Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oasys san test #9241

Merged
merged 12 commits into from
Jan 8, 2025
Merged

oasys san test #9241

merged 12 commits into from
Jan 8, 2025

Conversation

wullub
Copy link
Contributor

@wullub wullub commented Jan 7, 2025

No description provided.

@wullub wullub requested review from a team as code owners January 7, 2025 15:40
@github-actions github-actions bot added the environments-repository Used to exclude PRs from this repo in our Slack PR update label Jan 7, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 7, 2025

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/oasys

Running Trivy in terraform/environments/oasys
2025-01-07T15:42:22Z INFO [vulndb] Need to update DB
2025-01-07T15:42:22Z INFO [vulndb] Downloading vulnerability DB...
2025-01-07T15:42:22Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-07T15:42:24Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-07T15:42:24Z INFO [vuln] Vulnerability scanning is enabled
2025-01-07T15:42:24Z INFO [misconfig] Misconfiguration scanning is enabled
2025-01-07T15:42:24Z INFO [misconfig] Need to update the built-in checks
2025-01-07T15:42:24Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-01-07T15:42:24Z INFO [secret] Secret scanning is enabled
2025-01-07T15:42:24Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-07T15:42:24Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-07T15:42:26Z INFO [terraform scanner] Scanning root module file_path="."
2025-01-07T15:42:26Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.efs" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:26Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:27Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:27Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:29Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-07T15:42:29Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-07T15:42:29Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-07T15:42:29Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-07T15:42:29Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-07T15:42:29Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-07T15:42:29Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-07T15:42:29Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-07T15:42:29Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-07T15:42:29Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:29Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:29Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:29Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:29Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-07T15:42:29Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-07T15:42:29Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-07T15:42:31Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-07T15:42:31Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-07T15:42:31Z INFO Number of language-specific files num=0
2025-01-07T15:42:31Z INFO Detected config files num=4
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/oasys

*****************************

Running Checkov in terraform/environments/oasys
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 168, Failed checks: 0, Skipped checks: 26


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/oasys

*****************************

Running tflint in terraform/environments/oasys
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/oasys

*****************************

Running Trivy in terraform/environments/oasys
2025-01-07T15:42:22Z	INFO	[vulndb] Need to update DB
2025-01-07T15:42:22Z	INFO	[vulndb] Downloading vulnerability DB...
2025-01-07T15:42:22Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-07T15:42:24Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-07T15:42:24Z	INFO	[vuln] Vulnerability scanning is enabled
2025-01-07T15:42:24Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-01-07T15:42:24Z	INFO	[misconfig] Need to update the built-in checks
2025-01-07T15:42:24Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-01-07T15:42:24Z	INFO	[secret] Secret scanning is enabled
2025-01-07T15:42:24Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-07T15:42:24Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-07T15:42:26Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-01-07T15:42:26Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.efs" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:26Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:27Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:27Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:29Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-07T15:42:29Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-07T15:42:29Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-07T15:42:29Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-07T15:42:29Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-07T15:42:29Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-07T15:42:29Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-07T15:42:29Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-07T15:42:29Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-07T15:42:29Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:29Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:29Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:29Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:29Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-07T15:42:29Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-07T15:42:29Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-07T15:42:31Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-07T15:42:31Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-07T15:42:31Z	INFO	Number of language-specific files	num=0
2025-01-07T15:42:31Z	INFO	Detected config files	num=4
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 7, 2025

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/oasys

Running Trivy in terraform/environments/oasys
2025-01-07T15:42:21Z INFO [vulndb] Need to update DB
2025-01-07T15:42:21Z INFO [vulndb] Downloading vulnerability DB...
2025-01-07T15:42:21Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-07T15:42:23Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-07T15:42:23Z INFO [vuln] Vulnerability scanning is enabled
2025-01-07T15:42:23Z INFO [misconfig] Misconfiguration scanning is enabled
2025-01-07T15:42:23Z INFO [misconfig] Need to update the built-in checks
2025-01-07T15:42:23Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-01-07T15:42:23Z INFO [secret] Secret scanning is enabled
2025-01-07T15:42:23Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-07T15:42:23Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-07T15:42:24Z INFO [terraform scanner] Scanning root module file_path="."
2025-01-07T15:42:24Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.efs" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:25Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:27Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:27Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:27Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-07T15:42:27Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-07T15:42:27Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-07T15:42:27Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-07T15:42:27Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-07T15:42:27Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-07T15:42:27Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-07T15:42:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-07T15:42:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-07T15:42:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-07T15:42:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-07T15:42:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-07T15:42:29Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-07T15:42:29Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-07T15:42:30Z INFO Number of language-specific files num=0
2025-01-07T15:42:30Z INFO Detected config files num=4
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/oasys

*****************************

Running Checkov in terraform/environments/oasys
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 168, Failed checks: 0, Skipped checks: 26


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/oasys

*****************************

Running tflint in terraform/environments/oasys
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/oasys

*****************************

Running Trivy in terraform/environments/oasys
2025-01-07T15:42:21Z	INFO	[vulndb] Need to update DB
2025-01-07T15:42:21Z	INFO	[vulndb] Downloading vulnerability DB...
2025-01-07T15:42:21Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-07T15:42:23Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-07T15:42:23Z	INFO	[vuln] Vulnerability scanning is enabled
2025-01-07T15:42:23Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-01-07T15:42:23Z	INFO	[misconfig] Need to update the built-in checks
2025-01-07T15:42:23Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-01-07T15:42:23Z	INFO	[secret] Secret scanning is enabled
2025-01-07T15:42:23Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-07T15:42:23Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-07T15:42:24Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-01-07T15:42:24Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.efs" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:25Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:27Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:27Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:27Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-07T15:42:27Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-07T15:42:27Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-07T15:42:27Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-07T15:42:27Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-07T15:42:27Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-07T15:42:27Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-07T15:42:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-07T15:42:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-07T15:42:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T15:42:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-07T15:42:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-07T15:42:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-07T15:42:29Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-07T15:42:29Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-07T15:42:30Z	INFO	Number of language-specific files	num=0
2025-01-07T15:42:30Z	INFO	Detected config files	num=4
trivy_exitcode=0

@wullub wullub requested a deployment to oasys-development January 7, 2025 16:04 — with GitHub Actions Waiting
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 7, 2025

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/oasys

Running Trivy in terraform/environments/oasys
2025-01-07T21:32:59Z INFO [vulndb] Need to update DB
2025-01-07T21:32:59Z INFO [vulndb] Downloading vulnerability DB...
2025-01-07T21:32:59Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-07T21:33:01Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-07T21:33:01Z INFO [vuln] Vulnerability scanning is enabled
2025-01-07T21:33:01Z INFO [misconfig] Misconfiguration scanning is enabled
2025-01-07T21:33:01Z INFO [misconfig] Need to update the built-in checks
2025-01-07T21:33:01Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-01-07T21:33:02Z INFO [secret] Secret scanning is enabled
2025-01-07T21:33:02Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-07T21:33:02Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-07T21:33:04Z INFO [terraform scanner] Scanning root module file_path="."
2025-01-07T21:33:04Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.efs" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:04Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:05Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:05Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-07T21:33:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-07T21:33:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-07T21:33:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-07T21:33:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-07T21:33:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-07T21:33:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-07T21:33:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-07T21:33:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-07T21:33:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:06Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-07T21:33:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-07T21:33:06Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-07T21:33:07Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-07T21:33:07Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-07T21:33:07Z INFO Number of language-specific files num=0
2025-01-07T21:33:07Z INFO Detected config files num=4
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/oasys

*****************************

Running Checkov in terraform/environments/oasys
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 168, Failed checks: 0, Skipped checks: 26


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/oasys

*****************************

Running tflint in terraform/environments/oasys
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/oasys

*****************************

Running Trivy in terraform/environments/oasys
2025-01-07T21:32:59Z	INFO	[vulndb] Need to update DB
2025-01-07T21:32:59Z	INFO	[vulndb] Downloading vulnerability DB...
2025-01-07T21:32:59Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-07T21:33:01Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-07T21:33:01Z	INFO	[vuln] Vulnerability scanning is enabled
2025-01-07T21:33:01Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-01-07T21:33:01Z	INFO	[misconfig] Need to update the built-in checks
2025-01-07T21:33:01Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-01-07T21:33:02Z	INFO	[secret] Secret scanning is enabled
2025-01-07T21:33:02Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-07T21:33:02Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-07T21:33:04Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-01-07T21:33:04Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.efs" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:04Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:05Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:05Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-07T21:33:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-07T21:33:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-07T21:33:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-07T21:33:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-07T21:33:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-07T21:33:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-07T21:33:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-07T21:33:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-07T21:33:06Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:06Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:06Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:06Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-07T21:33:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-07T21:33:06Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-07T21:33:07Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-07T21:33:07Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-07T21:33:07Z	INFO	Number of language-specific files	num=0
2025-01-07T21:33:07Z	INFO	Detected config files	num=4
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 7, 2025

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/oasys

Running Trivy in terraform/environments/oasys
2025-01-07T21:33:13Z INFO [vulndb] Need to update DB
2025-01-07T21:33:13Z INFO [vulndb] Downloading vulnerability DB...
2025-01-07T21:33:13Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-07T21:33:15Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-07T21:33:15Z INFO [vuln] Vulnerability scanning is enabled
2025-01-07T21:33:15Z INFO [misconfig] Misconfiguration scanning is enabled
2025-01-07T21:33:15Z INFO [misconfig] Need to update the built-in checks
2025-01-07T21:33:15Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-01-07T21:33:15Z INFO [secret] Secret scanning is enabled
2025-01-07T21:33:15Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-07T21:33:15Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-07T21:33:16Z INFO [terraform scanner] Scanning root module file_path="."
2025-01-07T21:33:16Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.efs" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-07T21:33:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-07T21:33:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-07T21:33:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-07T21:33:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-07T21:33:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-07T21:33:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-07T21:33:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-07T21:33:18Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:18Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:18Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:18Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-07T21:33:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-07T21:33:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-07T21:33:19Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-07T21:33:19Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-07T21:33:20Z INFO Number of language-specific files num=0
2025-01-07T21:33:20Z INFO Detected config files num=4
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/oasys

*****************************

Running Checkov in terraform/environments/oasys
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 168, Failed checks: 0, Skipped checks: 26


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/oasys

*****************************

Running tflint in terraform/environments/oasys
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/oasys

*****************************

Running Trivy in terraform/environments/oasys
2025-01-07T21:33:13Z	INFO	[vulndb] Need to update DB
2025-01-07T21:33:13Z	INFO	[vulndb] Downloading vulnerability DB...
2025-01-07T21:33:13Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-07T21:33:15Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-07T21:33:15Z	INFO	[vuln] Vulnerability scanning is enabled
2025-01-07T21:33:15Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-01-07T21:33:15Z	INFO	[misconfig] Need to update the built-in checks
2025-01-07T21:33:15Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-01-07T21:33:15Z	INFO	[secret] Secret scanning is enabled
2025-01-07T21:33:15Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-07T21:33:15Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-07T21:33:16Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-01-07T21:33:16Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.efs" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-07T21:33:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-07T21:33:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-07T21:33:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-07T21:33:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-07T21:33:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-07T21:33:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-07T21:33:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-07T21:33:18Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:18Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:18Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:18Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-07T21:33:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-07T21:33:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-07T21:33:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-07T21:33:19Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-07T21:33:19Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-07T21:33:20Z	INFO	Number of language-specific files	num=0
2025-01-07T21:33:20Z	INFO	Detected config files	num=4
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 8, 2025

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/oasys

Running Trivy in terraform/environments/oasys
2025-01-08T09:57:20Z INFO [vulndb] Need to update DB
2025-01-08T09:57:20Z INFO [vulndb] Downloading vulnerability DB...
2025-01-08T09:57:20Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T09:57:23Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T09:57:23Z INFO [vuln] Vulnerability scanning is enabled
2025-01-08T09:57:23Z INFO [misconfig] Misconfiguration scanning is enabled
2025-01-08T09:57:23Z INFO [misconfig] Need to update the built-in checks
2025-01-08T09:57:23Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-01-08T09:57:23Z INFO [secret] Secret scanning is enabled
2025-01-08T09:57:23Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-08T09:57:23Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-08T09:57:24Z INFO [terraform scanner] Scanning root module file_path="."
2025-01-08T09:57:24Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.efs" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T09:57:25Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T09:57:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T09:57:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T09:57:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T09:57:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-08T09:57:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-08T09:57:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-08T09:57:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-08T09:57:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T09:57:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T09:57:26Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T09:57:26Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T09:57:26Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T09:57:26Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T09:57:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T09:57:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T09:57:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T09:57:27Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-08T09:57:27Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-08T09:57:27Z INFO Number of language-specific files num=0
2025-01-08T09:57:27Z INFO Detected config files num=4
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/oasys

*****************************

Running Checkov in terraform/environments/oasys
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 168, Failed checks: 0, Skipped checks: 26


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/oasys

*****************************

Running tflint in terraform/environments/oasys
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/oasys

*****************************

Running Trivy in terraform/environments/oasys
2025-01-08T09:57:20Z	INFO	[vulndb] Need to update DB
2025-01-08T09:57:20Z	INFO	[vulndb] Downloading vulnerability DB...
2025-01-08T09:57:20Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T09:57:23Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T09:57:23Z	INFO	[vuln] Vulnerability scanning is enabled
2025-01-08T09:57:23Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-01-08T09:57:23Z	INFO	[misconfig] Need to update the built-in checks
2025-01-08T09:57:23Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-01-08T09:57:23Z	INFO	[secret] Secret scanning is enabled
2025-01-08T09:57:23Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-08T09:57:23Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-08T09:57:24Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-01-08T09:57:24Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.efs" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T09:57:25Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T09:57:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T09:57:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T09:57:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T09:57:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-08T09:57:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-08T09:57:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-08T09:57:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-08T09:57:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T09:57:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T09:57:26Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T09:57:26Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T09:57:26Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T09:57:26Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T09:57:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T09:57:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T09:57:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T09:57:27Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-08T09:57:27Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-08T09:57:27Z	INFO	Number of language-specific files	num=0
2025-01-08T09:57:27Z	INFO	Detected config files	num=4
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 8, 2025

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/oasys

Running Trivy in terraform/environments/oasys
2025-01-08T10:12:18Z INFO [vulndb] Need to update DB
2025-01-08T10:12:18Z INFO [vulndb] Downloading vulnerability DB...
2025-01-08T10:12:18Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T10:12:20Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T10:12:20Z INFO [vuln] Vulnerability scanning is enabled
2025-01-08T10:12:20Z INFO [misconfig] Misconfiguration scanning is enabled
2025-01-08T10:12:20Z INFO [misconfig] Need to update the built-in checks
2025-01-08T10:12:20Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-01-08T10:12:21Z INFO [secret] Secret scanning is enabled
2025-01-08T10:12:21Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-08T10:12:21Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-08T10:12:22Z INFO [terraform scanner] Scanning root module file_path="."
2025-01-08T10:12:22Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.efs" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-08T10:12:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-08T10:12:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T10:12:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T10:12:23Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:12:23Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:12:23Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:12:23Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:12:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:12:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:12:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T10:12:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-08T10:12:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-08T10:12:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-08T10:12:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-08T10:12:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T10:12:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T10:12:24Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:12:24Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:12:24Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:12:24Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:12:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:12:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:12:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T10:12:25Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-08T10:12:25Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-08T10:12:25Z INFO Number of language-specific files num=0
2025-01-08T10:12:25Z INFO Detected config files num=4
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/oasys

*****************************

Running Checkov in terraform/environments/oasys
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 168, Failed checks: 0, Skipped checks: 26


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/oasys

*****************************

Running tflint in terraform/environments/oasys
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/oasys

*****************************

Running Trivy in terraform/environments/oasys
2025-01-08T10:12:18Z	INFO	[vulndb] Need to update DB
2025-01-08T10:12:18Z	INFO	[vulndb] Downloading vulnerability DB...
2025-01-08T10:12:18Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T10:12:20Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T10:12:20Z	INFO	[vuln] Vulnerability scanning is enabled
2025-01-08T10:12:20Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-01-08T10:12:20Z	INFO	[misconfig] Need to update the built-in checks
2025-01-08T10:12:20Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-01-08T10:12:21Z	INFO	[secret] Secret scanning is enabled
2025-01-08T10:12:21Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-08T10:12:21Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-08T10:12:22Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-01-08T10:12:22Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.efs" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-08T10:12:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-08T10:12:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T10:12:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T10:12:23Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:12:23Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:12:23Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:12:23Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:12:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:12:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:12:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T10:12:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-08T10:12:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-08T10:12:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-08T10:12:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-08T10:12:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T10:12:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T10:12:24Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:12:24Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:12:24Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:12:24Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:12:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:12:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:12:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T10:12:25Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-08T10:12:25Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-08T10:12:25Z	INFO	Number of language-specific files	num=0
2025-01-08T10:12:25Z	INFO	Detected config files	num=4
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 8, 2025

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/oasys

Running Trivy in terraform/environments/oasys
2025-01-08T10:29:16Z INFO [vulndb] Need to update DB
2025-01-08T10:29:16Z INFO [vulndb] Downloading vulnerability DB...
2025-01-08T10:29:16Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T10:29:18Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T10:29:18Z INFO [vuln] Vulnerability scanning is enabled
2025-01-08T10:29:18Z INFO [misconfig] Misconfiguration scanning is enabled
2025-01-08T10:29:18Z INFO [misconfig] Need to update the built-in checks
2025-01-08T10:29:18Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-01-08T10:29:18Z INFO [secret] Secret scanning is enabled
2025-01-08T10:29:18Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-08T10:29:18Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-08T10:29:20Z INFO [terraform scanner] Scanning root module file_path="."
2025-01-08T10:29:20Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.efs" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:29:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:29:21Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:29:21Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:29:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:29:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:29:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T10:29:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-08T10:29:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-08T10:29:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-08T10:29:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-08T10:29:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T10:29:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T10:29:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:29:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:29:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:29:22Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:29:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:29:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:29:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T10:29:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-08T10:29:23Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-08T10:29:24Z INFO Number of language-specific files num=0
2025-01-08T10:29:24Z INFO Detected config files num=4
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/oasys

*****************************

Running Checkov in terraform/environments/oasys
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 168, Failed checks: 0, Skipped checks: 26


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/oasys

*****************************

Running tflint in terraform/environments/oasys
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/oasys

*****************************

Running Trivy in terraform/environments/oasys
2025-01-08T10:29:16Z	INFO	[vulndb] Need to update DB
2025-01-08T10:29:16Z	INFO	[vulndb] Downloading vulnerability DB...
2025-01-08T10:29:16Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T10:29:18Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T10:29:18Z	INFO	[vuln] Vulnerability scanning is enabled
2025-01-08T10:29:18Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-01-08T10:29:18Z	INFO	[misconfig] Need to update the built-in checks
2025-01-08T10:29:18Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-01-08T10:29:18Z	INFO	[secret] Secret scanning is enabled
2025-01-08T10:29:18Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-08T10:29:18Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-08T10:29:20Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-01-08T10:29:20Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.efs" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:29:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:29:21Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:29:21Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:29:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:29:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:29:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T10:29:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-08T10:29:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-08T10:29:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-08T10:29:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-08T10:29:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T10:29:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T10:29:22Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:29:22Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:29:22Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:29:22Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:29:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:29:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:29:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T10:29:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-08T10:29:23Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-08T10:29:24Z	INFO	Number of language-specific files	num=0
2025-01-08T10:29:24Z	INFO	Detected config files	num=4
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 8, 2025

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/oasys

Running Trivy in terraform/environments/oasys
2025-01-08T10:38:28Z INFO [vulndb] Need to update DB
2025-01-08T10:38:28Z INFO [vulndb] Downloading vulnerability DB...
2025-01-08T10:38:28Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T10:38:30Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T10:38:30Z INFO [vuln] Vulnerability scanning is enabled
2025-01-08T10:38:30Z INFO [misconfig] Misconfiguration scanning is enabled
2025-01-08T10:38:30Z INFO [misconfig] Need to update the built-in checks
2025-01-08T10:38:30Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-01-08T10:38:31Z INFO [secret] Secret scanning is enabled
2025-01-08T10:38:31Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-08T10:38:31Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-08T10:38:32Z INFO [terraform scanner] Scanning root module file_path="."
2025-01-08T10:38:32Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.efs" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-08T10:38:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-08T10:38:33Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T10:38:33Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T10:38:33Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:38:33Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:38:33Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:38:33Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:38:33Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:38:33Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:38:33Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T10:38:34Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-08T10:38:34Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-08T10:38:34Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-08T10:38:34Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-08T10:38:34Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T10:38:34Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T10:38:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:38:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:38:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:38:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:38:34Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:38:34Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:38:34Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T10:38:35Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-08T10:38:35Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-08T10:38:35Z INFO Number of language-specific files num=0
2025-01-08T10:38:35Z INFO Detected config files num=4
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/oasys

*****************************

Running Checkov in terraform/environments/oasys
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 168, Failed checks: 0, Skipped checks: 26


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/oasys

*****************************

Running tflint in terraform/environments/oasys
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/oasys

*****************************

Running Trivy in terraform/environments/oasys
2025-01-08T10:38:28Z	INFO	[vulndb] Need to update DB
2025-01-08T10:38:28Z	INFO	[vulndb] Downloading vulnerability DB...
2025-01-08T10:38:28Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T10:38:30Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T10:38:30Z	INFO	[vuln] Vulnerability scanning is enabled
2025-01-08T10:38:30Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-01-08T10:38:30Z	INFO	[misconfig] Need to update the built-in checks
2025-01-08T10:38:30Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-01-08T10:38:31Z	INFO	[secret] Secret scanning is enabled
2025-01-08T10:38:31Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-08T10:38:31Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-08T10:38:32Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-01-08T10:38:32Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.efs" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-08T10:38:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-08T10:38:33Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T10:38:33Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T10:38:33Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:38:33Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:38:33Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:38:33Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:38:33Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:38:33Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:38:33Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T10:38:34Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-08T10:38:34Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-08T10:38:34Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-08T10:38:34Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-08T10:38:34Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T10:38:34Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T10:38:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:38:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:38:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:38:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T10:38:34Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:38:34Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T10:38:34Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T10:38:35Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-08T10:38:35Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-08T10:38:35Z	INFO	Number of language-specific files	num=0
2025-01-08T10:38:35Z	INFO	Detected config files	num=4
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 8, 2025

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/oasys

Running Trivy in terraform/environments/oasys
2025-01-08T11:35:34Z INFO [vulndb] Need to update DB
2025-01-08T11:35:34Z INFO [vulndb] Downloading vulnerability DB...
2025-01-08T11:35:34Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T11:35:36Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T11:35:36Z INFO [vuln] Vulnerability scanning is enabled
2025-01-08T11:35:36Z INFO [misconfig] Misconfiguration scanning is enabled
2025-01-08T11:35:36Z INFO [misconfig] Need to update the built-in checks
2025-01-08T11:35:36Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-01-08T11:35:37Z INFO [secret] Secret scanning is enabled
2025-01-08T11:35:37Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-08T11:35:37Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-08T11:35:38Z INFO [terraform scanner] Scanning root module file_path="."
2025-01-08T11:35:38Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.efs" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-08T11:35:39Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-08T11:35:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T11:35:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T11:35:40Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:35:40Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:35:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:35:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:35:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T11:35:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T11:35:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T11:35:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-08T11:35:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-08T11:35:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-08T11:35:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-08T11:35:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T11:35:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T11:35:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:35:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:35:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:35:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:35:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T11:35:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T11:35:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T11:35:43Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-08T11:35:43Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-08T11:35:44Z INFO Number of language-specific files num=0
2025-01-08T11:35:44Z INFO Detected config files num=4
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/oasys

*****************************

Running Checkov in terraform/environments/oasys
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 168, Failed checks: 0, Skipped checks: 26


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/oasys

*****************************

Running tflint in terraform/environments/oasys
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/oasys

*****************************

Running Trivy in terraform/environments/oasys
2025-01-08T11:35:34Z	INFO	[vulndb] Need to update DB
2025-01-08T11:35:34Z	INFO	[vulndb] Downloading vulnerability DB...
2025-01-08T11:35:34Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T11:35:36Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T11:35:36Z	INFO	[vuln] Vulnerability scanning is enabled
2025-01-08T11:35:36Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-01-08T11:35:36Z	INFO	[misconfig] Need to update the built-in checks
2025-01-08T11:35:36Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-01-08T11:35:37Z	INFO	[secret] Secret scanning is enabled
2025-01-08T11:35:37Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-08T11:35:37Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-08T11:35:38Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-01-08T11:35:38Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.efs" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-08T11:35:39Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-08T11:35:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T11:35:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T11:35:40Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:35:40Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:35:41Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:35:41Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:35:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T11:35:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T11:35:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T11:35:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-08T11:35:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-08T11:35:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-08T11:35:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-08T11:35:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T11:35:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T11:35:42Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:35:42Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:35:42Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:35:42Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:35:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T11:35:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T11:35:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T11:35:43Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-08T11:35:43Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-08T11:35:44Z	INFO	Number of language-specific files	num=0
2025-01-08T11:35:44Z	INFO	Detected config files	num=4
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 8, 2025

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/oasys

Running Trivy in terraform/environments/oasys
2025-01-08T11:46:54Z INFO [vulndb] Need to update DB
2025-01-08T11:46:54Z INFO [vulndb] Downloading vulnerability DB...
2025-01-08T11:46:54Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T11:46:56Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T11:46:56Z INFO [vuln] Vulnerability scanning is enabled
2025-01-08T11:46:56Z INFO [misconfig] Misconfiguration scanning is enabled
2025-01-08T11:46:56Z INFO [misconfig] Need to update the built-in checks
2025-01-08T11:46:56Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-01-08T11:46:56Z INFO [secret] Secret scanning is enabled
2025-01-08T11:46:56Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-08T11:46:56Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-08T11:46:57Z INFO [terraform scanner] Scanning root module file_path="."
2025-01-08T11:46:57Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.efs" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-08T11:46:57Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-08T11:46:58Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T11:46:58Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T11:46:58Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:46:58Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:46:58Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:46:58Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:46:59Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T11:46:59Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T11:46:59Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T11:46:59Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-08T11:46:59Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-08T11:46:59Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-08T11:46:59Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-08T11:46:59Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T11:46:59Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T11:46:59Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:46:59Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:46:59Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:46:59Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:46:59Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T11:46:59Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T11:46:59Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T11:47:00Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-08T11:47:00Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-08T11:47:01Z INFO Number of language-specific files num=0
2025-01-08T11:47:01Z INFO Detected config files num=4
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/oasys

*****************************

Running Checkov in terraform/environments/oasys
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 168, Failed checks: 0, Skipped checks: 26


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/oasys

*****************************

Running tflint in terraform/environments/oasys
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/oasys

*****************************

Running Trivy in terraform/environments/oasys
2025-01-08T11:46:54Z	INFO	[vulndb] Need to update DB
2025-01-08T11:46:54Z	INFO	[vulndb] Downloading vulnerability DB...
2025-01-08T11:46:54Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T11:46:56Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T11:46:56Z	INFO	[vuln] Vulnerability scanning is enabled
2025-01-08T11:46:56Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-01-08T11:46:56Z	INFO	[misconfig] Need to update the built-in checks
2025-01-08T11:46:56Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-01-08T11:46:56Z	INFO	[secret] Secret scanning is enabled
2025-01-08T11:46:56Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-08T11:46:56Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-08T11:46:57Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-01-08T11:46:57Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.efs" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-08T11:46:57Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-08T11:46:58Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T11:46:58Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T11:46:58Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:46:58Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:46:58Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:46:58Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:46:59Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T11:46:59Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T11:46:59Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T11:46:59Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-08T11:46:59Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-08T11:46:59Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-08T11:46:59Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-08T11:46:59Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T11:46:59Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T11:46:59Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:46:59Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:46:59Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:46:59Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T11:46:59Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T11:46:59Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T11:46:59Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T11:47:00Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-08T11:47:00Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-08T11:47:01Z	INFO	Number of language-specific files	num=0
2025-01-08T11:47:01Z	INFO	Detected config files	num=4
trivy_exitcode=0

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 8, 2025

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/oasys

Running Trivy in terraform/environments/oasys
2025-01-08T12:02:08Z INFO [vulndb] Need to update DB
2025-01-08T12:02:08Z INFO [vulndb] Downloading vulnerability DB...
2025-01-08T12:02:08Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T12:02:10Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T12:02:10Z INFO [vuln] Vulnerability scanning is enabled
2025-01-08T12:02:10Z INFO [misconfig] Misconfiguration scanning is enabled
2025-01-08T12:02:10Z INFO [misconfig] Need to update the built-in checks
2025-01-08T12:02:10Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-01-08T12:02:11Z INFO [secret] Secret scanning is enabled
2025-01-08T12:02:11Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-08T12:02:11Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-08T12:02:13Z INFO [terraform scanner] Scanning root module file_path="."
2025-01-08T12:02:13Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.efs" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-08T12:02:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-08T12:02:14Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T12:02:14Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T12:02:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:02:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:02:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:02:14Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:02:15Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T12:02:15Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T12:02:15Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T12:02:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-08T12:02:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-08T12:02:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-08T12:02:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-08T12:02:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T12:02:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T12:02:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:02:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:02:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:02:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:02:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T12:02:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T12:02:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T12:02:17Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-08T12:02:17Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-08T12:02:17Z INFO Number of language-specific files num=0
2025-01-08T12:02:17Z INFO Detected config files num=4
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/oasys

*****************************

Running Checkov in terraform/environments/oasys
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 168, Failed checks: 0, Skipped checks: 26


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/oasys

*****************************

Running tflint in terraform/environments/oasys
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/oasys

*****************************

Running Trivy in terraform/environments/oasys
2025-01-08T12:02:08Z	INFO	[vulndb] Need to update DB
2025-01-08T12:02:08Z	INFO	[vulndb] Downloading vulnerability DB...
2025-01-08T12:02:08Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T12:02:10Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T12:02:10Z	INFO	[vuln] Vulnerability scanning is enabled
2025-01-08T12:02:10Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-01-08T12:02:10Z	INFO	[misconfig] Need to update the built-in checks
2025-01-08T12:02:10Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-01-08T12:02:11Z	INFO	[secret] Secret scanning is enabled
2025-01-08T12:02:11Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-08T12:02:11Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-08T12:02:13Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-01-08T12:02:13Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.efs" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-08T12:02:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-08T12:02:14Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T12:02:14Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T12:02:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:02:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:02:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:02:14Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:02:15Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T12:02:15Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T12:02:15Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T12:02:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-08T12:02:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-08T12:02:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-08T12:02:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-08T12:02:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T12:02:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T12:02:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:02:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:02:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:02:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:02:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T12:02:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T12:02:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T12:02:17Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-08T12:02:17Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-08T12:02:17Z	INFO	Number of language-specific files	num=0
2025-01-08T12:02:17Z	INFO	Detected config files	num=4
trivy_exitcode=0

@wullub wullub deployed to oasys-test January 8, 2025 12:05 — with GitHub Actions Active
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 8, 2025

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/oasys

Running Trivy in terraform/environments/oasys
2025-01-08T12:06:06Z INFO [vulndb] Need to update DB
2025-01-08T12:06:06Z INFO [vulndb] Downloading vulnerability DB...
2025-01-08T12:06:06Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T12:06:09Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T12:06:09Z INFO [vuln] Vulnerability scanning is enabled
2025-01-08T12:06:09Z INFO [misconfig] Misconfiguration scanning is enabled
2025-01-08T12:06:09Z INFO [misconfig] Need to update the built-in checks
2025-01-08T12:06:09Z INFO [misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-01-08T12:06:10Z INFO [secret] Secret scanning is enabled
2025-01-08T12:06:10Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-08T12:06:10Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-08T12:06:12Z INFO [terraform scanner] Scanning root module file_path="."
2025-01-08T12:06:12Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.efs" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-08T12:06:12Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-08T12:06:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T12:06:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T12:06:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:06:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:06:17Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:06:17Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:06:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T12:06:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T12:06:17Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T12:06:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-08T12:06:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-08T12:06:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-08T12:06:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-08T12:06:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T12:06:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T12:06:18Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:06:18Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:06:18Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:06:18Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:06:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T12:06:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T12:06:18Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T12:06:19Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-08T12:06:19Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-08T12:06:19Z INFO Number of language-specific files num=0
2025-01-08T12:06:19Z INFO Detected config files num=4
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/oasys

*****************************

Running Checkov in terraform/environments/oasys
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
terraform scan results:

Passed checks: 168, Failed checks: 0, Skipped checks: 26


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/oasys

*****************************

Running tflint in terraform/environments/oasys
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/oasys

*****************************

Running Trivy in terraform/environments/oasys
2025-01-08T12:06:06Z	INFO	[vulndb] Need to update DB
2025-01-08T12:06:06Z	INFO	[vulndb] Downloading vulnerability DB...
2025-01-08T12:06:06Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T12:06:09Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-01-08T12:06:09Z	INFO	[vuln] Vulnerability scanning is enabled
2025-01-08T12:06:09Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-01-08T12:06:09Z	INFO	[misconfig] Need to update the built-in checks
2025-01-08T12:06:09Z	INFO	[misconfig] Downloading the built-in checks...
160.80 KiB / 160.80 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2025-01-08T12:06:10Z	INFO	[secret] Secret scanning is enabled
2025-01-08T12:06:10Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-08T12:06:10Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2025-01-08T12:06:12Z	INFO	[terraform scanner] Scanning root module	file_path="."
2025-01-08T12:06:12Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_plan.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_backup_selection.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.route53" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_group.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_log_metric_filter.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_cloudwatch_metric_alarm.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_policy.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_role_policy_attachment.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_iam_service_linked_role.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_key_pair.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_kms_grant.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group.instance" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_lb_target_group_attachment.instance" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_link.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_oam_sink_policy.monitoring_account_oam_sink_policy" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_query_log.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_network_services" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.core_vpc" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_record.self" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_endpoint.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_resolver_rule_association.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_route53_zone.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_secretsmanager_secret_version.fixed" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.route53_resolver" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_security_group_rule.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_sns_topic_subscription.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_association.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_document.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.fixed" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.aws_ssm_parameter.placeholder" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.assume_role" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.secretsmanager_secret_policy" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.data.aws_iam_policy_document.this" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.acm_certificate" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.cloudwatch_dashboard" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_autoscaling_group" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.ec2_instance" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.efs" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.fsx_windows" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.lb_listener" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.s3_bucket" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.secrets" value="cty.NilVal"
2025-01-08T12:06:12Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.random_password.this" value="cty.NilVal"
2025-01-08T12:06:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T12:06:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T12:06:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:06:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:06:17Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:06:17Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:06:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T12:06:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T12:06:17Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T12:06:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_network_services" value="cty.NilVal"
2025-01-08T12:06:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_route53_zone.core_vpc" value="cty.NilVal"
2025-01-08T12:06:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnet.this" value="cty.NilVal"
2025-01-08T12:06:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.environment.data.aws_subnets.this" value="cty.NilVal"
2025-01-08T12:06:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].aws_s3_object.user_public_keys" value="cty.NilVal"
2025-01-08T12:06:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.bastion_linux[0].data.aws_subnet.local_account" value="cty.NilVal"
2025-01-08T12:06:18Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:06:18Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].aws_autoscaling_group.bastion_linux_daily" err="1 error occurred:\n\t* invalid for-each in aws_autoscaling_group.bastion_linux_daily.dynamic.tag block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:06:18Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:06:18Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.baseline.module.bastion_linux[0].module.s3-bucket.aws_s3_bucket_lifecycle_configuration.default" err="1 error occurred:\n\t* invalid for-each in aws_s3_bucket_lifecycle_configuration.default.dynamic.rule block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2025-01-08T12:06:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_rule.alarm_scheduler" value="cty.NilVal"
2025-01-08T12:06:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_cloudwatch_event_target.alarm_scheduler" value="cty.NilVal"
2025-01-08T12:06:18Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.baseline.module.schedule_alarms_lambda[0].aws_lambda_permission.allow_cloudwatch" value="cty.NilVal"
2025-01-08T12:06:19Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=836db079348a2b40d59bd9cb953111e8ad61aec1/github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=7b2b75c178f855d8c48d3bda4ac53df782288c02/main.tf:141-151"
2025-01-08T12:06:19Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v8.1.0/main.tf:150-160"
2025-01-08T12:06:19Z	INFO	Number of language-specific files	num=0
2025-01-08T12:06:19Z	INFO	Detected config files	num=4
trivy_exitcode=0

@wullub wullub merged commit 2221e67 into main Jan 8, 2025
14 of 15 checks passed
@wullub wullub deleted the oasys-san-test branch January 8, 2025 12:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robertsweetman robertsweetman robertsweetman approved these changes

Assignees
No one assigned
Labels
environments-repository Used to exclude PRs from this repo in our Slack PR update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wullub @robertsweetman