Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Core logging default tags #9517

Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

Core logging default tags #9517

wants to merge 15 commits into from
+14 −3

Conversation

markgov
Copy link
Contributor

@markgov markgov commented Mar 11, 2025

A reference to the issue / Description of it

Adding default tags to core logging account as part of Add default tags to terraform providers across the modernisation platform
#1519

How does this PR fix the problem?

Amendments to core logging to add default tags to the environment

How has this been tested?

Please describe the tests that you ran and provide instructions to reproduce.

{Please write here}

Deployment Plan / Instructions

Will this deployment impact the platform and / or services on it?

{Please write here}

Checklist (check x in [ ] of list items)

  • I have performed a self-review of my own code
  • All checks have passed
  • I have made corresponding changes to the documentation
  • Plan and discussed how it should be deployed to PROD (If needed)

Additional comments (if any)

{Please write here}

@markgov markgov requested a review from a team as a code owner March 11, 2025 15:02
@github-actions github-actions bot added the core label Mar 11, 2025
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/core-logging

Running Trivy in terraform/environments/core-logging
2025-03-11T15:04:55Z INFO [vulndb] Need to update DB
2025-03-11T15:04:55Z INFO [vulndb] Downloading vulnerability DB...
2025-03-11T15:04:55Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T15:04:58Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T15:04:58Z INFO [vuln] Vulnerability scanning is enabled
2025-03-11T15:04:58Z INFO [misconfig] Misconfiguration scanning is enabled
2025-03-11T15:04:58Z INFO [misconfig] Need to update the built-in checks
2025-03-11T15:04:58Z INFO [misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-03-11T15:04:58Z INFO [secret] Secret scanning is enabled
2025-03-11T15:04:58Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-11T15:04:58Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-11T15:04:59Z INFO [terraform scanner] Scanning root module file_path="."
2025-03-11T15:05:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-11T15:05:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-11T15:05:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-11T15:05:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-11T15:05:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T15:05:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_eip.public" value="cty.NilVal"
2025-03-11T15:05:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T15:05:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T15:05:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T15:05:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-11T15:05:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-11T15:05:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-11T15:05:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T15:05:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_eip.public" value="cty.NilVal"
2025-03-11T15:05:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T15:05:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T15:05:02Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="athena.tf:256-279"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T15:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T15:05:05Z INFO Number of language-specific files num=1
2025-03-11T15:05:05Z INFO [gomod] Detecting vulnerabilities...
2025-03-11T15:05:05Z INFO Detected config files num=9
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/core-logging

*****************************

Running Checkov in terraform/environments/core-logging
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2025-03-11 15:05:08,487 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2025-03-11 15:05:08,487 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=4e17731f72ef24b804207f55b182f49057e73ec9:None (for external modules, the --download-external-modules flag is required)
2025-03-11 15:05:08,487 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a:None (for external modules, the --download-external-modules flag is required)
2025-03-11 15:05:08,487 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-aws-chatbot?ref=73280f80ce8a4557cec3a76ee56eb913452ca9aa:None (for external modules, the --download-external-modules flag is required)
2025-03-11 15:05:08,487 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2025-03-11 15:05:08,488 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2025-03-11 15:05:10,271 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
2025-03-11 15:05:10,272 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
terraform scan results:

Passed checks: 712, Failed checks: 0, Skipped checks: 223


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/core-logging

*****************************

Running tflint in terraform/environments/core-logging
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/core-logging

*****************************

Running Trivy in terraform/environments/core-logging
2025-03-11T15:04:55Z	INFO	[vulndb] Need to update DB
2025-03-11T15:04:55Z	INFO	[vulndb] Downloading vulnerability DB...
2025-03-11T15:04:55Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T15:04:58Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T15:04:58Z	INFO	[vuln] Vulnerability scanning is enabled
2025-03-11T15:04:58Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-03-11T15:04:58Z	INFO	[misconfig] Need to update the built-in checks
2025-03-11T15:04:58Z	INFO	[misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-03-11T15:04:58Z	INFO	[secret] Secret scanning is enabled
2025-03-11T15:04:58Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-11T15:04:58Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-11T15:04:59Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-03-11T15:05:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-11T15:05:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-11T15:05:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-11T15:05:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-11T15:05:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T15:05:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-11T15:05:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T15:05:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T15:05:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T15:05:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-11T15:05:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-11T15:05:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-11T15:05:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T15:05:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-11T15:05:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T15:05:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T15:05:02Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-lambda-enable-tracing" range="athena.tf:256-279"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T15:05:05Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T15:05:05Z	INFO	Number of language-specific files	num=1
2025-03-11T15:05:05Z	INFO	[gomod] Detecting vulnerabilities...
2025-03-11T15:05:05Z	INFO	Detected config files	num=9
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-logging-production
Plan: 1 to add, 47 to change, 1 to destroy.

dms1981
dms1981 reviewed Mar 11, 2025
View reviewed changes
Copy link
Contributor

@dms1981 dms1981 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you're going to set the tags with a default value, why set them as a blank map where they've previously been set? Why not remove them entirely? Or alternative leave them and use default_tags to manage exceptions?

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/core-logging

Running Trivy in terraform/environments/core-logging
2025-03-11T15:56:10Z INFO [vulndb] Need to update DB
2025-03-11T15:56:10Z INFO [vulndb] Downloading vulnerability DB...
2025-03-11T15:56:10Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T15:56:13Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T15:56:13Z INFO [vuln] Vulnerability scanning is enabled
2025-03-11T15:56:13Z INFO [misconfig] Misconfiguration scanning is enabled
2025-03-11T15:56:13Z INFO [misconfig] Need to update the built-in checks
2025-03-11T15:56:13Z INFO [misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-03-11T15:56:13Z INFO [secret] Secret scanning is enabled
2025-03-11T15:56:13Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-11T15:56:13Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-11T15:56:14Z INFO [terraform scanner] Scanning root module file_path="."
2025-03-11T15:56:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-11T15:56:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-11T15:56:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-11T15:56:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-11T15:56:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T15:56:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_eip.public" value="cty.NilVal"
2025-03-11T15:56:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T15:56:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T15:56:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T15:56:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-11T15:56:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-11T15:56:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-11T15:56:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T15:56:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_eip.public" value="cty.NilVal"
2025-03-11T15:56:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T15:56:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T15:56:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="athena.tf:256-279"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T15:56:19Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T15:56:19Z INFO Number of language-specific files num=1
2025-03-11T15:56:19Z INFO [gomod] Detecting vulnerabilities...
2025-03-11T15:56:19Z INFO Detected config files num=9
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/core-logging

*****************************

Running Checkov in terraform/environments/core-logging
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2025-03-11 15:56:22,515 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2025-03-11 15:56:22,515 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=4e17731f72ef24b804207f55b182f49057e73ec9:None (for external modules, the --download-external-modules flag is required)
2025-03-11 15:56:22,515 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a:None (for external modules, the --download-external-modules flag is required)
2025-03-11 15:56:22,515 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-aws-chatbot?ref=73280f80ce8a4557cec3a76ee56eb913452ca9aa:None (for external modules, the --download-external-modules flag is required)
2025-03-11 15:56:22,515 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2025-03-11 15:56:22,515 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2025-03-11 15:56:24,263 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
2025-03-11 15:56:24,263 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
terraform scan results:

Passed checks: 712, Failed checks: 0, Skipped checks: 223


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/core-logging

*****************************

Running tflint in terraform/environments/core-logging
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/core-logging

*****************************

Running Trivy in terraform/environments/core-logging
2025-03-11T15:56:10Z	INFO	[vulndb] Need to update DB
2025-03-11T15:56:10Z	INFO	[vulndb] Downloading vulnerability DB...
2025-03-11T15:56:10Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T15:56:13Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T15:56:13Z	INFO	[vuln] Vulnerability scanning is enabled
2025-03-11T15:56:13Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-03-11T15:56:13Z	INFO	[misconfig] Need to update the built-in checks
2025-03-11T15:56:13Z	INFO	[misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-03-11T15:56:13Z	INFO	[secret] Secret scanning is enabled
2025-03-11T15:56:13Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-11T15:56:13Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-11T15:56:14Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-03-11T15:56:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-11T15:56:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-11T15:56:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-11T15:56:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-11T15:56:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T15:56:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-11T15:56:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T15:56:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T15:56:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T15:56:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-11T15:56:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-11T15:56:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-11T15:56:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T15:56:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-11T15:56:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T15:56:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T15:56:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-lambda-enable-tracing" range="athena.tf:256-279"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T15:56:19Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T15:56:19Z	INFO	Number of language-specific files	num=1
2025-03-11T15:56:19Z	INFO	[gomod] Detecting vulnerabilities...
2025-03-11T15:56:19Z	INFO	Detected config files	num=9
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/core-logging

Running Trivy in terraform/environments/core-logging
2025-03-11T16:12:07Z INFO [vulndb] Need to update DB
2025-03-11T16:12:07Z INFO [vulndb] Downloading vulnerability DB...
2025-03-11T16:12:07Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T16:12:10Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T16:12:10Z INFO [vuln] Vulnerability scanning is enabled
2025-03-11T16:12:10Z INFO [misconfig] Misconfiguration scanning is enabled
2025-03-11T16:12:10Z INFO [misconfig] Need to update the built-in checks
2025-03-11T16:12:10Z INFO [misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-03-11T16:12:11Z INFO [secret] Secret scanning is enabled
2025-03-11T16:12:11Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-11T16:12:11Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-11T16:12:12Z INFO [terraform scanner] Scanning root module file_path="."
2025-03-11T16:12:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-11T16:12:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-11T16:12:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-11T16:12:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-11T16:12:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T16:12:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_eip.public" value="cty.NilVal"
2025-03-11T16:12:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T16:12:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T16:12:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T16:12:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-11T16:12:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-11T16:12:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-11T16:12:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T16:12:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_eip.public" value="cty.NilVal"
2025-03-11T16:12:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T16:12:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T16:12:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="athena.tf:256-279"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T16:12:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T16:12:21Z INFO Number of language-specific files num=1
2025-03-11T16:12:21Z INFO [gomod] Detecting vulnerabilities...
2025-03-11T16:12:21Z INFO Detected config files num=9
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/core-logging

*****************************

Running Checkov in terraform/environments/core-logging
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2025-03-11 16:12:24,377 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:12:24,377 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=4e17731f72ef24b804207f55b182f49057e73ec9:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:12:24,377 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:12:24,377 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-aws-chatbot?ref=73280f80ce8a4557cec3a76ee56eb913452ca9aa:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:12:24,377 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:12:24,377 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:12:26,027 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
2025-03-11 16:12:26,027 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
terraform scan results:

Passed checks: 712, Failed checks: 0, Skipped checks: 223


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/core-logging

*****************************

Running tflint in terraform/environments/core-logging
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/core-logging

*****************************

Running Trivy in terraform/environments/core-logging
2025-03-11T16:12:07Z	INFO	[vulndb] Need to update DB
2025-03-11T16:12:07Z	INFO	[vulndb] Downloading vulnerability DB...
2025-03-11T16:12:07Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T16:12:10Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T16:12:10Z	INFO	[vuln] Vulnerability scanning is enabled
2025-03-11T16:12:10Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-03-11T16:12:10Z	INFO	[misconfig] Need to update the built-in checks
2025-03-11T16:12:10Z	INFO	[misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-03-11T16:12:11Z	INFO	[secret] Secret scanning is enabled
2025-03-11T16:12:11Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-11T16:12:11Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-11T16:12:12Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-03-11T16:12:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-11T16:12:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-11T16:12:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-11T16:12:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-11T16:12:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T16:12:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-11T16:12:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T16:12:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T16:12:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T16:12:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-11T16:12:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-11T16:12:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-11T16:12:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T16:12:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-11T16:12:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T16:12:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T16:12:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-lambda-enable-tracing" range="athena.tf:256-279"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T16:12:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T16:12:21Z	INFO	Number of language-specific files	num=1
2025-03-11T16:12:21Z	INFO	[gomod] Detecting vulnerabilities...
2025-03-11T16:12:21Z	INFO	Detected config files	num=9
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/core-logging

Running Trivy in terraform/environments/core-logging
2025-03-11T16:15:48Z INFO [vulndb] Need to update DB
2025-03-11T16:15:48Z INFO [vulndb] Downloading vulnerability DB...
2025-03-11T16:15:48Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T16:15:51Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T16:15:51Z INFO [vuln] Vulnerability scanning is enabled
2025-03-11T16:15:51Z INFO [misconfig] Misconfiguration scanning is enabled
2025-03-11T16:15:51Z INFO [misconfig] Need to update the built-in checks
2025-03-11T16:15:51Z INFO [misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-03-11T16:15:51Z INFO [secret] Secret scanning is enabled
2025-03-11T16:15:51Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-11T16:15:51Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-11T16:15:52Z INFO [terraform scanner] Scanning root module file_path="."
2025-03-11T16:15:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-11T16:15:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-11T16:15:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-11T16:15:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-11T16:15:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T16:15:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_eip.public" value="cty.NilVal"
2025-03-11T16:15:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T16:15:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T16:15:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T16:15:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-11T16:15:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-11T16:15:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-11T16:15:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T16:15:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_eip.public" value="cty.NilVal"
2025-03-11T16:15:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T16:15:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T16:15:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="athena.tf:256-279"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T16:15:58Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T16:15:58Z INFO Number of language-specific files num=1
2025-03-11T16:15:58Z INFO [gomod] Detecting vulnerabilities...
2025-03-11T16:15:58Z INFO Detected config files num=9
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/core-logging

*****************************

Running Checkov in terraform/environments/core-logging
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2025-03-11 16:16:01,216 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:16:01,216 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=4e17731f72ef24b804207f55b182f49057e73ec9:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:16:01,216 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:16:01,216 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-aws-chatbot?ref=73280f80ce8a4557cec3a76ee56eb913452ca9aa:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:16:01,217 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:16:01,217 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:16:02,896 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
2025-03-11 16:16:02,896 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
terraform scan results:

Passed checks: 712, Failed checks: 0, Skipped checks: 223


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/core-logging

*****************************

Running tflint in terraform/environments/core-logging
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/core-logging

*****************************

Running Trivy in terraform/environments/core-logging
2025-03-11T16:15:48Z	INFO	[vulndb] Need to update DB
2025-03-11T16:15:48Z	INFO	[vulndb] Downloading vulnerability DB...
2025-03-11T16:15:48Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T16:15:51Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T16:15:51Z	INFO	[vuln] Vulnerability scanning is enabled
2025-03-11T16:15:51Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-03-11T16:15:51Z	INFO	[misconfig] Need to update the built-in checks
2025-03-11T16:15:51Z	INFO	[misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-03-11T16:15:51Z	INFO	[secret] Secret scanning is enabled
2025-03-11T16:15:51Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-11T16:15:51Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-11T16:15:52Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-03-11T16:15:54Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-11T16:15:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-11T16:15:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-11T16:15:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-11T16:15:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T16:15:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-11T16:15:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T16:15:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T16:15:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T16:15:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-11T16:15:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-11T16:15:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-11T16:15:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T16:15:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-11T16:15:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T16:15:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T16:15:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-lambda-enable-tracing" range="athena.tf:256-279"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T16:15:58Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T16:15:58Z	INFO	Number of language-specific files	num=1
2025-03-11T16:15:58Z	INFO	[gomod] Detecting vulnerabilities...
2025-03-11T16:15:58Z	INFO	Detected config files	num=9
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/core-logging

Running Trivy in terraform/environments/core-logging
2025-03-11T16:21:22Z INFO [vulndb] Need to update DB
2025-03-11T16:21:22Z INFO [vulndb] Downloading vulnerability DB...
2025-03-11T16:21:22Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T16:21:24Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T16:21:24Z INFO [vuln] Vulnerability scanning is enabled
2025-03-11T16:21:24Z INFO [misconfig] Misconfiguration scanning is enabled
2025-03-11T16:21:24Z INFO [misconfig] Need to update the built-in checks
2025-03-11T16:21:24Z INFO [misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-03-11T16:21:25Z INFO [secret] Secret scanning is enabled
2025-03-11T16:21:25Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-11T16:21:25Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-11T16:21:26Z INFO [terraform scanner] Scanning root module file_path="."
2025-03-11T16:21:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-11T16:21:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-11T16:21:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-11T16:21:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-11T16:21:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T16:21:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_eip.public" value="cty.NilVal"
2025-03-11T16:21:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T16:21:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T16:21:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T16:21:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-11T16:21:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-11T16:21:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-11T16:21:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T16:21:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_eip.public" value="cty.NilVal"
2025-03-11T16:21:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T16:21:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T16:21:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="athena.tf:256-279"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T16:21:31Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T16:21:31Z INFO Number of language-specific files num=1
2025-03-11T16:21:31Z INFO [gomod] Detecting vulnerabilities...
2025-03-11T16:21:31Z INFO Detected config files num=9
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/core-logging

*****************************

Running Checkov in terraform/environments/core-logging
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2025-03-11 16:21:34,634 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:21:34,634 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=4e17731f72ef24b804207f55b182f49057e73ec9:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:21:34,634 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:21:34,634 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-aws-chatbot?ref=73280f80ce8a4557cec3a76ee56eb913452ca9aa:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:21:34,634 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:21:34,634 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:21:36,256 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
2025-03-11 16:21:36,256 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
terraform scan results:

Passed checks: 712, Failed checks: 0, Skipped checks: 223


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/core-logging

*****************************

Running tflint in terraform/environments/core-logging
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/core-logging

*****************************

Running Trivy in terraform/environments/core-logging
2025-03-11T16:21:22Z	INFO	[vulndb] Need to update DB
2025-03-11T16:21:22Z	INFO	[vulndb] Downloading vulnerability DB...
2025-03-11T16:21:22Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T16:21:24Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T16:21:24Z	INFO	[vuln] Vulnerability scanning is enabled
2025-03-11T16:21:24Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-03-11T16:21:24Z	INFO	[misconfig] Need to update the built-in checks
2025-03-11T16:21:24Z	INFO	[misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-03-11T16:21:25Z	INFO	[secret] Secret scanning is enabled
2025-03-11T16:21:25Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-11T16:21:25Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-11T16:21:26Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-03-11T16:21:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-11T16:21:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-11T16:21:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-11T16:21:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-11T16:21:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T16:21:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-11T16:21:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T16:21:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T16:21:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T16:21:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-11T16:21:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-11T16:21:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-11T16:21:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T16:21:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-11T16:21:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T16:21:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T16:21:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-lambda-enable-tracing" range="athena.tf:256-279"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T16:21:31Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T16:21:31Z	INFO	Number of language-specific files	num=1
2025-03-11T16:21:31Z	INFO	[gomod] Detecting vulnerabilities...
2025-03-11T16:21:31Z	INFO	Detected config files	num=9
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/core-logging

Running Trivy in terraform/environments/core-logging
2025-03-11T16:28:43Z INFO [vulndb] Need to update DB
2025-03-11T16:28:43Z INFO [vulndb] Downloading vulnerability DB...
2025-03-11T16:28:43Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T16:28:45Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T16:28:45Z INFO [vuln] Vulnerability scanning is enabled
2025-03-11T16:28:45Z INFO [misconfig] Misconfiguration scanning is enabled
2025-03-11T16:28:45Z INFO [misconfig] Need to update the built-in checks
2025-03-11T16:28:45Z INFO [misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-03-11T16:28:46Z INFO [secret] Secret scanning is enabled
2025-03-11T16:28:46Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-11T16:28:46Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-11T16:28:47Z INFO [terraform scanner] Scanning root module file_path="."
2025-03-11T16:28:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-11T16:28:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-11T16:28:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-11T16:28:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-11T16:28:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T16:28:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_eip.public" value="cty.NilVal"
2025-03-11T16:28:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T16:28:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T16:28:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T16:28:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-11T16:28:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-11T16:28:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-11T16:28:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T16:28:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_eip.public" value="cty.NilVal"
2025-03-11T16:28:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T16:28:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T16:28:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="athena.tf:256-279"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T16:28:51Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T16:28:52Z INFO Number of language-specific files num=1
2025-03-11T16:28:52Z INFO [gomod] Detecting vulnerabilities...
2025-03-11T16:28:52Z INFO Detected config files num=9
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/core-logging

*****************************

Running Checkov in terraform/environments/core-logging
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2025-03-11 16:28:54,420 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:28:54,420 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=4e17731f72ef24b804207f55b182f49057e73ec9:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:28:54,420 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:28:54,421 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-aws-chatbot?ref=73280f80ce8a4557cec3a76ee56eb913452ca9aa:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:28:54,421 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:28:54,421 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2025-03-11 16:28:56,105 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
2025-03-11 16:28:56,105 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
terraform scan results:

Passed checks: 712, Failed checks: 0, Skipped checks: 223


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/core-logging

*****************************

Running tflint in terraform/environments/core-logging
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/core-logging

*****************************

Running Trivy in terraform/environments/core-logging
2025-03-11T16:28:43Z	INFO	[vulndb] Need to update DB
2025-03-11T16:28:43Z	INFO	[vulndb] Downloading vulnerability DB...
2025-03-11T16:28:43Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T16:28:45Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-11T16:28:45Z	INFO	[vuln] Vulnerability scanning is enabled
2025-03-11T16:28:45Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-03-11T16:28:45Z	INFO	[misconfig] Need to update the built-in checks
2025-03-11T16:28:45Z	INFO	[misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-03-11T16:28:46Z	INFO	[secret] Secret scanning is enabled
2025-03-11T16:28:46Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-11T16:28:46Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-11T16:28:47Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-03-11T16:28:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-11T16:28:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-11T16:28:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-11T16:28:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-11T16:28:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T16:28:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-11T16:28:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T16:28:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T16:28:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T16:28:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-11T16:28:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-11T16:28:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-11T16:28:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-11T16:28:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-11T16:28:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-11T16:28:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-11T16:28:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-lambda-enable-tracing" range="athena.tf:256-279"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T16:28:51Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-11T16:28:52Z	INFO	Number of language-specific files	num=1
2025-03-11T16:28:52Z	INFO	[gomod] Detecting vulnerabilities...
2025-03-11T16:28:52Z	INFO	Detected config files	num=9
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-logging-production
Plan: 1 to add, 49 to change, 1 to destroy.

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/core-logging

Running Trivy in terraform/environments/core-logging
2025-03-12T13:50:16Z INFO [vulndb] Need to update DB
2025-03-12T13:50:16Z INFO [vulndb] Downloading vulnerability DB...
2025-03-12T13:50:16Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-12T13:50:19Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-12T13:50:19Z INFO [vuln] Vulnerability scanning is enabled
2025-03-12T13:50:19Z INFO [misconfig] Misconfiguration scanning is enabled
2025-03-12T13:50:19Z INFO [misconfig] Need to update the built-in checks
2025-03-12T13:50:19Z INFO [misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-03-12T13:50:20Z INFO [secret] Secret scanning is enabled
2025-03-12T13:50:20Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-12T13:50:20Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-12T13:50:21Z INFO [terraform scanner] Scanning root module file_path="."
2025-03-12T13:50:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-12T13:50:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-12T13:50:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-12T13:50:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-12T13:50:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-12T13:50:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_eip.public" value="cty.NilVal"
2025-03-12T13:50:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-12T13:50:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-12T13:50:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-12T13:50:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-12T13:50:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-12T13:50:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-12T13:50:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-12T13:50:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_eip.public" value="cty.NilVal"
2025-03-12T13:50:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-12T13:50:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-12T13:50:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="athena.tf:257-280"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-12T13:50:28Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-12T13:50:29Z INFO Number of language-specific files num=1
2025-03-12T13:50:29Z INFO [gomod] Detecting vulnerabilities...
2025-03-12T13:50:29Z INFO Detected config files num=9
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/core-logging

*****************************

Running Checkov in terraform/environments/core-logging
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2025-03-12 13:50:32,371 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2025-03-12 13:50:32,371 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=4e17731f72ef24b804207f55b182f49057e73ec9:None (for external modules, the --download-external-modules flag is required)
2025-03-12 13:50:32,371 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a:None (for external modules, the --download-external-modules flag is required)
2025-03-12 13:50:32,371 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-aws-chatbot?ref=73280f80ce8a4557cec3a76ee56eb913452ca9aa:None (for external modules, the --download-external-modules flag is required)
2025-03-12 13:50:32,371 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2025-03-12 13:50:32,371 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2025-03-12 13:50:33,980 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
2025-03-12 13:50:33,980 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
terraform scan results:

Passed checks: 712, Failed checks: 0, Skipped checks: 223


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/core-logging

*****************************

Running tflint in terraform/environments/core-logging
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/core-logging

*****************************

Running Trivy in terraform/environments/core-logging
2025-03-12T13:50:16Z	INFO	[vulndb] Need to update DB
2025-03-12T13:50:16Z	INFO	[vulndb] Downloading vulnerability DB...
2025-03-12T13:50:16Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-12T13:50:19Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-12T13:50:19Z	INFO	[vuln] Vulnerability scanning is enabled
2025-03-12T13:50:19Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-03-12T13:50:19Z	INFO	[misconfig] Need to update the built-in checks
2025-03-12T13:50:19Z	INFO	[misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-03-12T13:50:20Z	INFO	[secret] Secret scanning is enabled
2025-03-12T13:50:20Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-12T13:50:20Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-12T13:50:21Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-03-12T13:50:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-12T13:50:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-12T13:50:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-12T13:50:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-12T13:50:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-12T13:50:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-12T13:50:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-12T13:50:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-12T13:50:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-12T13:50:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-12T13:50:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-12T13:50:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-12T13:50:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-12T13:50:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-12T13:50:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-12T13:50:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-12T13:50:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-lambda-enable-tracing" range="athena.tf:257-280"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-12T13:50:28Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-12T13:50:29Z	INFO	Number of language-specific files	num=1
2025-03-12T13:50:29Z	INFO	[gomod] Detecting vulnerabilities...
2025-03-12T13:50:29Z	INFO	Detected config files	num=9
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-logging-production
Plan: 1 to add, 49 to change, 1 to destroy.

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/core-logging

Running Trivy in terraform/environments/core-logging
2025-03-13T13:49:16Z INFO [vulndb] Need to update DB
2025-03-13T13:49:16Z INFO [vulndb] Downloading vulnerability DB...
2025-03-13T13:49:16Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T13:49:18Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T13:49:18Z INFO [vuln] Vulnerability scanning is enabled
2025-03-13T13:49:18Z INFO [misconfig] Misconfiguration scanning is enabled
2025-03-13T13:49:18Z INFO [misconfig] Need to update the built-in checks
2025-03-13T13:49:18Z INFO [misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-03-13T13:49:19Z INFO [secret] Secret scanning is enabled
2025-03-13T13:49:19Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-13T13:49:19Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-13T13:49:20Z ERROR [terraform parser] Error parsing file module="root" file_path="providers.tf" err="providers.tf:37,1-2: Argument or block definition required; An argument or block definition is required here."
2025-03-13T13:49:20Z INFO [terraform scanner] Scanning root module file_path="."
2025-03-13T13:49:20Z ERROR [terraform parser] Error parsing file module="root" file_path="providers.tf" err="providers.tf:37,1-2: Argument or block definition required; An argument or block definition is required here."
2025-03-13T13:49:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-13T13:49:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-13T13:49:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-13T13:49:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-13T13:49:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T13:49:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_eip.public" value="cty.NilVal"
2025-03-13T13:49:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T13:49:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T13:49:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T13:49:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-13T13:49:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-13T13:49:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-13T13:49:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T13:49:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_eip.public" value="cty.NilVal"
2025-03-13T13:49:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T13:49:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T13:49:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T13:49:25Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="athena.tf:257-280"
2025-03-13T13:49:26Z INFO Number of language-specific files num=1
2025-03-13T13:49:26Z INFO [gomod] Detecting vulnerabilities...
2025-03-13T13:49:26Z INFO Detected config files num=9
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/core-logging

*****************************

Running Checkov in terraform/environments/core-logging
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2025-03-13 13:49:28,701 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2025-03-13 13:49:28,701 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=4e17731f72ef24b804207f55b182f49057e73ec9:None (for external modules, the --download-external-modules flag is required)
2025-03-13 13:49:28,701 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a:None (for external modules, the --download-external-modules flag is required)
2025-03-13 13:49:28,701 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-aws-chatbot?ref=73280f80ce8a4557cec3a76ee56eb913452ca9aa:None (for external modules, the --download-external-modules flag is required)
2025-03-13 13:49:28,701 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2025-03-13 13:49:28,701 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2025-03-13 13:49:30,286 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
2025-03-13 13:49:30,286 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
terraform scan results:

Passed checks: 708, Failed checks: 0, Skipped checks: 223, Parsing errors: 1


checkov_exitcode=0

CTFLint Scan Failed

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/core-logging

*****************************

Running tflint in terraform/environments/core-logging
Excluding the following checks: terraform_unused_declarations
Failed to load configurations; terraform/environments/core-logging/providers.tf:37,1-2: Argument or block definition required; An argument or block definition is required here.:

�[31mError�[0m: Argument or block definition required

  on terraform/environments/core-logging/providers.tf line 37:
  37: �[1;4m}�[0m

An argument or block definition is required here.

tflint_exitcode=1

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/core-logging

*****************************

Running Trivy in terraform/environments/core-logging
2025-03-13T13:49:16Z	INFO	[vulndb] Need to update DB
2025-03-13T13:49:16Z	INFO	[vulndb] Downloading vulnerability DB...
2025-03-13T13:49:16Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T13:49:18Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T13:49:18Z	INFO	[vuln] Vulnerability scanning is enabled
2025-03-13T13:49:18Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-03-13T13:49:18Z	INFO	[misconfig] Need to update the built-in checks
2025-03-13T13:49:18Z	INFO	[misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-03-13T13:49:19Z	INFO	[secret] Secret scanning is enabled
2025-03-13T13:49:19Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-13T13:49:19Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-13T13:49:20Z	ERROR	[terraform parser] Error parsing file	module="root" file_path="providers.tf" err="providers.tf:37,1-2: Argument or block definition required; An argument or block definition is required here."
2025-03-13T13:49:20Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-03-13T13:49:20Z	ERROR	[terraform parser] Error parsing file	module="root" file_path="providers.tf" err="providers.tf:37,1-2: Argument or block definition required; An argument or block definition is required here."
2025-03-13T13:49:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-13T13:49:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-13T13:49:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-13T13:49:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-13T13:49:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T13:49:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-13T13:49:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T13:49:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T13:49:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T13:49:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-13T13:49:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-13T13:49:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-13T13:49:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T13:49:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-13T13:49:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T13:49:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T13:49:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T13:49:25Z	INFO	[terraform executor] Ignore finding	rule="aws-lambda-enable-tracing" range="athena.tf:257-280"
2025-03-13T13:49:26Z	INFO	Number of language-specific files	num=1
2025-03-13T13:49:26Z	INFO	[gomod] Detecting vulnerabilities...
2025-03-13T13:49:26Z	INFO	Detected config files	num=9
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/core-logging

Running Trivy in terraform/environments/core-logging
2025-03-13T13:51:09Z INFO [vulndb] Need to update DB
2025-03-13T13:51:09Z INFO [vulndb] Downloading vulnerability DB...
2025-03-13T13:51:09Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T13:51:11Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T13:51:11Z INFO [vuln] Vulnerability scanning is enabled
2025-03-13T13:51:11Z INFO [misconfig] Misconfiguration scanning is enabled
2025-03-13T13:51:11Z INFO [misconfig] Need to update the built-in checks
2025-03-13T13:51:11Z INFO [misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-03-13T13:51:12Z INFO [secret] Secret scanning is enabled
2025-03-13T13:51:12Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-13T13:51:12Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-13T13:51:13Z INFO [terraform scanner] Scanning root module file_path="."
2025-03-13T13:51:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-13T13:51:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-13T13:51:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-13T13:51:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-13T13:51:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T13:51:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_eip.public" value="cty.NilVal"
2025-03-13T13:51:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T13:51:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T13:51:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T13:51:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-13T13:51:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-13T13:51:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-13T13:51:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T13:51:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_eip.public" value="cty.NilVal"
2025-03-13T13:51:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T13:51:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T13:51:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="athena.tf:257-280"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T13:51:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T13:51:20Z INFO Number of language-specific files num=1
2025-03-13T13:51:20Z INFO [gomod] Detecting vulnerabilities...
2025-03-13T13:51:20Z INFO Detected config files num=9
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/core-logging

*****************************

Running Checkov in terraform/environments/core-logging
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2025-03-13 13:51:23,725 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2025-03-13 13:51:23,725 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=4e17731f72ef24b804207f55b182f49057e73ec9:None (for external modules, the --download-external-modules flag is required)
2025-03-13 13:51:23,726 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a:None (for external modules, the --download-external-modules flag is required)
2025-03-13 13:51:23,726 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-aws-chatbot?ref=73280f80ce8a4557cec3a76ee56eb913452ca9aa:None (for external modules, the --download-external-modules flag is required)
2025-03-13 13:51:23,726 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2025-03-13 13:51:23,726 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2025-03-13 13:51:25,358 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
2025-03-13 13:51:25,359 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
terraform scan results:

Passed checks: 713, Failed checks: 0, Skipped checks: 223


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/core-logging

*****************************

Running tflint in terraform/environments/core-logging
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/core-logging

*****************************

Running Trivy in terraform/environments/core-logging
2025-03-13T13:51:09Z	INFO	[vulndb] Need to update DB
2025-03-13T13:51:09Z	INFO	[vulndb] Downloading vulnerability DB...
2025-03-13T13:51:09Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T13:51:11Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T13:51:11Z	INFO	[vuln] Vulnerability scanning is enabled
2025-03-13T13:51:11Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-03-13T13:51:11Z	INFO	[misconfig] Need to update the built-in checks
2025-03-13T13:51:11Z	INFO	[misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-03-13T13:51:12Z	INFO	[secret] Secret scanning is enabled
2025-03-13T13:51:12Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-13T13:51:12Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-13T13:51:13Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-03-13T13:51:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-13T13:51:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-13T13:51:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-13T13:51:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-13T13:51:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T13:51:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-13T13:51:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T13:51:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T13:51:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T13:51:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-13T13:51:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-13T13:51:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-13T13:51:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T13:51:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-13T13:51:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T13:51:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T13:51:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-lambda-enable-tracing" range="athena.tf:257-280"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T13:51:20Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T13:51:20Z	INFO	Number of language-specific files	num=1
2025-03-13T13:51:20Z	INFO	[gomod] Detecting vulnerabilities...
2025-03-13T13:51:20Z	INFO	Detected config files	num=9
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-logging-production
Plan: 1 to add, 42 to change, 1 to destroy.

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/core-logging

Running Trivy in terraform/environments/core-logging
2025-03-13T13:59:11Z INFO [vulndb] Need to update DB
2025-03-13T13:59:11Z INFO [vulndb] Downloading vulnerability DB...
2025-03-13T13:59:11Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T13:59:13Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T13:59:13Z INFO [vuln] Vulnerability scanning is enabled
2025-03-13T13:59:13Z INFO [misconfig] Misconfiguration scanning is enabled
2025-03-13T13:59:13Z INFO [misconfig] Need to update the built-in checks
2025-03-13T13:59:13Z INFO [misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-03-13T13:59:14Z INFO [secret] Secret scanning is enabled
2025-03-13T13:59:14Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-13T13:59:14Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-13T13:59:16Z INFO [terraform scanner] Scanning root module file_path="."
2025-03-13T13:59:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-13T13:59:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-13T13:59:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-13T13:59:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-13T13:59:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T13:59:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_eip.public" value="cty.NilVal"
2025-03-13T13:59:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T13:59:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T13:59:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T13:59:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-13T13:59:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-13T13:59:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-13T13:59:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T13:59:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_eip.public" value="cty.NilVal"
2025-03-13T13:59:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T13:59:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T13:59:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:59:22Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="athena.tf:257-280"
2025-03-13T13:59:22Z INFO Number of language-specific files num=1
2025-03-13T13:59:22Z INFO [gomod] Detecting vulnerabilities...
2025-03-13T13:59:22Z INFO Detected config files num=9
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/core-logging

*****************************

Running Checkov in terraform/environments/core-logging
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2025-03-13 13:59:25,604 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2025-03-13 13:59:25,604 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=4e17731f72ef24b804207f55b182f49057e73ec9:None (for external modules, the --download-external-modules flag is required)
2025-03-13 13:59:25,604 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a:None (for external modules, the --download-external-modules flag is required)
2025-03-13 13:59:25,605 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-aws-chatbot?ref=73280f80ce8a4557cec3a76ee56eb913452ca9aa:None (for external modules, the --download-external-modules flag is required)
2025-03-13 13:59:25,605 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2025-03-13 13:59:25,605 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2025-03-13 13:59:27,251 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
2025-03-13 13:59:27,252 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
terraform scan results:

Passed checks: 713, Failed checks: 0, Skipped checks: 223


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/core-logging

*****************************

Running tflint in terraform/environments/core-logging
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/core-logging

*****************************

Running Trivy in terraform/environments/core-logging
2025-03-13T13:59:11Z	INFO	[vulndb] Need to update DB
2025-03-13T13:59:11Z	INFO	[vulndb] Downloading vulnerability DB...
2025-03-13T13:59:11Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T13:59:13Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T13:59:13Z	INFO	[vuln] Vulnerability scanning is enabled
2025-03-13T13:59:13Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-03-13T13:59:13Z	INFO	[misconfig] Need to update the built-in checks
2025-03-13T13:59:13Z	INFO	[misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-03-13T13:59:14Z	INFO	[secret] Secret scanning is enabled
2025-03-13T13:59:14Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-13T13:59:14Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-13T13:59:16Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-03-13T13:59:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-13T13:59:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-13T13:59:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-13T13:59:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-13T13:59:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T13:59:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-13T13:59:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T13:59:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T13:59:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T13:59:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-13T13:59:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-13T13:59:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-13T13:59:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T13:59:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-13T13:59:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T13:59:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T13:59:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T13:59:22Z	INFO	[terraform executor] Ignore finding	rule="aws-lambda-enable-tracing" range="athena.tf:257-280"
2025-03-13T13:59:22Z	INFO	Number of language-specific files	num=1
2025-03-13T13:59:22Z	INFO	[gomod] Detecting vulnerabilities...
2025-03-13T13:59:22Z	INFO	Detected config files	num=9
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-logging-production
Plan: 1 to add, 35 to change, 1 to destroy.

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/core-logging

Running Trivy in terraform/environments/core-logging
2025-03-13T14:05:03Z INFO [vulndb] Need to update DB
2025-03-13T14:05:03Z INFO [vulndb] Downloading vulnerability DB...
2025-03-13T14:05:03Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T14:05:05Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T14:05:05Z INFO [vuln] Vulnerability scanning is enabled
2025-03-13T14:05:05Z INFO [misconfig] Misconfiguration scanning is enabled
2025-03-13T14:05:05Z INFO [misconfig] Need to update the built-in checks
2025-03-13T14:05:05Z INFO [misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-03-13T14:05:06Z INFO [secret] Secret scanning is enabled
2025-03-13T14:05:06Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-13T14:05:06Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-13T14:05:07Z INFO [terraform scanner] Scanning root module file_path="."
2025-03-13T14:05:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-13T14:05:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-13T14:05:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-13T14:05:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-13T14:05:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T14:05:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_eip.public" value="cty.NilVal"
2025-03-13T14:05:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T14:05:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T14:05:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T14:05:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-13T14:05:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-13T14:05:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-13T14:05:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T14:05:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_eip.public" value="cty.NilVal"
2025-03-13T14:05:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T14:05:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T14:05:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:05:15Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="athena.tf:257-280"
2025-03-13T14:05:15Z INFO Number of language-specific files num=1
2025-03-13T14:05:15Z INFO [gomod] Detecting vulnerabilities...
2025-03-13T14:05:15Z INFO Detected config files num=9
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/core-logging

*****************************

Running Checkov in terraform/environments/core-logging
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2025-03-13 14:05:18,776 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2025-03-13 14:05:18,777 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=4e17731f72ef24b804207f55b182f49057e73ec9:None (for external modules, the --download-external-modules flag is required)
2025-03-13 14:05:18,777 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a:None (for external modules, the --download-external-modules flag is required)
2025-03-13 14:05:18,777 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-aws-chatbot?ref=73280f80ce8a4557cec3a76ee56eb913452ca9aa:None (for external modules, the --download-external-modules flag is required)
2025-03-13 14:05:18,777 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2025-03-13 14:05:18,777 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2025-03-13 14:05:20,402 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
2025-03-13 14:05:20,402 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
terraform scan results:

Passed checks: 713, Failed checks: 0, Skipped checks: 223


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/core-logging

*****************************

Running tflint in terraform/environments/core-logging
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/core-logging

*****************************

Running Trivy in terraform/environments/core-logging
2025-03-13T14:05:03Z	INFO	[vulndb] Need to update DB
2025-03-13T14:05:03Z	INFO	[vulndb] Downloading vulnerability DB...
2025-03-13T14:05:03Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T14:05:05Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T14:05:05Z	INFO	[vuln] Vulnerability scanning is enabled
2025-03-13T14:05:05Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-03-13T14:05:05Z	INFO	[misconfig] Need to update the built-in checks
2025-03-13T14:05:05Z	INFO	[misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-03-13T14:05:06Z	INFO	[secret] Secret scanning is enabled
2025-03-13T14:05:06Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-13T14:05:06Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-13T14:05:07Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-03-13T14:05:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-13T14:05:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-13T14:05:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-13T14:05:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-13T14:05:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T14:05:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-13T14:05:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T14:05:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T14:05:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T14:05:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-13T14:05:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-13T14:05:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-13T14:05:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T14:05:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-13T14:05:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T14:05:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T14:05:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:05:15Z	INFO	[terraform executor] Ignore finding	rule="aws-lambda-enable-tracing" range="athena.tf:257-280"
2025-03-13T14:05:15Z	INFO	Number of language-specific files	num=1
2025-03-13T14:05:15Z	INFO	[gomod] Detecting vulnerabilities...
2025-03-13T14:05:15Z	INFO	Detected config files	num=9
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-logging-production
Plan: 1 to add, 31 to change, 1 to destroy.

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/core-logging

Running Trivy in terraform/environments/core-logging
2025-03-13T14:32:09Z INFO [vulndb] Need to update DB
2025-03-13T14:32:09Z INFO [vulndb] Downloading vulnerability DB...
2025-03-13T14:32:09Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T14:32:11Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T14:32:11Z INFO [vuln] Vulnerability scanning is enabled
2025-03-13T14:32:11Z INFO [misconfig] Misconfiguration scanning is enabled
2025-03-13T14:32:11Z INFO [misconfig] Need to update the built-in checks
2025-03-13T14:32:11Z INFO [misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-03-13T14:32:12Z INFO [secret] Secret scanning is enabled
2025-03-13T14:32:12Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-13T14:32:12Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-13T14:32:14Z ERROR [terraform parser] Error parsing file module="root" file_path="r53_logs.tf" err="r53_logs.tf:129,82-83: Missing key/value separator; Expected an equals sign ("=") to mark the beginning of the attribute value."
2025-03-13T14:32:14Z INFO [terraform scanner] Scanning root module file_path="."
2025-03-13T14:32:14Z ERROR [terraform parser] Error parsing file module="root" file_path="r53_logs.tf" err="r53_logs.tf:129,82-83: Missing key/value separator; Expected an equals sign ("=") to mark the beginning of the attribute value."
2025-03-13T14:32:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-13T14:32:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-13T14:32:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-13T14:32:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-13T14:32:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T14:32:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_eip.public" value="cty.NilVal"
2025-03-13T14:32:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T14:32:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T14:32:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T14:32:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-13T14:32:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-13T14:32:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-13T14:32:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T14:32:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_eip.public" value="cty.NilVal"
2025-03-13T14:32:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T14:32:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T14:32:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T14:32:21Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="athena.tf:257-280"
2025-03-13T14:32:21Z INFO Number of language-specific files num=1
2025-03-13T14:32:21Z INFO [gomod] Detecting vulnerabilities...
2025-03-13T14:32:21Z INFO Detected config files num=9
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/core-logging

*****************************

Running Checkov in terraform/environments/core-logging
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2025-03-13 14:32:24,165 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2025-03-13 14:32:24,165 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=4e17731f72ef24b804207f55b182f49057e73ec9:None (for external modules, the --download-external-modules flag is required)
2025-03-13 14:32:24,165 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a:None (for external modules, the --download-external-modules flag is required)
2025-03-13 14:32:24,165 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-aws-chatbot?ref=73280f80ce8a4557cec3a76ee56eb913452ca9aa:None (for external modules, the --download-external-modules flag is required)
2025-03-13 14:32:24,166 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2025-03-13 14:32:24,166 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2025-03-13 14:32:25,782 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
2025-03-13 14:32:25,783 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
terraform scan results:

Passed checks: 682, Failed checks: 0, Skipped checks: 217, Parsing errors: 1


checkov_exitcode=0

CTFLint Scan Failed

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/core-logging

*****************************

Running tflint in terraform/environments/core-logging
Excluding the following checks: terraform_unused_declarations
Failed to load configurations; terraform/environments/core-logging/r53_logs.tf:129,82-83: Missing key/value separator; Expected an equals sign ("=") to mark the beginning of the attribute value.:

�[31mError�[0m: Missing key/value separator

  on terraform/environments/core-logging/r53_logs.tf line 129, in resource "aws_kms_key" "r53_dns_firewall":
 129:   tags                = { Name = "${local.application_name}-r53-kms", local.tags �[1;4m}�[0m

Expected an equals sign ("=") to mark the beginning of the attribute value.

tflint_exitcode=1

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/core-logging

*****************************

Running Trivy in terraform/environments/core-logging
2025-03-13T14:32:09Z	INFO	[vulndb] Need to update DB
2025-03-13T14:32:09Z	INFO	[vulndb] Downloading vulnerability DB...
2025-03-13T14:32:09Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T14:32:11Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T14:32:11Z	INFO	[vuln] Vulnerability scanning is enabled
2025-03-13T14:32:11Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-03-13T14:32:11Z	INFO	[misconfig] Need to update the built-in checks
2025-03-13T14:32:11Z	INFO	[misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-03-13T14:32:12Z	INFO	[secret] Secret scanning is enabled
2025-03-13T14:32:12Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-13T14:32:12Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-13T14:32:14Z	ERROR	[terraform parser] Error parsing file	module="root" file_path="r53_logs.tf" err="r53_logs.tf:129,82-83: Missing key/value separator; Expected an equals sign (\"=\") to mark the beginning of the attribute value."
2025-03-13T14:32:14Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-03-13T14:32:14Z	ERROR	[terraform parser] Error parsing file	module="root" file_path="r53_logs.tf" err="r53_logs.tf:129,82-83: Missing key/value separator; Expected an equals sign (\"=\") to mark the beginning of the attribute value."
2025-03-13T14:32:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-13T14:32:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-13T14:32:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-13T14:32:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-13T14:32:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T14:32:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-13T14:32:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T14:32:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T14:32:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T14:32:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-13T14:32:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-13T14:32:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-13T14:32:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T14:32:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-13T14:32:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T14:32:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T14:32:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T14:32:21Z	INFO	[terraform executor] Ignore finding	rule="aws-lambda-enable-tracing" range="athena.tf:257-280"
2025-03-13T14:32:21Z	INFO	Number of language-specific files	num=1
2025-03-13T14:32:21Z	INFO	[gomod] Detecting vulnerabilities...
2025-03-13T14:32:21Z	INFO	Detected config files	num=9
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/core-logging

Running Trivy in terraform/environments/core-logging
2025-03-13T14:48:36Z INFO [vulndb] Need to update DB
2025-03-13T14:48:36Z INFO [vulndb] Downloading vulnerability DB...
2025-03-13T14:48:36Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T14:48:38Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T14:48:38Z INFO [vuln] Vulnerability scanning is enabled
2025-03-13T14:48:38Z INFO [misconfig] Misconfiguration scanning is enabled
2025-03-13T14:48:38Z INFO [misconfig] Need to update the built-in checks
2025-03-13T14:48:38Z INFO [misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-03-13T14:48:38Z INFO [secret] Secret scanning is enabled
2025-03-13T14:48:38Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-13T14:48:38Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-13T14:48:39Z INFO [terraform scanner] Scanning root module file_path="."
2025-03-13T14:48:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-13T14:48:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-13T14:48:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-13T14:48:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-13T14:48:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T14:48:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_eip.public" value="cty.NilVal"
2025-03-13T14:48:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T14:48:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T14:48:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T14:48:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-13T14:48:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-13T14:48:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-13T14:48:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T14:48:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_eip.public" value="cty.NilVal"
2025-03-13T14:48:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T14:48:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T14:48:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="athena.tf:257-280"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T14:48:44Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T14:48:45Z INFO Number of language-specific files num=1
2025-03-13T14:48:45Z INFO [gomod] Detecting vulnerabilities...
2025-03-13T14:48:45Z INFO Detected config files num=9
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/core-logging

*****************************

Running Checkov in terraform/environments/core-logging
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2025-03-13 14:48:47,689 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2025-03-13 14:48:47,690 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=4e17731f72ef24b804207f55b182f49057e73ec9:None (for external modules, the --download-external-modules flag is required)
2025-03-13 14:48:47,690 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a:None (for external modules, the --download-external-modules flag is required)
2025-03-13 14:48:47,690 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-aws-chatbot?ref=73280f80ce8a4557cec3a76ee56eb913452ca9aa:None (for external modules, the --download-external-modules flag is required)
2025-03-13 14:48:47,690 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2025-03-13 14:48:47,690 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2025-03-13 14:48:49,407 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
2025-03-13 14:48:49,407 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
terraform scan results:

Passed checks: 713, Failed checks: 0, Skipped checks: 223


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/core-logging

*****************************

Running tflint in terraform/environments/core-logging
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/core-logging

*****************************

Running Trivy in terraform/environments/core-logging
2025-03-13T14:48:36Z	INFO	[vulndb] Need to update DB
2025-03-13T14:48:36Z	INFO	[vulndb] Downloading vulnerability DB...
2025-03-13T14:48:36Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T14:48:38Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T14:48:38Z	INFO	[vuln] Vulnerability scanning is enabled
2025-03-13T14:48:38Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-03-13T14:48:38Z	INFO	[misconfig] Need to update the built-in checks
2025-03-13T14:48:38Z	INFO	[misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-03-13T14:48:38Z	INFO	[secret] Secret scanning is enabled
2025-03-13T14:48:38Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-13T14:48:38Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-13T14:48:39Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-03-13T14:48:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-13T14:48:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-13T14:48:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-13T14:48:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-13T14:48:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T14:48:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-13T14:48:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T14:48:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T14:48:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T14:48:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-13T14:48:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-13T14:48:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-13T14:48:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T14:48:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-13T14:48:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T14:48:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T14:48:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-lambda-enable-tracing" range="athena.tf:257-280"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T14:48:44Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T14:48:45Z	INFO	Number of language-specific files	num=1
2025-03-13T14:48:45Z	INFO	[gomod] Detecting vulnerabilities...
2025-03-13T14:48:45Z	INFO	Detected config files	num=9
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-logging-production
Plan: 1 to add, 31 to change, 1 to destroy.

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/core-logging

Running Trivy in terraform/environments/core-logging
2025-03-13T15:05:02Z INFO [vulndb] Need to update DB
2025-03-13T15:05:02Z INFO [vulndb] Downloading vulnerability DB...
2025-03-13T15:05:02Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T15:05:04Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T15:05:04Z INFO [vuln] Vulnerability scanning is enabled
2025-03-13T15:05:04Z INFO [misconfig] Misconfiguration scanning is enabled
2025-03-13T15:05:04Z INFO [misconfig] Need to update the built-in checks
2025-03-13T15:05:04Z INFO [misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-03-13T15:05:05Z INFO [secret] Secret scanning is enabled
2025-03-13T15:05:05Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-13T15:05:05Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-13T15:05:06Z INFO [terraform scanner] Scanning root module file_path="."
2025-03-13T15:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-13T15:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-13T15:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-13T15:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-13T15:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T15:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_eip.public" value="cty.NilVal"
2025-03-13T15:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T15:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T15:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T15:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.data" value="cty.NilVal"
2025-03-13T15:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.private" value="cty.NilVal"
2025-03-13T15:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.public" value="cty.NilVal"
2025-03-13T15:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T15:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_eip.public" value="cty.NilVal"
2025-03-13T15:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T15:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T15:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc["non_live_data"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-lambda-enable-tracing" range="athena.tf:257-280"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T15:05:11Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T15:05:12Z INFO Number of language-specific files num=1
2025-03-13T15:05:12Z INFO [gomod] Detecting vulnerabilities...
2025-03-13T15:05:12Z INFO Detected config files num=9
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/core-logging

*****************************

Running Checkov in terraform/environments/core-logging
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2025-03-13 15:05:15,068 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2025-03-13 15:05:15,068 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=4e17731f72ef24b804207f55b182f49057e73ec9:None (for external modules, the --download-external-modules flag is required)
2025-03-13 15:05:15,069 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=cadab519b10a7d28dfa3b77d407725db6b37614a:None (for external modules, the --download-external-modules flag is required)
2025-03-13 15:05:15,069 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-aws-chatbot?ref=73280f80ce8a4557cec3a76ee56eb913452ca9aa:None (for external modules, the --download-external-modules flag is required)
2025-03-13 15:05:15,069 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2025-03-13 15:05:15,069 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1:None (for external modules, the --download-external-modules flag is required)
2025-03-13 15:05:16,749 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
2025-03-13 15:05:16,749 [MainThread  ] [WARNI]  Failed to find context for resource.aws_flow_log.s3["${var.flow_log_s3_destination_arn}"]
terraform scan results:

Passed checks: 713, Failed checks: 0, Skipped checks: 223


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/core-logging

*****************************

Running tflint in terraform/environments/core-logging
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/core-logging

*****************************

Running Trivy in terraform/environments/core-logging
2025-03-13T15:05:02Z	INFO	[vulndb] Need to update DB
2025-03-13T15:05:02Z	INFO	[vulndb] Downloading vulnerability DB...
2025-03-13T15:05:02Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T15:05:04Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-03-13T15:05:04Z	INFO	[vuln] Vulnerability scanning is enabled
2025-03-13T15:05:04Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-03-13T15:05:04Z	INFO	[misconfig] Need to update the built-in checks
2025-03-13T15:05:04Z	INFO	[misconfig] Downloading the built-in checks...
163.77 KiB / 163.77 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-03-13T15:05:05Z	INFO	[secret] Secret scanning is enabled
2025-03-13T15:05:05Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-13T15:05:05Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-03-13T15:05:06Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-03-13T15:05:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.s3-bucket-cloudtrail.aws_s3_bucket_logging.default" value="cty.NilVal"
2025-03-13T15:05:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-13T15:05:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-13T15:05:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-13T15:05:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T15:05:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-13T15:05:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T15:05:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T15:05:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T15:05:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.data" value="cty.NilVal"
2025-03-13T15:05:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.private" value="cty.NilVal"
2025-03-13T15:05:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.public" value="cty.NilVal"
2025-03-13T15:05:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2025-03-13T15:05:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_eip.public" value="cty.NilVal"
2025-03-13T15:05:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_nat_gateway.public" value="cty.NilVal"
2025-03-13T15:05:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.data-tgw" value="cty.NilVal"
2025-03-13T15:05:09Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc[\"non_live_data\"].aws_route.private-tgw" value="cty.NilVal"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:238"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:338"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:412"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-hub/main.tf:489"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-lambda-enable-tracing" range="athena.tf:257-280"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:236"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:336"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:410"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-hub/main.tf:487"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T15:05:11Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/vpc-hub/main.tf:136-141"
2025-03-13T15:05:12Z	INFO	Number of language-specific files	num=1
2025-03-13T15:05:12Z	INFO	[gomod] Detecting vulnerabilities...
2025-03-13T15:05:12Z	INFO	Detected config files	num=9
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-logging-production
Plan: 1 to add, 30 to change, 1 to destroy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dms1981 dms1981 dms1981 left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
core
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@markgov @dms1981