Experience Builder


Terraform

< Back

Repository
aws-samples / amazon-ecs-fullstack-app-terraform
Description

Fullstack app using Amazon ECS &amp; DevOps methodologies (IaC with Terraform and CI/CD with AWS CodePipeline)

Stars

 114

Failed Checks
  •  Security Scanning
     Linting

  • Scan Date

    2023-10-30 17:57:40

    Security Scanning

    This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to:

    Checkov Output
                    
                      terraform scan results:
    
    Passed checks: 170, Failed checks: 106, Skipped checks: 0
    
    Check: CKV_AWS_316: "Ensure CodeBuild project environments do not have privileged mode enabled"
    	FAILED for resource: module.codebuild_client.aws_codebuild_project.aws_codebuild
    	File: /Infrastructure/Modules/CodeBuild/main.tf:8-96
    	Calling File: /Infrastructure/main.tf:319-333
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_147: "Ensure that CodeBuild projects are encrypted using CMK"
    	FAILED for resource: module.codebuild_client.aws_codebuild_project.aws_codebuild
    	File: /Infrastructure/Modules/CodeBuild/main.tf:8-96
    	Calling File: /Infrastructure/main.tf:319-333
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-codebuild-projects-are-encrypted-1.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_316: "Ensure CodeBuild project environments do not have privileged mode enabled"
    	FAILED for resource: module.codebuild_server.aws_codebuild_project.aws_codebuild
    	File: /Infrastructure/Modules/CodeBuild/main.tf:8-96
    	Calling File: /Infrastructure/main.tf:301-316
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_147: "Ensure that CodeBuild projects are encrypted using CMK"
    	FAILED for resource: module.codebuild_server.aws_codebuild_project.aws_codebuild
    	File: /Infrastructure/Modules/CodeBuild/main.tf:8-96
    	Calling File: /Infrastructure/main.tf:301-316
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-codebuild-projects-are-encrypted-1.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_219: "Ensure Code Pipeline Artifact store is using a KMS CMK"
    	FAILED for resource: module.codepipeline.aws_codepipeline.aws_codepipeline
    	File: /Infrastructure/Modules/CodePipeline/main.tf:8-114
    	Calling File: /Infrastructure/main.tf:362-379
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-codepipeline-artifactstore-is-not-encrypted-by-key-management-service-kms-using-a-customer-managed-key-cmk.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_119: "Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK"
    	FAILED for resource: module.dynamodb_table.aws_dynamodb_table.dynamodb_table
    	File: /Infrastructure/Modules/Dynamodb/main.tf:8-22
    	Calling File: /Infrastructure/main.tf:388-391
    	Guide: https://docs.bridgecrew.io/docs/ensure-that-dynamodb-tables-are-encrypted
    
    		8  | resource "aws_dynamodb_table" "dynamodb_table" {
    		9  |   name         = var.name
    		10 |   billing_mode = "PAY_PER_REQUEST"
    		11 |   hash_key     = var.hash_key
    		12 |   range_key    = var.range_key
    		13 | 
    		14 |   dynamic "attribute" {
    		15 |     for_each = var.attributes
    		16 |     content {
    		17 |       name = attribute.value.name
    		18 |       type = attribute.value.type
    		19 |     }
    		20 |   }
    		21 | 
    		22 | }
    Check: CKV_AWS_28: "Ensure Dynamodb point in time recovery (backup) is enabled"
    	FAILED for resource: module.dynamodb_table.aws_dynamodb_table.dynamodb_table
    	File: /Infrastructure/Modules/Dynamodb/main.tf:8-22
    	Calling File: /Infrastructure/main.tf:388-391
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-6.html
    
    		8  | resource "aws_dynamodb_table" "dynamodb_table" {
    		9  |   name         = var.name
    		10 |   billing_mode = "PAY_PER_REQUEST"
    		11 |   hash_key     = var.hash_key
    		12 |   range_key    = var.range_key
    		13 | 
    		14 |   dynamic "attribute" {
    		15 |     for_each = var.attributes
    		16 |     content {
    		17 |       name = attribute.value.name
    		18 |       type = attribute.value.type
    		19 |     }
    		20 |   }
    		21 | 
    		22 | }
    Check: CKV_AWS_163: "Ensure ECR image scanning on push is enabled"
    	FAILED for resource: module.ecr_client.aws_ecr_repository.ecr_repository
    	File: /Infrastructure/Modules/ECR/main.tf:8-11
    	Calling File: /Infrastructure/main.tf:153-156
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-8.html
    
    		8  | resource "aws_ecr_repository" "ecr_repository" {
    		9  |   name                 = var.name
    		10 |   image_tag_mutability = "MUTABLE"
    		11 | }
    Check: CKV_AWS_51: "Ensure ECR Image Tags are immutable"
    	FAILED for resource: module.ecr_client.aws_ecr_repository.ecr_repository
    	File: /Infrastructure/Modules/ECR/main.tf:8-11
    	Calling File: /Infrastructure/main.tf:153-156
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-24.html
    
    		8  | resource "aws_ecr_repository" "ecr_repository" {
    		9  |   name                 = var.name
    		10 |   image_tag_mutability = "MUTABLE"
    		11 | }
    Check: CKV_AWS_136: "Ensure that ECR repositories are encrypted using KMS"
    	FAILED for resource: module.ecr_client.aws_ecr_repository.ecr_repository
    	File: /Infrastructure/Modules/ECR/main.tf:8-11
    	Calling File: /Infrastructure/main.tf:153-156
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ecr-repositories-are-encrypted.html
    
    		8  | resource "aws_ecr_repository" "ecr_repository" {
    		9  |   name                 = var.name
    		10 |   image_tag_mutability = "MUTABLE"
    		11 | }
    Check: CKV_AWS_163: "Ensure ECR image scanning on push is enabled"
    	FAILED for resource: module.ecr_server.aws_ecr_repository.ecr_repository
    	File: /Infrastructure/Modules/ECR/main.tf:8-11
    	Calling File: /Infrastructure/main.tf:147-150
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-8.html
    
    		8  | resource "aws_ecr_repository" "ecr_repository" {
    		9  |   name                 = var.name
    		10 |   image_tag_mutability = "MUTABLE"
    		11 | }
    Check: CKV_AWS_51: "Ensure ECR Image Tags are immutable"
    	FAILED for resource: module.ecr_server.aws_ecr_repository.ecr_repository
    	File: /Infrastructure/Modules/ECR/main.tf:8-11
    	Calling File: /Infrastructure/main.tf:147-150
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-24.html
    
    		8  | resource "aws_ecr_repository" "ecr_repository" {
    		9  |   name                 = var.name
    		10 |   image_tag_mutability = "MUTABLE"
    		11 | }
    Check: CKV_AWS_136: "Ensure that ECR repositories are encrypted using KMS"
    	FAILED for resource: module.ecr_server.aws_ecr_repository.ecr_repository
    	File: /Infrastructure/Modules/ECR/main.tf:8-11
    	Calling File: /Infrastructure/main.tf:147-150
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ecr-repositories-are-encrypted.html
    
    		8  | resource "aws_ecr_repository" "ecr_repository" {
    		9  |   name                 = var.name
    		10 |   image_tag_mutability = "MUTABLE"
    		11 | }
    Check: CKV_AWS_65: "Ensure container insights are enabled on ECS cluster"
    	FAILED for resource: module.ecs_cluster.aws_ecs_cluster.ecs_cluster
    	File: /Infrastructure/Modules/ECS/Cluster/main.tf:8-10
    	Calling File: /Infrastructure/main.tf:206-209
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-11.html
    
    		8  | resource "aws_ecs_cluster" "ecs_cluster" {
    		9  |   name = "Cluster-${var.name}"
    		10 | }
    Check: CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year"
    	FAILED for resource: module.ecs_taks_definition_client.aws_cloudwatch_log_group.TaskDF-Log_Group
    	File: /Infrastructure/Modules/ECS/TaskDefinition/main.tf:45-48
    	Calling File: /Infrastructure/main.tf:173-184
    
    		45 | resource "aws_cloudwatch_log_group" "TaskDF-Log_Group" {
    		46 |   name              = "/ecs/task-definition-${var.name}"
    		47 |   retention_in_days = 30
    		48 | }
    Check: CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS"
    	FAILED for resource: module.ecs_taks_definition_client.aws_cloudwatch_log_group.TaskDF-Log_Group
    	File: /Infrastructure/Modules/ECS/TaskDefinition/main.tf:45-48
    	Calling File: /Infrastructure/main.tf:173-184
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-cloudwatch-log-group-is-encrypted-by-kms.html
    
    		45 | resource "aws_cloudwatch_log_group" "TaskDF-Log_Group" {
    		46 |   name              = "/ecs/task-definition-${var.name}"
    		47 |   retention_in_days = 30
    		48 | }
    Check: CKV_AWS_338: "Ensure CloudWatch log groups retains logs for at least 1 year"
    	FAILED for resource: module.ecs_taks_definition_server.aws_cloudwatch_log_group.TaskDF-Log_Group
    	File: /Infrastructure/Modules/ECS/TaskDefinition/main.tf:45-48
    	Calling File: /Infrastructure/main.tf:159-170
    
    		45 | resource "aws_cloudwatch_log_group" "TaskDF-Log_Group" {
    		46 |   name              = "/ecs/task-definition-${var.name}"
    		47 |   retention_in_days = 30
    		48 | }
    Check: CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS"
    	FAILED for resource: module.ecs_taks_definition_server.aws_cloudwatch_log_group.TaskDF-Log_Group
    	File: /Infrastructure/Modules/ECS/TaskDefinition/main.tf:45-48
    	Calling File: /Infrastructure/main.tf:159-170
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-cloudwatch-log-group-is-encrypted-by-kms.html
    
    		45 | resource "aws_cloudwatch_log_group" "TaskDF-Log_Group" {
    		46 |   name              = "/ecs/task-definition-${var.name}"
    		47 |   retention_in_days = 30
    		48 | }
    Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
    	FAILED for resource: module.codedeploy_role.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:276-280
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-data-exfiltration.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
    	FAILED for resource: module.codedeploy_role.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:276-280
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
    	FAILED for resource: module.codedeploy_role.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:276-280
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: module.codedeploy_role.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:276-280
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
    	FAILED for resource: module.codedeploy_role.aws_iam_policy_document.role_policy_ecs_task_role
    	File: /Infrastructure/Modules/IAM/main.tf:306-337
    	Calling File: /Infrastructure/main.tf:276-280
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-data-exfiltration.html
    
    		306 | data "aws_iam_policy_document" "role_policy_ecs_task_role" {
    		307 |   statement {
    		308 |     sid    = "AllowS3Actions"
    		309 |     effect = "Allow"
    		310 |     actions = [
    		311 |       "s3:GetObject",
    		312 |       "s3:ListBucket"
    		313 |     ]
    		314 |     resources = var.s3_bucket_assets
    		315 |   }
    		316 |   statement {
    		317 |     sid    = "AllowIAMPassRole"
    		318 |     effect = "Allow"
    		319 |     actions = [
    		320 |       "iam:PassRole"
    		321 |     ]
    		322 |     resources = ["*"]
    		323 |   }
    		324 |   statement {
    		325 |     sid    = "AllowDynamodbActions"
    		326 |     effect = "Allow"
    		327 |     actions = [
    		328 |       "dynamodb:BatchGetItem",
    		329 |       "dynamodb:Describe*",
    		330 |       "dynamodb:List*",
    		331 |       "dynamodb:GetItem",
    		332 |       "dynamodb:Query",
    		333 |       "dynamodb:Scan",
    		334 |     ]
    		335 |     resources = var.dynamodb_table
    		336 |   }
    		337 | }
    Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
    	FAILED for resource: module.codedeploy_role.aws_iam_policy_document.role_policy_ecs_task_role
    	File: /Infrastructure/Modules/IAM/main.tf:306-337
    	Calling File: /Infrastructure/main.tf:276-280
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint.html
    
    		306 | data "aws_iam_policy_document" "role_policy_ecs_task_role" {
    		307 |   statement {
    		308 |     sid    = "AllowS3Actions"
    		309 |     effect = "Allow"
    		310 |     actions = [
    		311 |       "s3:GetObject",
    		312 |       "s3:ListBucket"
    		313 |     ]
    		314 |     resources = var.s3_bucket_assets
    		315 |   }
    		316 |   statement {
    		317 |     sid    = "AllowIAMPassRole"
    		318 |     effect = "Allow"
    		319 |     actions = [
    		320 |       "iam:PassRole"
    		321 |     ]
    		322 |     resources = ["*"]
    		323 |   }
    		324 |   statement {
    		325 |     sid    = "AllowDynamodbActions"
    		326 |     effect = "Allow"
    		327 |     actions = [
    		328 |       "dynamodb:BatchGetItem",
    		329 |       "dynamodb:Describe*",
    		330 |       "dynamodb:List*",
    		331 |       "dynamodb:GetItem",
    		332 |       "dynamodb:Query",
    		333 |       "dynamodb:Scan",
    		334 |     ]
    		335 |     resources = var.dynamodb_table
    		336 |   }
    		337 | }
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: module.codedeploy_role.aws_iam_policy_document.role_policy_ecs_task_role
    	File: /Infrastructure/Modules/IAM/main.tf:306-337
    	Calling File: /Infrastructure/main.tf:276-280
    
    		306 | data "aws_iam_policy_document" "role_policy_ecs_task_role" {
    		307 |   statement {
    		308 |     sid    = "AllowS3Actions"
    		309 |     effect = "Allow"
    		310 |     actions = [
    		311 |       "s3:GetObject",
    		312 |       "s3:ListBucket"
    		313 |     ]
    		314 |     resources = var.s3_bucket_assets
    		315 |   }
    		316 |   statement {
    		317 |     sid    = "AllowIAMPassRole"
    		318 |     effect = "Allow"
    		319 |     actions = [
    		320 |       "iam:PassRole"
    		321 |     ]
    		322 |     resources = ["*"]
    		323 |   }
    		324 |   statement {
    		325 |     sid    = "AllowDynamodbActions"
    		326 |     effect = "Allow"
    		327 |     actions = [
    		328 |       "dynamodb:BatchGetItem",
    		329 |       "dynamodb:Describe*",
    		330 |       "dynamodb:List*",
    		331 |       "dynamodb:GetItem",
    		332 |       "dynamodb:Query",
    		333 |       "dynamodb:Scan",
    		334 |     ]
    		335 |     resources = var.dynamodb_table
    		336 |   }
    		337 | }
    Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
    	FAILED for resource: module.devops_role.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:270-274
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-data-exfiltration.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
    	FAILED for resource: module.devops_role.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:270-274
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
    	FAILED for resource: module.devops_role.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:270-274
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: module.devops_role.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:270-274
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
    	FAILED for resource: module.devops_role.aws_iam_policy_document.role_policy_ecs_task_role
    	File: /Infrastructure/Modules/IAM/main.tf:306-337
    	Calling File: /Infrastructure/main.tf:270-274
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-data-exfiltration.html
    
    		306 | data "aws_iam_policy_document" "role_policy_ecs_task_role" {
    		307 |   statement {
    		308 |     sid    = "AllowS3Actions"
    		309 |     effect = "Allow"
    		310 |     actions = [
    		311 |       "s3:GetObject",
    		312 |       "s3:ListBucket"
    		313 |     ]
    		314 |     resources = var.s3_bucket_assets
    		315 |   }
    		316 |   statement {
    		317 |     sid    = "AllowIAMPassRole"
    		318 |     effect = "Allow"
    		319 |     actions = [
    		320 |       "iam:PassRole"
    		321 |     ]
    		322 |     resources = ["*"]
    		323 |   }
    		324 |   statement {
    		325 |     sid    = "AllowDynamodbActions"
    		326 |     effect = "Allow"
    		327 |     actions = [
    		328 |       "dynamodb:BatchGetItem",
    		329 |       "dynamodb:Describe*",
    		330 |       "dynamodb:List*",
    		331 |       "dynamodb:GetItem",
    		332 |       "dynamodb:Query",
    		333 |       "dynamodb:Scan",
    		334 |     ]
    		335 |     resources = var.dynamodb_table
    		336 |   }
    		337 | }
    Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
    	FAILED for resource: module.devops_role.aws_iam_policy_document.role_policy_ecs_task_role
    	File: /Infrastructure/Modules/IAM/main.tf:306-337
    	Calling File: /Infrastructure/main.tf:270-274
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint.html
    
    		306 | data "aws_iam_policy_document" "role_policy_ecs_task_role" {
    		307 |   statement {
    		308 |     sid    = "AllowS3Actions"
    		309 |     effect = "Allow"
    		310 |     actions = [
    		311 |       "s3:GetObject",
    		312 |       "s3:ListBucket"
    		313 |     ]
    		314 |     resources = var.s3_bucket_assets
    		315 |   }
    		316 |   statement {
    		317 |     sid    = "AllowIAMPassRole"
    		318 |     effect = "Allow"
    		319 |     actions = [
    		320 |       "iam:PassRole"
    		321 |     ]
    		322 |     resources = ["*"]
    		323 |   }
    		324 |   statement {
    		325 |     sid    = "AllowDynamodbActions"
    		326 |     effect = "Allow"
    		327 |     actions = [
    		328 |       "dynamodb:BatchGetItem",
    		329 |       "dynamodb:Describe*",
    		330 |       "dynamodb:List*",
    		331 |       "dynamodb:GetItem",
    		332 |       "dynamodb:Query",
    		333 |       "dynamodb:Scan",
    		334 |     ]
    		335 |     resources = var.dynamodb_table
    		336 |   }
    		337 | }
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: module.devops_role.aws_iam_policy_document.role_policy_ecs_task_role
    	File: /Infrastructure/Modules/IAM/main.tf:306-337
    	Calling File: /Infrastructure/main.tf:270-274
    
    		306 | data "aws_iam_policy_document" "role_policy_ecs_task_role" {
    		307 |   statement {
    		308 |     sid    = "AllowS3Actions"
    		309 |     effect = "Allow"
    		310 |     actions = [
    		311 |       "s3:GetObject",
    		312 |       "s3:ListBucket"
    		313 |     ]
    		314 |     resources = var.s3_bucket_assets
    		315 |   }
    		316 |   statement {
    		317 |     sid    = "AllowIAMPassRole"
    		318 |     effect = "Allow"
    		319 |     actions = [
    		320 |       "iam:PassRole"
    		321 |     ]
    		322 |     resources = ["*"]
    		323 |   }
    		324 |   statement {
    		325 |     sid    = "AllowDynamodbActions"
    		326 |     effect = "Allow"
    		327 |     actions = [
    		328 |       "dynamodb:BatchGetItem",
    		329 |       "dynamodb:Describe*",
    		330 |       "dynamodb:List*",
    		331 |       "dynamodb:GetItem",
    		332 |       "dynamodb:Query",
    		333 |       "dynamodb:Scan",
    		334 |     ]
    		335 |     resources = var.dynamodb_table
    		336 |   }
    		337 | }
    Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
    	FAILED for resource: module.ecs_role.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:130-136
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-data-exfiltration.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
    	FAILED for resource: module.ecs_role.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:130-136
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
    	FAILED for resource: module.ecs_role.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:130-136
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: module.ecs_role.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:130-136
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
    	FAILED for resource: module.ecs_role.aws_iam_policy_document.role_policy_ecs_task_role
    	File: /Infrastructure/Modules/IAM/main.tf:306-337
    	Calling File: /Infrastructure/main.tf:130-136
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-data-exfiltration.html
    
    		306 | data "aws_iam_policy_document" "role_policy_ecs_task_role" {
    		307 |   statement {
    		308 |     sid    = "AllowS3Actions"
    		309 |     effect = "Allow"
    		310 |     actions = [
    		311 |       "s3:GetObject",
    		312 |       "s3:ListBucket"
    		313 |     ]
    		314 |     resources = var.s3_bucket_assets
    		315 |   }
    		316 |   statement {
    		317 |     sid    = "AllowIAMPassRole"
    		318 |     effect = "Allow"
    		319 |     actions = [
    		320 |       "iam:PassRole"
    		321 |     ]
    		322 |     resources = ["*"]
    		323 |   }
    		324 |   statement {
    		325 |     sid    = "AllowDynamodbActions"
    		326 |     effect = "Allow"
    		327 |     actions = [
    		328 |       "dynamodb:BatchGetItem",
    		329 |       "dynamodb:Describe*",
    		330 |       "dynamodb:List*",
    		331 |       "dynamodb:GetItem",
    		332 |       "dynamodb:Query",
    		333 |       "dynamodb:Scan",
    		334 |     ]
    		335 |     resources = var.dynamodb_table
    		336 |   }
    		337 | }
    Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
    	FAILED for resource: module.ecs_role.aws_iam_policy_document.role_policy_ecs_task_role
    	File: /Infrastructure/Modules/IAM/main.tf:306-337
    	Calling File: /Infrastructure/main.tf:130-136
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint.html
    
    		306 | data "aws_iam_policy_document" "role_policy_ecs_task_role" {
    		307 |   statement {
    		308 |     sid    = "AllowS3Actions"
    		309 |     effect = "Allow"
    		310 |     actions = [
    		311 |       "s3:GetObject",
    		312 |       "s3:ListBucket"
    		313 |     ]
    		314 |     resources = var.s3_bucket_assets
    		315 |   }
    		316 |   statement {
    		317 |     sid    = "AllowIAMPassRole"
    		318 |     effect = "Allow"
    		319 |     actions = [
    		320 |       "iam:PassRole"
    		321 |     ]
    		322 |     resources = ["*"]
    		323 |   }
    		324 |   statement {
    		325 |     sid    = "AllowDynamodbActions"
    		326 |     effect = "Allow"
    		327 |     actions = [
    		328 |       "dynamodb:BatchGetItem",
    		329 |       "dynamodb:Describe*",
    		330 |       "dynamodb:List*",
    		331 |       "dynamodb:GetItem",
    		332 |       "dynamodb:Query",
    		333 |       "dynamodb:Scan",
    		334 |     ]
    		335 |     resources = var.dynamodb_table
    		336 |   }
    		337 | }
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: module.ecs_role.aws_iam_policy_document.role_policy_ecs_task_role
    	File: /Infrastructure/Modules/IAM/main.tf:306-337
    	Calling File: /Infrastructure/main.tf:130-136
    
    		306 | data "aws_iam_policy_document" "role_policy_ecs_task_role" {
    		307 |   statement {
    		308 |     sid    = "AllowS3Actions"
    		309 |     effect = "Allow"
    		310 |     actions = [
    		311 |       "s3:GetObject",
    		312 |       "s3:ListBucket"
    		313 |     ]
    		314 |     resources = var.s3_bucket_assets
    		315 |   }
    		316 |   statement {
    		317 |     sid    = "AllowIAMPassRole"
    		318 |     effect = "Allow"
    		319 |     actions = [
    		320 |       "iam:PassRole"
    		321 |     ]
    		322 |     resources = ["*"]
    		323 |   }
    		324 |   statement {
    		325 |     sid    = "AllowDynamodbActions"
    		326 |     effect = "Allow"
    		327 |     actions = [
    		328 |       "dynamodb:BatchGetItem",
    		329 |       "dynamodb:Describe*",
    		330 |       "dynamodb:List*",
    		331 |       "dynamodb:GetItem",
    		332 |       "dynamodb:Query",
    		333 |       "dynamodb:Scan",
    		334 |     ]
    		335 |     resources = var.dynamodb_table
    		336 |   }
    		337 | }
    Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
    	FAILED for resource: module.ecs_role_policy.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:139-144
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-data-exfiltration.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
    	FAILED for resource: module.ecs_role_policy.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:139-144
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
    	FAILED for resource: module.ecs_role_policy.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:139-144
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: module.ecs_role_policy.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:139-144
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
    	FAILED for resource: module.ecs_role_policy.aws_iam_policy_document.role_policy_ecs_task_role
    	File: /Infrastructure/Modules/IAM/main.tf:306-337
    	Calling File: /Infrastructure/main.tf:139-144
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-data-exfiltration.html
    
    		306 | data "aws_iam_policy_document" "role_policy_ecs_task_role" {
    		307 |   statement {
    		308 |     sid    = "AllowS3Actions"
    		309 |     effect = "Allow"
    		310 |     actions = [
    		311 |       "s3:GetObject",
    		312 |       "s3:ListBucket"
    		313 |     ]
    		314 |     resources = var.s3_bucket_assets
    		315 |   }
    		316 |   statement {
    		317 |     sid    = "AllowIAMPassRole"
    		318 |     effect = "Allow"
    		319 |     actions = [
    		320 |       "iam:PassRole"
    		321 |     ]
    		322 |     resources = ["*"]
    		323 |   }
    		324 |   statement {
    		325 |     sid    = "AllowDynamodbActions"
    		326 |     effect = "Allow"
    		327 |     actions = [
    		328 |       "dynamodb:BatchGetItem",
    		329 |       "dynamodb:Describe*",
    		330 |       "dynamodb:List*",
    		331 |       "dynamodb:GetItem",
    		332 |       "dynamodb:Query",
    		333 |       "dynamodb:Scan",
    		334 |     ]
    		335 |     resources = var.dynamodb_table
    		336 |   }
    		337 | }
    Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
    	FAILED for resource: module.ecs_role_policy.aws_iam_policy_document.role_policy_ecs_task_role
    	File: /Infrastructure/Modules/IAM/main.tf:306-337
    	Calling File: /Infrastructure/main.tf:139-144
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint.html
    
    		306 | data "aws_iam_policy_document" "role_policy_ecs_task_role" {
    		307 |   statement {
    		308 |     sid    = "AllowS3Actions"
    		309 |     effect = "Allow"
    		310 |     actions = [
    		311 |       "s3:GetObject",
    		312 |       "s3:ListBucket"
    		313 |     ]
    		314 |     resources = var.s3_bucket_assets
    		315 |   }
    		316 |   statement {
    		317 |     sid    = "AllowIAMPassRole"
    		318 |     effect = "Allow"
    		319 |     actions = [
    		320 |       "iam:PassRole"
    		321 |     ]
    		322 |     resources = ["*"]
    		323 |   }
    		324 |   statement {
    		325 |     sid    = "AllowDynamodbActions"
    		326 |     effect = "Allow"
    		327 |     actions = [
    		328 |       "dynamodb:BatchGetItem",
    		329 |       "dynamodb:Describe*",
    		330 |       "dynamodb:List*",
    		331 |       "dynamodb:GetItem",
    		332 |       "dynamodb:Query",
    		333 |       "dynamodb:Scan",
    		334 |     ]
    		335 |     resources = var.dynamodb_table
    		336 |   }
    		337 | }
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: module.ecs_role_policy.aws_iam_policy_document.role_policy_ecs_task_role
    	File: /Infrastructure/Modules/IAM/main.tf:306-337
    	Calling File: /Infrastructure/main.tf:139-144
    
    		306 | data "aws_iam_policy_document" "role_policy_ecs_task_role" {
    		307 |   statement {
    		308 |     sid    = "AllowS3Actions"
    		309 |     effect = "Allow"
    		310 |     actions = [
    		311 |       "s3:GetObject",
    		312 |       "s3:ListBucket"
    		313 |     ]
    		314 |     resources = var.s3_bucket_assets
    		315 |   }
    		316 |   statement {
    		317 |     sid    = "AllowIAMPassRole"
    		318 |     effect = "Allow"
    		319 |     actions = [
    		320 |       "iam:PassRole"
    		321 |     ]
    		322 |     resources = ["*"]
    		323 |   }
    		324 |   statement {
    		325 |     sid    = "AllowDynamodbActions"
    		326 |     effect = "Allow"
    		327 |     actions = [
    		328 |       "dynamodb:BatchGetItem",
    		329 |       "dynamodb:Describe*",
    		330 |       "dynamodb:List*",
    		331 |       "dynamodb:GetItem",
    		332 |       "dynamodb:Query",
    		333 |       "dynamodb:Scan",
    		334 |     ]
    		335 |     resources = var.dynamodb_table
    		336 |   }
    		337 | }
    Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
    	FAILED for resource: module.policy_devops_role.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:283-292
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-data-exfiltration.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
    	FAILED for resource: module.policy_devops_role.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:283-292
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
    	FAILED for resource: module.policy_devops_role.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:283-292
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: module.policy_devops_role.aws_iam_policy_document.role_policy_devops_role
    	File: /Infrastructure/Modules/IAM/main.tf:175-304
    	Calling File: /Infrastructure/main.tf:283-292
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
    	FAILED for resource: module.policy_devops_role.aws_iam_policy_document.role_policy_ecs_task_role
    	File: /Infrastructure/Modules/IAM/main.tf:306-337
    	Calling File: /Infrastructure/main.tf:283-292
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-data-exfiltration.html
    
    		306 | data "aws_iam_policy_document" "role_policy_ecs_task_role" {
    		307 |   statement {
    		308 |     sid    = "AllowS3Actions"
    		309 |     effect = "Allow"
    		310 |     actions = [
    		311 |       "s3:GetObject",
    		312 |       "s3:ListBucket"
    		313 |     ]
    		314 |     resources = var.s3_bucket_assets
    		315 |   }
    		316 |   statement {
    		317 |     sid    = "AllowIAMPassRole"
    		318 |     effect = "Allow"
    		319 |     actions = [
    		320 |       "iam:PassRole"
    		321 |     ]
    		322 |     resources = ["*"]
    		323 |   }
    		324 |   statement {
    		325 |     sid    = "AllowDynamodbActions"
    		326 |     effect = "Allow"
    		327 |     actions = [
    		328 |       "dynamodb:BatchGetItem",
    		329 |       "dynamodb:Describe*",
    		330 |       "dynamodb:List*",
    		331 |       "dynamodb:GetItem",
    		332 |       "dynamodb:Query",
    		333 |       "dynamodb:Scan",
    		334 |     ]
    		335 |     resources = var.dynamodb_table
    		336 |   }
    		337 | }
    Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
    	FAILED for resource: module.policy_devops_role.aws_iam_policy_document.role_policy_ecs_task_role
    	File: /Infrastructure/Modules/IAM/main.tf:306-337
    	Calling File: /Infrastructure/main.tf:283-292
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint.html
    
    		306 | data "aws_iam_policy_document" "role_policy_ecs_task_role" {
    		307 |   statement {
    		308 |     sid    = "AllowS3Actions"
    		309 |     effect = "Allow"
    		310 |     actions = [
    		311 |       "s3:GetObject",
    		312 |       "s3:ListBucket"
    		313 |     ]
    		314 |     resources = var.s3_bucket_assets
    		315 |   }
    		316 |   statement {
    		317 |     sid    = "AllowIAMPassRole"
    		318 |     effect = "Allow"
    		319 |     actions = [
    		320 |       "iam:PassRole"
    		321 |     ]
    		322 |     resources = ["*"]
    		323 |   }
    		324 |   statement {
    		325 |     sid    = "AllowDynamodbActions"
    		326 |     effect = "Allow"
    		327 |     actions = [
    		328 |       "dynamodb:BatchGetItem",
    		329 |       "dynamodb:Describe*",
    		330 |       "dynamodb:List*",
    		331 |       "dynamodb:GetItem",
    		332 |       "dynamodb:Query",
    		333 |       "dynamodb:Scan",
    		334 |     ]
    		335 |     resources = var.dynamodb_table
    		336 |   }
    		337 | }
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: module.policy_devops_role.aws_iam_policy_document.role_policy_ecs_task_role
    	File: /Infrastructure/Modules/IAM/main.tf:306-337
    	Calling File: /Infrastructure/main.tf:283-292
    
    		306 | data "aws_iam_policy_document" "role_policy_ecs_task_role" {
    		307 |   statement {
    		308 |     sid    = "AllowS3Actions"
    		309 |     effect = "Allow"
    		310 |     actions = [
    		311 |       "s3:GetObject",
    		312 |       "s3:ListBucket"
    		313 |     ]
    		314 |     resources = var.s3_bucket_assets
    		315 |   }
    		316 |   statement {
    		317 |     sid    = "AllowIAMPassRole"
    		318 |     effect = "Allow"
    		319 |     actions = [
    		320 |       "iam:PassRole"
    		321 |     ]
    		322 |     resources = ["*"]
    		323 |   }
    		324 |   statement {
    		325 |     sid    = "AllowDynamodbActions"
    		326 |     effect = "Allow"
    		327 |     actions = [
    		328 |       "dynamodb:BatchGetItem",
    		329 |       "dynamodb:Describe*",
    		330 |       "dynamodb:List*",
    		331 |       "dynamodb:GetItem",
    		332 |       "dynamodb:Query",
    		333 |       "dynamodb:Scan",
    		334 |     ]
    		335 |     resources = var.dynamodb_table
    		336 |   }
    		337 | }
    Check: CKV_AWS_130: "Ensure VPC subnets do not assign public IP by default"
    	FAILED for resource: module.networking.aws_subnet.public_subnets[0]
    	File: /Infrastructure/Modules/Networking/main.tf:27-36
    	Calling File: /Infrastructure/main.tf:31-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-vpc-subnets-do-not-assign-public-ip-by-default.html
    
    		27 | resource "aws_subnet" "public_subnets" {
    		28 |   count                   = 2
    		29 |   availability_zone       = data.aws_availability_zones.az_availables.names[count.index]
    		30 |   vpc_id                  = aws_vpc.aws_vpc.id
    		31 |   cidr_block              = cidrsubnet(aws_vpc.aws_vpc.cidr_block, 7, count.index + 1)
    		32 |   map_public_ip_on_launch = true
    		33 |   tags = {
    		34 |     Name = "public_subnet_${count.index}_${var.name}"
    		35 |   }
    		36 | }
    
    Check: CKV_AWS_130: "Ensure VPC subnets do not assign public IP by default"
    	FAILED for resource: module.networking.aws_subnet.public_subnets[1]
    	File: /Infrastructure/Modules/Networking/main.tf:27-36
    	Calling File: /Infrastructure/main.tf:31-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-vpc-subnets-do-not-assign-public-ip-by-default.html
    
    		27 | resource "aws_subnet" "public_subnets" {
    		28 |   count                   = 2
    		29 |   availability_zone       = data.aws_availability_zones.az_availables.names[count.index]
    		30 |   vpc_id                  = aws_vpc.aws_vpc.id
    		31 |   cidr_block              = cidrsubnet(aws_vpc.aws_vpc.cidr_block, 7, count.index + 1)
    		32 |   map_public_ip_on_launch = true
    		33 |   tags = {
    		34 |     Name = "public_subnet_${count.index}_${var.name}"
    		35 |   }
    		36 | }
    
    Check: CKV_AWS_26: "Ensure all data stored in the SNS topic is encrypted"
    	FAILED for resource: module.sns.aws_sns_topic.sns_notifications
    	File: /Infrastructure/Modules/SNS/main.tf:8-10
    	Calling File: /Infrastructure/main.tf:295-298
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-15.html
    
    		8  | resource "aws_sns_topic" "sns_notifications" {
    		9  |   name = var.sns_name
    		10 | }
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.security_group_alb_client.aws_security_group.sg
    	File: /Infrastructure/Modules/SecurityGroup/main.tf:8-30
    	Calling File: /Infrastructure/main.tf:100-107
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		8  | resource "aws_security_group" "sg" {
    		9  |   name        = var.name
    		10 |   description = var.description
    		11 |   vpc_id      = var.vpc_id
    		12 | 
    		13 |   ingress {
    		14 |     protocol        = "tcp"
    		15 |     from_port       = var.ingress_port
    		16 |     to_port         = var.ingress_port
    		17 |     cidr_blocks     = var.cidr_blocks_ingress
    		18 |     security_groups = var.security_groups
    		19 |   }
    		20 |   egress {
    		21 |     from_port   = var.egress_port
    		22 |     to_port     = var.egress_port
    		23 |     protocol    = "-1"
    		24 |     cidr_blocks = var.cidr_blocks_egress
    		25 |   }
    		26 | 
    		27 |   tags = {
    		28 |     Name = var.name
    		29 |   }
    		30 | }
    Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
    	FAILED for resource: module.security_group_alb_client.aws_security_group.sg
    	File: /Infrastructure/Modules/SecurityGroup/main.tf:8-30
    	Calling File: /Infrastructure/main.tf:100-107
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
    
    		8  | resource "aws_security_group" "sg" {
    		9  |   name        = var.name
    		10 |   description = var.description
    		11 |   vpc_id      = var.vpc_id
    		12 | 
    		13 |   ingress {
    		14 |     protocol        = "tcp"
    		15 |     from_port       = var.ingress_port
    		16 |     to_port         = var.ingress_port
    		17 |     cidr_blocks     = var.cidr_blocks_ingress
    		18 |     security_groups = var.security_groups
    		19 |   }
    		20 |   egress {
    		21 |     from_port   = var.egress_port
    		22 |     to_port     = var.egress_port
    		23 |     protocol    = "-1"
    		24 |     cidr_blocks = var.cidr_blocks_egress
    		25 |   }
    		26 | 
    		27 |   tags = {
    		28 |     Name = var.name
    		29 |   }
    		30 | }
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.security_group_alb_server.aws_security_group.sg
    	File: /Infrastructure/Modules/SecurityGroup/main.tf:8-30
    	Calling File: /Infrastructure/main.tf:90-97
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		8  | resource "aws_security_group" "sg" {
    		9  |   name        = var.name
    		10 |   description = var.description
    		11 |   vpc_id      = var.vpc_id
    		12 | 
    		13 |   ingress {
    		14 |     protocol        = "tcp"
    		15 |     from_port       = var.ingress_port
    		16 |     to_port         = var.ingress_port
    		17 |     cidr_blocks     = var.cidr_blocks_ingress
    		18 |     security_groups = var.security_groups
    		19 |   }
    		20 |   egress {
    		21 |     from_port   = var.egress_port
    		22 |     to_port     = var.egress_port
    		23 |     protocol    = "-1"
    		24 |     cidr_blocks = var.cidr_blocks_egress
    		25 |   }
    		26 | 
    		27 |   tags = {
    		28 |     Name = var.name
    		29 |   }
    		30 | }
    Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
    	FAILED for resource: module.security_group_alb_server.aws_security_group.sg
    	File: /Infrastructure/Modules/SecurityGroup/main.tf:8-30
    	Calling File: /Infrastructure/main.tf:90-97
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
    
    		8  | resource "aws_security_group" "sg" {
    		9  |   name        = var.name
    		10 |   description = var.description
    		11 |   vpc_id      = var.vpc_id
    		12 | 
    		13 |   ingress {
    		14 |     protocol        = "tcp"
    		15 |     from_port       = var.ingress_port
    		16 |     to_port         = var.ingress_port
    		17 |     cidr_blocks     = var.cidr_blocks_ingress
    		18 |     security_groups = var.security_groups
    		19 |   }
    		20 |   egress {
    		21 |     from_port   = var.egress_port
    		22 |     to_port     = var.egress_port
    		23 |     protocol    = "-1"
    		24 |     cidr_blocks = var.cidr_blocks_egress
    		25 |   }
    		26 | 
    		27 |   tags = {
    		28 |     Name = var.name
    		29 |   }
    		30 | }
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.security_group_ecs_task_client.aws_security_group.sg
    	File: /Infrastructure/Modules/SecurityGroup/main.tf:8-30
    	Calling File: /Infrastructure/main.tf:196-203
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		8  | resource "aws_security_group" "sg" {
    		9  |   name        = var.name
    		10 |   description = var.description
    		11 |   vpc_id      = var.vpc_id
    		12 | 
    		13 |   ingress {
    		14 |     protocol        = "tcp"
    		15 |     from_port       = var.ingress_port
    		16 |     to_port         = var.ingress_port
    		17 |     cidr_blocks     = var.cidr_blocks_ingress
    		18 |     security_groups = var.security_groups
    		19 |   }
    		20 |   egress {
    		21 |     from_port   = var.egress_port
    		22 |     to_port     = var.egress_port
    		23 |     protocol    = "-1"
    		24 |     cidr_blocks = var.cidr_blocks_egress
    		25 |   }
    		26 | 
    		27 |   tags = {
    		28 |     Name = var.name
    		29 |   }
    		30 | }
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.security_group_ecs_task_server.aws_security_group.sg
    	File: /Infrastructure/Modules/SecurityGroup/main.tf:8-30
    	Calling File: /Infrastructure/main.tf:187-194
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		8  | resource "aws_security_group" "sg" {
    		9  |   name        = var.name
    		10 |   description = var.description
    		11 |   vpc_id      = var.vpc_id
    		12 | 
    		13 |   ingress {
    		14 |     protocol        = "tcp"
    		15 |     from_port       = var.ingress_port
    		16 |     to_port         = var.ingress_port
    		17 |     cidr_blocks     = var.cidr_blocks_ingress
    		18 |     security_groups = var.security_groups
    		19 |   }
    		20 |   egress {
    		21 |     from_port   = var.egress_port
    		22 |     to_port     = var.egress_port
    		23 |     protocol    = "-1"
    		24 |     cidr_blocks = var.cidr_blocks_egress
    		25 |   }
    		26 | 
    		27 |   tags = {
    		28 |     Name = var.name
    		29 |   }
    		30 | }
    Check: CKV_AWS_144: "Ensure that S3 bucket has cross-region replication enabled"
    	FAILED for resource: module.s3_assets.aws_s3_bucket.s3_bucket
    	File: /Infrastructure/Modules/S3/main.tf:8-15
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-s3-bucket-has-cross-region-replication-enabled.html
    
    		8  | resource "aws_s3_bucket" "s3_bucket" {
    		9  |   bucket        = var.bucket_name
    		10 |   acl           = "private"
    		11 |   force_destroy = true
    		12 |   tags = {
    		13 |     Name = var.bucket_name
    		14 |   }
    		15 | }
    Check: CKV_AWS_144: "Ensure that S3 bucket has cross-region replication enabled"
    	FAILED for resource: module.s3_codepipeline.aws_s3_bucket.s3_bucket
    	File: /Infrastructure/Modules/S3/main.tf:8-15
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-s3-bucket-has-cross-region-replication-enabled.html
    
    		8  | resource "aws_s3_bucket" "s3_bucket" {
    		9  |   bucket        = var.bucket_name
    		10 |   acl           = "private"
    		11 |   force_destroy = true
    		12 |   tags = {
    		13 |     Name = var.bucket_name
    		14 |   }
    		15 | }
    Check: CKV2_AWS_62: "Ensure S3 buckets should have event notifications enabled"
    	FAILED for resource: module.s3_assets.aws_s3_bucket.s3_bucket
    	File: /Infrastructure/Modules/S3/main.tf:8-15
    
    		8  | resource "aws_s3_bucket" "s3_bucket" {
    		9  |   bucket        = var.bucket_name
    		10 |   acl           = "private"
    		11 |   force_destroy = true
    		12 |   tags = {
    		13 |     Name = var.bucket_name
    		14 |   }
    		15 | }
    Check: CKV2_AWS_62: "Ensure S3 buckets should have event notifications enabled"
    	FAILED for resource: module.s3_codepipeline.aws_s3_bucket.s3_bucket
    	File: /Infrastructure/Modules/S3/main.tf:8-15
    
    		8  | resource "aws_s3_bucket" "s3_bucket" {
    		9  |   bucket        = var.bucket_name
    		10 |   acl           = "private"
    		11 |   force_destroy = true
    		12 |   tags = {
    		13 |     Name = var.bucket_name
    		14 |   }
    		15 | }
    Check: CKV2_AWS_12: "Ensure the default security group of every VPC restricts all traffic"
    	FAILED for resource: module.networking.aws_vpc.aws_vpc
    	File: /Infrastructure/Modules/Networking/main.tf:9-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-4.html
    
    		9  | resource "aws_vpc" "aws_vpc" {
    		10 |   cidr_block           = var.cidr[0]
    		11 |   instance_tenancy     = "default"
    		12 |   enable_dns_hostnames = true
    		13 |   enable_dns_support   = true
    		14 |   tags = {
    		15 |     Name = "vpc_${var.name}"
    		16 |   }
    		17 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.alb_client.aws_alb_listener.https_listener
    	File: /Infrastructure/Modules/ALB/main.tf:20-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		20 | resource "aws_alb_listener" "https_listener" {
    		21 |   count             = var.create_alb == true ? (var.enable_https == true ? 1 : 0) : 0
    		22 |   load_balancer_arn = aws_alb.alb[0].id
    		23 |   port              = "443"
    		24 |   protocol          = "HTTPS"
    		25 | 
    		26 |   default_action {
    		27 |     target_group_arn = var.target_group
    		28 |     type             = "forward"
    		29 |   }
    		30 | 
    		31 |   lifecycle {
    		32 |     // to avoid changes generated by CodeDeploy changes
    		33 |     ignore_changes = [default_action]
    		34 |   }
    		35 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.alb_client.aws_alb_listener.http_listener
    	File: /Infrastructure/Modules/ALB/main.tf:38-53
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		38 | resource "aws_alb_listener" "http_listener" {
    		39 |   count             = var.create_alb == true ? 1 : 0
    		40 |   load_balancer_arn = aws_alb.alb[0].id
    		41 |   port              = "80"
    		42 |   protocol          = "HTTP"
    		43 | 
    		44 |   default_action {
    		45 |     target_group_arn = var.target_group
    		46 |     type             = "forward"
    		47 |   }
    		48 | 
    		49 |   lifecycle {
    		50 |     // to avoid changes generated by CodeDeploy changes
    		51 |     ignore_changes = [default_action]
    		52 |   }
    		53 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.alb_server.aws_alb_listener.https_listener
    	File: /Infrastructure/Modules/ALB/main.tf:20-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		20 | resource "aws_alb_listener" "https_listener" {
    		21 |   count             = var.create_alb == true ? (var.enable_https == true ? 1 : 0) : 0
    		22 |   load_balancer_arn = aws_alb.alb[0].id
    		23 |   port              = "443"
    		24 |   protocol          = "HTTPS"
    		25 | 
    		26 |   default_action {
    		27 |     target_group_arn = var.target_group
    		28 |     type             = "forward"
    		29 |   }
    		30 | 
    		31 |   lifecycle {
    		32 |     // to avoid changes generated by CodeDeploy changes
    		33 |     ignore_changes = [default_action]
    		34 |   }
    		35 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.alb_server.aws_alb_listener.http_listener
    	File: /Infrastructure/Modules/ALB/main.tf:38-53
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		38 | resource "aws_alb_listener" "http_listener" {
    		39 |   count             = var.create_alb == true ? 1 : 0
    		40 |   load_balancer_arn = aws_alb.alb[0].id
    		41 |   port              = "80"
    		42 |   protocol          = "HTTP"
    		43 | 
    		44 |   default_action {
    		45 |     target_group_arn = var.target_group
    		46 |     type             = "forward"
    		47 |   }
    		48 | 
    		49 |   lifecycle {
    		50 |     // to avoid changes generated by CodeDeploy changes
    		51 |     ignore_changes = [default_action]
    		52 |   }
    		53 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.target_group_client_blue.aws_alb_listener.https_listener
    	File: /Infrastructure/Modules/ALB/main.tf:20-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		20 | resource "aws_alb_listener" "https_listener" {
    		21 |   count             = var.create_alb == true ? (var.enable_https == true ? 1 : 0) : 0
    		22 |   load_balancer_arn = aws_alb.alb[0].id
    		23 |   port              = "443"
    		24 |   protocol          = "HTTPS"
    		25 | 
    		26 |   default_action {
    		27 |     target_group_arn = var.target_group
    		28 |     type             = "forward"
    		29 |   }
    		30 | 
    		31 |   lifecycle {
    		32 |     // to avoid changes generated by CodeDeploy changes
    		33 |     ignore_changes = [default_action]
    		34 |   }
    		35 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.target_group_client_blue.aws_alb_listener.http_listener
    	File: /Infrastructure/Modules/ALB/main.tf:38-53
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		38 | resource "aws_alb_listener" "http_listener" {
    		39 |   count             = var.create_alb == true ? 1 : 0
    		40 |   load_balancer_arn = aws_alb.alb[0].id
    		41 |   port              = "80"
    		42 |   protocol          = "HTTP"
    		43 | 
    		44 |   default_action {
    		45 |     target_group_arn = var.target_group
    		46 |     type             = "forward"
    		47 |   }
    		48 | 
    		49 |   lifecycle {
    		50 |     // to avoid changes generated by CodeDeploy changes
    		51 |     ignore_changes = [default_action]
    		52 |   }
    		53 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.target_group_client_green.aws_alb_listener.https_listener
    	File: /Infrastructure/Modules/ALB/main.tf:20-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		20 | resource "aws_alb_listener" "https_listener" {
    		21 |   count             = var.create_alb == true ? (var.enable_https == true ? 1 : 0) : 0
    		22 |   load_balancer_arn = aws_alb.alb[0].id
    		23 |   port              = "443"
    		24 |   protocol          = "HTTPS"
    		25 | 
    		26 |   default_action {
    		27 |     target_group_arn = var.target_group
    		28 |     type             = "forward"
    		29 |   }
    		30 | 
    		31 |   lifecycle {
    		32 |     // to avoid changes generated by CodeDeploy changes
    		33 |     ignore_changes = [default_action]
    		34 |   }
    		35 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.target_group_client_green.aws_alb_listener.http_listener
    	File: /Infrastructure/Modules/ALB/main.tf:38-53
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		38 | resource "aws_alb_listener" "http_listener" {
    		39 |   count             = var.create_alb == true ? 1 : 0
    		40 |   load_balancer_arn = aws_alb.alb[0].id
    		41 |   port              = "80"
    		42 |   protocol          = "HTTP"
    		43 | 
    		44 |   default_action {
    		45 |     target_group_arn = var.target_group
    		46 |     type             = "forward"
    		47 |   }
    		48 | 
    		49 |   lifecycle {
    		50 |     // to avoid changes generated by CodeDeploy changes
    		51 |     ignore_changes = [default_action]
    		52 |   }
    		53 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.target_group_server_blue.aws_alb_listener.https_listener
    	File: /Infrastructure/Modules/ALB/main.tf:20-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		20 | resource "aws_alb_listener" "https_listener" {
    		21 |   count             = var.create_alb == true ? (var.enable_https == true ? 1 : 0) : 0
    		22 |   load_balancer_arn = aws_alb.alb[0].id
    		23 |   port              = "443"
    		24 |   protocol          = "HTTPS"
    		25 | 
    		26 |   default_action {
    		27 |     target_group_arn = var.target_group
    		28 |     type             = "forward"
    		29 |   }
    		30 | 
    		31 |   lifecycle {
    		32 |     // to avoid changes generated by CodeDeploy changes
    		33 |     ignore_changes = [default_action]
    		34 |   }
    		35 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.target_group_server_blue.aws_alb_listener.http_listener
    	File: /Infrastructure/Modules/ALB/main.tf:38-53
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		38 | resource "aws_alb_listener" "http_listener" {
    		39 |   count             = var.create_alb == true ? 1 : 0
    		40 |   load_balancer_arn = aws_alb.alb[0].id
    		41 |   port              = "80"
    		42 |   protocol          = "HTTP"
    		43 | 
    		44 |   default_action {
    		45 |     target_group_arn = var.target_group
    		46 |     type             = "forward"
    		47 |   }
    		48 | 
    		49 |   lifecycle {
    		50 |     // to avoid changes generated by CodeDeploy changes
    		51 |     ignore_changes = [default_action]
    		52 |   }
    		53 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.target_group_server_green.aws_alb_listener.https_listener
    	File: /Infrastructure/Modules/ALB/main.tf:20-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		20 | resource "aws_alb_listener" "https_listener" {
    		21 |   count             = var.create_alb == true ? (var.enable_https == true ? 1 : 0) : 0
    		22 |   load_balancer_arn = aws_alb.alb[0].id
    		23 |   port              = "443"
    		24 |   protocol          = "HTTPS"
    		25 | 
    		26 |   default_action {
    		27 |     target_group_arn = var.target_group
    		28 |     type             = "forward"
    		29 |   }
    		30 | 
    		31 |   lifecycle {
    		32 |     // to avoid changes generated by CodeDeploy changes
    		33 |     ignore_changes = [default_action]
    		34 |   }
    		35 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.target_group_server_green.aws_alb_listener.http_listener
    	File: /Infrastructure/Modules/ALB/main.tf:38-53
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		38 | resource "aws_alb_listener" "http_listener" {
    		39 |   count             = var.create_alb == true ? 1 : 0
    		40 |   load_balancer_arn = aws_alb.alb[0].id
    		41 |   port              = "80"
    		42 |   protocol          = "HTTP"
    		43 | 
    		44 |   default_action {
    		45 |     target_group_arn = var.target_group
    		46 |     type             = "forward"
    		47 |   }
    		48 | 
    		49 |   lifecycle {
    		50 |     // to avoid changes generated by CodeDeploy changes
    		51 |     ignore_changes = [default_action]
    		52 |   }
    		53 | }
    
    Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
    	FAILED for resource: module.alb_client.aws_alb.alb
    	File: /Infrastructure/Modules/ALB/main.tf:8-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf.html
    
    		8  | resource "aws_alb" "alb" {
    		9  |   count              = var.create_alb == true ? 1 : 0
    		10 |   name               = "alb-${var.name}"
    		11 |   subnets            = [var.subnets[0], var.subnets[1]]
    		12 |   security_groups    = [var.security_group]
    		13 |   load_balancer_type = "application"
    		14 |   internal           = false
    		15 |   enable_http2       = true
    		16 |   idle_timeout       = 30
    		17 | }
    
    Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
    	FAILED for resource: module.alb_server.aws_alb.alb
    	File: /Infrastructure/Modules/ALB/main.tf:8-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf.html
    
    		8  | resource "aws_alb" "alb" {
    		9  |   count              = var.create_alb == true ? 1 : 0
    		10 |   name               = "alb-${var.name}"
    		11 |   subnets            = [var.subnets[0], var.subnets[1]]
    		12 |   security_groups    = [var.security_group]
    		13 |   load_balancer_type = "application"
    		14 |   internal           = false
    		15 |   enable_http2       = true
    		16 |   idle_timeout       = 30
    		17 | }
    
    Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
    	FAILED for resource: module.target_group_client_blue.aws_alb.alb
    	File: /Infrastructure/Modules/ALB/main.tf:8-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf.html
    
    		8  | resource "aws_alb" "alb" {
    		9  |   count              = var.create_alb == true ? 1 : 0
    		10 |   name               = "alb-${var.name}"
    		11 |   subnets            = [var.subnets[0], var.subnets[1]]
    		12 |   security_groups    = [var.security_group]
    		13 |   load_balancer_type = "application"
    		14 |   internal           = false
    		15 |   enable_http2       = true
    		16 |   idle_timeout       = 30
    		17 | }
    
    Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
    	FAILED for resource: module.target_group_client_green.aws_alb.alb
    	File: /Infrastructure/Modules/ALB/main.tf:8-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf.html
    
    		8  | resource "aws_alb" "alb" {
    		9  |   count              = var.create_alb == true ? 1 : 0
    		10 |   name               = "alb-${var.name}"
    		11 |   subnets            = [var.subnets[0], var.subnets[1]]
    		12 |   security_groups    = [var.security_group]
    		13 |   load_balancer_type = "application"
    		14 |   internal           = false
    		15 |   enable_http2       = true
    		16 |   idle_timeout       = 30
    		17 | }
    
    Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
    	FAILED for resource: module.target_group_server_blue.aws_alb.alb
    	File: /Infrastructure/Modules/ALB/main.tf:8-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf.html
    
    		8  | resource "aws_alb" "alb" {
    		9  |   count              = var.create_alb == true ? 1 : 0
    		10 |   name               = "alb-${var.name}"
    		11 |   subnets            = [var.subnets[0], var.subnets[1]]
    		12 |   security_groups    = [var.security_group]
    		13 |   load_balancer_type = "application"
    		14 |   internal           = false
    		15 |   enable_http2       = true
    		16 |   idle_timeout       = 30
    		17 | }
    
    Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
    	FAILED for resource: module.target_group_server_green.aws_alb.alb
    	File: /Infrastructure/Modules/ALB/main.tf:8-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf.html
    
    		8  | resource "aws_alb" "alb" {
    		9  |   count              = var.create_alb == true ? 1 : 0
    		10 |   name               = "alb-${var.name}"
    		11 |   subnets            = [var.subnets[0], var.subnets[1]]
    		12 |   security_groups    = [var.security_group]
    		13 |   load_balancer_type = "application"
    		14 |   internal           = false
    		15 |   enable_http2       = true
    		16 |   idle_timeout       = 30
    		17 | }
    
    Check: CKV2_AWS_20: "Ensure that ALB redirects HTTP requests into HTTPS ones"
    	FAILED for resource: module.alb_client.aws_alb.alb
    	File: /Infrastructure/Modules/ALB/main.tf:8-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-redirects-http-requests-into-https-ones.html
    
    		8  | resource "aws_alb" "alb" {
    		9  |   count              = var.create_alb == true ? 1 : 0
    		10 |   name               = "alb-${var.name}"
    		11 |   subnets            = [var.subnets[0], var.subnets[1]]
    		12 |   security_groups    = [var.security_group]
    		13 |   load_balancer_type = "application"
    		14 |   internal           = false
    		15 |   enable_http2       = true
    		16 |   idle_timeout       = 30
    		17 | }
    
    Check: CKV2_AWS_20: "Ensure that ALB redirects HTTP requests into HTTPS ones"
    	FAILED for resource: module.alb_server.aws_alb.alb
    	File: /Infrastructure/Modules/ALB/main.tf:8-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-redirects-http-requests-into-https-ones.html
    
    		8  | resource "aws_alb" "alb" {
    		9  |   count              = var.create_alb == true ? 1 : 0
    		10 |   name               = "alb-${var.name}"
    		11 |   subnets            = [var.subnets[0], var.subnets[1]]
    		12 |   security_groups    = [var.security_group]
    		13 |   load_balancer_type = "application"
    		14 |   internal           = false
    		15 |   enable_http2       = true
    		16 |   idle_timeout       = 30
    		17 | }
    
    Check: CKV2_AWS_20: "Ensure that ALB redirects HTTP requests into HTTPS ones"
    	FAILED for resource: module.target_group_client_blue.aws_alb.alb
    	File: /Infrastructure/Modules/ALB/main.tf:8-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-redirects-http-requests-into-https-ones.html
    
    		8  | resource "aws_alb" "alb" {
    		9  |   count              = var.create_alb == true ? 1 : 0
    		10 |   name               = "alb-${var.name}"
    		11 |   subnets            = [var.subnets[0], var.subnets[1]]
    		12 |   security_groups    = [var.security_group]
    		13 |   load_balancer_type = "application"
    		14 |   internal           = false
    		15 |   enable_http2       = true
    		16 |   idle_timeout       = 30
    		17 | }
    
    Check: CKV2_AWS_20: "Ensure that ALB redirects HTTP requests into HTTPS ones"
    	FAILED for resource: module.target_group_client_green.aws_alb.alb
    	File: /Infrastructure/Modules/ALB/main.tf:8-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-redirects-http-requests-into-https-ones.html
    
    		8  | resource "aws_alb" "alb" {
    		9  |   count              = var.create_alb == true ? 1 : 0
    		10 |   name               = "alb-${var.name}"
    		11 |   subnets            = [var.subnets[0], var.subnets[1]]
    		12 |   security_groups    = [var.security_group]
    		13 |   load_balancer_type = "application"
    		14 |   internal           = false
    		15 |   enable_http2       = true
    		16 |   idle_timeout       = 30
    		17 | }
    
    Check: CKV2_AWS_20: "Ensure that ALB redirects HTTP requests into HTTPS ones"
    	FAILED for resource: module.target_group_server_blue.aws_alb.alb
    	File: /Infrastructure/Modules/ALB/main.tf:8-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-redirects-http-requests-into-https-ones.html
    
    		8  | resource "aws_alb" "alb" {
    		9  |   count              = var.create_alb == true ? 1 : 0
    		10 |   name               = "alb-${var.name}"
    		11 |   subnets            = [var.subnets[0], var.subnets[1]]
    		12 |   security_groups    = [var.security_group]
    		13 |   load_balancer_type = "application"
    		14 |   internal           = false
    		15 |   enable_http2       = true
    		16 |   idle_timeout       = 30
    		17 | }
    
    Check: CKV2_AWS_20: "Ensure that ALB redirects HTTP requests into HTTPS ones"
    	FAILED for resource: module.target_group_server_green.aws_alb.alb
    	File: /Infrastructure/Modules/ALB/main.tf:8-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-redirects-http-requests-into-https-ones.html
    
    		8  | resource "aws_alb" "alb" {
    		9  |   count              = var.create_alb == true ? 1 : 0
    		10 |   name               = "alb-${var.name}"
    		11 |   subnets            = [var.subnets[0], var.subnets[1]]
    		12 |   security_groups    = [var.security_group]
    		13 |   load_balancer_type = "application"
    		14 |   internal           = false
    		15 |   enable_http2       = true
    		16 |   idle_timeout       = 30
    		17 | }
    
    Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled"
    	FAILED for resource: module.s3_assets.aws_s3_bucket.s3_bucket
    	File: /Infrastructure/Modules/S3/main.tf:8-15
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/s3-policies/s3-16-enable-versioning.html
    
    		8  | resource "aws_s3_bucket" "s3_bucket" {
    		9  |   bucket        = var.bucket_name
    		10 |   acl           = "private"
    		11 |   force_destroy = true
    		12 |   tags = {
    		13 |     Name = var.bucket_name
    		14 |   }
    		15 | }
    Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enabled"
    	FAILED for resource: module.s3_codepipeline.aws_s3_bucket.s3_bucket
    	File: /Infrastructure/Modules/S3/main.tf:8-15
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/s3-policies/s3-16-enable-versioning.html
    
    		8  | resource "aws_s3_bucket" "s3_bucket" {
    		9  |   bucket        = var.bucket_name
    		10 |   acl           = "private"
    		11 |   force_destroy = true
    		12 |   tags = {
    		13 |     Name = var.bucket_name
    		14 |   }
    		15 | }
    Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
    	FAILED for resource: module.security_group_alb_client.aws_security_group.sg
    	File: /Infrastructure/Modules/SecurityGroup/main.tf:8-30
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis.html
    
    		8  | resource "aws_security_group" "sg" {
    		9  |   name        = var.name
    		10 |   description = var.description
    		11 |   vpc_id      = var.vpc_id
    		12 | 
    		13 |   ingress {
    		14 |     protocol        = "tcp"
    		15 |     from_port       = var.ingress_port
    		16 |     to_port         = var.ingress_port
    		17 |     cidr_blocks     = var.cidr_blocks_ingress
    		18 |     security_groups = var.security_groups
    		19 |   }
    		20 |   egress {
    		21 |     from_port   = var.egress_port
    		22 |     to_port     = var.egress_port
    		23 |     protocol    = "-1"
    		24 |     cidr_blocks = var.cidr_blocks_egress
    		25 |   }
    		26 | 
    		27 |   tags = {
    		28 |     Name = var.name
    		29 |   }
    		30 | }
    Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
    	FAILED for resource: module.security_group_alb_server.aws_security_group.sg
    	File: /Infrastructure/Modules/SecurityGroup/main.tf:8-30
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis.html
    
    		8  | resource "aws_security_group" "sg" {
    		9  |   name        = var.name
    		10 |   description = var.description
    		11 |   vpc_id      = var.vpc_id
    		12 | 
    		13 |   ingress {
    		14 |     protocol        = "tcp"
    		15 |     from_port       = var.ingress_port
    		16 |     to_port         = var.ingress_port
    		17 |     cidr_blocks     = var.cidr_blocks_ingress
    		18 |     security_groups = var.security_groups
    		19 |   }
    		20 |   egress {
    		21 |     from_port   = var.egress_port
    		22 |     to_port     = var.egress_port
    		23 |     protocol    = "-1"
    		24 |     cidr_blocks = var.cidr_blocks_egress
    		25 |   }
    		26 | 
    		27 |   tags = {
    		28 |     Name = var.name
    		29 |   }
    		30 | }
    Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
    	FAILED for resource: module.security_group_ecs_task_client.aws_security_group.sg
    	File: /Infrastructure/Modules/SecurityGroup/main.tf:8-30
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis.html
    
    		8  | resource "aws_security_group" "sg" {
    		9  |   name        = var.name
    		10 |   description = var.description
    		11 |   vpc_id      = var.vpc_id
    		12 | 
    		13 |   ingress {
    		14 |     protocol        = "tcp"
    		15 |     from_port       = var.ingress_port
    		16 |     to_port         = var.ingress_port
    		17 |     cidr_blocks     = var.cidr_blocks_ingress
    		18 |     security_groups = var.security_groups
    		19 |   }
    		20 |   egress {
    		21 |     from_port   = var.egress_port
    		22 |     to_port     = var.egress_port
    		23 |     protocol    = "-1"
    		24 |     cidr_blocks = var.cidr_blocks_egress
    		25 |   }
    		26 | 
    		27 |   tags = {
    		28 |     Name = var.name
    		29 |   }
    		30 | }
    Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
    	FAILED for resource: module.security_group_ecs_task_server.aws_security_group.sg
    	File: /Infrastructure/Modules/SecurityGroup/main.tf:8-30
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis.html
    
    		8  | resource "aws_security_group" "sg" {
    		9  |   name        = var.name
    		10 |   description = var.description
    		11 |   vpc_id      = var.vpc_id
    		12 | 
    		13 |   ingress {
    		14 |     protocol        = "tcp"
    		15 |     from_port       = var.ingress_port
    		16 |     to_port         = var.ingress_port
    		17 |     cidr_blocks     = var.cidr_blocks_ingress
    		18 |     security_groups = var.security_groups
    		19 |   }
    		20 |   egress {
    		21 |     from_port   = var.egress_port
    		22 |     to_port     = var.egress_port
    		23 |     protocol    = "-1"
    		24 |     cidr_blocks = var.cidr_blocks_egress
    		25 |   }
    		26 | 
    		27 |   tags = {
    		28 |     Name = var.name
    		29 |   }
    		30 | }
    Check: CKV2_AWS_61: "Ensure that an S3 bucket has a lifecycle configuration"
    	FAILED for resource: module.s3_assets.aws_s3_bucket.s3_bucket
    	File: /Infrastructure/Modules/S3/main.tf:8-15
    
    		8  | resource "aws_s3_bucket" "s3_bucket" {
    		9  |   bucket        = var.bucket_name
    		10 |   acl           = "private"
    		11 |   force_destroy = true
    		12 |   tags = {
    		13 |     Name = var.bucket_name
    		14 |   }
    		15 | }
    Check: CKV2_AWS_61: "Ensure that an S3 bucket has a lifecycle configuration"
    	FAILED for resource: module.s3_codepipeline.aws_s3_bucket.s3_bucket
    	File: /Infrastructure/Modules/S3/main.tf:8-15
    
    		8  | resource "aws_s3_bucket" "s3_bucket" {
    		9  |   bucket        = var.bucket_name
    		10 |   acl           = "private"
    		11 |   force_destroy = true
    		12 |   tags = {
    		13 |     Name = var.bucket_name
    		14 |   }
    		15 | }
    Check: CKV2_AWS_11: "Ensure VPC flow logging is enabled in all VPCs"
    	FAILED for resource: module.networking.aws_vpc.aws_vpc
    	File: /Infrastructure/Modules/Networking/main.tf:9-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/logging-9-enable-vpc-flow-logging.html
    
    		9  | resource "aws_vpc" "aws_vpc" {
    		10 |   cidr_block           = var.cidr[0]
    		11 |   instance_tenancy     = "default"
    		12 |   enable_dns_hostnames = true
    		13 |   enable_dns_support   = true
    		14 |   tags = {
    		15 |     Name = "vpc_${var.name}"
    		16 |   }
    		17 | }
    
    Check: CKV_AWS_18: "Ensure the S3 bucket has access logging enabled"
    	FAILED for resource: module.s3_assets.aws_s3_bucket.s3_bucket
    	File: /Infrastructure/Modules/S3/main.tf:8-15
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/s3-policies/s3-13-enable-logging.html
    
    		8  | resource "aws_s3_bucket" "s3_bucket" {
    		9  |   bucket        = var.bucket_name
    		10 |   acl           = "private"
    		11 |   force_destroy = true
    		12 |   tags = {
    		13 |     Name = var.bucket_name
    		14 |   }
    		15 | }
    Check: CKV_AWS_18: "Ensure the S3 bucket has access logging enabled"
    	FAILED for resource: module.s3_codepipeline.aws_s3_bucket.s3_bucket
    	File: /Infrastructure/Modules/S3/main.tf:8-15
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/s3-policies/s3-13-enable-logging.html
    
    		8  | resource "aws_s3_bucket" "s3_bucket" {
    		9  |   bucket        = var.bucket_name
    		10 |   acl           = "private"
    		11 |   force_destroy = true
    		12 |   tags = {
    		13 |     Name = var.bucket_name
    		14 |   }
    		15 | }
    Check: CKV2_AWS_6: "Ensure that S3 bucket has a Public Access block"
    	FAILED for resource: module.s3_assets.aws_s3_bucket.s3_bucket
    	File: /Infrastructure/Modules/S3/main.tf:8-15
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/s3-bucket-should-have-public-access-blocks-defaults-to-false-if-the-public-access-block-is-not-attached.html
    
    		8  | resource "aws_s3_bucket" "s3_bucket" {
    		9  |   bucket        = var.bucket_name
    		10 |   acl           = "private"
    		11 |   force_destroy = true
    		12 |   tags = {
    		13 |     Name = var.bucket_name
    		14 |   }
    		15 | }
    Check: CKV2_AWS_6: "Ensure that S3 bucket has a Public Access block"
    	FAILED for resource: module.s3_codepipeline.aws_s3_bucket.s3_bucket
    	File: /Infrastructure/Modules/S3/main.tf:8-15
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/s3-bucket-should-have-public-access-blocks-defaults-to-false-if-the-public-access-block-is-not-attached.html
    
    		8  | resource "aws_s3_bucket" "s3_bucket" {
    		9  |   bucket        = var.bucket_name
    		10 |   acl           = "private"
    		11 |   force_destroy = true
    		12 |   tags = {
    		13 |     Name = var.bucket_name
    		14 |   }
    		15 | }
    Check: CKV_AWS_145: "Ensure that S3 buckets are encrypted with KMS by default"
    	FAILED for resource: module.s3_assets.aws_s3_bucket.s3_bucket
    	File: /Infrastructure/Modules/S3/main.tf:8-15
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-s3-buckets-are-encrypted-with-kms-by-default.html
    
    		8  | resource "aws_s3_bucket" "s3_bucket" {
    		9  |   bucket        = var.bucket_name
    		10 |   acl           = "private"
    		11 |   force_destroy = true
    		12 |   tags = {
    		13 |     Name = var.bucket_name
    		14 |   }
    		15 | }
    Check: CKV_AWS_145: "Ensure that S3 buckets are encrypted with KMS by default"
    	FAILED for resource: module.s3_codepipeline.aws_s3_bucket.s3_bucket
    	File: /Infrastructure/Modules/S3/main.tf:8-15
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-s3-buckets-are-encrypted-with-kms-by-default.html
    
    		8  | resource "aws_s3_bucket" "s3_bucket" {
    		9  |   bucket        = var.bucket_name
    		10 |   acl           = "private"
    		11 |   force_destroy = true
    		12 |   tags = {
    		13 |     Name = var.bucket_name
    		14 |   }
    		15 | }
    terraform_plan scan results:
    
    Passed checks: 0, Failed checks: 0, Skipped checks: 0, Parsing errors: 1
    
    dockerfile scan results:
    
    Passed checks: 78, Failed checks: 6, Skipped checks: 0
    
    Check: CKV_DOCKER_7: "Ensure the base image uses a non latest version tag"
    	FAILED for resource: /Code/server/Dockerfile.FROM
    	File: /Code/server/Dockerfile:4-4
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-the-base-image-uses-a-non-latest-version-tag.html
    
    		4 | FROM public.ecr.aws/bitnami/node:latest
    
    Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
    	FAILED for resource: /Code/server/Dockerfile.
    	File: /Code/server/Dockerfile:1-18
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created.html
    
    		1  | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
    		2  | # SPDX-License-Identifier: MIT-0
    		3  | 
    		4  | FROM public.ecr.aws/bitnami/node:latest
    		5  | 
    		6  | RUN mkdir -p /home/node/app/node_modules
    		7  | 
    		8  | WORKDIR /home/node/app
    		9  | 
    		10 | COPY package*.json ./
    		11 | 
    		12 | RUN npm install
    		13 | 
    		14 | COPY . .
    		15 | 
    		16 | EXPOSE 3001
    		17 | 
    		18 | CMD [ "npm", "start" ]
    Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
    	FAILED for resource: /Code/server/Dockerfile.
    	File: /Code/server/Dockerfile:1-18
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images.html
    
    		1  | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
    		2  | # SPDX-License-Identifier: MIT-0
    		3  | 
    		4  | FROM public.ecr.aws/bitnami/node:latest
    		5  | 
    		6  | RUN mkdir -p /home/node/app/node_modules
    		7  | 
    		8  | WORKDIR /home/node/app
    		9  | 
    		10 | COPY package*.json ./
    		11 | 
    		12 | RUN npm install
    		13 | 
    		14 | COPY . .
    		15 | 
    		16 | EXPOSE 3001
    		17 | 
    		18 | CMD [ "npm", "start" ]
    Check: CKV_DOCKER_7: "Ensure the base image uses a non latest version tag"
    	FAILED for resource: /Code/client/Dockerfile.FROM
    	File: /Code/client/Dockerfile:13-13
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-the-base-image-uses-a-non-latest-version-tag.html
    
    		13 | FROM public.ecr.aws/nginx/nginx:latest as production-stage
    
    Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
    	FAILED for resource: /Code/client/Dockerfile.
    	File: /Code/client/Dockerfile:1-16
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created.html
    
    		1  | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
    		2  | # SPDX-License-Identifier: MIT-0
    		3  | 
    		4  | # build stage
    		5  | FROM public.ecr.aws/bitnami/node:16 as build-stage
    		6  | WORKDIR /app
    		7  | COPY package*.json ./
    		8  | RUN npm install
    		9  | COPY . .
    		10 | RUN npm run build
    		11 | 
    		12 | # production stage
    		13 | FROM public.ecr.aws/nginx/nginx:latest as production-stage
    		14 | COPY --from=build-stage /app/dist /usr/share/nginx/html
    		15 | EXPOSE 80
    		16 | CMD ["nginx", "-g", "daemon off;"]
    Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
    	FAILED for resource: /Code/client/Dockerfile.
    	File: /Code/client/Dockerfile:1-16
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images.html
    
    		1  | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
    		2  | # SPDX-License-Identifier: MIT-0
    		3  | 
    		4  | # build stage
    		5  | FROM public.ecr.aws/bitnami/node:16 as build-stage
    		6  | WORKDIR /app
    		7  | COPY package*.json ./
    		8  | RUN npm install
    		9  | COPY . .
    		10 | RUN npm run build
    		11 | 
    		12 | # production stage
    		13 | FROM public.ecr.aws/nginx/nginx:latest as production-stage
    		14 | COPY --from=build-stage /app/dist /usr/share/nginx/html
    		15 | EXPOSE 80
    		16 | CMD ["nginx", "-g", "daemon off;"]
    
    
                    
                  

    Linting

    This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to: