You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Result #1 CRITICAL Security group rule allows egress to multiple public internet addresses.
────────────────────────────────────────────────────────────────────────────────
powerbi-gateway-security-group.tf:12
────────────────────────────────────────────────────────────────────────────────
2 resource "aws_security_group" "powerbi_gateway" {
.
12 [ cidr_blocks = ["0.0.0.0/0"]
..
30 }
────────────────────────────────────────────────────────────────────────────────
ID aws-ec2-no-public-egress-sgr
Impact Your port is egressing data to the internet
Resolution Set a more restrictive cidr range
Result #2 CRITICAL Security group rule allows egress to multiple public internet addresses.
────────────────────────────────────────────────────────────────────────────────
powerbi-gateway-security-group.tf:19
────────────────────────────────────────────────────────────────────────────────
2 resource "aws_security_group" "powerbi_gateway" {
.
19 [ cidr_blocks = ["0.0.0.0/0"]
..
30 }
────────────────────────────────────────────────────────────────────────────────
ID aws-ec2-no-public-egress-sgr
Impact Your port is egressing data to the internet
Resolution Set a more restrictive cidr range
Result #3 CRITICAL Security group rule allows egress to multiple public internet addresses.
────────────────────────────────────────────────────────────────────────────────
powerbi-gateway-security-group.tf:26
────────────────────────────────────────────────────────────────────────────────
2 resource "aws_security_group" "powerbi_gateway" {
.
26 [ cidr_blocks = ["0.0.0.0/0"]
..
30 }
────────────────────────────────────────────────────────────────────────────────
ID aws-ec2-no-public-egress-sgr
Impact Your port is egressing data to the internet
Resolution Set a more restrictive cidr range
Result #4 HIGH Instance does not require IMDS access to require a token
────────────────────────────────────────────────────────────────────────────────
git::https:/github.com/terraform-aws-modules/terraform-aws-ec2-instance?ref=f3c6436589eba5c0bcac1cf1a81403ed4f3fcaf8/main.tf:125
via powerbi-gateway-server.tf:14-59 (module.powerbi_gateway)
────────────────────────────────────────────────────────────────────────────────
21 resource "aws_instance" "this" {
..
125 [ http_tokens = try(metadata_options.value.http_tokens, "optional") ("optional")
...
193 }
────────────────────────────────────────────────────────────────────────────────
ID aws-ec2-enforce-http-token-imds
Impact Instance metadata service can be interacted with freely
Resolution Enable HTTP token requirement for IMDS
Result #5 MEDIUM Instance does not have IAM Authentication enabled
────────────────────────────────────────────────────────────────────────────────
../../../../../git::https:/github.com/terraform-aws-modules/terraform-aws-rds?ref=ec9c2e37ccca2a41aeb89ba78f858270a9ac9381/modules/db_instance/main.tf:50
────────────────────────────────────────────────────────────────────────────────
Failed to render code: failed to read file from result filesystem ("/tmp/.aqua/cache/1b3efecb3344a208e0ae01a1156bf6c3"): open /tmp/.aqua/cache/1b3efecb3344a208e0ae01a1156bf6c3/git::https:/github.com/terraform-aws-modules/terraform-aws-rds?ref=ec9c2e37ccca2a41aeb89ba78f858270a9ac9381/modules/db_instance/main.tf: no such file or directory────────────────────────────────────────────────────────────────────────────────
Rego Package builtin.aws.rds.aws0176
Rego Rule deny
────────────────────────────────────────────────────────────────────────────────
Result #6 MEDIUM Instance does not have IAM Authentication enabled
────────────────────────────────────────────────────────────────────────────────
../../../../../terraform-aws-modules/rds/aws/modules/db_instance/main.tf:50
────────────────────────────────────────────────────────────────────────────────
Failed to render code: failed to read file from result filesystem ("/tmp/.aqua/cache/1b3efecb3344a208e0ae01a1156bf6c3"): open /tmp/.aqua/cache/1b3efecb3344a208e0ae01a1156bf6c3/terraform-aws-modules/rds/aws/modules/db_instance/main.tf: no such file or directory────────────────────────────────────────────────────────────────────────────────
Rego Package builtin.aws.rds.aws0176
Rego Rule deny
────────────────────────────────────────────────────────────────────────────────
Result #7 LOW Security group rule does not have a description.
────────────────────────────────────────────────────────────────────────────────
powerbi-gateway-security-group.tf:15-20
────────────────────────────────────────────────────────────────────────────────
2 resource "aws_security_group" "powerbi_gateway" {
.
15 ┌ egress {
16 │ from_port = 5671
17 │ to_port = 5672
18 │ protocol = "tcp"
19 │ cidr_blocks = ["0.0.0.0/0"]
20 └ }
..
30 }
────────────────────────────────────────────────────────────────────────────────
ID aws-ec2-add-description-to-security-group-rule
Impact Descriptions provide context for the firewall rule reasons
Resolution Add descriptions for all security groups rules
</details> #### `Checkov Scan` Failed
<details><summary>Show Output</summary>
```hcl
*****************************
Checkov will check the following folders:
terraform/environments/data-platform-apps-and-tools
*****************************
Running Checkov in terraform/environments/data-platform-apps-and-tools
2024-01-31 10:12:38,336 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/kms/aws:~> 2.0 (for external modules, the --download-external-modules flag is required)
2024-01-31 10:12:38,336 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:~> 5.0 (for external modules, the --download-external-modules flag is required)
2024-01-31 10:12:38,336 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-user:~> 5 (for external modules, the --download-external-modules flag is required)
2024-01-31 10:12:38,337 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/lambda/aws:~> 6.0 (for external modules, the --download-external-modules flag is required)
2024-01-31 10:12:38,337 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/rds/aws:~> 6.0 (for external modules, the --download-external-modules flag is required)
2024-01-31 10:12:38,337 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks:~> 5.0 (for external modules, the --download-external-modules flag is required)
2024-01-31 10:12:38,337 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/vpc/aws:~> 5.0 (for external modules, the --download-external-modules flag is required)
2024-01-31 10:12:38,337 [MainThread ] [WARNI] Failed to download module ministryofjustice/observability-platform-tenant/aws:1.0.0 (for external modules, the --download-external-modules flag is required)
2024-01-31 10:12:38,337 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:~> 5.0 (for external modules, the --download-external-modules flag is required)
2024-01-31 10:12:38,338 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/vpc/aws//modules/vpc-endpoints:~> 5.0 (for external modules, the --download-external-modules flag is required)
2024-01-31 10:12:38,338 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/eks/aws:19.21.0 (for external modules, the --download-external-modules flag is required)
2024-01-31 10:12:38,338 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/ec2-instance/aws:None (for external modules, the --download-external-modules flag is required)
2024-01-31 10:12:38,338 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/efs/aws:~> 1.0 (for external modules, the --download-external-modules flag is required)
2024-01-31 10:12:38,338 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.0.0:None (for external modules, the --download-external-modules flag is required)
2024-01-31 10:12:38,338 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0:None (for external modules, the --download-external-modules flag is required)
2024-01-31 10:12:38,339 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/security-group/aws:~> 5.0 (for external modules, the --download-external-modules flag is required)
2024-01-31 10:12:38,339 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/cloudwatch/aws//modules/log-group:~> 5.0 (for external modules, the --download-external-modules flag is required)
2024-01-31 10:12:38,339 [MainThread ] [WARNI] Failed to download module terraform-aws-modules/kms/aws:2.1.0 (for external modules, the --download-external-modules flag is required)
terraform scan results:
Passed checks: 146, Failed checks: 22, Skipped checks: 44
Check: CKV_AWS_149: "Ensure that Secrets Manager secret is encrypted using KMS CMK"
FAILED for resource: aws_secretsmanager_secret.powerbi_gateway_reg_credentials
File: /powerbi-gateway-secret.tf:1-3
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-secrets-manager-secret-is-encrypted-using-kms
1 | resource "aws_secretsmanager_secret" "powerbi_gateway_reg_credentials" {
2 | name = "${local.environment_configuration.powerbi_gateway_ec2.instance_name}-credentials"
3 | }
Check: CKV_AWS_23: "Ensure every security groups rule has a description"
FAILED for resource: aws_security_group.powerbi_gateway
File: /powerbi-gateway-security-group.tf:2-30
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31
2 | resource "aws_security_group" "powerbi_gateway" {
3 | name = local.environment_configuration.powerbi_gateway_ec2.instance_name
4 | description = local.environment_configuration.powerbi_gateway_ec2.instance_name
5 | vpc_id = data.aws_vpc.shared.id
6 |
7 | # https://learn.microsoft.com/en-us/data-integration/gateway/service-gateway-communication#ports
8 | egress {
9 | from_port = 443
10 | to_port = 443
11 | protocol = "tcp"
12 | cidr_blocks = ["0.0.0.0/0"]
13 | }
14 |
15 | egress {
16 | from_port = 5671
17 | to_port = 5672
18 | protocol = "tcp"
19 | cidr_blocks = ["0.0.0.0/0"]
20 | }
21 |
22 | egress {
23 | from_port = 9352
24 | to_port = 9354
25 | protocol = "tcp"
26 | cidr_blocks = ["0.0.0.0/0"]
27 | }
28 |
29 | tags = local.tags
30 | }
Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
FAILED for resource: powerbi_gateway
File: /powerbi-gateway-server.tf:14-59
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision
14 | module "powerbi_gateway" {
15 | source = "terraform-aws-modules/ec2-instance/aws"
16 | version = "v5.6.0"
17 |
18 | name = local.environment_configuration.powerbi_gateway_ec2.instance_name
19 | # ami = data.aws_ami.windows_server_2022.id
20 | ami = "ami-00ffeb610527f540b" # Hardcoded AMI ID for Windows Server 2022
21 | instance_type = local.environment_configuration.powerbi_gateway_ec2.instance_type
22 | key_name = aws_key_pair.powerbi_gateway_keypair.key_name
23 | monitoring = true
24 | create_iam_instance_profile = true
25 | iam_role_description = "IAM role for PowerBI Gateway Instance"
26 | ignore_ami_changes = false
27 | enable_volume_tags = false
28 | associate_public_ip_address = false
29 | iam_role_policies = {
30 | SSMCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
31 | PowerBI_DataAccess = aws_iam_policy.powerbi_gateway_data_access.arn
32 | }
33 | root_block_device = [
34 | {
35 | encrypted = true
36 | volume_type = "gp3"
37 | volume_size = 100
38 | tags = merge({
39 | Name = "${local.environment_configuration.powerbi_gateway_ec2.instance_name}-root-volume"
40 | }, local.tags)
41 | },
42 | ]
43 |
44 | ebs_block_device = [
45 | {
46 | volume_type = "gp3"
47 | device_name = "/dev/sdf"
48 | volume_size = 300
49 | encrypted = true
50 | tags = merge({
51 | Name = "${local.environment_configuration.powerbi_gateway_ec2.instance_name}-data-volume"
52 | }, local.tags)
53 | }
54 | ]
55 | vpc_security_group_ids = [aws_security_group.powerbi_gateway.id]
56 | subnet_id = data.aws_subnet.private_subnets_a.id
57 |
58 | tags = local.tags
59 | }
Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
FAILED for resource: airflow_s3_bucket
File: /s3.tf:5-15
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision
5 | module "airflow_s3_bucket" {
6 | source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.0.0"
7 |
8 | providers = {
9 | aws.bucket-replication = aws
10 | }
11 |
12 | bucket_prefix = "moj-data-platform-airflow-${local.environment}"
13 |
14 | tags = local.tags
15 | }
Check: CKV_AWS_149: "Ensure that Secrets Manager secret is encrypted using KMS CMK"
FAILED for resource: aws_secretsmanager_secret.openmetadata_entra_id_client_id
File: /secrets.tf:7-11
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-secrets-manager-secret-is-encrypted-using-kms
7 | resource "aws_secretsmanager_secret" "openmetadata_entra_id_client_id" {
8 | count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
9 |
10 | name = "openmetadata/entra-id/client-id"
11 | }
Check: CKV_AWS_149: "Ensure that Secrets Manager secret is encrypted using KMS CMK"
FAILED for resource: aws_secretsmanager_secret.openmetadata_entra_id_tenant_id
File: /secrets.tf:13-17
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-secrets-manager-secret-is-encrypted-using-kms
13 | resource "aws_secretsmanager_secret" "openmetadata_entra_id_tenant_id" {
14 | count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
15 |
16 | name = "openmetadata/entra-id/tenant-id"
17 | }
Check: CKV_AWS_149: "Ensure that Secrets Manager secret is encrypted using KMS CMK"
FAILED for resource: aws_secretsmanager_secret.github_app_arc_app_id
File: /secrets.tf:19-23
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-secrets-manager-secret-is-encrypted-using-kms
19 | resource "aws_secretsmanager_secret" "github_app_arc_app_id" {
20 | count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
21 |
22 | name = "github/arc/app-id"
23 | }
Check: CKV_AWS_149: "Ensure that Secrets Manager secret is encrypted using KMS CMK"
FAILED for resource: aws_secretsmanager_secret.github_app_arc_install_id
File: /secrets.tf:25-29
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-secrets-manager-secret-is-encrypted-using-kms
25 | resource "aws_secretsmanager_secret" "github_app_arc_install_id" {
26 | count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
27 |
28 | name = "github/arc/install-id"
29 | }
Check: CKV_AWS_149: "Ensure that Secrets Manager secret is encrypted using KMS CMK"
FAILED for resource: aws_secretsmanager_secret.github_app_arc_private_key
File: /secrets.tf:31-35
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-secrets-manager-secret-is-encrypted-using-kms
31 | resource "aws_secretsmanager_secret" "github_app_arc_private_key" {
32 | count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
33 |
34 | name = "github/arc/private-key"
35 | }
Check: CKV_AWS_149: "Ensure that Secrets Manager secret is encrypted using KMS CMK"
FAILED for resource: aws_secretsmanager_secret.govuk_notify_api_key
File: /secrets.tf:38-42
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-secrets-manager-secret-is-encrypted-using-kms
38 | resource "aws_secretsmanager_secret" "govuk_notify_api_key" {
39 | count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
40 |
41 | name = "gov-uk-notify/production/api-key"
42 | }
Check: CKV_AWS_149: "Ensure that Secrets Manager secret is encrypted using KMS CMK"
FAILED for resource: aws_secretsmanager_secret.jml_email
File: /secrets.tf:45-49
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-secrets-manager-secret-is-encrypted-using-kms
45 | resource "aws_secretsmanager_secret" "jml_email" {
46 | count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
47 |
48 | name = "jml/email"
49 | }
Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
FAILED for resource: aws_security_group.powerbi_gateway
File: /powerbi-gateway-security-group.tf:2-30
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis
2 | resource "aws_security_group" "powerbi_gateway" {
3 | name = local.environment_configuration.powerbi_gateway_ec2.instance_name
4 | description = local.environment_configuration.powerbi_gateway_ec2.instance_name
5 | vpc_id = data.aws_vpc.shared.id
6 |
7 | # https://learn.microsoft.com/en-us/data-integration/gateway/service-gateway-communication#ports
8 | egress {
9 | from_port = 443
10 | to_port = 443
11 | protocol = "tcp"
12 | cidr_blocks = ["0.0.0.0/0"]
13 | }
14 |
15 | egress {
16 | from_port = 5671
17 | to_port = 5672
18 | protocol = "tcp"
19 | cidr_blocks = ["0.0.0.0/0"]
20 | }
21 |
22 | egress {
23 | from_port = 9352
24 | to_port = 9354
25 | protocol = "tcp"
26 | cidr_blocks = ["0.0.0.0/0"]
27 | }
28 |
29 | tags = local.tags
30 | }
Check: CKV2_AWS_39: "Ensure Domain Name System (DNS) query logging is enabled for Amazon Route 53 hosted zones"
FAILED for resource: aws_route53_zone.apps_tools
File: /route53.tf:1-3
1 | resource "aws_route53_zone" "apps_tools" {
2 | name = local.environment_configuration.route53_zone
3 | }
Check: CKV2_AWS_57: "Ensure Secrets Manager secrets should have automatic rotation enabled"
FAILED for resource: aws_secretsmanager_secret.powerbi_gateway_reg_credentials
File: /powerbi-gateway-secret.tf:1-3
1 | resource "aws_secretsmanager_secret" "powerbi_gateway_reg_credentials" {
2 | name = "${local.environment_configuration.powerbi_gateway_ec2.instance_name}-credentials"
3 | }
Check: CKV2_AWS_57: "Ensure Secrets Manager secrets should have automatic rotation enabled"
FAILED for resource: aws_secretsmanager_secret.openmetadata_entra_id_client_id
File: /secrets.tf:7-11
7 | resource "aws_secretsmanager_secret" "openmetadata_entra_id_client_id" {
8 | count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
9 |
10 | name = "openmetadata/entra-id/client-id"
11 | }
Check: CKV2_AWS_57: "Ensure Secrets Manager secrets should have automatic rotation enabled"
FAILED for resource: aws_secretsmanager_secret.openmetadata_entra_id_tenant_id
File: /secrets.tf:13-17
13 | resource "aws_secretsmanager_secret" "openmetadata_entra_id_tenant_id" {
14 | count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
15 |
16 | name = "openmetadata/entra-id/tenant-id"
17 | }
Check: CKV2_AWS_57: "Ensure Secrets Manager secrets should have automatic rotation enabled"
FAILED for resource: aws_secretsmanager_secret.github_app_arc_app_id
File: /secrets.tf:19-23
19 | resource "aws_secretsmanager_secret" "github_app_arc_app_id" {
20 | count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
21 |
22 | name = "github/arc/app-id"
23 | }
Check: CKV2_AWS_57: "Ensure Secrets Manager secrets should have automatic rotation enabled"
FAILED for resource: aws_secretsmanager_secret.github_app_arc_install_id
File: /secrets.tf:25-29
25 | resource "aws_secretsmanager_secret" "github_app_arc_install_id" {
26 | count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
27 |
28 | name = "github/arc/install-id"
29 | }
Check: CKV2_AWS_57: "Ensure Secrets Manager secrets should have automatic rotation enabled"
FAILED for resource: aws_secretsmanager_secret.github_app_arc_private_key
File: /secrets.tf:31-35
31 | resource "aws_secretsmanager_secret" "github_app_arc_private_key" {
32 | count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
33 |
34 | name = "github/arc/private-key"
35 | }
Check: CKV2_AWS_57: "Ensure Secrets Manager secrets should have automatic rotation enabled"
FAILED for resource: aws_secretsmanager_secret.govuk_notify_api_key
File: /secrets.tf:38-42
38 | resource "aws_secretsmanager_secret" "govuk_notify_api_key" {
39 | count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
40 |
41 | name = "gov-uk-notify/production/api-key"
42 | }
Check: CKV2_AWS_57: "Ensure Secrets Manager secrets should have automatic rotation enabled"
FAILED for resource: aws_secretsmanager_secret.jml_email
File: /secrets.tf:45-49
45 | resource "aws_secretsmanager_secret" "jml_email" {
46 | count = terraform.workspace == "data-platform-apps-and-tools-production" ? 1 : 0
47 |
48 | name = "jml/email"
49 | }
Check: CKV2_AWS_38: "Ensure Domain Name System Security Extensions (DNSSEC) signing is enabled for Amazon Route 53 public hosted zones"
FAILED for resource: aws_route53_zone.apps_tools
File: /route53.tf:1-3
1 | resource "aws_route53_zone" "apps_tools" {
2 | name = local.environment_configuration.route53_zone
3 | }
checkov_exitcode=1
CTFLint Scan Failed
Show Output
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.5.0)
tflint will check the following folders:
terraform/environments/data-platform-apps-and-tools
*****************************
Running tflint in terraform/environments/data-platform-apps-and-tools
Excluding the following checks: terraform_unused_declarations
1issue(s) found:
Warning: Missing version constraint for provider "random" in `required_providers` (terraform_required_providers)
on terraform/environments/data-platform-apps-and-tools/random.tf line 24:24:resource"random_password""datahub_rds" {
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_required_providers.mdtflint_exitcode=2
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
github-actions
bot
added
the
environments-repository
The ASG availability zones need to match load balancer config. Correcting