10"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-user-attached-policies" range="modules/landing_bucket_iam_user_access/main.tf:2-10"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-enable-logging" range="s3.tf:1133-1152"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="s3.tf:1133-1152"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-enable-bucket-encryption" range="s3.tf:1133-1152"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-sns-topic-encryption-use-cmk" range="s3_sns.tf:36"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-sns-topic-encryption-use-cmk" range="s3_sns.tf:91"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="modules/api_step_function/main.tf:294-299"
2024-12-17T16:25:16Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="modules/api_step_function/main.tf:420-424"
2024-12-17T16:25:16Z	INFO	Number of language-specific files	num=0
2024-12-17T16:25:16Z	INFO	Detected config files	num=14
trivy_exitcode=0

*****************************

Running Trivy in terraform/environments/electronic-monitoring-data/modules/api_step_function
2024-12-17T16:25:16Z	INFO	[vuln] Vulnerability scanning is enabled
2024-12-17T16:25:16Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-12-17T16:25:16Z	INFO	[secret] Secret scanning is enabled
2024-12-17T16:25:16Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-17T16:25:16Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-17T16:25:17Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-12-17T16:25:17Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="api_description, api_key_required, api_name, api_path, authorizer_role, lambda_function_invoke_arn, schema, stages, step_function"
2024-12-17T16:25:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_api_gateway_api_key.api_key" value="cty.NilVal"
2024-12-17T16:25:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_api_gateway_method_settings.settings" value="cty.NilVal"
2024-12-17T16:25:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_api_gateway_stage.stage" value="cty.NilVal"
2024-12-17T16:25:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_api_gateway_usage_plan.usage_plan" value="cty.NilVal"
2024-12-17T16:25:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_api_gateway_usage_plan_key.usage_plan_key" value="cty.NilVal"
2024-12-17T16:25:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_log_group.api_gateway_logs" value="cty.NilVal"
2024-12-17T16:25:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_iam_role_policy.cloudwatch" value="cty.NilVal"
2024-12-17T16:25:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_iam_role_policy_attachment.api_gateway_cloudwatch_role_policy" value="cty.NilVal"
2024-12-17T16:25:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_wafv2_web_acl_association.api_gateway_association" value="cty.NilVal"
2024-12-17T16:25:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="data.aws_iam_policy_document.cloudwatch" value="cty.NilVal"
2024-12-17T16:25:17Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="main.tf:420-424"
2024-12-17T16:25:17Z	INFO	Number of language-specific files	num=0
2024-12-17T16:25:17Z	INFO	Detected config files	num=2
trivy_exitcode=0

@matt-heery matt-heery temporarily deployed to electronic-monitoring-data-test December 17, 2024 16:30 — with GitHub Actions Inactive
@matt-heery matt-heery temporarily deployed to electronic-monitoring-data-development December 17, 2024 16:30 — with GitHub Actions Inactive
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/electronic-monitoring-data
terraform/environments/electronic-monitoring-data/modules/api_step_function

Running Trivy in terraform/environments/electronic-monitoring-data
2024-12-17T16:30:23Z INFO [vulndb] Need to update DB
2024-12-17T16:30:23Z INFO [vulndb] Downloading vulnerability DB...
2024-12-17T16:30:23Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T16:30:25Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T16:30:25Z INFO [vuln] Vulnerability scanning is enabled
2024-12-17T16:30:25Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-17T16:30:25Z INFO [misconfig] Need to update the built-in checks
2024-12-17T16:30:25Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-12-17T16:30:26Z INFO [secret] Secret scanning is enabled
2024-12-17T16:30:26Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-17T16:30:26Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-17T16:30:27Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-17T16:30:27Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-12-17T16:30:29Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.api_gateway_authorizer.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.api_gateway_authorizer.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.calculate_checksum.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.calculate_checksum.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.format_json_fms_data.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.format_json_fms_data.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.rds_bastion.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-17T16:30:29Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.rds_bastion.data.aws_subnet.local_account" value="cty.NilVal"
2024-12-17T16:30:29Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.rds_bastion.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.rds_bastion.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.rotate_iam_key.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.rotate_iam_key.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:30Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:30Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:30Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:30Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:30Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:30Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:30Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:30Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-mdss-general-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-general-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-general-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-mdss-ho-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-ho-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-ho-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-ho-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-ho-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-mdss-specials-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-specials-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-mdss-specials-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-p1-export-bucket.module.push_lambda.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.s3-p1-export-bucket.module.push_lambda.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z INFO [terraform scanner] Scanning root module file_path="glue-job/Archived"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-enable-logging" range="s3.tf:1133-1152"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="modules/api_step_function/main.tf:295-300"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="modules/api_step_function/main.tf:421-425"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="s3.tf:1133-1152"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-iam-no-user-attached-policies" range="modules/landing_bucket_iam_user_access/main.tf:2-10"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-iam-no-user-attached-policies" range="modules/landing_bucket_iam_user_access/main.tf:2-10"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-sns-topic-encryption-use-cmk" range="s3_sns.tf:36"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-sns-topic-encryption-use-cmk" range="s3_sns.tf:91"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="analytical_platform_share.tf:50-68"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-enable-bucket-encryption" range="s3.tf:1133-1152"
2024-12-17T16:30:39Z INFO [terraform executor] Ignore finding rule="aws-s3-enable-versioning" range="s3.tf:1133-1152"
2024-12-17T16:30:39Z INFO Number of language-specific files num=0
2024-12-17T16:30:39Z INFO Detected config files num=14
trivy_exitcode=0

Running Trivy in terraform/environments/electronic-monitoring-data/modules/api_step_function
2024-12-17T16:30:39Z INFO [vuln] Vulnerability scanning is enabled
2024-12-17T16:30:39Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-17T16:30:39Z INFO [secret] Secret scanning is enabled
2024-12-17T16:30:39Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-17T16:30:39Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-17T16:30:40Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-17T16:30:40Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="api_description, api_key_required, api_name, api_path, authorizer_role, lambda_function_invoke_arn, schema, stages, step_function"
2024-12-17T16:30:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_api_gateway_api_key.api_key" value="cty.NilVal"
2024-12-17T16:30:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_api_gateway_method_settings.settings" value="cty.NilVal"
2024-12-17T16:30:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_api_gateway_stage.stage" value="cty.NilVal"
2024-12-17T16:30:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_api_gateway_usage_plan.usage_plan" value="cty.NilVal"
2024-12-17T16:30:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_api_gateway_usage_plan_key.usage_plan_key" value="cty.NilVal"
2024-12-17T16:30:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_log_group.api_gateway_logs" value="cty.NilVal"
2024-12-17T16:30:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_iam_role_policy.cloudwatch" value="cty.NilVal"
2024-12-17T16:30:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_iam_role_policy_attachment.api_gateway_cloudwatch_role_policy" value="cty.NilVal"
2024-12-17T16:30:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_wafv2_web_acl_association.api_gateway_association" value="cty.NilVal"
2024-12-17T16:30:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_iam_policy_document.cloudwatch" value="cty.NilVal"
2024-12-17T16:30:40Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="main.tf:421-425"
2024-12-17T16:30:40Z INFO Number of language-specific files num=0
2024-12-17T16:30:40Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/electronic-monitoring-data
terraform/environments/electronic-monitoring-data/modules/api_step_function

*****************************

Running Checkov in terraform/environments/electronic-monitoring-data
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-12-17 16:30:43,298 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3:None (for external modules, the --download-external-modules flag is required)
2024-12-17 16:30:43,299 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060:None (for external modules, the --download-external-modules flag is required)
2024-12-17 16:30:43,299 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-12-17 16:30:43,299 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/kms/aws:3.1.1 (for external modules, the --download-external-modules flag is required)
2024-12-17 16:30:43,299 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/secrets-manager/aws:1.3.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 2610, Failed checks: 0, Skipped checks: 115


checkov_exitcode=0

*****************************

Running Checkov in terraform/environments/electronic-monitoring-data/modules/api_step_function
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 63, Failed checks: 0, Skipped checks: 4


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/electronic-monitoring-data
terraform/environments/electronic-monitoring-data/modules/api_step_function

*****************************

Running tflint in terraform/environments/electronic-monitoring-data
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

*****************************

Running tflint in terraform/environments/electronic-monitoring-data/modules/api_step_function
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/electronic-monitoring-data
terraform/environments/electronic-monitoring-data/modules/api_step_function

*****************************

Running Trivy in terraform/environments/electronic-monitoring-data
2024-12-17T16:30:23Z	INFO	[vulndb] Need to update DB
2024-12-17T16:30:23Z	INFO	[vulndb] Downloading vulnerability DB...
2024-12-17T16:30:23Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T16:30:25Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-17T16:30:25Z	INFO	[vuln] Vulnerability scanning is enabled
2024-12-17T16:30:25Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-12-17T16:30:25Z	INFO	[misconfig] Need to update the built-in checks
2024-12-17T16:30:25Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-12-17T16:30:26Z	INFO	[secret] Secret scanning is enabled
2024-12-17T16:30:26Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-17T16:30:26Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-17T16:30:27Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-12-17T16:30:27Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-12-17T16:30:29Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.api_gateway_authorizer.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.api_gateway_authorizer.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.calculate_checksum.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.calculate_checksum.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.format_json_fms_data.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.format_json_fms_data.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.rds_bastion.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-17T16:30:29Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.rds_bastion.data.aws_subnet.local_account" value="cty.NilVal"
2024-12-17T16:30:29Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.rds_bastion.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.rds_bastion.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.rotate_iam_key.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:29Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.rotate_iam_key.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:30Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:30Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:30Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:30Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:30Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:30Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:30Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:30Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.output_file_structure_as_json_from_zip.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-fms-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-mdss-general-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-general-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-general-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-general-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-mdss-ho-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-ho-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-ho-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-ho-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-ho-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-mdss-specials-landing-bucket.module.kms_key.aws_kms_grant.this" value="cty.NilVal"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-specials-landing-bucket.module.process_landing_bucket_files.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-specials-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-mdss-specials-landing-bucket.module.this-bucket.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-p1-export-bucket.module.push_lambda.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.s3-p1-export-bucket.module.push_lambda.aws_lambda_function.this" err="1 error occurred:\n\t* invalid for-each in aws_lambda_function.this.dynamic.vpc_config block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-17T16:30:31Z	INFO	[terraform scanner] Scanning root module	file_path="glue-job/Archived"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-enable-logging" range="s3.tf:1133-1152"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="modules/api_step_function/main.tf:295-300"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="modules/api_step_function/main.tf:421-425"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=f759060/main.tf:153-163"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=95ed3c3/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="s3.tf:1133-1152"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-user-attached-policies" range="modules/landing_bucket_iam_user_access/main.tf:2-10"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-user-attached-policies" range="modules/landing_bucket_iam_user_access/main.tf:2-10"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-sns-topic-encryption-use-cmk" range="s3_sns.tf:36"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-sns-topic-encryption-use-cmk" range="s3_sns.tf:91"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-ssm-secret-use-customer-key" range="analytical_platform_share.tf:50-68"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-enable-bucket-encryption" range="s3.tf:1133-1152"
2024-12-17T16:30:39Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-enable-versioning" range="s3.tf:1133-1152"
2024-12-17T16:30:39Z	INFO	Number of language-specific files	num=0
2024-12-17T16:30:39Z	INFO	Detected config files	num=14
trivy_exitcode=0

*****************************

Running Trivy in terraform/environments/electronic-monitoring-data/modules/api_step_function
2024-12-17T16:30:39Z	INFO	[vuln] Vulnerability scanning is enabled
2024-12-17T16:30:39Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-12-17T16:30:39Z	INFO	[secret] Secret scanning is enabled
2024-12-17T16:30:39Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-17T16:30:39Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-17T16:30:40Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-12-17T16:30:40Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="api_description, api_key_required, api_name, api_path, authorizer_role, lambda_function_invoke_arn, schema, stages, step_function"
2024-12-17T16:30:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_api_gateway_api_key.api_key" value="cty.NilVal"
2024-12-17T16:30:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_api_gateway_method_settings.settings" value="cty.NilVal"
2024-12-17T16:30:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_api_gateway_stage.stage" value="cty.NilVal"
2024-12-17T16:30:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_api_gateway_usage_plan.usage_plan" value="cty.NilVal"
2024-12-17T16:30:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_api_gateway_usage_plan_key.usage_plan_key" value="cty.NilVal"
2024-12-17T16:30:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_log_group.api_gateway_logs" value="cty.NilVal"
2024-12-17T16:30:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_iam_role_policy.cloudwatch" value="cty.NilVal"
2024-12-17T16:30:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_iam_role_policy_attachment.api_gateway_cloudwatch_role_policy" value="cty.NilVal"
2024-12-17T16:30:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_wafv2_web_acl_association.api_gateway_association" value="cty.NilVal"
2024-12-17T16:30:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="data.aws_iam_policy_document.cloudwatch" value="cty.NilVal"
2024-12-17T16:30:40Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="main.tf:421-425"
2024-12-17T16:30:40Z	INFO	Number of language-specific files	num=0
2024-12-17T16:30:40Z	INFO	Detected config files	num=2
trivy_exitcode=0

@matt-heery matt-heery merged commit 7c55f6c into main Dec 17, 2024
16 checks passed
@matt-heery matt-heery deleted the api-authorizer branch December 17, 2024 21:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pricemg pricemg pricemg approved these changes

Assignees
No one assigned
Labels
environments-repository Used to exclude PRs from this repo in our Slack PR update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@matt-heery @pricemg