Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

APC Patching #8657

Merged
merged 11 commits into from
Nov 18, 2024
Merged

APC Patching #8657

merged 11 commits into from
Nov 18, 2024

Conversation

Emterry
Copy link
Contributor

@Emterry Emterry commented Nov 13, 2024
edited by jacobwoffenden
Loading

This pull request:

@github-actions github-actions bot added the environments-repository Used to exclude PRs from this repo in our Slack PR update label Nov 13, 2024
@Emterry Emterry had a problem deploying to analytical-platform-compute-development November 13, 2024 16:25 — with GitHub Actions Error
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-13T16:24:55Z INFO [vulndb] Need to update DB
2024-11-13T16:24:55Z INFO [vulndb] Downloading vulnerability DB...
2024-11-13T16:24:55Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-13T16:24:57Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-13T16:24:57Z INFO [vuln] Vulnerability scanning is enabled
2024-11-13T16:24:57Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-13T16:24:57Z INFO [misconfig] Need to update the built-in checks
2024-11-13T16:24:57Z INFO [misconfig] Downloading the built-in checks...
2024-11-13T16:24:57Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 1.130849ms, allowed: 44000/minute\n\n"
2024-11-13T16:24:57Z INFO [secret] Secret scanning is enabled
2024-11-13T16:24:57Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-13T16:24:57Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-13T16:24:58Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-13T16:24:58Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-13T16:24:58Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-13T16:25:10Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-13T16:25:12Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-13T16:25:12Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-13T16:25:12Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-13T16:25:13Z INFO Number of language-specific files num=0
2024-11-13T16:25:13Z INFO Detected config files num=14
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Checkov in terraform/environments/analytical-platform-compute
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-13 16:25:16,688 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/cloudwatch/aws//modules/log-group:5.6.1 (for external modules, the --download-external-modules flag is required)
2024-11-13 16:25:16,688 [MainThread  ] [WARNI]  Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-13 16:25:16,688 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-13 16:25:16,688 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws//modules/karpenter:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-13 16:25:16,688 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/kms/aws:3.1.1 (for external modules, the --download-external-modules flag is required)
2024-11-13 16:25:16,689 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/route53/aws//modules/zones:4.1.0 (for external modules, the --download-external-modules flag is required)
2024-11-13 16:25:16,689 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/secrets-manager/aws:1.3.1 (for external modules, the --download-external-modules flag is required)
2024-11-13 16:25:16,689 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/s3-bucket/aws:4.2.2 (for external modules, the --download-external-modules flag is required)
2024-11-13 16:25:16,689 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-analytical-platform-lakeformation?ref=0.5.0:None (for external modules, the --download-external-modules flag is required)
2024-11-13 16:25:16,689 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/rds/aws:6.10.0 (for external modules, the --download-external-modules flag is required)
2024-11-13 16:25:16,690 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws//modules/vpc-endpoints:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-13 16:25:16,690 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks-pod-identity/aws:1.7.0 (for external modules, the --download-external-modules flag is required)
2024-11-13 16:25:16,690 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-13 16:25:16,690 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/managed-service-prometheus/aws:3.0.0 (for external modules, the --download-external-modules flag is required)
2024-11-13 16:25:16,690 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-13 16:25:16,690 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-github-oidc-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-13 16:25:16,691 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-13 16:25:16,691 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/security-group/aws:5.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-13 16:25:16,691 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-13 16:25:16,717 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 vertices
2024-11-13 16:25:16,729 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 edges
terraform scan results:

Passed checks: 132, Failed checks: 0, Skipped checks: 147


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running tflint in terraform/environments/analytical-platform-compute
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-13T16:24:55Z	INFO	[vulndb] Need to update DB
2024-11-13T16:24:55Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-13T16:24:55Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-13T16:24:57Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-13T16:24:57Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-13T16:24:57Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-13T16:24:57Z	INFO	[misconfig] Need to update the built-in checks
2024-11-13T16:24:57Z	INFO	[misconfig] Downloading the built-in checks...
2024-11-13T16:24:57Z	ERROR	[misconfig] Falling back to embedded checks	err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 1.130849ms, allowed: 44000/minute\n\n"
2024-11-13T16:24:57Z	INFO	[secret] Secret scanning is enabled
2024-11-13T16:24:57Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-13T16:24:57Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-13T16:24:58Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-13T16:24:58Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-13T16:24:58Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-13T16:25:10Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-13T16:25:11Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-13T16:25:12Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-13T16:25:12Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-13T16:25:12Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-13T16:25:13Z	INFO	Number of language-specific files	num=0
2024-11-13T16:25:13Z	INFO	Detected config files	num=14
trivy_exitcode=0

@Emterry Emterry had a problem deploying to analytical-platform-compute-test November 13, 2024 16:25 — with GitHub Actions Error
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-14T09:45:43Z INFO [vulndb] Need to update DB
2024-11-14T09:45:43Z INFO [vulndb] Downloading vulnerability DB...
2024-11-14T09:45:43Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T09:45:45Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T09:45:45Z INFO [vuln] Vulnerability scanning is enabled
2024-11-14T09:45:45Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-14T09:45:45Z INFO [misconfig] Need to update the built-in checks
2024-11-14T09:45:45Z INFO [misconfig] Downloading the built-in checks...
2024-11-14T09:45:45Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: oci download error: failed to fetch the layer: GET https://ghcr.io/v2/aquasecurity/trivy-checks/blobs/sha256:c2b4fe1cd51083ede5606a38fb24e7fafb06fd2632c9cf6d9c63f5a80a6c67dc: TOOMANYREQUESTS: retry-after: 875.174µs, allowed: 44000/minute"
2024-11-14T09:45:45Z INFO [secret] Secret scanning is enabled
2024-11-14T09:45:45Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-14T09:45:45Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-14T09:45:47Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-14T09:45:47Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-14T09:45:48Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-14T09:45:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-14T09:45:55Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:55Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:55Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:55Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T09:45:55Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:55Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:55Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T09:45:55Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:55Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T09:45:57Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-14T09:45:57Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-14T09:45:57Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-14T09:45:57Z INFO Number of language-specific files num=0
2024-11-14T09:45:57Z INFO Detected config files num=14
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Checkov in terraform/environments/analytical-platform-compute
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-14 09:46:00,061 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/cloudwatch/aws//modules/log-group:5.6.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 09:46:00,062 [MainThread  ] [WARNI]  Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 09:46:00,062 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 09:46:00,062 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws//modules/karpenter:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 09:46:00,062 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/kms/aws:3.1.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 09:46:00,062 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/route53/aws//modules/zones:4.1.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 09:46:00,062 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/secrets-manager/aws:1.3.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 09:46:00,062 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/s3-bucket/aws:4.2.2 (for external modules, the --download-external-modules flag is required)
2024-11-14 09:46:00,062 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-analytical-platform-lakeformation?ref=0.5.0:None (for external modules, the --download-external-modules flag is required)
2024-11-14 09:46:00,063 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/rds/aws:6.10.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 09:46:00,063 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws//modules/vpc-endpoints:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 09:46:00,063 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks-pod-identity/aws:1.7.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 09:46:00,063 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 09:46:00,063 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/managed-service-prometheus/aws:3.0.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 09:46:00,063 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 09:46:00,063 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-github-oidc-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 09:46:00,064 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 09:46:00,064 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/security-group/aws:5.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 09:46:00,064 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 09:46:00,085 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 vertices
2024-11-14 09:46:00,106 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 edges
terraform scan results:

Passed checks: 132, Failed checks: 0, Skipped checks: 147


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running tflint in terraform/environments/analytical-platform-compute
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-14T09:45:43Z	INFO	[vulndb] Need to update DB
2024-11-14T09:45:43Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-14T09:45:43Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T09:45:45Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T09:45:45Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-14T09:45:45Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-14T09:45:45Z	INFO	[misconfig] Need to update the built-in checks
2024-11-14T09:45:45Z	INFO	[misconfig] Downloading the built-in checks...
2024-11-14T09:45:45Z	ERROR	[misconfig] Falling back to embedded checks	err="failed to download built-in policies: download error: oci download error: failed to fetch the layer: GET https://ghcr.io/v2/aquasecurity/trivy-checks/blobs/sha256:c2b4fe1cd51083ede5606a38fb24e7fafb06fd2632c9cf6d9c63f5a80a6c67dc: TOOMANYREQUESTS: retry-after: 875.174µs, allowed: 44000/minute"
2024-11-14T09:45:45Z	INFO	[secret] Secret scanning is enabled
2024-11-14T09:45:45Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-14T09:45:45Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-14T09:45:47Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-14T09:45:47Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-14T09:45:48Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-14T09:45:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-14T09:45:55Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:55Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:55Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:55Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T09:45:55Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:55Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:55Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T09:45:55Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:55Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T09:45:56Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T09:45:57Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-14T09:45:57Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-14T09:45:57Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-14T09:45:57Z	INFO	Number of language-specific files	num=0
2024-11-14T09:45:57Z	INFO	Detected config files	num=14
trivy_exitcode=0

@Emterry Emterry had a problem deploying to analytical-platform-compute-test November 14, 2024 12:05 — with GitHub Actions Error
@Emterry Emterry had a problem deploying to analytical-platform-compute-development November 14, 2024 12:05 — with GitHub Actions Error
@Emterry Emterry marked this pull request as ready for review November 14, 2024 13:43
@Emterry Emterry requested review from a team as code owners November 14, 2024 13:43
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-14T16:19:21Z INFO [vulndb] Need to update DB
2024-11-14T16:19:21Z INFO [vulndb] Downloading vulnerability DB...
2024-11-14T16:19:21Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T16:19:24Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T16:19:24Z INFO [vuln] Vulnerability scanning is enabled
2024-11-14T16:19:24Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-14T16:19:24Z INFO [misconfig] Need to update the built-in checks
2024-11-14T16:19:24Z INFO [misconfig] Downloading the built-in checks...
2024-11-14T16:19:24Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 152.051µs, allowed: 44000/minute\n\n"
2024-11-14T16:19:24Z INFO [secret] Secret scanning is enabled
2024-11-14T16:19:24Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-14T16:19:24Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-14T16:19:26Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-14T16:19:26Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-14T16:19:26Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-14T16:19:33Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-14T16:19:33Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:33Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T16:19:35Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-14T16:19:35Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-14T16:19:35Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-14T16:19:35Z INFO Number of language-specific files num=0
2024-11-14T16:19:35Z INFO Detected config files num=14
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Checkov in terraform/environments/analytical-platform-compute
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-14 16:19:38,085 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/cloudwatch/aws//modules/log-group:5.6.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 16:19:38,085 [MainThread  ] [WARNI]  Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 16:19:38,085 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 16:19:38,085 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws//modules/karpenter:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 16:19:38,085 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/kms/aws:3.1.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 16:19:38,086 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/route53/aws//modules/zones:4.1.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 16:19:38,086 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/secrets-manager/aws:1.3.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 16:19:38,086 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/s3-bucket/aws:4.2.2 (for external modules, the --download-external-modules flag is required)
2024-11-14 16:19:38,086 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-analytical-platform-lakeformation?ref=0.5.0:None (for external modules, the --download-external-modules flag is required)
2024-11-14 16:19:38,086 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/rds/aws:6.10.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 16:19:38,086 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws//modules/vpc-endpoints:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 16:19:38,086 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks-pod-identity/aws:1.7.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 16:19:38,087 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 16:19:38,087 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/managed-service-prometheus/aws:3.0.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 16:19:38,087 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 16:19:38,087 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-github-oidc-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 16:19:38,087 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 16:19:38,087 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/security-group/aws:5.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 16:19:38,087 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 16:19:38,124 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 vertices
2024-11-14 16:19:38,124 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 edges
terraform scan results:

Passed checks: 132, Failed checks: 0, Skipped checks: 147


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running tflint in terraform/environments/analytical-platform-compute
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-14T16:19:21Z	INFO	[vulndb] Need to update DB
2024-11-14T16:19:21Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-14T16:19:21Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T16:19:24Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T16:19:24Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-14T16:19:24Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-14T16:19:24Z	INFO	[misconfig] Need to update the built-in checks
2024-11-14T16:19:24Z	INFO	[misconfig] Downloading the built-in checks...
2024-11-14T16:19:24Z	ERROR	[misconfig] Falling back to embedded checks	err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 152.051µs, allowed: 44000/minute\n\n"
2024-11-14T16:19:24Z	INFO	[secret] Secret scanning is enabled
2024-11-14T16:19:24Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-14T16:19:24Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-14T16:19:26Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-14T16:19:26Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-14T16:19:26Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-14T16:19:33Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-14T16:19:33Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:33Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T16:19:34Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T16:19:35Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-14T16:19:35Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-14T16:19:35Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-14T16:19:35Z	INFO	Number of language-specific files	num=0
2024-11-14T16:19:35Z	INFO	Detected config files	num=14
trivy_exitcode=0

@Emterry Emterry had a problem deploying to analytical-platform-compute-test November 14, 2024 16:20 — with GitHub Actions Failure
@Emterry Emterry temporarily deployed to analytical-platform-compute-development November 14, 2024 16:20 — with GitHub Actions Inactive
@jacobwoffenden
Revert BR
def7a55 
Signed-off-by: Jacob Woffenden <[email protected]>
@jacobwoffenden
testing expireAfter
1187fed 
Signed-off-by: Jacob Woffenden <[email protected]>
@jacobwoffenden jacobwoffenden marked this pull request as draft November 14, 2024 17:29
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-14T17:31:17Z INFO [vulndb] Need to update DB
2024-11-14T17:31:17Z INFO [vulndb] Downloading vulnerability DB...
2024-11-14T17:31:17Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T17:31:19Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T17:31:19Z INFO [vuln] Vulnerability scanning is enabled
2024-11-14T17:31:19Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-14T17:31:19Z INFO [misconfig] Need to update the built-in checks
2024-11-14T17:31:19Z INFO [misconfig] Downloading the built-in checks...
160.60 KiB / 160.60 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-14T17:31:19Z INFO [secret] Secret scanning is enabled
2024-11-14T17:31:19Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-14T17:31:19Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-14T17:31:22Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-14T17:31:22Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-14T17:31:22Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-14T17:31:27Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T17:31:29Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-14T17:31:29Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-14T17:31:29Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-14T17:31:29Z INFO Number of language-specific files num=0
2024-11-14T17:31:29Z INFO Detected config files num=14
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Checkov in terraform/environments/analytical-platform-compute
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-14 17:31:32,249 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/cloudwatch/aws//modules/log-group:5.6.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 17:31:32,249 [MainThread  ] [WARNI]  Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 17:31:32,249 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 17:31:32,249 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws//modules/karpenter:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 17:31:32,250 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/kms/aws:3.1.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 17:31:32,250 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/route53/aws//modules/zones:4.1.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 17:31:32,250 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/secrets-manager/aws:1.3.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 17:31:32,250 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/s3-bucket/aws:4.2.2 (for external modules, the --download-external-modules flag is required)
2024-11-14 17:31:32,250 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-analytical-platform-lakeformation?ref=0.5.0:None (for external modules, the --download-external-modules flag is required)
2024-11-14 17:31:32,250 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/rds/aws:6.10.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 17:31:32,251 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws//modules/vpc-endpoints:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 17:31:32,251 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks-pod-identity/aws:1.7.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 17:31:32,251 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 17:31:32,251 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/managed-service-prometheus/aws:3.0.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 17:31:32,251 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 17:31:32,252 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-github-oidc-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 17:31:32,252 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 17:31:32,252 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/security-group/aws:5.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 17:31:32,252 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 17:31:32,283 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 vertices
2024-11-14 17:31:32,291 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 edges
terraform scan results:

Passed checks: 132, Failed checks: 0, Skipped checks: 147


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running tflint in terraform/environments/analytical-platform-compute
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-14T17:31:17Z	INFO	[vulndb] Need to update DB
2024-11-14T17:31:17Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-14T17:31:17Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T17:31:19Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T17:31:19Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-14T17:31:19Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-14T17:31:19Z	INFO	[misconfig] Need to update the built-in checks
2024-11-14T17:31:19Z	INFO	[misconfig] Downloading the built-in checks...
160.60 KiB / 160.60 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-14T17:31:19Z	INFO	[secret] Secret scanning is enabled
2024-11-14T17:31:19Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-14T17:31:19Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-14T17:31:22Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-14T17:31:22Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-14T17:31:22Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-14T17:31:27Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T17:31:28Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T17:31:29Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-14T17:31:29Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-14T17:31:29Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-14T17:31:29Z	INFO	Number of language-specific files	num=0
2024-11-14T17:31:29Z	INFO	Detected config files	num=14
trivy_exitcode=0

@jacobwoffenden jacobwoffenden temporarily deployed to analytical-platform-compute-development November 14, 2024 17:31 — with GitHub Actions Inactive
@jacobwoffenden jacobwoffenden had a problem deploying to analytical-platform-compute-test November 14, 2024 17:32 — with GitHub Actions Failure
@jacobwoffenden
Revert the revert
a87396d 
Signed-off-by: Jacob Woffenden <[email protected]>
@jacobwoffenden jacobwoffenden had a problem deploying to analytical-platform-compute-test November 14, 2024 18:13 — with GitHub Actions Failure
@jacobwoffenden jacobwoffenden had a problem deploying to analytical-platform-compute-development November 14, 2024 18:13 — with GitHub Actions Failure
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-14T18:13:34Z INFO [vulndb] Need to update DB
2024-11-14T18:13:34Z INFO [vulndb] Downloading vulnerability DB...
2024-11-14T18:13:34Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T18:13:36Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T18:13:36Z INFO [vuln] Vulnerability scanning is enabled
2024-11-14T18:13:36Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-14T18:13:36Z INFO [misconfig] Need to update the built-in checks
2024-11-14T18:13:36Z INFO [misconfig] Downloading the built-in checks...
160.60 KiB / 160.60 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-11-14T18:13:37Z INFO [secret] Secret scanning is enabled
2024-11-14T18:13:37Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-14T18:13:37Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-14T18:13:38Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-14T18:13:38Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-14T18:13:38Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-14T18:13:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:13:52Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:13:52Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:13:52Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:13:53Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-14T18:13:53Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-14T18:13:53Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-14T18:13:54Z INFO Number of language-specific files num=0
2024-11-14T18:13:54Z INFO Detected config files num=14
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Checkov in terraform/environments/analytical-platform-compute
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-14 18:13:57,517 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/cloudwatch/aws//modules/log-group:5.6.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:13:57,517 [MainThread  ] [WARNI]  Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:13:57,517 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:13:57,517 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws//modules/karpenter:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:13:57,517 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/kms/aws:3.1.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:13:57,517 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/route53/aws//modules/zones:4.1.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:13:57,518 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/secrets-manager/aws:1.3.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:13:57,518 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/s3-bucket/aws:4.2.2 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:13:57,518 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-analytical-platform-lakeformation?ref=0.5.0:None (for external modules, the --download-external-modules flag is required)
2024-11-14 18:13:57,518 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/rds/aws:6.10.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:13:57,518 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws//modules/vpc-endpoints:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:13:57,518 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks-pod-identity/aws:1.7.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:13:57,518 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:13:57,518 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/managed-service-prometheus/aws:3.0.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:13:57,519 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:13:57,519 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-github-oidc-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:13:57,519 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:13:57,519 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/security-group/aws:5.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:13:57,519 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:13:57,558 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 vertices
2024-11-14 18:13:57,558 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 edges
terraform scan results:

Passed checks: 132, Failed checks: 0, Skipped checks: 147


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running tflint in terraform/environments/analytical-platform-compute
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-14T18:13:34Z	INFO	[vulndb] Need to update DB
2024-11-14T18:13:34Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-14T18:13:34Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T18:13:36Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T18:13:36Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-14T18:13:36Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-14T18:13:36Z	INFO	[misconfig] Need to update the built-in checks
2024-11-14T18:13:36Z	INFO	[misconfig] Downloading the built-in checks...
160.60 KiB / 160.60 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2024-11-14T18:13:37Z	INFO	[secret] Secret scanning is enabled
2024-11-14T18:13:37Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-14T18:13:37Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-14T18:13:38Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-14T18:13:38Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-14T18:13:38Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-14T18:13:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:13:52Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:13:52Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:13:52Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:13:52Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:13:53Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-14T18:13:53Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-14T18:13:53Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-14T18:13:54Z	INFO	Number of language-specific files	num=0
2024-11-14T18:13:54Z	INFO	Detected config files	num=14
trivy_exitcode=0

@jacobwoffenden jacobwoffenden temporarily deployed to analytical-platform-compute-development November 14, 2024 18:24 — with GitHub Actions Inactive
@jacobwoffenden
Add spec.disruption.budgets
ea876d8 
Signed-off-by: Jacob Woffenden <[email protected]>
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-14T18:59:33Z INFO [vulndb] Need to update DB
2024-11-14T18:59:33Z INFO [vulndb] Downloading vulnerability DB...
2024-11-14T18:59:33Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T18:59:35Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T18:59:35Z INFO [vuln] Vulnerability scanning is enabled
2024-11-14T18:59:35Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-14T18:59:35Z INFO [misconfig] Need to update the built-in checks
2024-11-14T18:59:35Z INFO [misconfig] Downloading the built-in checks...
2024-11-14T18:59:35Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 309.079µs, allowed: 44000/minute\n\n"
2024-11-14T18:59:35Z INFO [secret] Secret scanning is enabled
2024-11-14T18:59:35Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-14T18:59:35Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-14T18:59:36Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-14T18:59:36Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-14T18:59:36Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-14T18:59:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-14T18:59:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:59:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:59:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:59:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:59:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:59:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:59:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:59:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:59:43Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-14T18:59:43Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-14T18:59:43Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-14T18:59:44Z INFO Number of language-specific files num=0
2024-11-14T18:59:44Z INFO Detected config files num=14
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Checkov in terraform/environments/analytical-platform-compute
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-14 18:59:46,606 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/cloudwatch/aws//modules/log-group:5.6.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:59:46,606 [MainThread  ] [WARNI]  Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:59:46,606 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:59:46,606 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws//modules/karpenter:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:59:46,606 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/kms/aws:3.1.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:59:46,606 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/route53/aws//modules/zones:4.1.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:59:46,606 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/secrets-manager/aws:1.3.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:59:46,607 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/s3-bucket/aws:4.2.2 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:59:46,607 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-analytical-platform-lakeformation?ref=0.5.0:None (for external modules, the --download-external-modules flag is required)
2024-11-14 18:59:46,607 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/rds/aws:6.10.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:59:46,607 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws//modules/vpc-endpoints:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:59:46,607 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks-pod-identity/aws:1.7.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:59:46,607 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:59:46,607 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/managed-service-prometheus/aws:3.0.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:59:46,608 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:59:46,608 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-github-oidc-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:59:46,608 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:59:46,608 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/security-group/aws:5.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:59:46,608 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 18:59:46,638 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 vertices
2024-11-14 18:59:46,646 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 edges
terraform scan results:

Passed checks: 132, Failed checks: 0, Skipped checks: 147


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running tflint in terraform/environments/analytical-platform-compute
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-14T18:59:33Z	INFO	[vulndb] Need to update DB
2024-11-14T18:59:33Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-14T18:59:33Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T18:59:35Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T18:59:35Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-14T18:59:35Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-14T18:59:35Z	INFO	[misconfig] Need to update the built-in checks
2024-11-14T18:59:35Z	INFO	[misconfig] Downloading the built-in checks...
2024-11-14T18:59:35Z	ERROR	[misconfig] Falling back to embedded checks	err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 309.079µs, allowed: 44000/minute\n\n"
2024-11-14T18:59:35Z	INFO	[secret] Secret scanning is enabled
2024-11-14T18:59:35Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-14T18:59:35Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-14T18:59:36Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-14T18:59:36Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-14T18:59:36Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-14T18:59:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-14T18:59:41Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:59:41Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:59:41Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:59:41Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:41Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:59:42Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:59:42Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:59:42Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:59:42Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T18:59:42Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T18:59:43Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-14T18:59:43Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-14T18:59:43Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-14T18:59:44Z	INFO	Number of language-specific files	num=0
2024-11-14T18:59:44Z	INFO	Detected config files	num=14
trivy_exitcode=0

@jacobwoffenden jacobwoffenden temporarily deployed to analytical-platform-compute-development November 14, 2024 19:00 — with GitHub Actions Inactive
@jacobwoffenden jacobwoffenden had a problem deploying to analytical-platform-compute-test November 14, 2024 19:00 — with GitHub Actions Failure
@jacobwoffenden
Update kube-proxy and EFS CSI
d40f668 
remove spec.disruption.budgets so it returns to default of 10%

Signed-off-by: Jacob Woffenden <[email protected]>
@jacobwoffenden jacobwoffenden had a problem deploying to analytical-platform-compute-development November 14, 2024 19:43 — with GitHub Actions Failure
@jacobwoffenden jacobwoffenden had a problem deploying to analytical-platform-compute-test November 14, 2024 19:43 — with GitHub Actions Failure
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-14T19:43:38Z INFO [vulndb] Need to update DB
2024-11-14T19:43:38Z INFO [vulndb] Downloading vulnerability DB...
2024-11-14T19:43:38Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T19:43:40Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T19:43:40Z INFO [vuln] Vulnerability scanning is enabled
2024-11-14T19:43:40Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-14T19:43:40Z INFO [misconfig] Need to update the built-in checks
2024-11-14T19:43:40Z INFO [misconfig] Downloading the built-in checks...
160.60 KiB / 160.60 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-14T19:43:41Z INFO [secret] Secret scanning is enabled
2024-11-14T19:43:41Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-14T19:43:41Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-14T19:43:43Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-14T19:43:43Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-14T19:43:43Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-14T19:43:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-14T19:43:50Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:50Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:50Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:50Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:50Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T19:43:50Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:50Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T19:43:52Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-14T19:43:52Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-14T19:43:52Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-14T19:43:52Z INFO Number of language-specific files num=0
2024-11-14T19:43:52Z INFO Detected config files num=14
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Checkov in terraform/environments/analytical-platform-compute
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-14 19:43:55,054 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/cloudwatch/aws//modules/log-group:5.6.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 19:43:55,054 [MainThread  ] [WARNI]  Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 19:43:55,054 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 19:43:55,054 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws//modules/karpenter:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 19:43:55,054 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/kms/aws:3.1.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 19:43:55,054 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/route53/aws//modules/zones:4.1.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 19:43:55,055 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/secrets-manager/aws:1.3.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 19:43:55,055 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/s3-bucket/aws:4.2.2 (for external modules, the --download-external-modules flag is required)
2024-11-14 19:43:55,055 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-analytical-platform-lakeformation?ref=0.5.0:None (for external modules, the --download-external-modules flag is required)
2024-11-14 19:43:55,055 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/rds/aws:6.10.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 19:43:55,055 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws//modules/vpc-endpoints:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 19:43:55,055 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks-pod-identity/aws:1.7.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 19:43:55,055 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 19:43:55,056 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/managed-service-prometheus/aws:3.0.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 19:43:55,056 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 19:43:55,056 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-github-oidc-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 19:43:55,056 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 19:43:55,056 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/security-group/aws:5.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 19:43:55,056 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 19:43:55,085 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 vertices
2024-11-14 19:43:55,085 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 edges
terraform scan results:

Passed checks: 132, Failed checks: 0, Skipped checks: 147


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running tflint in terraform/environments/analytical-platform-compute
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-14T19:43:38Z	INFO	[vulndb] Need to update DB
2024-11-14T19:43:38Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-14T19:43:38Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T19:43:40Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T19:43:40Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-14T19:43:40Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-14T19:43:40Z	INFO	[misconfig] Need to update the built-in checks
2024-11-14T19:43:40Z	INFO	[misconfig] Downloading the built-in checks...
160.60 KiB / 160.60 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-14T19:43:41Z	INFO	[secret] Secret scanning is enabled
2024-11-14T19:43:41Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-14T19:43:41Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-14T19:43:43Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-14T19:43:43Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-14T19:43:43Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-14T19:43:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-14T19:43:50Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:50Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:50Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:50Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:50Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T19:43:50Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:50Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T19:43:51Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T19:43:52Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-14T19:43:52Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-14T19:43:52Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-14T19:43:52Z	INFO	Number of language-specific files	num=0
2024-11-14T19:43:52Z	INFO	Detected config files	num=14
trivy_exitcode=0

@jacobwoffenden jacobwoffenden temporarily deployed to analytical-platform-compute-development November 14, 2024 20:33 — with GitHub Actions Inactive
@jacobwoffenden jacobwoffenden had a problem deploying to analytical-platform-compute-test November 14, 2024 20:33 — with GitHub Actions Failure
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-14T20:33:07Z INFO [vulndb] Need to update DB
2024-11-14T20:33:07Z INFO [vulndb] Downloading vulnerability DB...
2024-11-14T20:33:07Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T20:33:09Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T20:33:09Z INFO [vuln] Vulnerability scanning is enabled
2024-11-14T20:33:09Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-14T20:33:09Z INFO [misconfig] Need to update the built-in checks
2024-11-14T20:33:09Z INFO [misconfig] Downloading the built-in checks...
160.60 KiB / 160.60 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-14T20:33:09Z INFO [secret] Secret scanning is enabled
2024-11-14T20:33:09Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-14T20:33:09Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-14T20:33:12Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-14T20:33:13Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-14T20:33:13Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-14T20:33:19Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:21Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:21Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:21Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:21Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T20:33:21Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:21Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:21Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T20:33:21Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-14T20:33:21Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-14T20:33:21Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-14T20:33:21Z INFO Number of language-specific files num=0
2024-11-14T20:33:21Z INFO Detected config files num=14
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Checkov in terraform/environments/analytical-platform-compute
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-14 20:33:24,458 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/cloudwatch/aws//modules/log-group:5.6.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 20:33:24,458 [MainThread  ] [WARNI]  Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 20:33:24,458 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 20:33:24,459 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws//modules/karpenter:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 20:33:24,459 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/kms/aws:3.1.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 20:33:24,459 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/route53/aws//modules/zones:4.1.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 20:33:24,459 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/secrets-manager/aws:1.3.1 (for external modules, the --download-external-modules flag is required)
2024-11-14 20:33:24,459 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/s3-bucket/aws:4.2.2 (for external modules, the --download-external-modules flag is required)
2024-11-14 20:33:24,459 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-analytical-platform-lakeformation?ref=0.5.0:None (for external modules, the --download-external-modules flag is required)
2024-11-14 20:33:24,459 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/rds/aws:6.10.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 20:33:24,459 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws//modules/vpc-endpoints:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 20:33:24,460 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks-pod-identity/aws:1.7.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 20:33:24,460 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 20:33:24,460 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/managed-service-prometheus/aws:3.0.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 20:33:24,460 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 20:33:24,460 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-github-oidc-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 20:33:24,460 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 20:33:24,460 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/security-group/aws:5.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 20:33:24,460 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-14 20:33:24,489 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 vertices
2024-11-14 20:33:24,496 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 edges
terraform scan results:

Passed checks: 132, Failed checks: 0, Skipped checks: 147


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running tflint in terraform/environments/analytical-platform-compute
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-14T20:33:07Z	INFO	[vulndb] Need to update DB
2024-11-14T20:33:07Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-14T20:33:07Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T20:33:09Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-14T20:33:09Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-14T20:33:09Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-14T20:33:09Z	INFO	[misconfig] Need to update the built-in checks
2024-11-14T20:33:09Z	INFO	[misconfig] Downloading the built-in checks...
160.60 KiB / 160.60 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-14T20:33:09Z	INFO	[secret] Secret scanning is enabled
2024-11-14T20:33:09Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-14T20:33:09Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-14T20:33:12Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-14T20:33:13Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-14T20:33:13Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-14T20:33:19Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:20Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:21Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:21Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:21Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:21Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T20:33:21Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:21Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-14T20:33:21Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-14T20:33:21Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-14T20:33:21Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-14T20:33:21Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-14T20:33:21Z	INFO	Number of language-specific files	num=0
2024-11-14T20:33:21Z	INFO	Detected config files	num=14
trivy_exitcode=0

@jacobwoffenden
Update Prometheus
3c111fc 
Signed-off-by: Jacob Woffenden <[email protected]>
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-18T09:06:59Z INFO [vulndb] Need to update DB
2024-11-18T09:06:59Z INFO [vulndb] Downloading vulnerability DB...
2024-11-18T09:06:59Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-18T09:07:01Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-18T09:07:01Z INFO [vuln] Vulnerability scanning is enabled
2024-11-18T09:07:01Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-18T09:07:01Z INFO [misconfig] Need to update the built-in checks
2024-11-18T09:07:01Z INFO [misconfig] Downloading the built-in checks...
2024-11-18T09:07:01Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 48.905µs, allowed: 44000/minute\n\n"
2024-11-18T09:07:01Z INFO [secret] Secret scanning is enabled
2024-11-18T09:07:01Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-18T09:07:01Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-18T09:07:03Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-18T09:07:04Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-18T09:07:04Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-18T09:07:15Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:07:17Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-18T09:07:17Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-18T09:07:17Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-18T09:07:17Z INFO Number of language-specific files num=0
2024-11-18T09:07:17Z INFO Detected config files num=14
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Checkov in terraform/environments/analytical-platform-compute
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-18 09:07:20,517 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/cloudwatch/aws//modules/log-group:5.6.1 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:07:20,517 [MainThread  ] [WARNI]  Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:07:20,518 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:07:20,518 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws//modules/karpenter:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:07:20,518 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/kms/aws:3.1.1 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:07:20,518 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/route53/aws//modules/zones:4.1.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:07:20,518 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/secrets-manager/aws:1.3.1 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:07:20,518 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/s3-bucket/aws:4.2.2 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:07:20,519 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-analytical-platform-lakeformation?ref=0.5.0:None (for external modules, the --download-external-modules flag is required)
2024-11-18 09:07:20,519 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/rds/aws:6.10.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:07:20,519 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws//modules/vpc-endpoints:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:07:20,519 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks-pod-identity/aws:1.7.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:07:20,519 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:07:20,519 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/managed-service-prometheus/aws:3.0.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:07:20,520 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:07:20,520 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-github-oidc-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:07:20,520 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:07:20,520 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/security-group/aws:5.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:07:20,520 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:07:20,557 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 vertices
2024-11-18 09:07:20,565 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 edges
terraform scan results:

Passed checks: 132, Failed checks: 0, Skipped checks: 147


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running tflint in terraform/environments/analytical-platform-compute
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-18T09:06:59Z	INFO	[vulndb] Need to update DB
2024-11-18T09:06:59Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-18T09:06:59Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-18T09:07:01Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-18T09:07:01Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-18T09:07:01Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-18T09:07:01Z	INFO	[misconfig] Need to update the built-in checks
2024-11-18T09:07:01Z	INFO	[misconfig] Downloading the built-in checks...
2024-11-18T09:07:01Z	ERROR	[misconfig] Falling back to embedded checks	err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 48.905µs, allowed: 44000/minute\n\n"
2024-11-18T09:07:01Z	INFO	[secret] Secret scanning is enabled
2024-11-18T09:07:01Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-18T09:07:01Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-18T09:07:03Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-18T09:07:04Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-18T09:07:04Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-18T09:07:15Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:07:16Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:07:17Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-18T09:07:17Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-18T09:07:17Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-18T09:07:17Z	INFO	Number of language-specific files	num=0
2024-11-18T09:07:17Z	INFO	Detected config files	num=14
trivy_exitcode=0

@jacobwoffenden jacobwoffenden temporarily deployed to analytical-platform-compute-development November 18, 2024 09:07 — with GitHub Actions Inactive
@jacobwoffenden jacobwoffenden had a problem deploying to analytical-platform-compute-test November 18, 2024 09:12 — with GitHub Actions Failure
@jacobwoffenden
Update test and prod
71110b2 
Update EC2NodeClass block device config

Signed-off-by: Jacob Woffenden <[email protected]>
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-18T09:48:26Z INFO [vulndb] Need to update DB
2024-11-18T09:48:26Z INFO [vulndb] Downloading vulnerability DB...
2024-11-18T09:48:26Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-18T09:48:29Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-18T09:48:29Z INFO [vuln] Vulnerability scanning is enabled
2024-11-18T09:48:29Z INFO [misconfig] Misconfiguration scanning is enabled
2024-11-18T09:48:29Z INFO [misconfig] Need to update the built-in checks
2024-11-18T09:48:29Z INFO [misconfig] Downloading the built-in checks...
2024-11-18T09:48:29Z ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 272.095µs, allowed: 44000/minute\n\n"
2024-11-18T09:48:29Z INFO [secret] Secret scanning is enabled
2024-11-18T09:48:29Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-18T09:48:29Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-18T09:48:31Z INFO [terraform scanner] Scanning root module file_path="."
2024-11-18T09:48:31Z WARN [terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly. module="root" variables="networking"
2024-11-18T09:48:32Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-18T09:48:43Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-18T09:48:43Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:43Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:43Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:43Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:43Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:48:43Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:43Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:43Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:48:43Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:43Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["general"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand dynamic block. block="module.eks.module.eks_managed_node_group["airflow-high-memory"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.eks.module.eks_managed_node_group["general"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:48:45Z INFO [terraform executor] Ignore finding rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-18T09:48:45Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-18T09:48:45Z INFO [terraform executor] Ignore finding rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-18T09:48:45Z INFO Number of language-specific files num=0
2024-11-18T09:48:45Z INFO Detected config files num=14
trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Checkov in terraform/environments/analytical-platform-compute
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-11-18 09:48:48,192 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/cloudwatch/aws//modules/log-group:5.6.1 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:48:48,192 [MainThread  ] [WARNI]  Failed to download module ministryofjustice/observability-platform-tenant/aws:1.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:48:48,192 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:48:48,192 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks/aws//modules/karpenter:20.29.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:48:48,193 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/kms/aws:3.1.1 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:48:48,193 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/route53/aws//modules/zones:4.1.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:48:48,193 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/secrets-manager/aws:1.3.1 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:48:48,193 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/s3-bucket/aws:4.2.2 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:48:48,193 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/terraform-aws-analytical-platform-lakeformation?ref=0.5.0:None (for external modules, the --download-external-modules flag is required)
2024-11-18 09:48:48,193 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/rds/aws:6.10.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:48:48,193 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws//modules/vpc-endpoints:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:48:48,193 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/eks-pod-identity/aws:1.7.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:48:48,194 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/vpc/aws:5.15.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:48:48,194 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/managed-service-prometheus/aws:3.0.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:48:48,194 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:48:48,194 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-github-oidc-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:48:48,194 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-assumable-role:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:48:48,194 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/security-group/aws:5.2.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:48:48,194 [MainThread  ] [WARNI]  Failed to download module terraform-aws-modules/iam/aws//modules/iam-policy:5.48.0 (for external modules, the --download-external-modules flag is required)
2024-11-18 09:48:48,227 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 vertices
2024-11-18 09:48:48,231 [MainThread  ] [WARNI]  [ArmLocalGraph] created 0 edges
terraform scan results:

Passed checks: 132, Failed checks: 0, Skipped checks: 147


checkov_exitcode=0

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1)
tflint will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running tflint in terraform/environments/analytical-platform-compute
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:
terraform/environments/analytical-platform-compute

*****************************

Running Trivy in terraform/environments/analytical-platform-compute
2024-11-18T09:48:26Z	INFO	[vulndb] Need to update DB
2024-11-18T09:48:26Z	INFO	[vulndb] Downloading vulnerability DB...
2024-11-18T09:48:26Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-18T09:48:29Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2024-11-18T09:48:29Z	INFO	[vuln] Vulnerability scanning is enabled
2024-11-18T09:48:29Z	INFO	[misconfig] Misconfiguration scanning is enabled
2024-11-18T09:48:29Z	INFO	[misconfig] Need to update the built-in checks
2024-11-18T09:48:29Z	INFO	[misconfig] Downloading the built-in checks...
2024-11-18T09:48:29Z	ERROR	[misconfig] Falling back to embedded checks	err="failed to download built-in policies: download error: OCI repository error: 1 error occurred:\n\t* GET https://ghcr.io/v2/aquasecurity/trivy-checks/manifests/1: TOOMANYREQUESTS: retry-after: 272.095µs, allowed: 44000/minute\n\n"
2024-11-18T09:48:29Z	INFO	[secret] Secret scanning is enabled
2024-11-18T09:48:29Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-18T09:48:29Z	INFO	[secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection
2024-11-18T09:48:31Z	INFO	[terraform scanner] Scanning root module	file_path="."
2024-11-18T09:48:31Z	WARN	[terraform parser] Variable values was not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="networking"
2024-11-18T09:48:32Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.transit_gateway_routes" value="cty.NilVal"
2024-11-18T09:48:43Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.aws_ec2_tag.cluster_primary_security_group" value="cty.NilVal"
2024-11-18T09:48:43Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:43Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="2 errors occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:43Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:43Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:43Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:48:43Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:43Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:43Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:48:43Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:43Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_cluster_logs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks_ebs_kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement.content.dynamic.condition block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.kms.data.aws_iam_policy_document.this[0]" err="1 error occurred:\n\t* invalid for-each in data.aws_iam_policy_document.this[0].dynamic.statement block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand dynamic block.	block="module.eks.module.eks_managed_node_group[\"airflow-high-memory\"].aws_launch_template.this[0]" err="1 error occurred:\n\t* invalid for-each in aws_launch_template.this[0].dynamic.block_device_mappings block: cannot use a cty.NilVal value in for_each. An iterable collection is required\n\n"
2024-11-18T09:48:44Z	ERROR	[terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable.	block="module.eks.module.eks_managed_node_group[\"general\"].aws_iam_role_policy_attachment.this" value="cty.NilVal"
2024-11-18T09:48:45Z	INFO	[terraform executor] Ignore finding	rule="aws-ec2-no-public-egress-sgr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/node_groups.tf:247"
2024-11-18T09:48:45Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access-to-cidr" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:52"
2024-11-18T09:48:45Z	INFO	[terraform executor] Ignore finding	rule="aws-eks-no-public-cluster-access" range="git::https:/github.com/terraform-aws-modules/terraform-aws-eks?ref=97a08c8aff5dbf51a86b4c8cd88a858336cd0208/main.tf:51"
2024-11-18T09:48:45Z	INFO	Number of language-specific files	num=0
2024-11-18T09:48:45Z	INFO	Detected config files	num=14
trivy_exitcode=0

@jacobwoffenden jacobwoffenden temporarily deployed to analytical-platform-compute-development November 18, 2024 09:49 — with GitHub Actions Inactive
@jacobwoffenden jacobwoffenden deployed to analytical-platform-compute-test November 18, 2024 09:49 — with GitHub Actions Active
@jacobwoffenden jacobwoffenden marked this pull request as ready for review November 18, 2024 11:42
Gary-H9
Gary-H9 approved these changes Nov 18, 2024
View reviewed changes
Copy link
Contributor

@Gary-H9 Gary-H9 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jacobwoffenden jacobwoffenden merged commit a33b034 into main Nov 18, 2024
14 checks passed
@jacobwoffenden jacobwoffenden deleted the maintenance branch November 18, 2024 12:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Gary-H9 Gary-H9 Gary-H9 approved these changes

Assignees
No one assigned
Labels
environments-repository Used to exclude PRs from this repo in our Slack PR update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Emterry @Gary-H9 @jacobwoffenden