search

ministryofjustice / modernisation-platform

A place for the core work of the Modernisation Platform • This repository is defined and managed in Terraform
https://user-guide.modernisation-platform.service.justice.gov.uk
MIT License
680 stars 289 forks source link

Update vpc.tf #8539

Closed ep-93 closed 2 days ago

ep-93 commented 2 days ago

A reference to the issue / Description of it

{Please write here}

How does this PR fix the problem?

{Please write here}

How has this been tested?

Please describe the tests that you ran and provide instructions to reproduce.

{Please write here}

Deployment Plan / Instructions

Will this deployment impact the platform and / or services on it?

{Please write here}

Checklist (check x in [ ] of list items)

Additional comments (if any)

{Please write here}

github-actions[bot] commented 2 days ago

Trivy Scan Success

Show Output ```hcl ***************************** Trivy will check the following folders: terraform/environments/core-vpc ***************************** Running Trivy in terraform/environments/core-vpc 2024-11-20T12:49:26Z INFO [vulndb] Need to update DB 2024-11-20T12:49:26Z INFO [vulndb] Downloading vulnerability DB... 2024-11-20T12:49:26Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2" 2024-11-20T12:49:29Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2" 2024-11-20T12:49:29Z INFO [vuln] Vulnerability scanning is enabled 2024-11-20T12:49:29Z INFO [misconfig] Misconfiguration scanning is enabled 2024-11-20T12:49:29Z INFO [misconfig] Need to update the built-in checks 2024-11-20T12:49:29Z INFO [misconfig] Downloading the built-in checks... 201.91 KiB / 201.91 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-20T12:49:29Z INFO [secret] Secret scanning is enabled 2024-11-20T12:49:29Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-11-20T12:49:29Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection 2024-11-20T12:49:31Z INFO [terraform scanner] Scanning root module file_path="." 2024-11-20T12:49:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_iam_role.member-delegation" value="cty.NilVal" 2024-11-20T12:49:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_iam_role_policy.member-delegation" value="cty.NilVal" 2024-11-20T12:49:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dns-zone" value="cty.NilVal" 2024-11-20T12:49:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dns_zone_extend" value="cty.NilVal" 2024-11-20T12:49:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dns_zone_extend_private" value="cty.NilVal" 2024-11-20T12:49:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.resource-share" value="cty.NilVal" 2024-11-20T12:49:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc" value="cty.NilVal" 2024-11-20T12:49:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_attachment" value="cty.NilVal" 2024-11-20T12:49:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_nacls" value="cty.NilVal" 2024-11-20T12:49:32Z INFO [terraform executor] Ignore finding rule="aws-sns-enable-topic-encryption" range="monitoring.tf:9-15" 2024-11-20T12:49:32Z INFO Number of language-specific files num=0 2024-11-20T12:49:32Z INFO Detected config files num=2 trivy_exitcode=0 ```
#### `Checkov Scan` Success
Show Output ```hcl ***************************** Checkov will check the following folders: terraform/environments/core-vpc ***************************** Running Checkov in terraform/environments/core-vpc Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39 2024-11-20 12:49:34,795 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/terraform-aws-observability-platform-tenant?ref=fbbe5c8282786bcc0a00c969fe598e14f12eea9b:None (for external modules, the --download-external-modules flag is required) 2024-11-20 12:49:34,795 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-member-vpc?ref=0ba18bb790c4259512768ffb6db9c2852654b82f:None (for external modules, the --download-external-modules flag is required) 2024-11-20 12:49:34,795 [MainThread ] [WARNI] Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required) 2024-11-20 12:49:34,816 [MainThread ] [WARNI] [ArmLocalGraph] created 0 vertices 2024-11-20 12:49:34,817 [MainThread ] [WARNI] [ArmLocalGraph] created 0 edges terraform scan results: Passed checks: 305, Failed checks: 0, Skipped checks: 135 checkov_exitcode=0 ```
#### `CTFLint Scan` Success
Show Output ```hcl ***************************** Setting default tflint config... Running tflint --init... Installing "terraform" plugin... Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.9.1) tflint will check the following folders: terraform/environments/core-vpc ***************************** Running tflint in terraform/environments/core-vpc Excluding the following checks: terraform_unused_declarations tflint_exitcode=0 ```
#### `Trivy Scan` Success
Show Output ```hcl ***************************** Trivy will check the following folders: terraform/environments/core-vpc ***************************** Running Trivy in terraform/environments/core-vpc 2024-11-20T12:49:26Z INFO [vulndb] Need to update DB 2024-11-20T12:49:26Z INFO [vulndb] Downloading vulnerability DB... 2024-11-20T12:49:26Z INFO [vulndb] Downloading artifact... repo="public.ecr.aws/aquasecurity/trivy-db:2" 2024-11-20T12:49:29Z INFO [vulndb] Artifact successfully downloaded repo="public.ecr.aws/aquasecurity/trivy-db:2" 2024-11-20T12:49:29Z INFO [vuln] Vulnerability scanning is enabled 2024-11-20T12:49:29Z INFO [misconfig] Misconfiguration scanning is enabled 2024-11-20T12:49:29Z INFO [misconfig] Need to update the built-in checks 2024-11-20T12:49:29Z INFO [misconfig] Downloading the built-in checks... 201.91 KiB / 201.91 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2024-11-20T12:49:29Z INFO [secret] Secret scanning is enabled 2024-11-20T12:49:29Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-11-20T12:49:29Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection 2024-11-20T12:49:31Z INFO [terraform scanner] Scanning root module file_path="." 2024-11-20T12:49:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_iam_role.member-delegation" value="cty.NilVal" 2024-11-20T12:49:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="aws_iam_role_policy.member-delegation" value="cty.NilVal" 2024-11-20T12:49:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dns-zone" value="cty.NilVal" 2024-11-20T12:49:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dns_zone_extend" value="cty.NilVal" 2024-11-20T12:49:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.dns_zone_extend_private" value="cty.NilVal" 2024-11-20T12:49:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.resource-share" value="cty.NilVal" 2024-11-20T12:49:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc" value="cty.NilVal" 2024-11-20T12:49:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_attachment" value="cty.NilVal" 2024-11-20T12:49:31Z ERROR [terraform evaluator] Failed to expand block. Invalid "for-each" argument. Must be known and iterable. block="module.vpc_nacls" value="cty.NilVal" 2024-11-20T12:49:32Z INFO [terraform executor] Ignore finding rule="aws-sns-enable-topic-encryption" range="monitoring.tf:9-15" 2024-11-20T12:49:32Z INFO Number of language-specific files num=0 2024-11-20T12:49:32Z INFO Detected config files num=2 trivy_exitcode=0 ```