You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Trivy will check the following folders:
terraform/environments/delius-core/modules/components/oracle_db_shared
terraform/environments/delius-mis/modules/mis_environment
Running Trivy in terraform/environments/delius-core/modules/components/oracle_db_shared
2024-12-20T16:20:37Z INFO [vulndb] Need to update DB
2024-12-20T16:20:37Z INFO [vulndb] Downloading vulnerability DB...
2024-12-20T16:20:37Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-20T16:20:39Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-20T16:20:39Z INFO [vuln] Vulnerability scanning is enabled
2024-12-20T16:20:39Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-20T16:20:39Z INFO [misconfig] Need to update the built-in checks
2024-12-20T16:20:39Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-12-20T16:20:40Z INFO [secret] Secret scanning is enabled
2024-12-20T16:20:40Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-20T16:20:40Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-20T16:20:41Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-20T16:20:41Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="account_config, account_info, bastion_sg_id, env_name, environment_config, instance_roles, platform_vars, public_keys, tags"
2024-12-20T16:20:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-20T16:20:43Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="sg.tf:16"
2024-12-20T16:20:43Z INFO Number of language-specific files num=0
2024-12-20T16:20:43Z INFO Detected config files num=4
trivy_exitcode=0
Running Trivy in terraform/environments/delius-mis/modules/mis_environment
2024-12-20T16:20:43Z INFO [vuln] Vulnerability scanning is enabled
2024-12-20T16:20:43Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-20T16:20:43Z INFO [secret] Secret scanning is enabled
2024-12-20T16:20:43Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-20T16:20:43Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-20T16:20:44Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-20T16:20:44Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="account_config, account_info, app_name, bastion_config, bcs_config, boe_db_config, bps_config, bws_config, dis_config, domain_join_ports, dsd_db_config, env_name, environment_config, fsx_config, mis_db_config, platform_vars, tags"
2024-12-20T16:20:44Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_vpc_security_group_egress_rule.domain_join" value="cty.NilVal"
2024-12-20T16:20:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns" err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns.dynamic.ip_address block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_route53_resolver_rule.r53_fwd_to_ad" err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_rule.r53_fwd_to_ad.dynamic.target_ip block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns" err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns.dynamic.ip_address block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_route53_resolver_rule.r53_fwd_to_ad" err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_rule.r53_fwd_to_ad.dynamic.target_ip block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:46Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-20T16:20:46Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.data.aws_subnet.local_account" value="cty.NilVal"
2024-12-20T16:20:46Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:46Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.pagerduty_core_alerts.data.aws_sns_topic.alarm_topics" value="cty.NilVal"
2024-12-20T16:20:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bcs_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T16:20:47Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bcs_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:47Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bcs_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bps_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T16:20:47Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bps_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:47Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bps_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bws_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T16:20:47Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bws_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:47Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bws_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dis_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T16:20:47Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.dis_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:47Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.dis_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_boe[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T16:20:47Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_boe[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:47Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_boe[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:47Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_dsd[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T16:20:47Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_dsd[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:47Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_dsd[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_mis[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T16:20:48Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_mis[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:48Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_mis[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:20:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-20T16:20:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-20T16:20:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-20T16:20:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.schedule_alarms[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2024-12-20T16:20:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.schedule_alarms[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2024-12-20T16:20:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.schedule_alarms[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2024-12-20T16:20:53Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"
2024-12-20T16:20:53Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"
2024-12-20T16:20:53Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"
2024-12-20T16:20:53Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"
2024-12-20T16:20:53Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"
2024-12-20T16:20:53Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"
2024-12-20T16:20:53Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=c918b2189d9f81d224e07e98fa1bc9ff38e4ba12/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-12-20T16:20:53Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0/main.tf:171-179"
2024-12-20T16:20:53Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:3-9"
2024-12-20T16:20:53Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:12-18"
2024-12-20T16:20:53Z INFO Number of language-specific files num=0
2024-12-20T16:20:53Z INFO Detected config files num=15
AVD-AWS-0107 (HIGH): Security group rule allows ingress from public internet.
════════════════════════════════════════
Security groups provide stateful filtering of ingress and egress network traffic to AWS
resources. It is recommended that no security group allows unrestricted ingress access to
remote server administration ports, such as SSH to port 22 and RDP to port 3389.
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
terraform/environments/delius-core/modules/components/oracle_db_shared
terraform/environments/delius-mis/modules/mis_environment
*****************************
Running tflint in terraform/environments/delius-core/modules/components/oracle_db_shared
Excluding the following checks: terraform_unused_declarations
7issue(s) found:
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 10:10:"${module.s3_bucket_oracledb_backups.bucket.arn}",
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 74:74:"${module.s3_bucket_oracledb_backups.bucket.arn}",
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 87:87:"${module.s3_bucket_oracledb_backups_inventory.bucket.arn}",
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 126:126:"${module.s3_bucket_oracle_statistics[0].bucket.arn}",
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 241:241:values=["${var.account_info.id}"]
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 253:253:values=["${module.s3_bucket_oracledb_backups.bucket.arn}"]
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 294:294:resources=["${module.s3_bucket_oracle_statistics[0].bucket.arn}"]
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.mdtflint_exitcode=2*****************************
Running tflint in terraform/environments/delius-mis/modules/mis_environment
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=2
Trivy Scan Failed
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/delius-core/modules/components/oracle_db_shared
terraform/environments/delius-mis/modules/mis_environment
*****************************
Running Trivy in terraform/environments/delius-core/modules/components/oracle_db_shared
2024-12-20T16:20:37Z INFO [vulndb] Need to update DB
2024-12-20T16:20:37Z INFO [vulndb] Downloading vulnerability DB...2024-12-20T16:20:37Z INFO [vulndb] Downloading artifact...repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-20T16:20:39Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-20T16:20:39Z INFO [vuln] Vulnerability scanning is enabled
2024-12-20T16:20:39Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-20T16:20:39Z INFO [misconfig] Need to update the built-in checks
2024-12-20T16:20:39Z INFO [misconfig] Downloading the built-in checks...160.80 KiB /160.80 KiB [------------------------------------------------------] 100.00%? p/s 100ms2024-12-20T16:20:40Z INFO [secret] Secret scanning is enabled
2024-12-20T16:20:40Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-20T16:20:40Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-12-20T16:20:41Z INFO [terraformscanner] Scanning root module file_path="."2024-12-20T16:20:41Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="account_config, account_info, bastion_sg_id, env_name, environment_config, instance_roles, platform_vars, public_keys, tags"2024-12-20T16:20:41Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-20T16:20:43Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-no-public-egress-sgr"range="sg.tf:16"2024-12-20T16:20:43Z INFO Number of language-specific files num=02024-12-20T16:20:43Z INFO Detected config files num=4trivy_exitcode=0*****************************
Running Trivy in terraform/environments/delius-mis/modules/mis_environment
2024-12-20T16:20:43Z INFO [vuln] Vulnerability scanning is enabled
2024-12-20T16:20:43Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-20T16:20:43Z INFO [secret] Secret scanning is enabled
2024-12-20T16:20:43Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-20T16:20:43Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-12-20T16:20:44Z INFO [terraformscanner] Scanning root module file_path="."2024-12-20T16:20:44Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="account_config, account_info, app_name, bastion_config, bcs_config, boe_db_config, bps_config, bws_config, dis_config, domain_join_ports, dsd_db_config, env_name, environment_config, fsx_config, mis_db_config, platform_vars, tags"2024-12-20T16:20:44Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="aws_vpc_security_group_egress_rule.domain_join"value="cty.NilVal"2024-12-20T16:20:44Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns"err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns.dynamic.ip_address block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:44Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_route53_resolver_rule.r53_fwd_to_ad"err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_rule.r53_fwd_to_ad.dynamic.target_ip block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:44Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns"err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns.dynamic.ip_address block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:44Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_route53_resolver_rule.r53_fwd_to_ad"err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_rule.r53_fwd_to_ad.dynamic.target_ip block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:46Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bastion_linux.aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-20T16:20:46Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bastion_linux.data.aws_subnet.local_account"value="cty.NilVal"2024-12-20T16:20:46Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily"err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:46Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily"err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:47Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.pagerduty_core_alerts.data.aws_sns_topic.alarm_topics"value="cty.NilVal"2024-12-20T16:20:47Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bcs_instance[0].aws_ebs_volume.this"value="cty.NilVal"2024-12-20T16:20:47Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bcs_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:47Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bcs_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:47Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bps_instance[0].aws_ebs_volume.this"value="cty.NilVal"2024-12-20T16:20:47Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bps_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:47Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bps_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:47Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bws_instance[0].aws_ebs_volume.this"value="cty.NilVal"2024-12-20T16:20:47Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bws_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:47Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bws_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:47Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.dis_instance[0].aws_ebs_volume.this"value="cty.NilVal"2024-12-20T16:20:47Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.dis_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:47Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.dis_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:47Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_boe[0].module.instance.aws_ebs_volume.this"value="cty.NilVal"2024-12-20T16:20:47Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_boe[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:47Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_boe[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:47Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_dsd[0].module.instance.aws_ebs_volume.this"value="cty.NilVal"2024-12-20T16:20:47Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_dsd[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:47Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_dsd[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:48Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_mis[0].module.instance.aws_ebs_volume.this"value="cty.NilVal"2024-12-20T16:20:48Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_mis[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:48Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_mis[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:20:48Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_shared[\"boe-db\"].aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-20T16:20:48Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_shared[\"dsd-db\"].aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-20T16:20:48Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_shared[\"mis-db\"].aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-20T16:20:48Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.schedule_alarms[0].aws_cloudwatch_event_rule.alarm_scheduler"value="cty.NilVal"2024-12-20T16:20:48Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.schedule_alarms[0].aws_cloudwatch_event_target.alarm_scheduler"value="cty.NilVal"2024-12-20T16:20:48Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.schedule_alarms[0].aws_lambda_permission.allow_cloudwatch"value="cty.NilVal"2024-12-20T16:20:53Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-enforce-http-token-imds"range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"2024-12-20T16:20:53Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-enforce-http-token-imds"range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"2024-12-20T16:20:53Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-enforce-http-token-imds"range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"2024-12-20T16:20:53Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-no-public-egress-sgr"range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"2024-12-20T16:20:53Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-no-public-egress-sgr"range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"2024-12-20T16:20:53Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-no-public-egress-sgr"range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"2024-12-20T16:20:53Z INFO [terraformexecutor] Ignore finding rule="aws-s3-encryption-customer-key"range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=c918b2189d9f81d224e07e98fa1bc9ff38e4ba12/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"2024-12-20T16:20:53Z INFO [terraformexecutor] Ignore finding rule="aws-s3-encryption-customer-key"range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0/main.tf:171-179"2024-12-20T16:20:53Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:3-9"2024-12-20T16:20:53Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:12-18"2024-12-20T16:20:53Z INFO Number of language-specific files num=02024-12-20T16:20:53Z INFO Detected config files num=15
sg_shared.tf (terraform)
========================
Tests:1 (SUCCESSES:0, FAILURES:1)
Failures:1 (HIGH:1, CRITICAL:0)
AVD-AWS-0107 (HIGH): Security group rule allows ingress from public internet.
════════════════════════════════════════
Security groups provide stateful filtering of ingress and egress network traffic to AWS
resources. It is recommended that no security group allows unrestricted ingress access to
remote server administration ports, such as SSH to port 22 and RDP to port 3389.
See https://avd.aquasec.com/misconfig/avd-aws-0107
────────────────────────────────────────
sg_shared.tf:29
via sg_shared.tf:27-33 (aws_vpc_security_group_ingress_rule.fleet_manager)
────────────────────────────────────────
27 resource"aws_vpc_security_group_ingress_rule""fleet_manager" {
28security_group_id=aws_security_group.mis_ec2_shared.id29 [ cidr_ipv4 = "0.0.0.0/0"30ip_protocol = "tcp"31from_port = 338932to_port = 338933 }
────────────────────────────────────────
trivy_exitcode=1
Trivy will check the following folders:
terraform/environments/delius-core/modules/components/oracle_db_shared
terraform/environments/delius-mis/modules/mis_environment
Running Trivy in terraform/environments/delius-core/modules/components/oracle_db_shared
2024-12-20T16:35:00Z INFO [vulndb] Need to update DB
2024-12-20T16:35:00Z INFO [vulndb] Downloading vulnerability DB...
2024-12-20T16:35:00Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-20T16:35:03Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-20T16:35:03Z INFO [vuln] Vulnerability scanning is enabled
2024-12-20T16:35:03Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-20T16:35:03Z INFO [misconfig] Need to update the built-in checks
2024-12-20T16:35:03Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-12-20T16:35:03Z INFO [secret] Secret scanning is enabled
2024-12-20T16:35:03Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-20T16:35:03Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-20T16:35:04Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-20T16:35:04Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="account_config, account_info, bastion_sg_id, env_name, environment_config, instance_roles, platform_vars, public_keys, tags"
2024-12-20T16:35:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-20T16:35:06Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="sg.tf:16"
2024-12-20T16:35:06Z INFO Number of language-specific files num=0
2024-12-20T16:35:06Z INFO Detected config files num=4
trivy_exitcode=0
Running Trivy in terraform/environments/delius-mis/modules/mis_environment
2024-12-20T16:35:06Z INFO [vuln] Vulnerability scanning is enabled
2024-12-20T16:35:06Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-20T16:35:06Z INFO [secret] Secret scanning is enabled
2024-12-20T16:35:06Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-20T16:35:06Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-20T16:35:07Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-20T16:35:07Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="account_config, account_info, app_name, bastion_config, bcs_config, boe_db_config, bps_config, bws_config, dis_config, domain_join_ports, dsd_db_config, env_name, environment_config, fsx_config, mis_db_config, platform_vars, tags"
2024-12-20T16:35:07Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_vpc_security_group_egress_rule.domain_join" value="cty.NilVal"
2024-12-20T16:35:07Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns" err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns.dynamic.ip_address block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:07Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_route53_resolver_rule.r53_fwd_to_ad" err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_rule.r53_fwd_to_ad.dynamic.target_ip block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:07Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns" err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns.dynamic.ip_address block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:07Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_route53_resolver_rule.r53_fwd_to_ad" err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_rule.r53_fwd_to_ad.dynamic.target_ip block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:08Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-20T16:35:08Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.data.aws_subnet.local_account" value="cty.NilVal"
2024-12-20T16:35:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:08Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.pagerduty_core_alerts.data.aws_sns_topic.alarm_topics" value="cty.NilVal"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bcs_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bcs_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bcs_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bps_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bps_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bps_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bws_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bws_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bws_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dis_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.dis_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.dis_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_boe[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_boe[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_boe[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_dsd[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_dsd[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_dsd[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_mis[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_mis[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_mis[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.schedule_alarms[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.schedule_alarms[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2024-12-20T16:35:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.schedule_alarms[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2024-12-20T16:35:15Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:3-9"
2024-12-20T16:35:15Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:12-18"
2024-12-20T16:35:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"
2024-12-20T16:35:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"
2024-12-20T16:35:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"
2024-12-20T16:35:15Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=c918b2189d9f81d224e07e98fa1bc9ff38e4ba12/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-12-20T16:35:15Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0/main.tf:171-179"
2024-12-20T16:35:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"
2024-12-20T16:35:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"
2024-12-20T16:35:15Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"
2024-12-20T16:35:15Z INFO Number of language-specific files num=0
2024-12-20T16:35:15Z INFO Detected config files num=15
AVD-AWS-0107 (HIGH): Security group rule allows ingress from public internet.
════════════════════════════════════════
Security groups provide stateful filtering of ingress and egress network traffic to AWS
resources. It is recommended that no security group allows unrestricted ingress access to
remote server administration ports, such as SSH to port 22 and RDP to port 3389.
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
terraform/environments/delius-core/modules/components/oracle_db_shared
terraform/environments/delius-mis/modules/mis_environment
*****************************
Running tflint in terraform/environments/delius-core/modules/components/oracle_db_shared
Excluding the following checks: terraform_unused_declarations
7issue(s) found:
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 10:10:"${module.s3_bucket_oracledb_backups.bucket.arn}",
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 74:74:"${module.s3_bucket_oracledb_backups.bucket.arn}",
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 87:87:"${module.s3_bucket_oracledb_backups_inventory.bucket.arn}",
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 126:126:"${module.s3_bucket_oracle_statistics[0].bucket.arn}",
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 241:241:values=["${var.account_info.id}"]
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 253:253:values=["${module.s3_bucket_oracledb_backups.bucket.arn}"]
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 294:294:resources=["${module.s3_bucket_oracle_statistics[0].bucket.arn}"]
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.mdtflint_exitcode=2*****************************
Running tflint in terraform/environments/delius-mis/modules/mis_environment
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=2
Trivy Scan Failed
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/delius-core/modules/components/oracle_db_shared
terraform/environments/delius-mis/modules/mis_environment
*****************************
Running Trivy in terraform/environments/delius-core/modules/components/oracle_db_shared
2024-12-20T16:35:00Z INFO [vulndb] Need to update DB
2024-12-20T16:35:00Z INFO [vulndb] Downloading vulnerability DB...2024-12-20T16:35:00Z INFO [vulndb] Downloading artifact...repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-20T16:35:03Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-20T16:35:03Z INFO [vuln] Vulnerability scanning is enabled
2024-12-20T16:35:03Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-20T16:35:03Z INFO [misconfig] Need to update the built-in checks
2024-12-20T16:35:03Z INFO [misconfig] Downloading the built-in checks...160.80 KiB /160.80 KiB [---------------------------------------------------------] 100.00%? p/s 0s2024-12-20T16:35:03Z INFO [secret] Secret scanning is enabled
2024-12-20T16:35:03Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-20T16:35:03Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-12-20T16:35:04Z INFO [terraformscanner] Scanning root module file_path="."2024-12-20T16:35:04Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="account_config, account_info, bastion_sg_id, env_name, environment_config, instance_roles, platform_vars, public_keys, tags"2024-12-20T16:35:04Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-20T16:35:06Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-no-public-egress-sgr"range="sg.tf:16"2024-12-20T16:35:06Z INFO Number of language-specific files num=02024-12-20T16:35:06Z INFO Detected config files num=4trivy_exitcode=0*****************************
Running Trivy in terraform/environments/delius-mis/modules/mis_environment
2024-12-20T16:35:06Z INFO [vuln] Vulnerability scanning is enabled
2024-12-20T16:35:06Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-20T16:35:06Z INFO [secret] Secret scanning is enabled
2024-12-20T16:35:06Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-20T16:35:06Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-12-20T16:35:07Z INFO [terraformscanner] Scanning root module file_path="."2024-12-20T16:35:07Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="account_config, account_info, app_name, bastion_config, bcs_config, boe_db_config, bps_config, bws_config, dis_config, domain_join_ports, dsd_db_config, env_name, environment_config, fsx_config, mis_db_config, platform_vars, tags"2024-12-20T16:35:07Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="aws_vpc_security_group_egress_rule.domain_join"value="cty.NilVal"2024-12-20T16:35:07Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns"err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns.dynamic.ip_address block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:07Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_route53_resolver_rule.r53_fwd_to_ad"err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_rule.r53_fwd_to_ad.dynamic.target_ip block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:07Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns"err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns.dynamic.ip_address block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:07Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_route53_resolver_rule.r53_fwd_to_ad"err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_rule.r53_fwd_to_ad.dynamic.target_ip block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:08Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bastion_linux.aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-20T16:35:08Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bastion_linux.data.aws_subnet.local_account"value="cty.NilVal"2024-12-20T16:35:08Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily"err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:08Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily"err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.pagerduty_core_alerts.data.aws_sns_topic.alarm_topics"value="cty.NilVal"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bcs_instance[0].aws_ebs_volume.this"value="cty.NilVal"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bcs_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bcs_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bps_instance[0].aws_ebs_volume.this"value="cty.NilVal"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bps_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bps_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bws_instance[0].aws_ebs_volume.this"value="cty.NilVal"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bws_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bws_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.dis_instance[0].aws_ebs_volume.this"value="cty.NilVal"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.dis_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.dis_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_boe[0].module.instance.aws_ebs_volume.this"value="cty.NilVal"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_boe[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_boe[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_dsd[0].module.instance.aws_ebs_volume.this"value="cty.NilVal"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_dsd[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_dsd[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_mis[0].module.instance.aws_ebs_volume.this"value="cty.NilVal"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_mis[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_mis[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_shared[\"boe-db\"].aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_shared[\"dsd-db\"].aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_shared[\"mis-db\"].aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.schedule_alarms[0].aws_cloudwatch_event_rule.alarm_scheduler"value="cty.NilVal"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.schedule_alarms[0].aws_cloudwatch_event_target.alarm_scheduler"value="cty.NilVal"2024-12-20T16:35:09Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.schedule_alarms[0].aws_lambda_permission.allow_cloudwatch"value="cty.NilVal"2024-12-20T16:35:15Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:3-9"2024-12-20T16:35:15Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:12-18"2024-12-20T16:35:15Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-enforce-http-token-imds"range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"2024-12-20T16:35:15Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-enforce-http-token-imds"range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"2024-12-20T16:35:15Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-enforce-http-token-imds"range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"2024-12-20T16:35:15Z INFO [terraformexecutor] Ignore finding rule="aws-s3-encryption-customer-key"range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=c918b2189d9f81d224e07e98fa1bc9ff38e4ba12/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"2024-12-20T16:35:15Z INFO [terraformexecutor] Ignore finding rule="aws-s3-encryption-customer-key"range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0/main.tf:171-179"2024-12-20T16:35:15Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-no-public-egress-sgr"range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"2024-12-20T16:35:15Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-no-public-egress-sgr"range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"2024-12-20T16:35:15Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-no-public-egress-sgr"range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"2024-12-20T16:35:15Z INFO Number of language-specific files num=02024-12-20T16:35:15Z INFO Detected config files num=15
sg_shared.tf (terraform)
========================
Tests:1 (SUCCESSES:0, FAILURES:1)
Failures:1 (HIGH:1, CRITICAL:0)
AVD-AWS-0107 (HIGH): Security group rule allows ingress from public internet.
════════════════════════════════════════
Security groups provide stateful filtering of ingress and egress network traffic to AWS
resources. It is recommended that no security group allows unrestricted ingress access to
remote server administration ports, such as SSH to port 22 and RDP to port 3389.
See https://avd.aquasec.com/misconfig/avd-aws-0107
────────────────────────────────────────
sg_shared.tf:29
via sg_shared.tf:27-33 (aws_vpc_security_group_ingress_rule.fleet_manager)
────────────────────────────────────────
27 resource"aws_vpc_security_group_ingress_rule""fleet_manager" {
28security_group_id=aws_security_group.mis_ec2_shared.id29 [ cidr_ipv4 = "0.0.0.0/0"30ip_protocol = "tcp"31from_port = 338932to_port = 338933 }
────────────────────────────────────────
trivy_exitcode=1
Trivy will check the following folders:
terraform/environments/delius-core/modules/components/oracle_db_shared
terraform/environments/delius-mis/modules/mis_environment
Running Trivy in terraform/environments/delius-core/modules/components/oracle_db_shared
2024-12-20T17:02:46Z INFO [vulndb] Need to update DB
2024-12-20T17:02:46Z INFO [vulndb] Downloading vulnerability DB...
2024-12-20T17:02:46Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-20T17:02:48Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-20T17:02:48Z INFO [vuln] Vulnerability scanning is enabled
2024-12-20T17:02:48Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-20T17:02:48Z INFO [misconfig] Need to update the built-in checks
2024-12-20T17:02:48Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-12-20T17:02:49Z INFO [secret] Secret scanning is enabled
2024-12-20T17:02:49Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-20T17:02:49Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-20T17:02:50Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-20T17:02:50Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="account_config, account_info, bastion_sg_id, env_name, environment_config, instance_roles, platform_vars, public_keys, tags"
2024-12-20T17:02:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-20T17:02:51Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="sg.tf:16"
2024-12-20T17:02:51Z INFO Number of language-specific files num=0
2024-12-20T17:02:51Z INFO Detected config files num=4
trivy_exitcode=0
Running Trivy in terraform/environments/delius-mis/modules/mis_environment
2024-12-20T17:02:51Z INFO [vuln] Vulnerability scanning is enabled
2024-12-20T17:02:51Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-20T17:02:51Z INFO [secret] Secret scanning is enabled
2024-12-20T17:02:51Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-20T17:02:51Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-20T17:02:52Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-20T17:02:52Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="account_config, account_info, app_name, bastion_config, bcs_config, boe_db_config, bps_config, bws_config, dis_config, domain_join_ports, dsd_db_config, env_name, environment_config, fsx_config, mis_db_config, platform_vars, tags"
2024-12-20T17:02:52Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_vpc_security_group_egress_rule.domain_join" value="cty.NilVal"
2024-12-20T17:02:52Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns" err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns.dynamic.ip_address block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:52Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_route53_resolver_rule.r53_fwd_to_ad" err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_rule.r53_fwd_to_ad.dynamic.target_ip block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:52Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns" err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns.dynamic.ip_address block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:52Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_route53_resolver_rule.r53_fwd_to_ad" err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_rule.r53_fwd_to_ad.dynamic.target_ip block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:53Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-20T17:02:53Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.data.aws_subnet.local_account" value="cty.NilVal"
2024-12-20T17:02:53Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:53Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:53Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.pagerduty_core_alerts.data.aws_sns_topic.alarm_topics" value="cty.NilVal"
2024-12-20T17:02:53Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bcs_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T17:02:53Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bcs_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:53Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bcs_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:53Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bps_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T17:02:53Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bps_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:53Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bps_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:53Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bws_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T17:02:53Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bws_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:53Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bws_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:53Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dis_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T17:02:53Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.dis_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:53Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.dis_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_boe[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T17:02:54Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_boe[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:54Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_boe[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_dsd[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T17:02:54Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_dsd[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:54Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_dsd[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_mis[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-12-20T17:02:54Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_mis[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:54Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_mis[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-20T17:02:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-20T17:02:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-20T17:02:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-20T17:02:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.schedule_alarms[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2024-12-20T17:02:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.schedule_alarms[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2024-12-20T17:02:54Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.schedule_alarms[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2024-12-20T17:02:59Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"
2024-12-20T17:02:59Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"
2024-12-20T17:02:59Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"
2024-12-20T17:02:59Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"
2024-12-20T17:02:59Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"
2024-12-20T17:02:59Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"
2024-12-20T17:02:59Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=c918b2189d9f81d224e07e98fa1bc9ff38e4ba12/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-12-20T17:02:59Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0/main.tf:171-179"
2024-12-20T17:02:59Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:3-9"
2024-12-20T17:02:59Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:12-18"
2024-12-20T17:02:59Z INFO Number of language-specific files num=0
2024-12-20T17:02:59Z INFO Detected config files num=15
AVD-AWS-0107 (HIGH): Security group rule allows ingress from public internet.
════════════════════════════════════════
Security groups provide stateful filtering of ingress and egress network traffic to AWS
resources. It is recommended that no security group allows unrestricted ingress access to
remote server administration ports, such as SSH to port 22 and RDP to port 3389.
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
terraform/environments/delius-core/modules/components/oracle_db_shared
terraform/environments/delius-mis/modules/mis_environment
*****************************
Running tflint in terraform/environments/delius-core/modules/components/oracle_db_shared
Excluding the following checks: terraform_unused_declarations
7issue(s) found:
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 10:10:"${module.s3_bucket_oracledb_backups.bucket.arn}",
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 74:74:"${module.s3_bucket_oracledb_backups.bucket.arn}",
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 87:87:"${module.s3_bucket_oracledb_backups_inventory.bucket.arn}",
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 126:126:"${module.s3_bucket_oracle_statistics[0].bucket.arn}",
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 241:241:values=["${var.account_info.id}"]
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 253:253:values=["${module.s3_bucket_oracledb_backups.bucket.arn}"]
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 294:294:resources=["${module.s3_bucket_oracle_statistics[0].bucket.arn}"]
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.mdtflint_exitcode=2*****************************
Running tflint in terraform/environments/delius-mis/modules/mis_environment
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=2
Trivy Scan Failed
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/delius-core/modules/components/oracle_db_shared
terraform/environments/delius-mis/modules/mis_environment
*****************************
Running Trivy in terraform/environments/delius-core/modules/components/oracle_db_shared
2024-12-20T17:02:46Z INFO [vulndb] Need to update DB
2024-12-20T17:02:46Z INFO [vulndb] Downloading vulnerability DB...2024-12-20T17:02:46Z INFO [vulndb] Downloading artifact...repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-20T17:02:48Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-20T17:02:48Z INFO [vuln] Vulnerability scanning is enabled
2024-12-20T17:02:48Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-20T17:02:48Z INFO [misconfig] Need to update the built-in checks
2024-12-20T17:02:48Z INFO [misconfig] Downloading the built-in checks...160.80 KiB /160.80 KiB [------------------------------------------------------] 100.00%? p/s 100ms2024-12-20T17:02:49Z INFO [secret] Secret scanning is enabled
2024-12-20T17:02:49Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-20T17:02:49Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-12-20T17:02:50Z INFO [terraformscanner] Scanning root module file_path="."2024-12-20T17:02:50Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="account_config, account_info, bastion_sg_id, env_name, environment_config, instance_roles, platform_vars, public_keys, tags"2024-12-20T17:02:50Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-20T17:02:51Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-no-public-egress-sgr"range="sg.tf:16"2024-12-20T17:02:51Z INFO Number of language-specific files num=02024-12-20T17:02:51Z INFO Detected config files num=4trivy_exitcode=0*****************************
Running Trivy in terraform/environments/delius-mis/modules/mis_environment
2024-12-20T17:02:51Z INFO [vuln] Vulnerability scanning is enabled
2024-12-20T17:02:51Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-20T17:02:51Z INFO [secret] Secret scanning is enabled
2024-12-20T17:02:51Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-20T17:02:51Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-12-20T17:02:52Z INFO [terraformscanner] Scanning root module file_path="."2024-12-20T17:02:52Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="account_config, account_info, app_name, bastion_config, bcs_config, boe_db_config, bps_config, bws_config, dis_config, domain_join_ports, dsd_db_config, env_name, environment_config, fsx_config, mis_db_config, platform_vars, tags"2024-12-20T17:02:52Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="aws_vpc_security_group_egress_rule.domain_join"value="cty.NilVal"2024-12-20T17:02:52Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns"err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns.dynamic.ip_address block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:52Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_route53_resolver_rule.r53_fwd_to_ad"err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_rule.r53_fwd_to_ad.dynamic.target_ip block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:52Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns"err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns.dynamic.ip_address block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:52Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_route53_resolver_rule.r53_fwd_to_ad"err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_rule.r53_fwd_to_ad.dynamic.target_ip block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:53Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bastion_linux.aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-20T17:02:53Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bastion_linux.data.aws_subnet.local_account"value="cty.NilVal"2024-12-20T17:02:53Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily"err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:53Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily"err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:53Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.pagerduty_core_alerts.data.aws_sns_topic.alarm_topics"value="cty.NilVal"2024-12-20T17:02:53Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bcs_instance[0].aws_ebs_volume.this"value="cty.NilVal"2024-12-20T17:02:53Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bcs_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:53Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bcs_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:53Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bps_instance[0].aws_ebs_volume.this"value="cty.NilVal"2024-12-20T17:02:53Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bps_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:53Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bps_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:53Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bws_instance[0].aws_ebs_volume.this"value="cty.NilVal"2024-12-20T17:02:53Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bws_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:53Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bws_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:53Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.dis_instance[0].aws_ebs_volume.this"value="cty.NilVal"2024-12-20T17:02:53Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.dis_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:53Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.dis_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:54Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_boe[0].module.instance.aws_ebs_volume.this"value="cty.NilVal"2024-12-20T17:02:54Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_boe[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:54Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_boe[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:54Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_dsd[0].module.instance.aws_ebs_volume.this"value="cty.NilVal"2024-12-20T17:02:54Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_dsd[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:54Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_dsd[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:54Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_mis[0].module.instance.aws_ebs_volume.this"value="cty.NilVal"2024-12-20T17:02:54Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_mis[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:54Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_mis[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-20T17:02:54Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_shared[\"boe-db\"].aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-20T17:02:54Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_shared[\"dsd-db\"].aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-20T17:02:54Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_shared[\"mis-db\"].aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-20T17:02:54Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.schedule_alarms[0].aws_cloudwatch_event_rule.alarm_scheduler"value="cty.NilVal"2024-12-20T17:02:54Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.schedule_alarms[0].aws_cloudwatch_event_target.alarm_scheduler"value="cty.NilVal"2024-12-20T17:02:54Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.schedule_alarms[0].aws_lambda_permission.allow_cloudwatch"value="cty.NilVal"2024-12-20T17:02:59Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-no-public-egress-sgr"range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"2024-12-20T17:02:59Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-no-public-egress-sgr"range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"2024-12-20T17:02:59Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-no-public-egress-sgr"range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"2024-12-20T17:02:59Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-enforce-http-token-imds"range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"2024-12-20T17:02:59Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-enforce-http-token-imds"range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"2024-12-20T17:02:59Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-enforce-http-token-imds"range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"2024-12-20T17:02:59Z INFO [terraformexecutor] Ignore finding rule="aws-s3-encryption-customer-key"range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=c918b2189d9f81d224e07e98fa1bc9ff38e4ba12/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"2024-12-20T17:02:59Z INFO [terraformexecutor] Ignore finding rule="aws-s3-encryption-customer-key"range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0/main.tf:171-179"2024-12-20T17:02:59Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:3-9"2024-12-20T17:02:59Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:12-18"2024-12-20T17:02:59Z INFO Number of language-specific files num=02024-12-20T17:02:59Z INFO Detected config files num=15
sg_shared.tf (terraform)
========================
Tests:1 (SUCCESSES:0, FAILURES:1)
Failures:1 (HIGH:1, CRITICAL:0)
AVD-AWS-0107 (HIGH): Security group rule allows ingress from public internet.
════════════════════════════════════════
Security groups provide stateful filtering of ingress and egress network traffic to AWS
resources. It is recommended that no security group allows unrestricted ingress access to
remote server administration ports, such as SSH to port 22 and RDP to port 3389.
See https://avd.aquasec.com/misconfig/avd-aws-0107
────────────────────────────────────────
sg_shared.tf:29
via sg_shared.tf:27-33 (aws_vpc_security_group_ingress_rule.fleet_manager)
────────────────────────────────────────
27 resource"aws_vpc_security_group_ingress_rule""fleet_manager" {
28security_group_id=aws_security_group.mis_ec2_shared.id29 [ cidr_ipv4 = "0.0.0.0/0"30ip_protocol = "tcp"31from_port = 338932to_port = 338933 }
────────────────────────────────────────
trivy_exitcode=1
Trivy will check the following folders:
terraform/environments/delius-core/modules/components/oracle_db_shared
terraform/environments/delius-core/modules/delius_environment
terraform/environments/delius-mis/modules/mis_environment
Running Trivy in terraform/environments/delius-core/modules/components/oracle_db_shared
2024-12-24T16:05:00Z INFO [vulndb] Need to update DB
2024-12-24T16:05:00Z INFO [vulndb] Downloading vulnerability DB...
2024-12-24T16:05:00Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-24T16:05:02Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-12-24T16:05:02Z INFO [vuln] Vulnerability scanning is enabled
2024-12-24T16:05:02Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-24T16:05:02Z INFO [misconfig] Need to update the built-in checks
2024-12-24T16:05:02Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-12-24T16:05:03Z INFO [secret] Secret scanning is enabled
2024-12-24T16:05:03Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-24T16:05:03Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-24T16:05:04Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-24T16:05:04Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="account_config, account_info, bastion_sg_id, env_name, environment_config, platform_vars, public_keys, tags"
2024-12-24T16:05:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-24T16:05:05Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="sg.tf:16"
2024-12-24T16:05:05Z INFO Number of language-specific files num=0
2024-12-24T16:05:05Z INFO Detected config files num=5
trivy_exitcode=0
Running Trivy in terraform/environments/delius-core/modules/delius_environment
2024-12-24T16:05:05Z INFO [vuln] Vulnerability scanning is enabled
2024-12-24T16:05:05Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-24T16:05:05Z INFO [secret] Secret scanning is enabled
2024-12-24T16:05:05Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-24T16:05:05Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-24T16:05:07Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-24T16:05:07Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="account_config, account_info, app_name, bastion_config, db_config, delius_microservice_configs, dms_config, env_name, env_name_to_dms_config_map, environment_config, platform_vars, tags"
2024-12-24T16:05:07Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_vpc_security_group_ingress_rule.alfresco_sfs_alb" value="cty.NilVal"
2024-12-24T16:05:07Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_vpc_security_group_ingress_rule.ancillary_alb_ingress_https_global_protect_allowlist" value="cty.NilVal"
2024-12-24T16:05:07Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_vpc_security_group_ingress_rule.delius_core_frontend_alb_ingress_https_global_protect_allowlist" value="cty.NilVal"
2024-12-24T16:05:08Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open cluster: no such file or directory"
2024-12-24T16:05:08Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.alfresco_efs.aws_efs_mount_target.this" value="cty.NilVal"
2024-12-24T16:05:09Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open container: no such file or directory"
2024-12-24T16:05:09Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open service: no such file or directory"
2024-12-24T16:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-24T16:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.data.aws_subnet.local_account" value="cty.NilVal"
2024-12-24T16:05:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:09Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open container: no such file or directory"
2024-12-24T16:05:09Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open service: no such file or directory"
2024-12-24T16:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.ldap.module.efs.aws_efs_mount_target.this" value="cty.NilVal"
2024-12-24T16:05:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.ldap.module.s3_bucket_ldap_data_refresh.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:09Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.ldap.module.s3_bucket_ldap_data_refresh.data.aws_iam_policy_document.bucket_policy_v2" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:09Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open container: no such file or directory"
2024-12-24T16:05:09Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open service: no such file or directory"
2024-12-24T16:05:09Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open container: no such file or directory"
2024-12-24T16:05:09Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open service: no such file or directory"
2024-12-24T16:05:09Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.pagerduty_core_alerts.data.aws_sns_topic.alarm_topics" value="cty.NilVal"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open container: no such file or directory"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open service: no such file or directory"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open container: no such file or directory"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open service: no such file or directory"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open container: no such file or directory"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? err="open service: no such file or directory"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dms[0].aws_cloudwatch_metric_alarm.dms_cdc_latency_source" value="cty.NilVal"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dms[0].aws_cloudwatch_metric_alarm.dms_cdc_latency_target" value="cty.NilVal"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dms[0].aws_dms_replication_task.audited_interaction_checksum_inbound_replication" value="cty.NilVal"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dms[0].aws_dms_replication_task.audited_interaction_inbound_replication" value="cty.NilVal"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dms[0].aws_dms_replication_task.business_interaction_inbound_replication" value="cty.NilVal"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dms[0].aws_dms_replication_task.user_outbound_replication" value="cty.NilVal"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dms[0].aws_dms_s3_endpoint.dms_audit_source_endpoint_s3" value="cty.NilVal"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dms[0].aws_dms_s3_endpoint.dms_user_target_endpoint_s3" value="cty.NilVal"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_primary[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_primary[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_primary[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_standby[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_standby[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:10Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_standby[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:20Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=c918b2189d9f81d224e07e98fa1bc9ff38e4ba12/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-12-24T16:05:20Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0/main.tf:171-179"
2024-12-24T16:05:20Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0/main.tf:171-179"
2024-12-24T16:05:20Z INFO [terraform executor] Ignore finding rule="aws-elb-alb-not-public" range="alb_frontend.tf:43"
2024-12-24T16:05:20Z INFO [terraform executor] Ignore finding rule="aws-elb-alb-not-public" range="alb_ancillary.tf:45"
2024-12-24T16:05:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="../components/oracle_db_shared/sg.tf:16"
2024-12-24T16:05:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"
2024-12-24T16:05:20Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"
2024-12-24T16:05:20Z INFO Number of language-specific files num=0
2024-12-24T16:05:20Z INFO Detected config files num=18
AVD-AWS-0052 (HIGH): Application load balancer is not set to drop invalid headers.
════════════════════════════════════════
Passing unknown or invalid headers through to the target poses a potential risk of compromise.
By setting drop_invalid_header_fields to true, anything that does not conform to well known, defined headers will be removed by the load balancer.
AVD-AWS-0053 (HIGH): Load balancer is exposed publicly.
════════════════════════════════════════
There are many scenarios in which you would want to expose a load balancer to the wider internet, but this check exists as a warning to prevent accidental exposure of internal assets. You should ensure that this resource should be exposed publicly.
Running Trivy in terraform/environments/delius-mis/modules/mis_environment
2024-12-24T16:05:20Z INFO [vuln] Vulnerability scanning is enabled
2024-12-24T16:05:20Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-24T16:05:20Z INFO [secret] Secret scanning is enabled
2024-12-24T16:05:20Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-24T16:05:20Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-12-24T16:05:21Z INFO [terraform scanner] Scanning root module file_path="."
2024-12-24T16:05:21Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="account_config, account_info, app_name, bastion_config, bcs_config, boe_db_config, bps_config, bws_config, dis_config, domain_join_ports, dsd_db_config, env_name, environment_config, fsx_config, mis_db_config, platform_vars, tags"
2024-12-24T16:05:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_vpc_security_group_egress_rule.domain_join" value="cty.NilVal"
2024-12-24T16:05:21Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns" err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns.dynamic.ip_address block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:21Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_route53_resolver_rule.r53_fwd_to_ad" err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_rule.r53_fwd_to_ad.dynamic.target_ip block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:21Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns" err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns.dynamic.ip_address block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:21Z ERROR [terraform evaluator] Failed to expand dynamic block. block="aws_route53_resolver_rule.r53_fwd_to_ad" err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_rule.r53_fwd_to_ad.dynamic.target_ip block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-24T16:05:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bastion_linux.data.aws_subnet.local_account" value="cty.NilVal"
2024-12-24T16:05:21Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:21Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.pagerduty_core_alerts.data.aws_sns_topic.alarm_topics" value="cty.NilVal"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bcs_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bcs_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bcs_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bps_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bps_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bps_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.bws_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bws_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.bws_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dis_instance[0].aws_ebs_volume.this" value="cty.NilVal"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.dis_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.dis_instance[0].aws_instance.this" err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_boe[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_boe[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_boe[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_dsd[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_dsd[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_dsd[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_mis[0].module.instance.aws_ebs_volume.this" value="cty.NilVal"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_mis[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.oracle_db_mis[0].module.instance.aws_instance.this" err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["boe-db"].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["dsd-db"].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.oracle_db_shared["mis-db"].aws_s3_object.user_public_keys" value="cty.NilVal"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.schedule_alarms[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.schedule_alarms[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2024-12-24T16:05:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.schedule_alarms[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2024-12-24T16:05:27Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=c918b2189d9f81d224e07e98fa1bc9ff38e4ba12/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"
2024-12-24T16:05:27Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0/main.tf:171-179"
2024-12-24T16:05:27Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"
2024-12-24T16:05:27Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"
2024-12-24T16:05:27Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"
2024-12-24T16:05:27Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:3-9"
2024-12-24T16:05:27Z INFO [terraform executor] Ignore finding rule="aws-ssm-secret-use-customer-key" range="secrets.tf:12-18"
2024-12-24T16:05:27Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"
2024-12-24T16:05:27Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"
2024-12-24T16:05:27Z INFO [terraform executor] Ignore finding rule="aws-ec2-enforce-http-token-imds" range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"
2024-12-24T16:05:27Z INFO Number of language-specific files num=0
2024-12-24T16:05:27Z INFO Detected config files num=16
AVD-AWS-0107 (HIGH): Security group rule allows ingress from public internet.
════════════════════════════════════════
Security groups provide stateful filtering of ingress and egress network traffic to AWS
resources. It is recommended that no security group allows unrestricted ingress access to
remote server administration ports, such as SSH to port 22 and RDP to port 3389.
*****************************
Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version:0.9.1)
tflint will check the following folders:
terraform/environments/delius-core/modules/components/oracle_db_shared
terraform/environments/delius-core/modules/delius_environment
terraform/environments/delius-mis/modules/mis_environment
*****************************
Running tflint in terraform/environments/delius-core/modules/components/oracle_db_shared
Excluding the following checks: terraform_unused_declarations
7issue(s) found:
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 10:10:"${module.s3_bucket_oracledb_backups.bucket.arn}",
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 74:74:"${module.s3_bucket_oracledb_backups.bucket.arn}",
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 87:87:"${module.s3_bucket_oracledb_backups_inventory.bucket.arn}",
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 126:126:"${module.s3_bucket_oracle_statistics[0].bucket.arn}",
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 241:241:values=["${var.account_info.id}"]
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 253:253:values=["${module.s3_bucket_oracledb_backups.bucket.arn}"]
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.md
Warning: [Fixable] Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on terraform/environments/delius-core/modules/components/oracle_db_shared/s3.tf line 294:294:resources=["${module.s3_bucket_oracle_statistics[0].bucket.arn}"]
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_deprecated_interpolation.mdtflint_exitcode=2*****************************
Running tflint in terraform/environments/delius-core/modules/delius_environment
Excluding the following checks: terraform_unused_declarations
1issue(s) found:
Warning: Missing version constraint for provider "random" in `required_providers` (terraform_required_providers)
on terraform/environments/delius-core/modules/delius_environment/pwm.tf line 136:136:resource"random_id""security_key" {
Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.9.1/docs/rules/terraform_required_providers.mdtflint_exitcode=4*****************************
Running tflint in terraform/environments/delius-mis/modules/mis_environment
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=4
Trivy Scan Failed
Show Output
*****************************
Trivy will check the following folders:
terraform/environments/delius-core/modules/components/oracle_db_shared
terraform/environments/delius-core/modules/delius_environment
terraform/environments/delius-mis/modules/mis_environment
*****************************
Running Trivy in terraform/environments/delius-core/modules/components/oracle_db_shared
2024-12-24T16:05:00Z INFO [vulndb] Need to update DB
2024-12-24T16:05:00Z INFO [vulndb] Downloading vulnerability DB...2024-12-24T16:05:00Z INFO [vulndb] Downloading artifact...repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-24T16:05:02Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"2024-12-24T16:05:02Z INFO [vuln] Vulnerability scanning is enabled
2024-12-24T16:05:02Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-24T16:05:02Z INFO [misconfig] Need to update the built-in checks
2024-12-24T16:05:02Z INFO [misconfig] Downloading the built-in checks...160.80 KiB /160.80 KiB [---------------------------------------------------------] 100.00%? p/s 0s2024-12-24T16:05:03Z INFO [secret] Secret scanning is enabled
2024-12-24T16:05:03Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-24T16:05:03Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-12-24T16:05:04Z INFO [terraformscanner] Scanning root module file_path="."2024-12-24T16:05:04Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="account_config, account_info, bastion_sg_id, env_name, environment_config, platform_vars, public_keys, tags"2024-12-24T16:05:04Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-24T16:05:05Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-no-public-egress-sgr"range="sg.tf:16"2024-12-24T16:05:05Z INFO Number of language-specific files num=02024-12-24T16:05:05Z INFO Detected config files num=5trivy_exitcode=0*****************************
Running Trivy in terraform/environments/delius-core/modules/delius_environment
2024-12-24T16:05:05Z INFO [vuln] Vulnerability scanning is enabled
2024-12-24T16:05:05Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-24T16:05:05Z INFO [secret] Secret scanning is enabled
2024-12-24T16:05:05Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-24T16:05:05Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-12-24T16:05:07Z INFO [terraformscanner] Scanning root module file_path="."2024-12-24T16:05:07Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="account_config, account_info, app_name, bastion_config, db_config, delius_microservice_configs, dms_config, env_name, env_name_to_dms_config_map, environment_config, platform_vars, tags"2024-12-24T16:05:07Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="aws_vpc_security_group_ingress_rule.alfresco_sfs_alb"value="cty.NilVal"2024-12-24T16:05:07Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="aws_vpc_security_group_ingress_rule.ancillary_alb_ingress_https_global_protect_allowlist"value="cty.NilVal"2024-12-24T16:05:07Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="aws_vpc_security_group_ingress_rule.delius_core_frontend_alb_ingress_https_global_protect_allowlist"value="cty.NilVal"2024-12-24T16:05:08Z ERROR [terraformevaluator] Failed to load module. Maybe try 'terraform init'?err="open cluster: no such file or directory"2024-12-24T16:05:08Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.alfresco_efs.aws_efs_mount_target.this"value="cty.NilVal"2024-12-24T16:05:09Z ERROR [terraformevaluator] Failed to load module. Maybe try 'terraform init'?err="open container: no such file or directory"2024-12-24T16:05:09Z ERROR [terraformevaluator] Failed to load module. Maybe try 'terraform init'?err="open service: no such file or directory"2024-12-24T16:05:09Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bastion_linux.aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-24T16:05:09Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bastion_linux.data.aws_subnet.local_account"value="cty.NilVal"2024-12-24T16:05:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily"err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily"err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:09Z ERROR [terraformevaluator] Failed to load module. Maybe try 'terraform init'?err="open container: no such file or directory"2024-12-24T16:05:09Z ERROR [terraformevaluator] Failed to load module. Maybe try 'terraform init'?err="open service: no such file or directory"2024-12-24T16:05:09Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.ldap.module.efs.aws_efs_mount_target.this"value="cty.NilVal"2024-12-24T16:05:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.ldap.module.s3_bucket_ldap_data_refresh.data.aws_iam_policy_document.bucket_policy_v2"err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:09Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.ldap.module.s3_bucket_ldap_data_refresh.data.aws_iam_policy_document.bucket_policy_v2"err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.bucket_policy_v2.dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:09Z ERROR [terraformevaluator] Failed to load module. Maybe try 'terraform init'?err="open container: no such file or directory"2024-12-24T16:05:09Z ERROR [terraformevaluator] Failed to load module. Maybe try 'terraform init'?err="open service: no such file or directory"2024-12-24T16:05:09Z ERROR [terraformevaluator] Failed to load module. Maybe try 'terraform init'?err="open container: no such file or directory"2024-12-24T16:05:09Z ERROR [terraformevaluator] Failed to load module. Maybe try 'terraform init'?err="open service: no such file or directory"2024-12-24T16:05:09Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_shared.aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.pagerduty_core_alerts.data.aws_sns_topic.alarm_topics"value="cty.NilVal"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to load module. Maybe try 'terraform init'?err="open container: no such file or directory"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to load module. Maybe try 'terraform init'?err="open service: no such file or directory"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to load module. Maybe try 'terraform init'?err="open container: no such file or directory"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to load module. Maybe try 'terraform init'?err="open service: no such file or directory"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to load module. Maybe try 'terraform init'?err="open container: no such file or directory"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to load module. Maybe try 'terraform init'?err="open service: no such file or directory"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.dms[0].aws_cloudwatch_metric_alarm.dms_cdc_latency_source"value="cty.NilVal"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.dms[0].aws_cloudwatch_metric_alarm.dms_cdc_latency_target"value="cty.NilVal"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.dms[0].aws_dms_replication_task.audited_interaction_checksum_inbound_replication"value="cty.NilVal"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.dms[0].aws_dms_replication_task.audited_interaction_inbound_replication"value="cty.NilVal"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.dms[0].aws_dms_replication_task.business_interaction_inbound_replication"value="cty.NilVal"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.dms[0].aws_dms_replication_task.user_outbound_replication"value="cty.NilVal"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.dms[0].aws_dms_s3_endpoint.dms_audit_source_endpoint_s3"value="cty.NilVal"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.dms[0].aws_dms_s3_endpoint.dms_user_target_endpoint_s3"value="cty.NilVal"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_primary[0].module.instance.aws_ebs_volume.this"value="cty.NilVal"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_primary[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_primary[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_standby[0].module.instance.aws_ebs_volume.this"value="cty.NilVal"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_standby[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:10Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_standby[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:20Z INFO [terraformexecutor] Ignore finding rule="aws-s3-encryption-customer-key"range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=c918b2189d9f81d224e07e98fa1bc9ff38e4ba12/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"2024-12-24T16:05:20Z INFO [terraformexecutor] Ignore finding rule="aws-s3-encryption-customer-key"range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0/main.tf:171-179"2024-12-24T16:05:20Z INFO [terraformexecutor] Ignore finding rule="aws-s3-encryption-customer-key"range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0/main.tf:171-179"2024-12-24T16:05:20Z INFO [terraformexecutor] Ignore finding rule="aws-elb-alb-not-public"range="alb_frontend.tf:43"2024-12-24T16:05:20Z INFO [terraformexecutor] Ignore finding rule="aws-elb-alb-not-public"range="alb_ancillary.tf:45"2024-12-24T16:05:20Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-no-public-egress-sgr"range="../components/oracle_db_shared/sg.tf:16"2024-12-24T16:05:20Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-enforce-http-token-imds"range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"2024-12-24T16:05:20Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-enforce-http-token-imds"range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"2024-12-24T16:05:20Z INFO Number of language-specific files num=02024-12-24T16:05:20Z INFO Detected config files num=18
(terraform)
============
Tests:2 (SUCCESSES:0, FAILURES:2)
Failures:2 (HIGH:2, CRITICAL:0)
AVD-AWS-0052 (HIGH): Application load balancer is not set to drop invalid headers.
════════════════════════════════════════
Passing unknown or invalid headers through to the target poses a potential risk of compromise.
By setting drop_invalid_header_fields to true, anything that does not conform to well known, defined headers will be removed by the load balancer.
See https://avd.aquasec.com/misconfig/avd-aws-0052
────────────────────────────────────────
AVD-AWS-0053 (HIGH): Load balancer is exposed publicly.
════════════════════════════════════════
There are many scenarios in which you would want to expose a load balancer to the wider internet, but this check exists as a warning to prevent accidental exposure of internal assets. You should ensure that this resource should be exposed publicly.
See https://avd.aquasec.com/misconfig/avd-aws-0053
────────────────────────────────────────
trivy_exitcode=1*****************************
Running Trivy in terraform/environments/delius-mis/modules/mis_environment
2024-12-24T16:05:20Z INFO [vuln] Vulnerability scanning is enabled
2024-12-24T16:05:20Z INFO [misconfig] Misconfiguration scanning is enabled
2024-12-24T16:05:20Z INFO [secret] Secret scanning is enabled
2024-12-24T16:05:20Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-12-24T16:05:20Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection2024-12-24T16:05:21Z INFO [terraformscanner] Scanning root module file_path="."2024-12-24T16:05:21Z WARN [terraformparser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.module="root"variables="account_config, account_info, app_name, bastion_config, bcs_config, boe_db_config, bps_config, bws_config, dis_config, domain_join_ports, dsd_db_config, env_name, environment_config, fsx_config, mis_db_config, platform_vars, tags"2024-12-24T16:05:21Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="aws_vpc_security_group_egress_rule.domain_join"value="cty.NilVal"2024-12-24T16:05:21Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns"err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns.dynamic.ip_address block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:21Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_route53_resolver_rule.r53_fwd_to_ad"err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_rule.r53_fwd_to_ad.dynamic.target_ip block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:21Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns"err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_endpoint.resolve_local_entries_using_ad_dns.dynamic.ip_address block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:21Z ERROR [terraformevaluator] Failed to expand dynamic block.block="aws_route53_resolver_rule.r53_fwd_to_ad"err="1 error occurred:\n\t* invalid for-each in aws_route53_resolver_rule.r53_fwd_to_ad.dynamic.target_ip block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:21Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bastion_linux.aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-24T16:05:21Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bastion_linux.data.aws_subnet.local_account"value="cty.NilVal"2024-12-24T16:05:21Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily"err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:21Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bastion_linux.aws_autoscaling_group.bastion_linux_daily"err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:21Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.pagerduty_core_alerts.data.aws_sns_topic.alarm_topics"value="cty.NilVal"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bcs_instance[0].aws_ebs_volume.this"value="cty.NilVal"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bcs_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bcs_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bps_instance[0].aws_ebs_volume.this"value="cty.NilVal"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bps_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bps_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.bws_instance[0].aws_ebs_volume.this"value="cty.NilVal"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bws_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.bws_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.dis_instance[0].aws_ebs_volume.this"value="cty.NilVal"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.dis_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.dis_instance[0].aws_instance.this"err="3 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.private_dns_name_options block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_boe[0].module.instance.aws_ebs_volume.this"value="cty.NilVal"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_boe[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_boe[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_dsd[0].module.instance.aws_ebs_volume.this"value="cty.NilVal"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_dsd[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_dsd[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_mis[0].module.instance.aws_ebs_volume.this"value="cty.NilVal"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_mis[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand dynamic block.block="module.oracle_db_mis[0].module.instance.aws_instance.this"err="2 errors occurred:\n\t* invalid for-each in aws_instance.this.dynamic.ephemeral_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in aws_instance.this.dynamic.ebs_block_device block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_shared[\"boe-db\"].aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_shared[\"dsd-db\"].aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.oracle_db_shared[\"mis-db\"].aws_s3_object.user_public_keys"value="cty.NilVal"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.schedule_alarms[0].aws_cloudwatch_event_rule.alarm_scheduler"value="cty.NilVal"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.schedule_alarms[0].aws_cloudwatch_event_target.alarm_scheduler"value="cty.NilVal"2024-12-24T16:05:22Z ERROR [terraformevaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.block="module.schedule_alarms[0].aws_lambda_permission.allow_cloudwatch"value="cty.NilVal"2024-12-24T16:05:27Z INFO [terraformexecutor] Ignore finding rule="aws-s3-encryption-customer-key"range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=c918b2189d9f81d224e07e98fa1bc9ff38e4ba12/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=568694e50e03630d99cb569eafa06a0b879a1239/main.tf:171-179"2024-12-24T16:05:27Z INFO [terraformexecutor] Ignore finding rule="aws-s3-encryption-customer-key"range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0/main.tf:171-179"2024-12-24T16:05:27Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-no-public-egress-sgr"range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"2024-12-24T16:05:27Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-no-public-egress-sgr"range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"2024-12-24T16:05:27Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-no-public-egress-sgr"range="../../../delius-core/modules/components/oracle_db_shared/sg.tf:16"2024-12-24T16:05:27Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:3-9"2024-12-24T16:05:27Z INFO [terraformexecutor] Ignore finding rule="aws-ssm-secret-use-customer-key"range="secrets.tf:12-18"2024-12-24T16:05:27Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-enforce-http-token-imds"range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"2024-12-24T16:05:27Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-enforce-http-token-imds"range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"2024-12-24T16:05:27Z INFO [terraformexecutor] Ignore finding rule="aws-ec2-enforce-http-token-imds"range="github.com/ministryofjustice/modernisation-platform-terraform-ec2-instance?ref=20622418aa13871c279c12d9ae5e98f29c9a46f0/main.tf:22"2024-12-24T16:05:27Z INFO Number of language-specific files num=02024-12-24T16:05:27Z INFO Detected config files num=16
sg_shared.tf (terraform)
========================
Tests:1 (SUCCESSES:0, FAILURES:1)
Failures:1 (HIGH:1, CRITICAL:0)
AVD-AWS-0107 (HIGH): Security group rule allows ingress from public internet.
════════════════════════════════════════
Security groups provide stateful filtering of ingress and egress network traffic to AWS
resources. It is recommended that no security group allows unrestricted ingress access to
remote server administration ports, such as SSH to port 22 and RDP to port 3389.
See https://avd.aquasec.com/misconfig/avd-aws-0107
────────────────────────────────────────
sg_shared.tf:29
via sg_shared.tf:27-33 (aws_vpc_security_group_ingress_rule.fleet_manager)
────────────────────────────────────────
27 resource"aws_vpc_security_group_ingress_rule""fleet_manager" {
28security_group_id=aws_security_group.mis_ec2_shared.id29 [ cidr_ipv4 = "0.0.0.0/0"30ip_protocol = "tcp"31from_port = 338932to_port = 338933 }
────────────────────────────────────────
trivy_exitcode=2
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.