Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🚀 deploy lb for onr production #9387

Merged
merged 5 commits into from
Jan 17, 2025
Merged

🚀 deploy lb for onr production #9387

merged 5 commits into from
Jan 17, 2025

Conversation

robertsweetman
Copy link
Contributor

No description provided.

@robertsweetman robertsweetman requested review from a team as code owners January 17, 2025 15:14
@github-actions github-actions bot added the environments-repository Used to exclude PRs from this repo in our Slack PR update label Jan 17, 2025
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/oasys-national-reporting

Running Trivy in terraform/environments/oasys-national-reporting
2025-01-17T15:17:17Z INFO [vulndb] Need to update DB
2025-01-17T15:17:17Z INFO [vulndb] Downloading vulnerability DB...
2025-01-17T15:17:17Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-17T15:17:19Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-17T15:17:19Z INFO [vuln] Vulnerability scanning is enabled
2025-01-17T15:17:19Z INFO [misconfig] Misconfiguration scanning is enabled
2025-01-17T15:17:19Z INFO [misconfig] Need to update the built-in checks
2025-01-17T15:17:19Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-01-17T15:17:20Z INFO [secret] Secret scanning is enabled
2025-01-17T15:17:20Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-17T15:17:20Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-17T15:17:21Z INFO [terraform scanner] Scanning root module file_path="."
2025-01-17T15:17:21Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.efs" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T15:17:21Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T15:17:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T15:17:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T15:17:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-17T15:17:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-17T15:17:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-17T15:17:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-17T15:17:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-17T15:17:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-17T15:17:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-17T15:17:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-17T15:17:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-17T15:17:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T15:17:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T15:17:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T15:17:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T15:17:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-17T15:17:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-17T15:17:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-17T15:17:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-17T15:17:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-17T15:17:24Z INFO Number of language-specific files num=0
2025-01-17T15:17:24Z INFO Detected config files num=4
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/oasys-national-reporting

*****************************

Running Checkov in terraform/environments/oasys-national-reporting
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 169, Failed checks: 0, Skipped checks: 26


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/oasys-national-reporting

*****************************

Running tflint in terraform/environments/oasys-national-reporting
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/oasys-national-reporting

*****************************

Running Trivy in terraform/environments/oasys-national-reporting
2025-01-17T15:17:17Z	INFO	[vulndb] Need to update DB
2025-01-17T15:17:17Z	INFO	[vulndb] Downloading vulnerability DB...
2025-01-17T15:17:17Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-17T15:17:19Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-17T15:17:19Z	INFO	[vuln] Vulnerability scanning is enabled
2025-01-17T15:17:19Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-01-17T15:17:19Z	INFO	[misconfig] Need to update the built-in checks
2025-01-17T15:17:19Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-01-17T15:17:20Z	INFO	[secret] Secret scanning is enabled
2025-01-17T15:17:20Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-17T15:17:20Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-17T15:17:21Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-01-17T15:17:21Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.efs" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T15:17:21Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T15:17:22Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T15:17:22Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T15:17:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-17T15:17:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-17T15:17:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-17T15:17:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-17T15:17:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-17T15:17:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-17T15:17:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-17T15:17:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-17T15:17:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-17T15:17:22Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T15:17:22Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T15:17:22Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T15:17:22Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T15:17:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-17T15:17:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-17T15:17:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-17T15:17:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-17T15:17:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-17T15:17:24Z	INFO	Number of language-specific files	num=0
2025-01-17T15:17:24Z	INFO	Detected config files	num=4
trivy_exitcode=0

drobinson-moj
drobinson-moj previously approved these changes Jan 17, 2025
View reviewed changes
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/oasys-national-reporting

Running Trivy in terraform/environments/oasys-national-reporting
2025-01-17T16:21:14Z INFO [vulndb] Need to update DB
2025-01-17T16:21:14Z INFO [vulndb] Downloading vulnerability DB...
2025-01-17T16:21:14Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-17T16:21:17Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-17T16:21:17Z INFO [vuln] Vulnerability scanning is enabled
2025-01-17T16:21:17Z INFO [misconfig] Misconfiguration scanning is enabled
2025-01-17T16:21:17Z INFO [misconfig] Need to update the built-in checks
2025-01-17T16:21:17Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-01-17T16:21:17Z INFO [secret] Secret scanning is enabled
2025-01-17T16:21:17Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-17T16:21:17Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-17T16:21:19Z INFO [terraform scanner] Scanning root module file_path="."
2025-01-17T16:21:19Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.efs" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:21:19Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:21:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:21:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:21:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-17T16:21:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-17T16:21:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-17T16:21:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-17T16:21:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-17T16:21:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-17T16:21:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-17T16:21:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:21:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:21:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:21:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:21:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:21:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:21:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-17T16:21:21Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-17T16:21:21Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-17T16:21:21Z INFO Number of language-specific files num=0
2025-01-17T16:21:21Z INFO Detected config files num=4
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/oasys-national-reporting

*****************************

Running Checkov in terraform/environments/oasys-national-reporting
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 169, Failed checks: 0, Skipped checks: 26


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/oasys-national-reporting

*****************************

Running tflint in terraform/environments/oasys-national-reporting
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/oasys-national-reporting

*****************************

Running Trivy in terraform/environments/oasys-national-reporting
2025-01-17T16:21:14Z	INFO	[vulndb] Need to update DB
2025-01-17T16:21:14Z	INFO	[vulndb] Downloading vulnerability DB...
2025-01-17T16:21:14Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-17T16:21:17Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-17T16:21:17Z	INFO	[vuln] Vulnerability scanning is enabled
2025-01-17T16:21:17Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-01-17T16:21:17Z	INFO	[misconfig] Need to update the built-in checks
2025-01-17T16:21:17Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-01-17T16:21:17Z	INFO	[secret] Secret scanning is enabled
2025-01-17T16:21:17Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-17T16:21:17Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-17T16:21:19Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-01-17T16:21:19Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.efs" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:21:19Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:21:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:21:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:21:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-17T16:21:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-17T16:21:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-17T16:21:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-17T16:21:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-17T16:21:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-17T16:21:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-17T16:21:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:21:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:21:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:21:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:21:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:21:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:21:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-17T16:21:21Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-17T16:21:21Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-17T16:21:21Z	INFO	Number of language-specific files	num=0
2025-01-17T16:21:21Z	INFO	Detected config files	num=4
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/oasys-national-reporting

Running Trivy in terraform/environments/oasys-national-reporting
2025-01-17T16:31:07Z INFO [vulndb] Need to update DB
2025-01-17T16:31:07Z INFO [vulndb] Downloading vulnerability DB...
2025-01-17T16:31:07Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-17T16:31:10Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-17T16:31:10Z INFO [vuln] Vulnerability scanning is enabled
2025-01-17T16:31:10Z INFO [misconfig] Misconfiguration scanning is enabled
2025-01-17T16:31:10Z INFO [misconfig] Need to update the built-in checks
2025-01-17T16:31:10Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-01-17T16:31:10Z INFO [secret] Secret scanning is enabled
2025-01-17T16:31:10Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-17T16:31:10Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-17T16:31:11Z INFO [terraform scanner] Scanning root module file_path="."
2025-01-17T16:31:11Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.efs" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:31:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:31:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:31:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:31:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:31:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:31:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-17T16:31:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-17T16:31:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-17T16:31:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-17T16:31:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-17T16:31:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-17T16:31:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-17T16:31:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:31:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:31:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:31:12Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:31:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:31:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:31:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-17T16:31:13Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-17T16:31:13Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-17T16:31:14Z INFO Number of language-specific files num=0
2025-01-17T16:31:14Z INFO Detected config files num=4
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/oasys-national-reporting

*****************************

Running Checkov in terraform/environments/oasys-national-reporting
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 169, Failed checks: 0, Skipped checks: 26


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/oasys-national-reporting

*****************************

Running tflint in terraform/environments/oasys-national-reporting
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/oasys-national-reporting

*****************************

Running Trivy in terraform/environments/oasys-national-reporting
2025-01-17T16:31:07Z	INFO	[vulndb] Need to update DB
2025-01-17T16:31:07Z	INFO	[vulndb] Downloading vulnerability DB...
2025-01-17T16:31:07Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-17T16:31:10Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-17T16:31:10Z	INFO	[vuln] Vulnerability scanning is enabled
2025-01-17T16:31:10Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-01-17T16:31:10Z	INFO	[misconfig] Need to update the built-in checks
2025-01-17T16:31:10Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-01-17T16:31:10Z	INFO	[secret] Secret scanning is enabled
2025-01-17T16:31:10Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-17T16:31:10Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-17T16:31:11Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-01-17T16:31:11Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.efs" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:31:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:31:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:31:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:31:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:31:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:31:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-17T16:31:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-17T16:31:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-17T16:31:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-17T16:31:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-17T16:31:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-17T16:31:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-17T16:31:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:31:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:31:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:31:12Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:31:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:31:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:31:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-17T16:31:13Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-17T16:31:13Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-17T16:31:14Z	INFO	Number of language-specific files	num=0
2025-01-17T16:31:14Z	INFO	Detected config files	num=4
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/oasys-national-reporting

Running Trivy in terraform/environments/oasys-national-reporting
2025-01-17T16:34:25Z INFO [vulndb] Need to update DB
2025-01-17T16:34:25Z INFO [vulndb] Downloading vulnerability DB...
2025-01-17T16:34:25Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-17T16:34:28Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-17T16:34:28Z INFO [vuln] Vulnerability scanning is enabled
2025-01-17T16:34:28Z INFO [misconfig] Misconfiguration scanning is enabled
2025-01-17T16:34:28Z INFO [misconfig] Need to update the built-in checks
2025-01-17T16:34:28Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-01-17T16:34:28Z INFO [secret] Secret scanning is enabled
2025-01-17T16:34:28Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-17T16:34:28Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-17T16:34:30Z INFO [terraform scanner] Scanning root module file_path="."
2025-01-17T16:34:30Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.efs" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:34:30Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:34:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:34:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:34:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:34:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:34:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-17T16:34:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-17T16:34:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-17T16:34:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-17T16:34:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-17T16:34:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-17T16:34:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-17T16:34:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:34:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:34:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:34:31Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:34:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:34:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:34:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-17T16:34:33Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-17T16:34:33Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-17T16:34:33Z INFO Number of language-specific files num=0
2025-01-17T16:34:33Z INFO Detected config files num=4
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/oasys-national-reporting

*****************************

Running Checkov in terraform/environments/oasys-national-reporting
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 169, Failed checks: 0, Skipped checks: 26


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/oasys-national-reporting

*****************************

Running tflint in terraform/environments/oasys-national-reporting
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/oasys-national-reporting

*****************************

Running Trivy in terraform/environments/oasys-national-reporting
2025-01-17T16:34:25Z	INFO	[vulndb] Need to update DB
2025-01-17T16:34:25Z	INFO	[vulndb] Downloading vulnerability DB...
2025-01-17T16:34:25Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-17T16:34:28Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-17T16:34:28Z	INFO	[vuln] Vulnerability scanning is enabled
2025-01-17T16:34:28Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-01-17T16:34:28Z	INFO	[misconfig] Need to update the built-in checks
2025-01-17T16:34:28Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-01-17T16:34:28Z	INFO	[secret] Secret scanning is enabled
2025-01-17T16:34:28Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-17T16:34:28Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-17T16:34:30Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-01-17T16:34:30Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.efs" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:34:30Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:34:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:34:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:34:31Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:34:31Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:34:31Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-17T16:34:31Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-17T16:34:31Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-17T16:34:31Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-17T16:34:31Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-17T16:34:31Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-17T16:34:31Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-17T16:34:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:34:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:34:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:34:31Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-17T16:34:31Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:34:31Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-17T16:34:31Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-17T16:34:33Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-17T16:34:33Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-17T16:34:33Z	INFO	Number of language-specific files	num=0
2025-01-17T16:34:33Z	INFO	Detected config files	num=4
trivy_exitcode=0

@robertsweetman robertsweetman merged commit de3d0b6 into main Jan 17, 2025
16 checks passed
@robertsweetman robertsweetman deleted the TM/TM-840/onr-bods-prod-lb branch January 17, 2025 16:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@drobinson-moj drobinson-moj drobinson-moj approved these changes

Assignees
No one assigned
Labels
environments-repository Used to exclude PRs from this repo in our Slack PR update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@robertsweetman @drobinson-moj