add sync execution allow:x

[matt-heery]

No description provided.

[modernisation-platform-ci]

Terraform plan evaluation detected changes to resources that require approval from @ministryofjustice/modernsation-platform - please contact #ask-modernisation-platform for assistance

[modernisation-platform-ci]

@matt-heery Terraform plan evaluation detected changes to resources that require approval from a member of @ministryofjustice/modernisation-platform - please contact #ask-modernisation-platform for assistance

Guidance on approving these PRs is available at https://user-guide.modernisation-platform.service.justice.gov.uk/runbooks/reviewing-mp-environments-prs.html#process-for-approving-prs

[modernisation-platform-ci]

Terraform plan evaluation detected changes to resources that require approval from @ministryofjustice/modernsation-platform - please contact #ask-modernisation-platform for assistance

[modernisation-platform-ci]

@matt-heery Terraform plan evaluation detected changes to resources that require approval from a member of @ministryofjustice/modernisation-platform - please contact #ask-modernisation-platform for assistance

Guidance on approving these PRs is available at https://user-guide.modernisation-platform.service.justice.gov.uk/runbooks/reviewing-mp-environments-prs.html#process-for-approving-prs

[modernisation-platform-ci]

Terraform plan evaluation detected changes to resources that require approval from @ministryofjustice/modernsation-platform - please contact #ask-modernisation-platform for assistance

[modernisation-platform-ci]

@matt-heery Terraform plan evaluation detected changes to resources that require approval from a member of @ministryofjustice/modernisation-platform - please contact #ask-modernisation-platform for assistance

Guidance on approving these PRs is available at https://user-guide.modernisation-platform.service.justice.gov.uk/runbooks/reviewing-mp-environments-prs.html#process-for-approving-prs

[github-actions]

Trivy Scan Success

Show Output

```hcl

---

Trivy will check the following folders:
terraform/environments/electronic-monitoring-data/modules/api_step_function

---

Running Trivy in terraform/environments/electronic-monitoring-data/modules/api_step_function
2024-10-21T15:24:51Z INFO [vulndb] Need to update DB
2024-10-21T15:24:51Z INFO [vulndb] Downloading vulnerability DB...
2024-10-21T15:24:51Z INFO [vulndb] Downloading artifact... repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-21T15:24:53Z INFO [vulndb] Artifact successfully downloaded repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-21T15:24:53Z INFO [vuln] Vulnerability scanning is enabled
2024-10-21T15:24:53Z INFO [misconfig] Misconfiguration scanning is enabled
2024-10-21T15:24:53Z INFO [misconfig] Need to update the built-in checks
2024-10-21T15:24:53Z INFO [misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-10-21T15:24:53Z INFO [secret] Secret scanning is enabled
2024-10-21T15:24:53Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-21T15:24:53Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-21T15:24:54Z INFO [terraform scanner] Scanning root module file_path="."
2024-10-21T15:24:54Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="api_description, api_key_required, api_name, api_path, schema, stages, step_function"
2024-10-21T15:24:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_api_gateway_api_key.api_key" value="cty.NilVal"
2024-10-21T15:24:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_api_gateway_method_settings.settings" value="cty.NilVal"
2024-10-21T15:24:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_api_gateway_stage.stage" value="cty.NilVal"
2024-10-21T15:24:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_api_gateway_usage_plan.usage_plan" value="cty.NilVal"
2024-10-21T15:24:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_api_gateway_usage_plan_key.usage_plan_key" value="cty.NilVal"
2024-10-21T15:24:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_log_group.api_gateway_logs" value="cty.NilVal"
2024-10-21T15:24:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_iam_role_policy.cloudwatch" value="cty.NilVal"
2024-10-21T15:24:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_iam_role_policy_attachment.api_gateway_cloudwatch_role_policy" value="cty.NilVal"
2024-10-21T15:24:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_wafv2_web_acl_association.api_gateway_association" value="cty.NilVal"
2024-10-21T15:24:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_iam_policy_document.cloudwatch" value="cty.NilVal"
2024-10-21T15:24:54Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="main.tf:407-411"
2024-10-21T15:24:54Z INFO Number of language-specific files num=0
2024-10-21T15:24:54Z INFO Detected config files num=2
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/electronic-monitoring-data/modules/api_step_function

*****************************

Running Checkov in terraform/environments/electronic-monitoring-data/modules/api_step_function
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 63, Failed checks: 0, Skipped checks: 4


checkov_exitcode=0

CTFLint Scan Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/electronic-monitoring-data/modules/api_step_function

*****************************

Running tflint in terraform/environments/electronic-monitoring-data/modules/api_step_function
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output

*****************************

Trivy will check the following folders:
terraform/environments/electronic-monitoring-data/modules/api_step_function

*****************************

Running Trivy in terraform/environments/electronic-monitoring-data/modules/api_step_function
2024-10-21T15:24:51Z	INFO	[vulndb] Need to update DB
2024-10-21T15:24:51Z	INFO	[vulndb] Downloading vulnerability DB...
2024-10-21T15:24:51Z	INFO	[vulndb] Downloading artifact...	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-21T15:24:53Z	INFO	[vulndb] Artifact successfully downloaded	repo="ghcr.io/aquasecurity/trivy-db:2"
2024-10-21T15:24:53Z	INFO	[vuln] Vulnerability scanning is enabled
2024-10-21T15:24:53Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-10-21T15:24:53Z	INFO	[misconfig] Need to update the built-in checks
2024-10-21T15:24:53Z	INFO	[misconfig] Downloading the built-in checks...
156.02 KiB / 156.02 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-10-21T15:24:53Z	INFO	[secret] Secret scanning is enabled
2024-10-21T15:24:53Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-21T15:24:53Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-10-21T15:24:54Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-10-21T15:24:54Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="api_description, api_key_required, api_name, api_path, schema, stages, step_function"
2024-10-21T15:24:54Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_api_gateway_api_key.api_key" value="cty.NilVal"
2024-10-21T15:24:54Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_api_gateway_method_settings.settings" value="cty.NilVal"
2024-10-21T15:24:54Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_api_gateway_stage.stage" value="cty.NilVal"
2024-10-21T15:24:54Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_api_gateway_usage_plan.usage_plan" value="cty.NilVal"
2024-10-21T15:24:54Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_api_gateway_usage_plan_key.usage_plan_key" value="cty.NilVal"
2024-10-21T15:24:54Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_log_group.api_gateway_logs" value="cty.NilVal"
2024-10-21T15:24:54Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_iam_role_policy.cloudwatch" value="cty.NilVal"
2024-10-21T15:24:54Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_iam_role_policy_attachment.api_gateway_cloudwatch_role_policy" value="cty.NilVal"
2024-10-21T15:24:54Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_wafv2_web_acl_association.api_gateway_association" value="cty.NilVal"
2024-10-21T15:24:54Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="data.aws_iam_policy_document.cloudwatch" value="cty.NilVal"
2024-10-21T15:24:54Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="main.tf:407-411"
2024-10-21T15:24:54Z	INFO	Number of language-specific files	num=0
2024-10-21T15:24:54Z	INFO	Detected config files	num=2
trivy_exitcode=0

reviewed by MP team