Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New NAT Alarms core network services #7969

Merged
merged 2 commits into from
Sep 19, 2024
Merged

New NAT Alarms core network services #7969

merged 2 commits into from
Sep 19, 2024

Conversation

markgov
Copy link
Contributor

@markgov markgov commented Sep 19, 2024
edited
Loading

A reference to the issue / Description of it

As Part of issue NAT Alarms for Core network services account
#7724

we wanted to setup some new alarms for the NAT gateway in core-networking account

How does this PR fix the problem?

This PR add these alarms to cover both live and non-live vpc's

How has this been tested?

Please describe the tests that you ran and provide instructions to reproduce.

i have run the plan locally on my machine and the play runs correctly and produces the output required

Deployment Plan / Instructions

Will this deployment impact the platform and / or services on it?

{Please write here}

Checklist (check x in [ ] of list items)

  • I have performed a self-review of my own code
  • All checks have passed
  • I have made corresponding changes to the documentation
  • Plan and discussed how it should be deployed to PROD (If needed)

Additional comments (if any)

{Please write here}

@markgov markgov requested a review from a team as a code owner September 19, 2024 09:05
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/core-network-services

Running Trivy in terraform/environments/core-network-services
2024-09-19T09:07:20Z INFO [db] Need to update DB
2024-09-19T09:07:20Z INFO [db] Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-09-19T09:07:22Z INFO [vuln] Vulnerability scanning is enabled
2024-09-19T09:07:22Z INFO [misconfig] Misconfiguration scanning is enabled
2024-09-19T09:07:22Z INFO Need to update the built-in policies
2024-09-19T09:07:22Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-09-19T09:07:22Z INFO [secret] Secret scanning is enabled
2024-09-19T09:07:22Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-09-19T09:07:22Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.55/docs/scanner/secret#recommendation for faster secret detection
2024-09-19T09:07:23Z INFO [terraform scanner] Scanning root module file_path="."
2024-09-19T09:07:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.nat_packets_drop_count" value="cty.NilVal"
2024-09-19T09:07:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_ec2_transit_gateway_route_table_propagation.propagate_live_data_vpcs" value="cty.NilVal"
2024-09-19T09:07:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_ec2_transit_gateway_route_table_propagation.propagate_noms_routes_to_firewall" value="cty.NilVal"
2024-09-19T09:07:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_ec2_transit_gateway_route_table_propagation.propagate_non_live_data_vpcs" value="cty.NilVal"
2024-09-19T09:07:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_route_table.external_inspection_in" value="cty.NilVal"
2024-09-19T09:07:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_route_table_association.external_inspection_in" value="cty.NilVal"
2024-09-19T09:07:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_route_table_association.external_inspection_out" value="cty.NilVal"
2024-09-19T09:07:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_subnet.external_inspection_in" value="cty.NilVal"
2024-09-19T09:07:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_subnet.external_inspection_out" value="cty.NilVal"
2024-09-19T09:07:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_ec2_transit_gateway_vpc_attachment.transit_gateway_all" value="cty.NilVal"
2024-09-19T09:07:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_route.live_data" value="cty.NilVal"
2024-09-19T09:07:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_route.non_live_data" value="cty.NilVal"
2024-09-19T09:07:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.firehose_firewalls" value="cty.NilVal"
2024-09-19T09:07:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.firehose_vpcs" value="cty.NilVal"
2024-09-19T09:07:23Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_ec2_transit_gateway_route_table_propagation.propagate_firewall" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.firewall_policy.dynamic.ip_sets" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.firewall_policy.dynamic.port_sets" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.firewall_policy.dynamic.ip_sets" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.firewall_policy.dynamic.port_sets" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_subnet.inspection" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_subnet.public" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.inspection-0-0-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.inspection-10-20-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.inspection-10-231-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.inspection-10-26-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.inspection-10-27-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.public-0-0-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.public-10-20-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.public-10-231-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.public-10-26-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.public-10-27-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_subnet.inspection" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_subnet.public" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.inspection-0-0-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.inspection-10-20-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.inspection-10-231-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.inspection-10-26-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.inspection-10-27-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.public-0-0-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.public-10-20-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.public-10-231-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.public-10-26-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.public-10-27-0-0" value="cty.NilVal"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/firewall-logging/main.tf:21-26"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/firewall-logging/main.tf:21-26"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/firewall-logging/main.tf:21-26"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:260"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:247-263"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:358"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:345-361"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:166"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:153-169"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:260"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:247-263"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:358"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:345-361"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:166"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:153-169"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:48"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:118"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:118"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:118"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:184"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:184"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:184"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:48"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-s3-block-public-acls" range="acm-pca.tf:14-31"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-s3-enable-bucket-encryption" range="acm-pca.tf:14-31"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-s3-enable-versioning" range="acm-pca.tf:14-31"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="acm-pca.tf:14-31"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-sns-enable-topic-encryption" range="monitoring.tf:174-178"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-sns-enable-topic-encryption" range="monitoring.tf:11-17"
2024-09-19T09:07:25Z INFO [terraform executor] Ignore finding rule="aws-sns-enable-topic-encryption" range="monitoring.tf:124-129"
2024-09-19T09:07:25Z INFO Number of language-specific files num=1
2024-09-19T09:07:25Z INFO [gomod] Detecting vulnerabilities...
2024-09-19T09:07:25Z INFO Detected config files num=9
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/core-network-services

*****************************

Running Checkov in terraform/environments/core-network-services
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-09-19 09:07:27,483 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2024-09-19 09:07:27,483 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-aws-data-firehose?ref=2e58c8fd0b43ca8461dfd0c8cc5f43a1a9c49987:None (for external modules, the --download-external-modules flag is required)
2024-09-19 09:07:27,484 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2024-09-19 09:07:27,484 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-aws-chatbot?ref=73280f80ce8a4557cec3a76ee56eb913452ca9aa:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 365, Failed checks: 0, Skipped checks: 87


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/core-network-services

*****************************

Running tflint in terraform/environments/core-network-services
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/core-network-services

*****************************

Running Trivy in terraform/environments/core-network-services
2024-09-19T09:07:20Z	INFO	[db] Need to update DB
2024-09-19T09:07:20Z	INFO	[db] Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-09-19T09:07:22Z	INFO	[vuln] Vulnerability scanning is enabled
2024-09-19T09:07:22Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-09-19T09:07:22Z	INFO	Need to update the built-in policies
2024-09-19T09:07:22Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-09-19T09:07:22Z	INFO	[secret] Secret scanning is enabled
2024-09-19T09:07:22Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-09-19T09:07:22Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.55/docs/scanner/secret#recommendation for faster secret detection
2024-09-19T09:07:23Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-09-19T09:07:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.nat_packets_drop_count" value="cty.NilVal"
2024-09-19T09:07:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_ec2_transit_gateway_route_table_propagation.propagate_live_data_vpcs" value="cty.NilVal"
2024-09-19T09:07:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_ec2_transit_gateway_route_table_propagation.propagate_noms_routes_to_firewall" value="cty.NilVal"
2024-09-19T09:07:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_ec2_transit_gateway_route_table_propagation.propagate_non_live_data_vpcs" value="cty.NilVal"
2024-09-19T09:07:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_route_table.external_inspection_in" value="cty.NilVal"
2024-09-19T09:07:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_route_table_association.external_inspection_in" value="cty.NilVal"
2024-09-19T09:07:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_route_table_association.external_inspection_out" value="cty.NilVal"
2024-09-19T09:07:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_subnet.external_inspection_in" value="cty.NilVal"
2024-09-19T09:07:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_subnet.external_inspection_out" value="cty.NilVal"
2024-09-19T09:07:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="data.aws_ec2_transit_gateway_vpc_attachment.transit_gateway_all" value="cty.NilVal"
2024-09-19T09:07:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="data.aws_route.live_data" value="cty.NilVal"
2024-09-19T09:07:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="data.aws_route.non_live_data" value="cty.NilVal"
2024-09-19T09:07:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.firehose_firewalls" value="cty.NilVal"
2024-09-19T09:07:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.firehose_vpcs" value="cty.NilVal"
2024-09-19T09:07:23Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_ec2_transit_gateway_route_table_propagation.propagate_firewall" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.firewall_policy.dynamic.ip_sets" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.firewall_policy.dynamic.port_sets" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.firewall_policy.dynamic.ip_sets" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.firewall_policy.dynamic.port_sets" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_subnet.inspection" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_subnet.public" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.inspection-0-0-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.inspection-10-20-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.inspection-10-231-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.inspection-10-26-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.inspection-10-27-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.public-0-0-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.public-10-20-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.public-10-231-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.public-10-26-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.public-10-27-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_subnet.inspection" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_subnet.public" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.inspection-0-0-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.inspection-10-20-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.inspection-10-231-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.inspection-10-26-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.inspection-10-27-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.public-0-0-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.public-10-20-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.public-10-231-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.public-10-26-0-0" value="cty.NilVal"
2024-09-19T09:07:24Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.public-10-27-0-0" value="cty.NilVal"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/firewall-logging/main.tf:21-26"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/firewall-logging/main.tf:21-26"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/firewall-logging/main.tf:21-26"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:260"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:247-263"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:358"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:345-361"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:166"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:153-169"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:260"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:247-263"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:358"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:345-361"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:166"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:153-169"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:48"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:118"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:118"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:118"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:184"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:184"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:184"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:48"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-block-public-acls" range="acm-pca.tf:14-31"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-enable-bucket-encryption" range="acm-pca.tf:14-31"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-enable-versioning" range="acm-pca.tf:14-31"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="acm-pca.tf:14-31"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-sns-enable-topic-encryption" range="monitoring.tf:174-178"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-sns-enable-topic-encryption" range="monitoring.tf:11-17"
2024-09-19T09:07:25Z	INFO	[terraform executor] Ignore finding	rule="aws-sns-enable-topic-encryption" range="monitoring.tf:124-129"
2024-09-19T09:07:25Z	INFO	Number of language-specific files	num=1
2024-09-19T09:07:25Z	INFO	[gomod] Detecting vulnerabilities...
2024-09-19T09:07:25Z	INFO	Detected config files	num=9
trivy_exitcode=0

@markgov markgov mentioned this pull request Sep 19, 2024
Closed
4 tasks
SteveLinden
SteveLinden previously approved these changes Sep 19, 2024
View reviewed changes
Copy link
Contributor

@SteveLinden SteveLinden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just confirm it is live_data and non_live_data.

sukeshreddyg
sukeshreddyg reviewed Sep 19, 2024
View reviewed changes
terraform/environments/core-network-services/monitoring.tf Outdated
alarm_name = "nat_packets_drop_count_${each.key}"
comparison_operator = "GreaterThanThreshold"
evaluation_periods = 5
threshold = "100" # Adjust this threshold as needed
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The threshold value for the CloudWatch alarm should be a number, not a string. Please change the line to:

threshold = 100

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed that now @sukeshreddyg

@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/core-network-services

Running Trivy in terraform/environments/core-network-services
2024-09-19T09:45:37Z INFO [db] Need to update DB
2024-09-19T09:45:37Z INFO [db] Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-09-19T09:45:39Z INFO [vuln] Vulnerability scanning is enabled
2024-09-19T09:45:39Z INFO [misconfig] Misconfiguration scanning is enabled
2024-09-19T09:45:39Z INFO Need to update the built-in policies
2024-09-19T09:45:39Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-09-19T09:45:39Z INFO [secret] Secret scanning is enabled
2024-09-19T09:45:39Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-09-19T09:45:39Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.55/docs/scanner/secret#recommendation for faster secret detection
2024-09-19T09:45:40Z INFO [terraform scanner] Scanning root module file_path="."
2024-09-19T09:45:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_cloudwatch_metric_alarm.nat_packets_drop_count" value="cty.NilVal"
2024-09-19T09:45:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_ec2_transit_gateway_route_table_propagation.propagate_live_data_vpcs" value="cty.NilVal"
2024-09-19T09:45:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_ec2_transit_gateway_route_table_propagation.propagate_noms_routes_to_firewall" value="cty.NilVal"
2024-09-19T09:45:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_ec2_transit_gateway_route_table_propagation.propagate_non_live_data_vpcs" value="cty.NilVal"
2024-09-19T09:45:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_route_table.external_inspection_in" value="cty.NilVal"
2024-09-19T09:45:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_route_table_association.external_inspection_in" value="cty.NilVal"
2024-09-19T09:45:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_route_table_association.external_inspection_out" value="cty.NilVal"
2024-09-19T09:45:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_subnet.external_inspection_in" value="cty.NilVal"
2024-09-19T09:45:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_subnet.external_inspection_out" value="cty.NilVal"
2024-09-19T09:45:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_ec2_transit_gateway_vpc_attachment.transit_gateway_all" value="cty.NilVal"
2024-09-19T09:45:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_route.live_data" value="cty.NilVal"
2024-09-19T09:45:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="data.aws_route.non_live_data" value="cty.NilVal"
2024-09-19T09:45:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.firehose_firewalls" value="cty.NilVal"
2024-09-19T09:45:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.firehose_vpcs" value="cty.NilVal"
2024-09-19T09:45:40Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_ec2_transit_gateway_route_table_propagation.propagate_firewall" value="cty.NilVal"
2024-09-19T09:45:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.firewall_policy.dynamic.ip_sets" value="cty.NilVal"
2024-09-19T09:45:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.firewall_policy.dynamic.port_sets" value="cty.NilVal"
2024-09-19T09:45:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.firewall_policy.dynamic.ip_sets" value="cty.NilVal"
2024-09-19T09:45:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.firewall_policy.dynamic.port_sets" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_subnet.inspection" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_subnet.public" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.inspection-0-0-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.inspection-10-20-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.inspection-10-231-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.inspection-10-26-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.inspection-10-27-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.public-0-0-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.public-10-20-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.public-10-231-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.public-10-26-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["live_data"].aws_route.public-10-27-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_subnet.inspection" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_subnet.public" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_subnet.transit-gateway" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.inspection-0-0-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.inspection-10-20-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.inspection-10-231-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.inspection-10-26-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.inspection-10-27-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.public-0-0-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.public-10-20-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.public-10-231-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.public-10-26-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_inspection["non_live_data"].aws_route.public-10-27-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:260"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:247-263"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:358"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:345-361"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:166"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:153-169"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:260"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:247-263"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:358"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:345-361"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:166"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:153-169"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:48"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:118"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:118"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:118"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:184"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:184"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:184"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-iam-no-policy-wildcards" range="iam.tf:48"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-s3-block-public-acls" range="acm-pca.tf:14-31"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-s3-enable-bucket-encryption" range="acm-pca.tf:14-31"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-s3-enable-versioning" range="acm-pca.tf:14-31"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-s3-encryption-customer-key" range="acm-pca.tf:14-31"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-sns-enable-topic-encryption" range="monitoring.tf:174-178"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-sns-enable-topic-encryption" range="monitoring.tf:11-17"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-sns-enable-topic-encryption" range="monitoring.tf:124-129"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/firewall-logging/main.tf:21-26"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/firewall-logging/main.tf:21-26"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-cloudwatch-log-group-customer-key" range="../../modules/firewall-logging/main.tf:21-26"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:45:42Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:45:42Z INFO Number of language-specific files num=1
2024-09-19T09:45:42Z INFO [gomod] Detecting vulnerabilities...
2024-09-19T09:45:42Z INFO Detected config files num=9
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/core-network-services

*****************************

Running Checkov in terraform/environments/core-network-services
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-09-19 09:45:44,938 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2024-09-19 09:45:44,938 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-aws-data-firehose?ref=2e58c8fd0b43ca8461dfd0c8cc5f43a1a9c49987:None (for external modules, the --download-external-modules flag is required)
2024-09-19 09:45:44,938 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required)
2024-09-19 09:45:44,938 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-aws-chatbot?ref=73280f80ce8a4557cec3a76ee56eb913452ca9aa:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 365, Failed checks: 0, Skipped checks: 87


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/core-network-services

*****************************

Running tflint in terraform/environments/core-network-services
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/core-network-services

*****************************

Running Trivy in terraform/environments/core-network-services
2024-09-19T09:45:37Z	INFO	[db] Need to update DB
2024-09-19T09:45:37Z	INFO	[db] Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-09-19T09:45:39Z	INFO	[vuln] Vulnerability scanning is enabled
2024-09-19T09:45:39Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-09-19T09:45:39Z	INFO	Need to update the built-in policies
2024-09-19T09:45:39Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-09-19T09:45:39Z	INFO	[secret] Secret scanning is enabled
2024-09-19T09:45:39Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-09-19T09:45:39Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.55/docs/scanner/secret#recommendation for faster secret detection
2024-09-19T09:45:40Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-09-19T09:45:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_cloudwatch_metric_alarm.nat_packets_drop_count" value="cty.NilVal"
2024-09-19T09:45:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_ec2_transit_gateway_route_table_propagation.propagate_live_data_vpcs" value="cty.NilVal"
2024-09-19T09:45:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_ec2_transit_gateway_route_table_propagation.propagate_noms_routes_to_firewall" value="cty.NilVal"
2024-09-19T09:45:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_ec2_transit_gateway_route_table_propagation.propagate_non_live_data_vpcs" value="cty.NilVal"
2024-09-19T09:45:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_route_table.external_inspection_in" value="cty.NilVal"
2024-09-19T09:45:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_route_table_association.external_inspection_in" value="cty.NilVal"
2024-09-19T09:45:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_route_table_association.external_inspection_out" value="cty.NilVal"
2024-09-19T09:45:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_subnet.external_inspection_in" value="cty.NilVal"
2024-09-19T09:45:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_subnet.external_inspection_out" value="cty.NilVal"
2024-09-19T09:45:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="data.aws_ec2_transit_gateway_vpc_attachment.transit_gateway_all" value="cty.NilVal"
2024-09-19T09:45:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="data.aws_route.live_data" value="cty.NilVal"
2024-09-19T09:45:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="data.aws_route.non_live_data" value="cty.NilVal"
2024-09-19T09:45:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.firehose_firewalls" value="cty.NilVal"
2024-09-19T09:45:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.firehose_vpcs" value="cty.NilVal"
2024-09-19T09:45:40Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="aws_ec2_transit_gateway_route_table_propagation.propagate_firewall" value="cty.NilVal"
2024-09-19T09:45:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.firewall_policy.dynamic.ip_sets" value="cty.NilVal"
2024-09-19T09:45:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.firewall_policy.dynamic.port_sets" value="cty.NilVal"
2024-09-19T09:45:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.firewall_policy.dynamic.ip_sets" value="cty.NilVal"
2024-09-19T09:45:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.firewall_policy.dynamic.port_sets" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_subnet.inspection" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_subnet.public" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.inspection-0-0-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.inspection-10-20-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.inspection-10-231-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.inspection-10-26-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.inspection-10-27-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.public-0-0-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.public-10-20-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.public-10-231-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.public-10-26-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"live_data\"].aws_route.public-10-27-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_subnet.inspection" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_subnet.public" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_subnet.transit-gateway" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.inspection-0-0-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.inspection-10-20-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.inspection-10-231-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.inspection-10-26-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.inspection-10-27-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.public-0-0-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.public-10-20-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.public-10-231-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.public-10-26-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.vpc_inspection[\"non_live_data\"].aws_route.public-10-27-0-0" value="cty.NilVal"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:260"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:247-263"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:358"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:345-361"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:166"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:153-169"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:260"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:247-263"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:358"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:345-361"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:166"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-ingress-acl" range="../../modules/vpc-inspection/main.tf:153-169"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:48"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:118"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:118"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:118"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:117-142"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:184"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:184"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:184"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:31-50"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-iam-no-policy-wildcards" range="iam.tf:48"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-block-public-acls" range="acm-pca.tf:14-31"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-enable-bucket-encryption" range="acm-pca.tf:14-31"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-enable-versioning" range="acm-pca.tf:14-31"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-s3-encryption-customer-key" range="acm-pca.tf:14-31"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-sns-enable-topic-encryption" range="monitoring.tf:174-178"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-sns-enable-topic-encryption" range="monitoring.tf:11-17"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-sns-enable-topic-encryption" range="monitoring.tf:124-129"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/firewall-logging/main.tf:21-26"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/firewall-logging/main.tf:21-26"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-cloudwatch-log-group-customer-key" range="../../modules/firewall-logging/main.tf:21-26"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:258"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:356"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:45:42Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-excessive-port-access" range="../../modules/vpc-inspection/main.tf:164"
2024-09-19T09:45:42Z	INFO	Number of language-specific files	num=1
2024-09-19T09:45:42Z	INFO	[gomod] Detecting vulnerabilities...
2024-09-19T09:45:42Z	INFO	Detected config files	num=9
trivy_exitcode=0

@markgov markgov added this pull request to the merge queue Sep 19, 2024
Merged via the queue into main with commit 9f48120 Sep 19, 2024
5 checks passed
@markgov markgov deleted the mon/New-alarms-for-nat-gates-in-core-networking branch September 19, 2024 09:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sukeshreddyg sukeshreddyg sukeshreddyg approved these changes

@SteveLinden SteveLinden SteveLinden left review comments

Assignees
No one assigned
Labels
core networking
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@markgov @SteveLinden @sukeshreddyg