Experience Builder


Terraform

< Back

Repository
brikis98 / terraform-up-and-running-code
Description

Code samples for the book "Terraform: Up &amp; Running" by Yevgeniy Brikman

Stars

 2590

Failed Checks
  •  Security Scanning
     Linting

  • Scan Date

    2023-10-30 17:57:40

    Security Scanning

    This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to:

    Checkov Output
                    
                      2023-10-05 14:38:54,279 [MainThread  ] [WARNI]  Failed to download module github.com/brikis98/terraform-up-and-running-code//code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster?ref=v0.3.0:None (for external modules, the --download-external-modules flag is required)
    terraform scan results:
    
    Passed checks: 608, Failed checks: 511, Skipped checks: 0
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/00-preface/hello-world/main.tf:16-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type = "t2.micro"
    		19 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/00-preface/hello-world/main.tf:16-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type = "t2.micro"
    		19 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/00-preface/hello-world/main.tf:16-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type = "t2.micro"
    		19 | }
    
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/00-preface/hello-world/main.tf:16-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type = "t2.micro"
    		19 | }
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.app
    	File: /code/terraform/01-why-terraform/web-server/main.tf:16-25
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		16 | resource "aws_instance" "app" {
    		17 |   instance_type     = "t2.micro"
    		18 |   availability_zone = "us-east-2a"
    		19 |   ami               = "ami-0fb653ca2d3203ac1"
    		20 | 
    		21 |   user_data = <<-EOF
    		22 |               #!/bin/bash
    		23 |               sudo service apache2 start
    		24 |               EOF
    		25 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.app
    	File: /code/terraform/01-why-terraform/web-server/main.tf:16-25
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		16 | resource "aws_instance" "app" {
    		17 |   instance_type     = "t2.micro"
    		18 |   availability_zone = "us-east-2a"
    		19 |   ami               = "ami-0fb653ca2d3203ac1"
    		20 | 
    		21 |   user_data = <<-EOF
    		22 |               #!/bin/bash
    		23 |               sudo service apache2 start
    		24 |               EOF
    		25 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.app
    	File: /code/terraform/01-why-terraform/web-server/main.tf:16-25
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		16 | resource "aws_instance" "app" {
    		17 |   instance_type     = "t2.micro"
    		18 |   availability_zone = "us-east-2a"
    		19 |   ami               = "ami-0fb653ca2d3203ac1"
    		20 | 
    		21 |   user_data = <<-EOF
    		22 |               #!/bin/bash
    		23 |               sudo service apache2 start
    		24 |               EOF
    		25 | }
    
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.app
    	File: /code/terraform/01-why-terraform/web-server/main.tf:16-25
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		16 | resource "aws_instance" "app" {
    		17 |   instance_type     = "t2.micro"
    		18 |   availability_zone = "us-east-2a"
    		19 |   ami               = "ami-0fb653ca2d3203ac1"
    		20 | 
    		21 |   user_data = <<-EOF
    		22 |               #!/bin/bash
    		23 |               sudo service apache2 start
    		24 |               EOF
    		25 | }
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/02-intro-to-terraform-syntax/one-server/main.tf:16-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   tags = {
    		21 |     Name = "terraform-example"
    		22 |   }
    		23 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/02-intro-to-terraform-syntax/one-server/main.tf:16-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   tags = {
    		21 |     Name = "terraform-example"
    		22 |   }
    		23 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/02-intro-to-terraform-syntax/one-server/main.tf:16-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   tags = {
    		21 |     Name = "terraform-example"
    		22 |   }
    		23 | }
    
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/02-intro-to-terraform-syntax/one-server/main.tf:16-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   tags = {
    		21 |     Name = "terraform-example"
    		22 |   }
    		23 | }
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/02-intro-to-terraform-syntax/one-webserver-with-vars/main.tf:16-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami                    = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type          = "t2.micro"
    		19 |   vpc_security_group_ids = [aws_security_group.instance.id]
    		20 | 
    		21 |   user_data = <<-EOF
    		22 |               #!/bin/bash
    		23 |               echo "Hello, World" > index.html
    		24 |               nohup busybox httpd -f -p ${var.server_port} &
    		25 |               EOF
    		26 | 
    		27 |   user_data_replace_on_change = true
    		28 | 
    		29 |   tags = {
    		30 |     Name = "terraform-example"
    		31 |   }
    		32 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/02-intro-to-terraform-syntax/one-webserver-with-vars/main.tf:16-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami                    = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type          = "t2.micro"
    		19 |   vpc_security_group_ids = [aws_security_group.instance.id]
    		20 | 
    		21 |   user_data = <<-EOF
    		22 |               #!/bin/bash
    		23 |               echo "Hello, World" > index.html
    		24 |               nohup busybox httpd -f -p ${var.server_port} &
    		25 |               EOF
    		26 | 
    		27 |   user_data_replace_on_change = true
    		28 | 
    		29 |   tags = {
    		30 |     Name = "terraform-example"
    		31 |   }
    		32 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/02-intro-to-terraform-syntax/one-webserver-with-vars/main.tf:16-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami                    = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type          = "t2.micro"
    		19 |   vpc_security_group_ids = [aws_security_group.instance.id]
    		20 | 
    		21 |   user_data = <<-EOF
    		22 |               #!/bin/bash
    		23 |               echo "Hello, World" > index.html
    		24 |               nohup busybox httpd -f -p ${var.server_port} &
    		25 |               EOF
    		26 | 
    		27 |   user_data_replace_on_change = true
    		28 | 
    		29 |   tags = {
    		30 |     Name = "terraform-example"
    		31 |   }
    		32 | }
    
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/02-intro-to-terraform-syntax/one-webserver-with-vars/main.tf:16-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami                    = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type          = "t2.micro"
    		19 |   vpc_security_group_ids = [aws_security_group.instance.id]
    		20 | 
    		21 |   user_data = <<-EOF
    		22 |               #!/bin/bash
    		23 |               echo "Hello, World" > index.html
    		24 |               nohup busybox httpd -f -p ${var.server_port} &
    		25 |               EOF
    		26 | 
    		27 |   user_data_replace_on_change = true
    		28 | 
    		29 |   tags = {
    		30 |     Name = "terraform-example"
    		31 |   }
    		32 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: aws_security_group.instance
    	File: /code/terraform/02-intro-to-terraform-syntax/one-webserver-with-vars/main.tf:34-44
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		34 | resource "aws_security_group" "instance" {
    		35 | 
    		36 |   name = var.security_group_name
    		37 | 
    		38 |   ingress {
    		39 |     from_port   = var.server_port
    		40 |     to_port     = var.server_port
    		41 |     protocol    = "tcp"
    		42 |     cidr_blocks = ["0.0.0.0/0"]
    		43 |   }
    		44 | }
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/02-intro-to-terraform-syntax/one-webserver/main.tf:16-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami                    = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type          = "t2.micro"
    		19 |   vpc_security_group_ids = [aws_security_group.instance.id]
    		20 | 
    		21 |   user_data = <<-EOF
    		22 |               #!/bin/bash
    		23 |               echo "Hello, World" > index.html
    		24 |               nohup busybox httpd -f -p 8080 &
    		25 |               EOF
    		26 | 
    		27 |   user_data_replace_on_change = true
    		28 | 
    		29 |   tags = {
    		30 |     Name = "terraform-example"
    		31 |   }
    		32 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/02-intro-to-terraform-syntax/one-webserver/main.tf:16-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami                    = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type          = "t2.micro"
    		19 |   vpc_security_group_ids = [aws_security_group.instance.id]
    		20 | 
    		21 |   user_data = <<-EOF
    		22 |               #!/bin/bash
    		23 |               echo "Hello, World" > index.html
    		24 |               nohup busybox httpd -f -p 8080 &
    		25 |               EOF
    		26 | 
    		27 |   user_data_replace_on_change = true
    		28 | 
    		29 |   tags = {
    		30 |     Name = "terraform-example"
    		31 |   }
    		32 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/02-intro-to-terraform-syntax/one-webserver/main.tf:16-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami                    = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type          = "t2.micro"
    		19 |   vpc_security_group_ids = [aws_security_group.instance.id]
    		20 | 
    		21 |   user_data = <<-EOF
    		22 |               #!/bin/bash
    		23 |               echo "Hello, World" > index.html
    		24 |               nohup busybox httpd -f -p 8080 &
    		25 |               EOF
    		26 | 
    		27 |   user_data_replace_on_change = true
    		28 | 
    		29 |   tags = {
    		30 |     Name = "terraform-example"
    		31 |   }
    		32 | }
    
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/02-intro-to-terraform-syntax/one-webserver/main.tf:16-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami                    = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type          = "t2.micro"
    		19 |   vpc_security_group_ids = [aws_security_group.instance.id]
    		20 | 
    		21 |   user_data = <<-EOF
    		22 |               #!/bin/bash
    		23 |               echo "Hello, World" > index.html
    		24 |               nohup busybox httpd -f -p 8080 &
    		25 |               EOF
    		26 | 
    		27 |   user_data_replace_on_change = true
    		28 | 
    		29 |   tags = {
    		30 |     Name = "terraform-example"
    		31 |   }
    		32 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: aws_security_group.instance
    	File: /code/terraform/02-intro-to-terraform-syntax/one-webserver/main.tf:34-44
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		34 | resource "aws_security_group" "instance" {
    		35 | 
    		36 |   name = var.security_group_name
    		37 | 
    		38 |   ingress {
    		39 |     from_port   = 8080
    		40 |     to_port     = 8080
    		41 |     protocol    = "tcp"
    		42 |     cidr_blocks = ["0.0.0.0/0"]
    		43 |   }
    		44 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_launch_configuration.example
    	File: /code/terraform/02-intro-to-terraform-syntax/webserver-cluster/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		16 | resource "aws_launch_configuration" "example" {
    		17 |   image_id        = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type   = "t2.micro"
    		19 |   security_groups = [aws_security_group.instance.id]
    		20 | 
    		21 |   user_data = <<-EOF
    		22 |               #!/bin/bash
    		23 |               echo "Hello, World" > index.html
    		24 |               nohup busybox httpd -f -p ${var.server_port} &
    		25 |               EOF
    		26 | 
    		27 |   # Required when using a launch configuration with an auto scaling group.
    		28 |   lifecycle {
    		29 |     create_before_destroy = true
    		30 |   }
    		31 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_launch_configuration.example
    	File: /code/terraform/02-intro-to-terraform-syntax/webserver-cluster/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		16 | resource "aws_launch_configuration" "example" {
    		17 |   image_id        = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type   = "t2.micro"
    		19 |   security_groups = [aws_security_group.instance.id]
    		20 | 
    		21 |   user_data = <<-EOF
    		22 |               #!/bin/bash
    		23 |               echo "Hello, World" > index.html
    		24 |               nohup busybox httpd -f -p ${var.server_port} &
    		25 |               EOF
    		26 | 
    		27 |   # Required when using a launch configuration with an auto scaling group.
    		28 |   lifecycle {
    		29 |     create_before_destroy = true
    		30 |   }
    		31 | }
    
    Check: CKV_AWS_315: "Ensure EC2 Auto Scaling groups use EC2 launch templates"
    	FAILED for resource: aws_autoscaling_group.example
    	File: /code/terraform/02-intro-to-terraform-syntax/webserver-cluster/main.tf:33-48
    
    		33 | resource "aws_autoscaling_group" "example" {
    		34 |   launch_configuration = aws_launch_configuration.example.name
    		35 |   vpc_zone_identifier  = data.aws_subnets.default.ids
    		36 | 
    		37 |   target_group_arns = [aws_lb_target_group.asg.arn]
    		38 |   health_check_type = "ELB"
    		39 | 
    		40 |   min_size = 2
    		41 |   max_size = 10
    		42 | 
    		43 |   tag {
    		44 |     key                 = "Name"
    		45 |     value               = "terraform-asg-example"
    		46 |     propagate_at_launch = true
    		47 |   }
    		48 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: aws_security_group.instance
    	File: /code/terraform/02-intro-to-terraform-syntax/webserver-cluster/main.tf:50-59
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		50 | resource "aws_security_group" "instance" {
    		51 |   name = var.instance_security_group_name
    		52 | 
    		53 |   ingress {
    		54 |     from_port   = var.server_port
    		55 |     to_port     = var.server_port
    		56 |     protocol    = "tcp"
    		57 |     cidr_blocks = ["0.0.0.0/0"]
    		58 |   }
    		59 | }
    
    Check: CKV_AWS_131: "Ensure that ALB drops HTTP headers"
    	FAILED for resource: aws_lb.example
    	File: /code/terraform/02-intro-to-terraform-syntax/webserver-cluster/main.tf:72-79
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-drops-http-headers.html
    
    		72 | resource "aws_lb" "example" {
    		73 | 
    		74 |   name               = var.alb_name
    		75 | 
    		76 |   load_balancer_type = "application"
    		77 |   subnets            = data.aws_subnets.default.ids
    		78 |   security_groups    = [aws_security_group.alb.id]
    		79 | }
    
    Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
    	FAILED for resource: aws_lb.example
    	File: /code/terraform/02-intro-to-terraform-syntax/webserver-cluster/main.tf:72-79
    	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62
    
    		72 | resource "aws_lb" "example" {
    		73 | 
    		74 |   name               = var.alb_name
    		75 | 
    		76 |   load_balancer_type = "application"
    		77 |   subnets            = data.aws_subnets.default.ids
    		78 |   security_groups    = [aws_security_group.alb.id]
    		79 | }
    
    Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
    	FAILED for resource: aws_lb.example
    	File: /code/terraform/02-intro-to-terraform-syntax/webserver-cluster/main.tf:72-79
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-22.html
    
    		72 | resource "aws_lb" "example" {
    		73 | 
    		74 |   name               = var.alb_name
    		75 | 
    		76 |   load_balancer_type = "application"
    		77 |   subnets            = data.aws_subnets.default.ids
    		78 |   security_groups    = [aws_security_group.alb.id]
    		79 | }
    
    Check: CKV_AWS_2: "Ensure ALB protocol is HTTPS"
    	FAILED for resource: aws_lb_listener.http
    	File: /code/terraform/02-intro-to-terraform-syntax/webserver-cluster/main.tf:81-96
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-29.html
    
    		81 | resource "aws_lb_listener" "http" {
    		82 |   load_balancer_arn = aws_lb.example.arn
    		83 |   port              = 80
    		84 |   protocol          = "HTTP"
    		85 | 
    		86 |   # By default, return a simple 404 page
    		87 |   default_action {
    		88 |     type = "fixed-response"
    		89 | 
    		90 |     fixed_response {
    		91 |       content_type = "text/plain"
    		92 |       message_body = "404: page not found"
    		93 |       status_code  = 404
    		94 |     }
    		95 |   }
    		96 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: aws_security_group.alb
    	File: /code/terraform/02-intro-to-terraform-syntax/webserver-cluster/main.tf:133-152
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		133 | resource "aws_security_group" "alb" {
    		134 | 
    		135 |   name = var.alb_security_group_name
    		136 | 
    		137 |   # Allow inbound HTTP requests
    		138 |   ingress {
    		139 |     from_port   = 80
    		140 |     to_port     = 80
    		141 |     protocol    = "tcp"
    		142 |     cidr_blocks = ["0.0.0.0/0"]
    		143 |   }
    		144 | 
    		145 |   # Allow all outbound requests
    		146 |   egress {
    		147 |     from_port   = 0
    		148 |     to_port     = 0
    		149 |     protocol    = "-1"
    		150 |     cidr_blocks = ["0.0.0.0/0"]
    		151 |   }
    		152 | }
    
    Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
    	FAILED for resource: aws_security_group.alb
    	File: /code/terraform/02-intro-to-terraform-syntax/webserver-cluster/main.tf:133-152
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
    
    		133 | resource "aws_security_group" "alb" {
    		134 | 
    		135 |   name = var.alb_security_group_name
    		136 | 
    		137 |   # Allow inbound HTTP requests
    		138 |   ingress {
    		139 |     from_port   = 80
    		140 |     to_port     = 80
    		141 |     protocol    = "tcp"
    		142 |     cidr_blocks = ["0.0.0.0/0"]
    		143 |   }
    		144 | 
    		145 |   # Allow all outbound requests
    		146 |   egress {
    		147 |     from_port   = 0
    		148 |     to_port     = 0
    		149 |     protocol    = "-1"
    		150 |     cidr_blocks = ["0.0.0.0/0"]
    		151 |   }
    		152 | }
    
    Check: CKV_AWS_119: "Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK"
    	FAILED for resource: aws_dynamodb_table.terraform_locks
    	File: /code/terraform/03-terraform-state/file-layout-example/global/s3/main.tf:55-64
    	Guide: https://docs.bridgecrew.io/docs/ensure-that-dynamodb-tables-are-encrypted
    
    		55 | resource "aws_dynamodb_table" "terraform_locks" {
    		56 |   name         = var.table_name
    		57 |   billing_mode = "PAY_PER_REQUEST"
    		58 |   hash_key     = "LockID"
    		59 | 
    		60 |   attribute {
    		61 |     name = "LockID"
    		62 |     type = "S"
    		63 |   }
    		64 | }
    
    Check: CKV_AWS_28: "Ensure Dynamodb point in time recovery (backup) is enabled"
    	FAILED for resource: aws_dynamodb_table.terraform_locks
    	File: /code/terraform/03-terraform-state/file-layout-example/global/s3/main.tf:55-64
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-6.html
    
    		55 | resource "aws_dynamodb_table" "terraform_locks" {
    		56 |   name         = var.table_name
    		57 |   billing_mode = "PAY_PER_REQUEST"
    		58 |   hash_key     = "LockID"
    		59 | 
    		60 |   attribute {
    		61 |     name = "LockID"
    		62 |     type = "S"
    		63 |   }
    		64 | }
    
    Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/data-stores/mysql/main.tf:29-40
    
    		29 | resource "aws_db_instance" "example" {
    		30 |   identifier_prefix   = "terraform-up-and-running"
    		31 |   engine              = "mysql"
    		32 |   allocated_storage   = 10
    		33 |   instance_class      = "db.t2.micro"
    		34 |   skip_final_snapshot = true
    		35 | 
    		36 |   db_name             = var.db_name
    		37 | 
    		38 |   username = var.db_username
    		39 |   password = var.db_password
    		40 | }
    
    Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/data-stores/mysql/main.tf:29-40
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
    
    		29 | resource "aws_db_instance" "example" {
    		30 |   identifier_prefix   = "terraform-up-and-running"
    		31 |   engine              = "mysql"
    		32 |   allocated_storage   = 10
    		33 |   instance_class      = "db.t2.micro"
    		34 |   skip_final_snapshot = true
    		35 | 
    		36 |   db_name             = var.db_name
    		37 | 
    		38 |   username = var.db_username
    		39 |   password = var.db_password
    		40 | }
    
    Check: CKV_AWS_161: "Ensure RDS database has IAM authentication enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/data-stores/mysql/main.tf:29-40
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-database-has-iam-authentication-enabled.html
    
    		29 | resource "aws_db_instance" "example" {
    		30 |   identifier_prefix   = "terraform-up-and-running"
    		31 |   engine              = "mysql"
    		32 |   allocated_storage   = 10
    		33 |   instance_class      = "db.t2.micro"
    		34 |   skip_final_snapshot = true
    		35 | 
    		36 |   db_name             = var.db_name
    		37 | 
    		38 |   username = var.db_username
    		39 |   password = var.db_password
    		40 | }
    
    Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/data-stores/mysql/main.tf:29-40
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
    
    		29 | resource "aws_db_instance" "example" {
    		30 |   identifier_prefix   = "terraform-up-and-running"
    		31 |   engine              = "mysql"
    		32 |   allocated_storage   = 10
    		33 |   instance_class      = "db.t2.micro"
    		34 |   skip_final_snapshot = true
    		35 | 
    		36 |   db_name             = var.db_name
    		37 | 
    		38 |   username = var.db_username
    		39 |   password = var.db_password
    		40 | }
    
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/data-stores/mysql/main.tf:29-40
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		29 | resource "aws_db_instance" "example" {
    		30 |   identifier_prefix   = "terraform-up-and-running"
    		31 |   engine              = "mysql"
    		32 |   allocated_storage   = 10
    		33 |   instance_class      = "db.t2.micro"
    		34 |   skip_final_snapshot = true
    		35 | 
    		36 |   db_name             = var.db_name
    		37 | 
    		38 |   username = var.db_username
    		39 |   password = var.db_password
    		40 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/data-stores/mysql/main.tf:29-40
    
    		29 | resource "aws_db_instance" "example" {
    		30 |   identifier_prefix   = "terraform-up-and-running"
    		31 |   engine              = "mysql"
    		32 |   allocated_storage   = 10
    		33 |   instance_class      = "db.t2.micro"
    		34 |   skip_final_snapshot = true
    		35 | 
    		36 |   db_name             = var.db_name
    		37 | 
    		38 |   username = var.db_username
    		39 |   password = var.db_password
    		40 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/data-stores/mysql/main.tf:29-40
    
    		29 | resource "aws_db_instance" "example" {
    		30 |   identifier_prefix   = "terraform-up-and-running"
    		31 |   engine              = "mysql"
    		32 |   allocated_storage   = 10
    		33 |   instance_class      = "db.t2.micro"
    		34 |   skip_final_snapshot = true
    		35 | 
    		36 |   db_name             = var.db_name
    		37 | 
    		38 |   username = var.db_username
    		39 |   password = var.db_password
    		40 | }
    
    Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/data-stores/mysql/main.tf:29-40
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
    
    		29 | resource "aws_db_instance" "example" {
    		30 |   identifier_prefix   = "terraform-up-and-running"
    		31 |   engine              = "mysql"
    		32 |   allocated_storage   = 10
    		33 |   instance_class      = "db.t2.micro"
    		34 |   skip_final_snapshot = true
    		35 | 
    		36 |   db_name             = var.db_name
    		37 | 
    		38 |   username = var.db_username
    		39 |   password = var.db_password
    		40 | }
    
    Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/data-stores/mysql/main.tf:29-40
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
    
    		29 | resource "aws_db_instance" "example" {
    		30 |   identifier_prefix   = "terraform-up-and-running"
    		31 |   engine              = "mysql"
    		32 |   allocated_storage   = 10
    		33 |   instance_class      = "db.t2.micro"
    		34 |   skip_final_snapshot = true
    		35 | 
    		36 |   db_name             = var.db_name
    		37 | 
    		38 |   username = var.db_username
    		39 |   password = var.db_password
    		40 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_launch_configuration.example
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/services/webserver-cluster/main.tf:16-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		16 | resource "aws_launch_configuration" "example" {
    		17 |   image_id        = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type   = "t2.micro"
    		19 |   security_groups = [aws_security_group.instance.id]
    		20 | 
    		21 |   # Render the User Data script as a template
    		22 |   user_data = templatefile("user-data.sh", {
    		23 |     server_port = var.server_port
    		24 |     db_address  = data.terraform_remote_state.db.outputs.address
    		25 |     db_port     = data.terraform_remote_state.db.outputs.port
    		26 |   })
    		27 | 
    		28 |   # Required when using a launch configuration with an auto scaling group.
    		29 |   lifecycle {
    		30 |     create_before_destroy = true
    		31 |   }
    		32 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_launch_configuration.example
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/services/webserver-cluster/main.tf:16-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		16 | resource "aws_launch_configuration" "example" {
    		17 |   image_id        = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type   = "t2.micro"
    		19 |   security_groups = [aws_security_group.instance.id]
    		20 | 
    		21 |   # Render the User Data script as a template
    		22 |   user_data = templatefile("user-data.sh", {
    		23 |     server_port = var.server_port
    		24 |     db_address  = data.terraform_remote_state.db.outputs.address
    		25 |     db_port     = data.terraform_remote_state.db.outputs.port
    		26 |   })
    		27 | 
    		28 |   # Required when using a launch configuration with an auto scaling group.
    		29 |   lifecycle {
    		30 |     create_before_destroy = true
    		31 |   }
    		32 | }
    
    Check: CKV_AWS_315: "Ensure EC2 Auto Scaling groups use EC2 launch templates"
    	FAILED for resource: aws_autoscaling_group.example
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/services/webserver-cluster/main.tf:34-49
    
    		34 | resource "aws_autoscaling_group" "example" {
    		35 |   launch_configuration = aws_launch_configuration.example.name
    		36 |   vpc_zone_identifier  = data.aws_subnets.default.ids
    		37 | 
    		38 |   target_group_arns = [aws_lb_target_group.asg.arn]
    		39 |   health_check_type = "ELB"
    		40 | 
    		41 |   min_size = 2
    		42 |   max_size = 10
    		43 | 
    		44 |   tag {
    		45 |     key                 = "Name"
    		46 |     value               = "terraform-asg-example"
    		47 |     propagate_at_launch = true
    		48 |   }
    		49 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: aws_security_group.instance
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/services/webserver-cluster/main.tf:51-60
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		51 | resource "aws_security_group" "instance" {
    		52 |   name = var.instance_security_group_name
    		53 | 
    		54 |   ingress {
    		55 |     from_port   = var.server_port
    		56 |     to_port     = var.server_port
    		57 |     protocol    = "tcp"
    		58 |     cidr_blocks = ["0.0.0.0/0"]
    		59 |   }
    		60 | }
    
    Check: CKV_AWS_131: "Ensure that ALB drops HTTP headers"
    	FAILED for resource: aws_lb.example
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/services/webserver-cluster/main.tf:62-67
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-drops-http-headers.html
    
    		62 | resource "aws_lb" "example" {
    		63 |   name               = var.alb_name
    		64 |   load_balancer_type = "application"
    		65 |   subnets            = data.aws_subnets.default.ids
    		66 |   security_groups    = [aws_security_group.alb.id]
    		67 | }
    
    Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
    	FAILED for resource: aws_lb.example
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/services/webserver-cluster/main.tf:62-67
    	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62
    
    		62 | resource "aws_lb" "example" {
    		63 |   name               = var.alb_name
    		64 |   load_balancer_type = "application"
    		65 |   subnets            = data.aws_subnets.default.ids
    		66 |   security_groups    = [aws_security_group.alb.id]
    		67 | }
    
    Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
    	FAILED for resource: aws_lb.example
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/services/webserver-cluster/main.tf:62-67
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-22.html
    
    		62 | resource "aws_lb" "example" {
    		63 |   name               = var.alb_name
    		64 |   load_balancer_type = "application"
    		65 |   subnets            = data.aws_subnets.default.ids
    		66 |   security_groups    = [aws_security_group.alb.id]
    		67 | }
    
    Check: CKV_AWS_2: "Ensure ALB protocol is HTTPS"
    	FAILED for resource: aws_lb_listener.http
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/services/webserver-cluster/main.tf:69-84
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-29.html
    
    		69 | resource "aws_lb_listener" "http" {
    		70 |   load_balancer_arn = aws_lb.example.arn
    		71 |   port              = 80
    		72 |   protocol          = "HTTP"
    		73 | 
    		74 |   # By default, return a simple 404 page
    		75 |   default_action {
    		76 |     type = "fixed-response"
    		77 | 
    		78 |     fixed_response {
    		79 |       content_type = "text/plain"
    		80 |       message_body = "404: page not found"
    		81 |       status_code  = 404
    		82 |     }
    		83 |   }
    		84 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: aws_security_group.alb
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/services/webserver-cluster/main.tf:119-137
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		119 | resource "aws_security_group" "alb" {
    		120 |   name = var.alb_security_group_name
    		121 | 
    		122 |   # Allow inbound HTTP requests
    		123 |   ingress {
    		124 |     from_port   = 80
    		125 |     to_port     = 80
    		126 |     protocol    = "tcp"
    		127 |     cidr_blocks = ["0.0.0.0/0"]
    		128 |   }
    		129 | 
    		130 |   # Allow all outbound requests
    		131 |   egress {
    		132 |     from_port   = 0
    		133 |     to_port     = 0
    		134 |     protocol    = "-1"
    		135 |     cidr_blocks = ["0.0.0.0/0"]
    		136 |   }
    		137 | }
    
    Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
    	FAILED for resource: aws_security_group.alb
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/services/webserver-cluster/main.tf:119-137
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
    
    		119 | resource "aws_security_group" "alb" {
    		120 |   name = var.alb_security_group_name
    		121 | 
    		122 |   # Allow inbound HTTP requests
    		123 |   ingress {
    		124 |     from_port   = 80
    		125 |     to_port     = 80
    		126 |     protocol    = "tcp"
    		127 |     cidr_blocks = ["0.0.0.0/0"]
    		128 |   }
    		129 | 
    		130 |   # Allow all outbound requests
    		131 |   egress {
    		132 |     from_port   = 0
    		133 |     to_port     = 0
    		134 |     protocol    = "-1"
    		135 |     cidr_blocks = ["0.0.0.0/0"]
    		136 |   }
    		137 | }
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/03-terraform-state/workspaces-example/one-instance/main.tf:29-34
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		29 | resource "aws_instance" "example" {
    		30 |   ami           = "ami-0fb653ca2d3203ac1"
    		31 | 
    		32 |   instance_type = terraform.workspace == "default" ? "t2.medium" : "t2.micro"
    		33 | 
    		34 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/03-terraform-state/workspaces-example/one-instance/main.tf:29-34
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		29 | resource "aws_instance" "example" {
    		30 |   ami           = "ami-0fb653ca2d3203ac1"
    		31 | 
    		32 |   instance_type = terraform.workspace == "default" ? "t2.medium" : "t2.micro"
    		33 | 
    		34 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/03-terraform-state/workspaces-example/one-instance/main.tf:29-34
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		29 | resource "aws_instance" "example" {
    		30 |   ami           = "ami-0fb653ca2d3203ac1"
    		31 | 
    		32 |   instance_type = terraform.workspace == "default" ? "t2.medium" : "t2.micro"
    		33 | 
    		34 | }
    
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/03-terraform-state/workspaces-example/one-instance/main.tf:29-34
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		29 | resource "aws_instance" "example" {
    		30 |   ami           = "ami-0fb653ca2d3203ac1"
    		31 | 
    		32 |   instance_type = terraform.workspace == "default" ? "t2.medium" : "t2.micro"
    		33 | 
    		34 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: module.webserver_cluster.aws_launch_configuration.example
    	File: /code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster/main.tf:12-27
    	Calling File: /code/terraform/04-terraform-module/module-example/stage/services/webserver-cluster/main.tf:16-28
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		12 | resource "aws_launch_configuration" "example" {
    		13 |   image_id        = "ami-0fb653ca2d3203ac1"
    		14 |   instance_type   = var.instance_type
    		15 |   security_groups = [aws_security_group.instance.id]
    		16 | 
    		17 |   user_data = templatefile("${path.module}/user-data.sh", {
    		18 |     server_port = var.server_port
    		19 |     db_address  = data.terraform_remote_state.db.outputs.address
    		20 |     db_port     = data.terraform_remote_state.db.outputs.port
    		21 |   })
    		22 | 
    		23 |   # Required when using a launch configuration with an auto scaling group.
    		24 |   lifecycle {
    		25 |     create_before_destroy = true
    		26 |   }
    		27 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: module.webserver_cluster.aws_launch_configuration.example
    	File: /code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster/main.tf:12-27
    	Calling File: /code/terraform/04-terraform-module/module-example/stage/services/webserver-cluster/main.tf:16-28
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		12 | resource "aws_launch_configuration" "example" {
    		13 |   image_id        = "ami-0fb653ca2d3203ac1"
    		14 |   instance_type   = var.instance_type
    		15 |   security_groups = [aws_security_group.instance.id]
    		16 | 
    		17 |   user_data = templatefile("${path.module}/user-data.sh", {
    		18 |     server_port = var.server_port
    		19 |     db_address  = data.terraform_remote_state.db.outputs.address
    		20 |     db_port     = data.terraform_remote_state.db.outputs.port
    		21 |   })
    		22 | 
    		23 |   # Required when using a launch configuration with an auto scaling group.
    		24 |   lifecycle {
    		25 |     create_before_destroy = true
    		26 |   }
    		27 | }
    
    Check: CKV_AWS_315: "Ensure EC2 Auto Scaling groups use EC2 launch templates"
    	FAILED for resource: module.webserver_cluster.aws_autoscaling_group.example
    	File: /code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster/main.tf:29-43
    	Calling File: /code/terraform/04-terraform-module/module-example/stage/services/webserver-cluster/main.tf:16-28
    
    		29 | resource "aws_autoscaling_group" "example" {
    		30 |   launch_configuration = aws_launch_configuration.example.name
    		31 |   vpc_zone_identifier  = data.aws_subnets.default.ids
    		32 |   target_group_arns    = [aws_lb_target_group.asg.arn]
    		33 |   health_check_type    = "ELB"
    		34 | 
    		35 |   min_size = var.min_size
    		36 |   max_size = var.max_size
    		37 | 
    		38 |   tag {
    		39 |     key                 = "Name"
    		40 |     value               = var.cluster_name
    		41 |     propagate_at_launch = true
    		42 |   }
    		43 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group.instance
    	File: /code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster/main.tf:45-47
    	Calling File: /code/terraform/04-terraform-module/module-example/stage/services/webserver-cluster/main.tf:16-28
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		45 | resource "aws_security_group" "instance" {
    		46 |   name = "${var.cluster_name}-instance"
    		47 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group_rule.allow_server_http_inbound
    	File: /code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster/main.tf:49-57
    	Calling File: /code/terraform/04-terraform-module/module-example/stage/services/webserver-cluster/main.tf:16-28
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		49 | resource "aws_security_group_rule" "allow_server_http_inbound" {
    		50 |   type              = "ingress"
    		51 |   security_group_id = aws_security_group.instance.id
    		52 | 
    		53 |   from_port   = var.server_port
    		54 |   to_port     = var.server_port
    		55 |   protocol    = local.tcp_protocol
    		56 |   cidr_blocks = local.all_ips
    		57 | }
    
    Check: CKV_AWS_131: "Ensure that ALB drops HTTP headers"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster/main.tf:59-64
    	Calling File: /code/terraform/04-terraform-module/module-example/stage/services/webserver-cluster/main.tf:16-28
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-drops-http-headers.html
    
    		59 | resource "aws_lb" "example" {
    		60 |   name               = var.cluster_name
    		61 |   load_balancer_type = "application"
    		62 |   subnets            = data.aws_subnets.default.ids
    		63 |   security_groups    = [aws_security_group.alb.id]
    		64 | }
    
    Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster/main.tf:59-64
    	Calling File: /code/terraform/04-terraform-module/module-example/stage/services/webserver-cluster/main.tf:16-28
    	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62
    
    		59 | resource "aws_lb" "example" {
    		60 |   name               = var.cluster_name
    		61 |   load_balancer_type = "application"
    		62 |   subnets            = data.aws_subnets.default.ids
    		63 |   security_groups    = [aws_security_group.alb.id]
    		64 | }
    
    Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster/main.tf:59-64
    	Calling File: /code/terraform/04-terraform-module/module-example/stage/services/webserver-cluster/main.tf:16-28
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-22.html
    
    		59 | resource "aws_lb" "example" {
    		60 |   name               = var.cluster_name
    		61 |   load_balancer_type = "application"
    		62 |   subnets            = data.aws_subnets.default.ids
    		63 |   security_groups    = [aws_security_group.alb.id]
    		64 | }
    
    Check: CKV_AWS_2: "Ensure ALB protocol is HTTPS"
    	FAILED for resource: module.webserver_cluster.aws_lb_listener.http
    	File: /code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster/main.tf:66-83
    	Calling File: /code/terraform/04-terraform-module/module-example/stage/services/webserver-cluster/main.tf:16-28
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-29.html
    
    		66 | resource "aws_lb_listener" "http" {
    		67 |   load_balancer_arn = aws_lb.example.arn
    		68 | 
    		69 |   port              = local.http_port
    		70 | 
    		71 |   protocol          = "HTTP"
    		72 | 
    		73 |   # By default, return a simple 404 page
    		74 |   default_action {
    		75 |     type = "fixed-response"
    		76 | 
    		77 |     fixed_response {
    		78 |       content_type = "text/plain"
    		79 |       message_body = "404: page not found"
    		80 |       status_code  = 404
    		81 |     }
    		82 |   }
    		83 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group.alb
    	File: /code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster/main.tf:118-120
    	Calling File: /code/terraform/04-terraform-module/module-example/stage/services/webserver-cluster/main.tf:16-28
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		118 | resource "aws_security_group" "alb" {
    		119 |   name = "${var.cluster_name}-alb"
    		120 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group_rule.allow_http_inbound
    	File: /code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster/main.tf:122-130
    	Calling File: /code/terraform/04-terraform-module/module-example/stage/services/webserver-cluster/main.tf:16-28
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		122 | resource "aws_security_group_rule" "allow_http_inbound" {
    		123 |   type              = "ingress"
    		124 |   security_group_id = aws_security_group.alb.id
    		125 | 
    		126 |   from_port   = local.http_port
    		127 |   to_port     = local.http_port
    		128 |   protocol    = local.tcp_protocol
    		129 |   cidr_blocks = local.all_ips
    		130 | }
    
    Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
    	FAILED for resource: module.webserver_cluster.aws_security_group_rule.allow_http_inbound
    	File: /code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster/main.tf:122-130
    	Calling File: /code/terraform/04-terraform-module/module-example/stage/services/webserver-cluster/main.tf:16-28
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
    
    		122 | resource "aws_security_group_rule" "allow_http_inbound" {
    		123 |   type              = "ingress"
    		124 |   security_group_id = aws_security_group.alb.id
    		125 | 
    		126 |   from_port   = local.http_port
    		127 |   to_port     = local.http_port
    		128 |   protocol    = local.tcp_protocol
    		129 |   cidr_blocks = local.all_ips
    		130 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group_rule.allow_all_outbound
    	File: /code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster/main.tf:132-140
    	Calling File: /code/terraform/04-terraform-module/module-example/stage/services/webserver-cluster/main.tf:16-28
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		132 | resource "aws_security_group_rule" "allow_all_outbound" {
    		133 |   type              = "egress"
    		134 |   security_group_id = aws_security_group.alb.id
    		135 | 
    		136 |   from_port   = local.any_port
    		137 |   to_port     = local.any_port
    		138 |   protocol    = local.any_protocol
    		139 |   cidr_blocks = local.all_ips
    		140 | }
    
    Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/prod/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_161: "Ensure RDS database has IAM authentication enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-database-has-iam-authentication-enabled.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/prod/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/prod/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/stage/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_161: "Ensure RDS database has IAM authentication enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-database-has-iam-authentication-enabled.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/stage/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/stage/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: aws_security_group_rule.allow_testing_inbound
    	File: /code/terraform/04-terraform-module/module-example/stage/services/webserver-cluster/main.tf:30-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		30 | resource "aws_security_group_rule" "allow_testing_inbound" {
    		31 |   type              = "ingress"
    		32 |   security_group_id = module.webserver_cluster.alb_security_group_id
    		33 | 
    		34 |   from_port   = 12345
    		35 |   to_port     = 12345
    		36 |   protocol    = "tcp"
    		37 |   cidr_blocks = ["0.0.0.0/0"]
    		38 | }
    
    Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/prod/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_161: "Ensure RDS database has IAM authentication enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-database-has-iam-authentication-enabled.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/prod/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/prod/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/stage/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_161: "Ensure RDS database has IAM authentication enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-database-has-iam-authentication-enabled.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/stage/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/stage/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: aws_security_group_rule.allow_testing_inbound
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/stage/services/webserver-cluster/main.tf:31-39
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		31 | resource "aws_security_group_rule" "allow_testing_inbound" {
    		32 |   type              = "ingress"
    		33 |   security_group_id = module.webserver_cluster.alb_security_group_id
    		34 | 
    		35 |   from_port   = 12345
    		36 |   to_port     = 12345
    		37 |   protocol    = "tcp"
    		38 |   cidr_blocks = ["0.0.0.0/0"]
    		39 | }
    
    Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
    	FAILED for resource: aws_iam_user.existing_user
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/existing-iam-user/main.tf:16-19
    
    		16 | resource "aws_iam_user" "existing_user" {
    		17 |   # Make sure to update this to your own user name!
    		18 |   name = "yevgeniy.brikman"
    		19 | }
    
    Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
    	FAILED for resource: aws_iam_user.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/one-iam-user/main.tf:16-20
    
    		16 | resource "aws_iam_user" "example" {
    		17 | 
    		18 |   name = var.user_name
    		19 | 
    		20 | }
    
    Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
    	FAILED for resource: aws_iam_user.example["morpheus"]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-for-each/main.tf:16-19
    
    		16 | resource "aws_iam_user" "example" {
    		17 |   for_each = toset(var.user_names)
    		18 |   name     = each.value
    		19 | }
    
    Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
    	FAILED for resource: aws_iam_user.example["trinity"]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-for-each/main.tf:16-19
    
    		16 | resource "aws_iam_user" "example" {
    		17 |   for_each = toset(var.user_names)
    		18 |   name     = each.value
    		19 | }
    
    Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
    	FAILED for resource: aws_iam_user.example["neo"]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-for-each/main.tf:16-19
    
    		16 | resource "aws_iam_user" "example" {
    		17 |   for_each = toset(var.user_names)
    		18 |   name     = each.value
    		19 | }
    
    Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
    	FAILED for resource: aws_iam_user.example[0]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-increment-name/main.tf:16-20
    
    		16 | resource "aws_iam_user" "example" {
    		17 |   count = 3
    		18 | 
    		19 |   name  = "${var.user_name_prefix}.${count.index}"
    		20 | }
    
    Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
    	FAILED for resource: aws_iam_user.example[1]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-increment-name/main.tf:16-20
    
    		16 | resource "aws_iam_user" "example" {
    		17 |   count = 3
    		18 | 
    		19 |   name  = "${var.user_name_prefix}.${count.index}"
    		20 | }
    
    Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
    	FAILED for resource: aws_iam_user.example[2]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-increment-name/main.tf:16-20
    
    		16 | resource "aws_iam_user" "example" {
    		17 |   count = 3
    		18 | 
    		19 |   name  = "${var.user_name_prefix}.${count.index}"
    		20 | }
    
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: aws_iam_policy_document.cloudwatch_read_only
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-unique-names/main.tf:28-38
    
    		28 | data "aws_iam_policy_document" "cloudwatch_read_only" {
    		29 |   statement {
    		30 |     effect    = "Allow"
    		31 |     actions   = [
    		32 |       "cloudwatch:Describe*",
    		33 |       "cloudwatch:Get*",
    		34 |       "cloudwatch:List*"
    		35 |     ]
    		36 |     resources = ["*"]
    		37 |   }
    		38 | }
    
    Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
    	FAILED for resource: aws_iam_policy_document.cloudwatch_full_access
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-unique-names/main.tf:47-53
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html
    
    		47 | data "aws_iam_policy_document" "cloudwatch_full_access" {
    		48 |   statement {
    		49 |     effect    = "Allow"
    		50 |     actions   = ["cloudwatch:*"]
    		51 |     resources = ["*"]
    		52 |   }
    		53 | }
    
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: aws_iam_policy_document.cloudwatch_full_access
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-unique-names/main.tf:47-53
    
    		47 | data "aws_iam_policy_document" "cloudwatch_full_access" {
    		48 |   statement {
    		49 |     effect    = "Allow"
    		50 |     actions   = ["cloudwatch:*"]
    		51 |     resources = ["*"]
    		52 |   }
    		53 | }
    
    Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
    	FAILED for resource: aws_iam_user.example[0]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-unique-names/main.tf:16-19
    
    		16 | resource "aws_iam_user" "example" {
    		17 |   count = length(var.user_names)
    		18 |   name  = var.user_names[count.index]
    		19 | }
    
    Check: CKV_AWS_40: "Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)"
    	FAILED for resource: aws_iam_user_policy_attachment.neo_cloudwatch_full_access
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-unique-names/main.tf:55-60
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/iam-16-iam-policy-privileges-1.html
    
    		55 | resource "aws_iam_user_policy_attachment" "neo_cloudwatch_full_access" {
    		56 |   count = var.give_neo_cloudwatch_full_access ? 1 : 0
    		57 | 
    		58 |   user       = aws_iam_user.example[0].name
    		59 |   policy_arn = aws_iam_policy.cloudwatch_full_access.arn
    		60 | }
    
    Check: CKV_AWS_40: "Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)"
    	FAILED for resource: aws_iam_user_policy_attachment.neo_cloudwatch_read_only
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-unique-names/main.tf:62-67
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/iam-16-iam-policy-privileges-1.html
    
    		62 | resource "aws_iam_user_policy_attachment" "neo_cloudwatch_read_only" {
    		63 |   count = var.give_neo_cloudwatch_full_access ? 0 : 1
    		64 | 
    		65 |   user       = aws_iam_user.example[0].name
    		66 |   policy_arn = aws_iam_policy.cloudwatch_read_only.arn
    		67 | }
    
    Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
    	FAILED for resource: aws_iam_user.example[1]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-unique-names/main.tf:16-19
    
    		16 | resource "aws_iam_user" "example" {
    		17 |   count = length(var.user_names)
    		18 |   name  = var.user_names[count.index]
    		19 | }
    
    Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
    	FAILED for resource: aws_iam_user.example[2]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-unique-names/main.tf:16-19
    
    		16 | resource "aws_iam_user" "example" {
    		17 |   count = length(var.user_names)
    		18 |   name  = var.user_names[count.index]
    		19 | }
    
    Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/prod/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_161: "Ensure RDS database has IAM authentication enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-database-has-iam-authentication-enabled.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/prod/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/prod/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_161: "Ensure RDS database has IAM authentication enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-database-has-iam-authentication-enabled.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.example_1[0]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:16-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		16 | resource "aws_instance" "example_1" {
    		17 |   count         = 3
    		18 |   ami           = "ami-0fb653ca2d3203ac1"
    		19 |   instance_type = "t2.micro"
    		20 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.example_1[0]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:16-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		16 | resource "aws_instance" "example_1" {
    		17 |   count         = 3
    		18 |   ami           = "ami-0fb653ca2d3203ac1"
    		19 |   instance_type = "t2.micro"
    		20 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.example_1[0]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:16-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		16 | resource "aws_instance" "example_1" {
    		17 |   count         = 3
    		18 |   ami           = "ami-0fb653ca2d3203ac1"
    		19 |   instance_type = "t2.micro"
    		20 | }
    
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.example_1[0]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:16-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		16 | resource "aws_instance" "example_1" {
    		17 |   count         = 3
    		18 |   ami           = "ami-0fb653ca2d3203ac1"
    		19 |   instance_type = "t2.micro"
    		20 | }
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.example_2
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:22-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		22 | resource "aws_instance" "example_2" {
    		23 |   count             = length(data.aws_availability_zones.all.names)
    		24 |   availability_zone = data.aws_availability_zones.all.names[count.index]
    		25 |   ami               = "ami-0fb653ca2d3203ac1"
    		26 |   instance_type     = "t2.micro"
    		27 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.example_2
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:22-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		22 | resource "aws_instance" "example_2" {
    		23 |   count             = length(data.aws_availability_zones.all.names)
    		24 |   availability_zone = data.aws_availability_zones.all.names[count.index]
    		25 |   ami               = "ami-0fb653ca2d3203ac1"
    		26 |   instance_type     = "t2.micro"
    		27 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.example_2
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:22-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		22 | resource "aws_instance" "example_2" {
    		23 |   count             = length(data.aws_availability_zones.all.names)
    		24 |   availability_zone = data.aws_availability_zones.all.names[count.index]
    		25 |   ami               = "ami-0fb653ca2d3203ac1"
    		26 |   instance_type     = "t2.micro"
    		27 | }
    
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.example_2
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:22-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		22 | resource "aws_instance" "example_2" {
    		23 |   count             = length(data.aws_availability_zones.all.names)
    		24 |   availability_zone = data.aws_availability_zones.all.names[count.index]
    		25 |   ami               = "ami-0fb653ca2d3203ac1"
    		26 |   instance_type     = "t2.micro"
    		27 | }
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.example_1[1]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:16-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		16 | resource "aws_instance" "example_1" {
    		17 |   count         = 3
    		18 |   ami           = "ami-0fb653ca2d3203ac1"
    		19 |   instance_type = "t2.micro"
    		20 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.example_1[1]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:16-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		16 | resource "aws_instance" "example_1" {
    		17 |   count         = 3
    		18 |   ami           = "ami-0fb653ca2d3203ac1"
    		19 |   instance_type = "t2.micro"
    		20 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.example_1[1]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:16-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		16 | resource "aws_instance" "example_1" {
    		17 |   count         = 3
    		18 |   ami           = "ami-0fb653ca2d3203ac1"
    		19 |   instance_type = "t2.micro"
    		20 | }
    
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.example_1[1]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:16-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		16 | resource "aws_instance" "example_1" {
    		17 |   count         = 3
    		18 |   ami           = "ami-0fb653ca2d3203ac1"
    		19 |   instance_type = "t2.micro"
    		20 | }
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.example_1[2]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:16-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		16 | resource "aws_instance" "example_1" {
    		17 |   count         = 3
    		18 |   ami           = "ami-0fb653ca2d3203ac1"
    		19 |   instance_type = "t2.micro"
    		20 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.example_1[2]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:16-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		16 | resource "aws_instance" "example_1" {
    		17 |   count         = 3
    		18 |   ami           = "ami-0fb653ca2d3203ac1"
    		19 |   instance_type = "t2.micro"
    		20 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.example_1[2]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:16-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		16 | resource "aws_instance" "example_1" {
    		17 |   count         = 3
    		18 |   ami           = "ami-0fb653ca2d3203ac1"
    		19 |   instance_type = "t2.micro"
    		20 | }
    
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.example_1[2]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:16-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		16 | resource "aws_instance" "example_1" {
    		17 |   count         = 3
    		18 |   ami           = "ami-0fb653ca2d3203ac1"
    		19 |   instance_type = "t2.micro"
    		20 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: aws_security_group_rule.allow_testing_inbound
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/webserver-cluster/main.tf:29-37
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		29 | resource "aws_security_group_rule" "allow_testing_inbound" {
    		30 |   type              = "ingress"
    		31 |   security_group_id = module.webserver_cluster.alb_security_group_id
    		32 | 
    		33 |   from_port   = 12345
    		34 |   to_port     = 12345
    		35 |   protocol    = "tcp"
    		36 |   cidr_blocks = ["0.0.0.0/0"]
    		37 | }
    
    Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
    	FAILED for resource: module.users["morpheus"].aws_iam_user.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/landing-zone/iam-user/main.tf:12-14
    	Calling File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-module-for-each/main.tf:16-21
    
    		12 | resource "aws_iam_user" "example" {
    		13 |   name = var.user_name
    		14 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: module.webserver_cluster.aws_launch_configuration.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/services/webserver-cluster/main.tf:12-26
    	Calling File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/webserver-cluster/main.tf:16-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		12 | resource "aws_launch_configuration" "example" {
    		13 |   image_id        = "ami-0fb653ca2d3203ac1"
    		14 |   instance_type   = var.instance_type
    		15 |   security_groups = [aws_security_group.instance.id]
    		16 |   user_data       = templatefile("${path.module}/user-data.sh", {
    		17 |     server_port = var.server_port
    		18 |     db_address  = data.terraform_remote_state.db.outputs.address
    		19 |     db_port     = data.terraform_remote_state.db.outputs.port
    		20 |   })
    		21 | 
    		22 |   # Required when using a launch configuration with an auto scaling group.
    		23 |   lifecycle {
    		24 |     create_before_destroy = true
    		25 |   }
    		26 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: module.webserver_cluster.aws_launch_configuration.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/services/webserver-cluster/main.tf:12-26
    	Calling File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/webserver-cluster/main.tf:16-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		12 | resource "aws_launch_configuration" "example" {
    		13 |   image_id        = "ami-0fb653ca2d3203ac1"
    		14 |   instance_type   = var.instance_type
    		15 |   security_groups = [aws_security_group.instance.id]
    		16 |   user_data       = templatefile("${path.module}/user-data.sh", {
    		17 |     server_port = var.server_port
    		18 |     db_address  = data.terraform_remote_state.db.outputs.address
    		19 |     db_port     = data.terraform_remote_state.db.outputs.port
    		20 |   })
    		21 | 
    		22 |   # Required when using a launch configuration with an auto scaling group.
    		23 |   lifecycle {
    		24 |     create_before_destroy = true
    		25 |   }
    		26 | }
    
    Check: CKV_AWS_315: "Ensure EC2 Auto Scaling groups use EC2 launch templates"
    	FAILED for resource: module.webserver_cluster.aws_autoscaling_group.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/services/webserver-cluster/main.tf:28-57
    	Calling File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/webserver-cluster/main.tf:16-27
    
    		28 | resource "aws_autoscaling_group" "example" {
    		29 |   launch_configuration = aws_launch_configuration.example.name
    		30 |   vpc_zone_identifier  = data.aws_subnets.default.ids
    		31 |   target_group_arns    = [aws_lb_target_group.asg.arn]
    		32 |   health_check_type    = "ELB"
    		33 | 
    		34 |   min_size = var.min_size
    		35 |   max_size = var.max_size
    		36 | 
    		37 |   tag {
    		38 |     key                 = "Name"
    		39 |     value               = var.cluster_name
    		40 |     propagate_at_launch = true
    		41 |   }
    		42 | 
    		43 |   dynamic "tag" {
    		44 |     for_each = {
    		45 |       for key, value in var.custom_tags:
    		46 |       key => upper(value)
    		47 |       if key != "Name"
    		48 |     }
    		49 | 
    		50 |     content {
    		51 |       key                 = tag.key
    		52 |       value               = tag.value
    		53 |       propagate_at_launch = true
    		54 |     }
    		55 |   }
    		56 | 
    		57 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group.instance
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/services/webserver-cluster/main.tf:81-83
    	Calling File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/webserver-cluster/main.tf:16-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		81 | resource "aws_security_group" "instance" {
    		82 |   name = "${var.cluster_name}-instance"
    		83 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group_rule.allow_server_http_inbound
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/services/webserver-cluster/main.tf:85-93
    	Calling File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/webserver-cluster/main.tf:16-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		85 | resource "aws_security_group_rule" "allow_server_http_inbound" {
    		86 |   type              = "ingress"
    		87 |   security_group_id = aws_security_group.instance.id
    		88 | 
    		89 |   from_port   = var.server_port
    		90 |   to_port     = var.server_port
    		91 |   protocol    = local.tcp_protocol
    		92 |   cidr_blocks = local.all_ips
    		93 | }
    
    Check: CKV_AWS_131: "Ensure that ALB drops HTTP headers"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/services/webserver-cluster/main.tf:106-111
    	Calling File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/webserver-cluster/main.tf:16-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-drops-http-headers.html
    
    		106 | resource "aws_lb" "example" {
    		107 |   name               = var.cluster_name
    		108 |   load_balancer_type = "application"
    		109 |   subnets            = data.aws_subnets.default.ids
    		110 |   security_groups    = [aws_security_group.alb.id]
    		111 | }
    
    Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/services/webserver-cluster/main.tf:106-111
    	Calling File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/webserver-cluster/main.tf:16-27
    	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62
    
    		106 | resource "aws_lb" "example" {
    		107 |   name               = var.cluster_name
    		108 |   load_balancer_type = "application"
    		109 |   subnets            = data.aws_subnets.default.ids
    		110 |   security_groups    = [aws_security_group.alb.id]
    		111 | }
    
    Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/services/webserver-cluster/main.tf:106-111
    	Calling File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/webserver-cluster/main.tf:16-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-22.html
    
    		106 | resource "aws_lb" "example" {
    		107 |   name               = var.cluster_name
    		108 |   load_balancer_type = "application"
    		109 |   subnets            = data.aws_subnets.default.ids
    		110 |   security_groups    = [aws_security_group.alb.id]
    		111 | }
    
    Check: CKV_AWS_2: "Ensure ALB protocol is HTTPS"
    	FAILED for resource: module.webserver_cluster.aws_lb_listener.http
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/services/webserver-cluster/main.tf:113-128
    	Calling File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/webserver-cluster/main.tf:16-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-29.html
    
    		113 | resource "aws_lb_listener" "http" {
    		114 |   load_balancer_arn = aws_lb.example.arn
    		115 |   port              = local.http_port
    		116 |   protocol          = "HTTP"
    		117 | 
    		118 |   # By default, return a simple 404 page
    		119 |   default_action {
    		120 |     type = "fixed-response"
    		121 | 
    		122 |     fixed_response {
    		123 |       content_type = "text/plain"
    		124 |       message_body = "404: page not found"
    		125 |       status_code  = 404
    		126 |     }
    		127 |   }
    		128 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group.alb
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/services/webserver-cluster/main.tf:163-165
    	Calling File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/webserver-cluster/main.tf:16-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		163 | resource "aws_security_group" "alb" {
    		164 |   name = "${var.cluster_name}-alb"
    		165 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group_rule.allow_http_inbound
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/services/webserver-cluster/main.tf:167-175
    	Calling File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/webserver-cluster/main.tf:16-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		167 | resource "aws_security_group_rule" "allow_http_inbound" {
    		168 |   type              = "ingress"
    		169 |   security_group_id = aws_security_group.alb.id
    		170 | 
    		171 |   from_port   = local.http_port
    		172 |   to_port     = local.http_port
    		173 |   protocol    = local.tcp_protocol
    		174 |   cidr_blocks = local.all_ips
    		175 | }
    
    Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
    	FAILED for resource: module.webserver_cluster.aws_security_group_rule.allow_http_inbound
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/services/webserver-cluster/main.tf:167-175
    	Calling File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/webserver-cluster/main.tf:16-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
    
    		167 | resource "aws_security_group_rule" "allow_http_inbound" {
    		168 |   type              = "ingress"
    		169 |   security_group_id = aws_security_group.alb.id
    		170 | 
    		171 |   from_port   = local.http_port
    		172 |   to_port     = local.http_port
    		173 |   protocol    = local.tcp_protocol
    		174 |   cidr_blocks = local.all_ips
    		175 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group_rule.allow_all_outbound
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/services/webserver-cluster/main.tf:177-185
    	Calling File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/webserver-cluster/main.tf:16-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		177 | resource "aws_security_group_rule" "allow_all_outbound" {
    		178 |   type              = "egress"
    		179 |   security_group_id = aws_security_group.alb.id
    		180 | 
    		181 |   from_port   = local.any_port
    		182 |   to_port     = local.any_port
    		183 |   protocol    = local.any_protocol
    		184 |   cidr_blocks = local.all_ips
    		185 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: aws_security_group.cluster_instance
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/global/moved-example/main.tf:21-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		21 | resource "aws_security_group" "cluster_instance" {
    		22 |   name = var.security_group_name
    		23 | }
    
    Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/prod/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_161: "Ensure RDS database has IAM authentication enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-database-has-iam-authentication-enabled.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/prod/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/prod/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/prod/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_161: "Ensure RDS database has IAM authentication enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-database-has-iam-authentication-enabled.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/data-stores/mysql/main.tf:27-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: aws_security_group_rule.allow_testing_inbound
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster-instance-refresh/main.tf:33-41
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		33 | resource "aws_security_group_rule" "allow_testing_inbound" {
    		34 |   type              = "ingress"
    		35 |   security_group_id = module.webserver_cluster.alb_security_group_id
    		36 | 
    		37 |   from_port   = 12345
    		38 |   to_port     = 12345
    		39 |   protocol    = "tcp"
    		40 |   cidr_blocks = ["0.0.0.0/0"]
    		41 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: aws_security_group_rule.allow_testing_inbound
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster/main.tf:33-41
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		33 | resource "aws_security_group_rule" "allow_testing_inbound" {
    		34 |   type              = "ingress"
    		35 |   security_group_id = module.webserver_cluster.alb_security_group_id
    		36 | 
    		37 |   from_port   = 12345
    		38 |   to_port     = 12345
    		39 |   protocol    = "tcp"
    		40 |   cidr_blocks = ["0.0.0.0/0"]
    		41 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: module.webserver_cluster.aws_launch_configuration.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster-instance-refresh/main.tf:12-27
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster-instance-refresh/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		12 | resource "aws_launch_configuration" "example" {
    		13 |   image_id        = var.ami
    		14 |   instance_type   = var.instance_type
    		15 |   security_groups = [aws_security_group.instance.id]
    		16 |   user_data       = templatefile("${path.module}/user-data.sh", {
    		17 |     server_port = var.server_port
    		18 |     db_address  = data.terraform_remote_state.db.outputs.address
    		19 |     db_port     = data.terraform_remote_state.db.outputs.port
    		20 |     server_text = var.server_text
    		21 |   })
    		22 | 
    		23 |   # Required when using a launch configuration with an auto scaling group.
    		24 |   lifecycle {
    		25 |     create_before_destroy = true
    		26 |   }
    		27 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: module.webserver_cluster.aws_launch_configuration.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster-instance-refresh/main.tf:12-27
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster-instance-refresh/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		12 | resource "aws_launch_configuration" "example" {
    		13 |   image_id        = var.ami
    		14 |   instance_type   = var.instance_type
    		15 |   security_groups = [aws_security_group.instance.id]
    		16 |   user_data       = templatefile("${path.module}/user-data.sh", {
    		17 |     server_port = var.server_port
    		18 |     db_address  = data.terraform_remote_state.db.outputs.address
    		19 |     db_port     = data.terraform_remote_state.db.outputs.port
    		20 |     server_text = var.server_text
    		21 |   })
    		22 | 
    		23 |   # Required when using a launch configuration with an auto scaling group.
    		24 |   lifecycle {
    		25 |     create_before_destroy = true
    		26 |   }
    		27 | }
    
    Check: CKV_AWS_315: "Ensure EC2 Auto Scaling groups use EC2 launch templates"
    	FAILED for resource: module.webserver_cluster.aws_autoscaling_group.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster-instance-refresh/main.tf:29-66
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster-instance-refresh/main.tf:16-31
    
    		29 | resource "aws_autoscaling_group" "example" {
    		30 |   name                 = var.cluster_name
    		31 |   launch_configuration = aws_launch_configuration.example.name
    		32 |   vpc_zone_identifier  = data.aws_subnets.default.ids
    		33 |   target_group_arns    = [aws_lb_target_group.asg.arn]
    		34 |   health_check_type    = "ELB"
    		35 | 
    		36 |   min_size = var.min_size
    		37 |   max_size = var.max_size
    		38 | 
    		39 |   # Use instance refresh to roll out changes to the ASG
    		40 |   instance_refresh {
    		41 |     strategy = "Rolling"
    		42 |     preferences {
    		43 |       min_healthy_percentage = 50
    		44 |     }
    		45 |   }
    		46 | 
    		47 |   tag {
    		48 |     key                 = "Name"
    		49 |     value               = var.cluster_name
    		50 |     propagate_at_launch = true
    		51 |   }
    		52 | 
    		53 |   dynamic "tag" {
    		54 |     for_each = {
    		55 |       for key, value in var.custom_tags:
    		56 |       key => upper(value)
    		57 |       if key != "Name"
    		58 |     }
    		59 | 
    		60 |     content {
    		61 |       key                 = tag.key
    		62 |       value               = tag.value
    		63 |       propagate_at_launch = true
    		64 |     }
    		65 |   }
    		66 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group.instance
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster-instance-refresh/main.tf:90-92
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster-instance-refresh/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		90 | resource "aws_security_group" "instance" {
    		91 |   name = "${var.cluster_name}-instance"
    		92 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group_rule.allow_server_http_inbound
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster-instance-refresh/main.tf:94-102
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster-instance-refresh/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		94  | resource "aws_security_group_rule" "allow_server_http_inbound" {
    		95  |   type              = "ingress"
    		96  |   security_group_id = aws_security_group.instance.id
    		97  | 
    		98  |   from_port   = var.server_port
    		99  |   to_port     = var.server_port
    		100 |   protocol    = local.tcp_protocol
    		101 |   cidr_blocks = local.all_ips
    		102 | }
    
    Check: CKV_AWS_131: "Ensure that ALB drops HTTP headers"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster-instance-refresh/main.tf:115-120
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster-instance-refresh/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-drops-http-headers.html
    
    		115 | resource "aws_lb" "example" {
    		116 |   name               = var.cluster_name
    		117 |   load_balancer_type = "application"
    		118 |   subnets            = data.aws_subnets.default.ids
    		119 |   security_groups    = [aws_security_group.alb.id]
    		120 | }
    
    Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster-instance-refresh/main.tf:115-120
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster-instance-refresh/main.tf:16-31
    	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62
    
    		115 | resource "aws_lb" "example" {
    		116 |   name               = var.cluster_name
    		117 |   load_balancer_type = "application"
    		118 |   subnets            = data.aws_subnets.default.ids
    		119 |   security_groups    = [aws_security_group.alb.id]
    		120 | }
    
    Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster-instance-refresh/main.tf:115-120
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster-instance-refresh/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-22.html
    
    		115 | resource "aws_lb" "example" {
    		116 |   name               = var.cluster_name
    		117 |   load_balancer_type = "application"
    		118 |   subnets            = data.aws_subnets.default.ids
    		119 |   security_groups    = [aws_security_group.alb.id]
    		120 | }
    
    Check: CKV_AWS_2: "Ensure ALB protocol is HTTPS"
    	FAILED for resource: module.webserver_cluster.aws_lb_listener.http
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster-instance-refresh/main.tf:122-137
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster-instance-refresh/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-29.html
    
    		122 | resource "aws_lb_listener" "http" {
    		123 |   load_balancer_arn = aws_lb.example.arn
    		124 |   port              = local.http_port
    		125 |   protocol          = "HTTP"
    		126 | 
    		127 |   # By default, return a simple 404 page
    		128 |   default_action {
    		129 |     type = "fixed-response"
    		130 | 
    		131 |     fixed_response {
    		132 |       content_type = "text/plain"
    		133 |       message_body = "404: page not found"
    		134 |       status_code  = 404
    		135 |     }
    		136 |   }
    		137 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group.alb
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster-instance-refresh/main.tf:172-174
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster-instance-refresh/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		172 | resource "aws_security_group" "alb" {
    		173 |   name = "${var.cluster_name}-alb"
    		174 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group_rule.allow_http_inbound
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster-instance-refresh/main.tf:176-184
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster-instance-refresh/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		176 | resource "aws_security_group_rule" "allow_http_inbound" {
    		177 |   type              = "ingress"
    		178 |   security_group_id = aws_security_group.alb.id
    		179 | 
    		180 |   from_port   = local.http_port
    		181 |   to_port     = local.http_port
    		182 |   protocol    = local.tcp_protocol
    		183 |   cidr_blocks = local.all_ips
    		184 | }
    
    Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
    	FAILED for resource: module.webserver_cluster.aws_security_group_rule.allow_http_inbound
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster-instance-refresh/main.tf:176-184
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster-instance-refresh/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
    
    		176 | resource "aws_security_group_rule" "allow_http_inbound" {
    		177 |   type              = "ingress"
    		178 |   security_group_id = aws_security_group.alb.id
    		179 | 
    		180 |   from_port   = local.http_port
    		181 |   to_port     = local.http_port
    		182 |   protocol    = local.tcp_protocol
    		183 |   cidr_blocks = local.all_ips
    		184 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group_rule.allow_all_outbound
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster-instance-refresh/main.tf:186-194
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster-instance-refresh/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		186 | resource "aws_security_group_rule" "allow_all_outbound" {
    		187 |   type              = "egress"
    		188 |   security_group_id = aws_security_group.alb.id
    		189 | 
    		190 |   from_port   = local.any_port
    		191 |   to_port     = local.any_port
    		192 |   protocol    = local.any_protocol
    		193 |   cidr_blocks = local.all_ips
    		194 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: module.webserver_cluster.aws_launch_configuration.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster/main.tf:12-28
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		12 | resource "aws_launch_configuration" "example" {
    		13 |   image_id        = var.ami
    		14 |   instance_type   = var.instance_type
    		15 |   security_groups = [aws_security_group.instance.id]
    		16 | 
    		17 |   user_data       = templatefile("${path.module}/user-data.sh", {
    		18 |     server_port = var.server_port
    		19 |     db_address  = data.terraform_remote_state.db.outputs.address
    		20 |     db_port     = data.terraform_remote_state.db.outputs.port
    		21 |     server_text = var.server_text
    		22 |   })
    		23 | 
    		24 |   # Required when using a launch configuration with an auto scaling group.
    		25 |   lifecycle {
    		26 |     create_before_destroy = true
    		27 |   }
    		28 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: module.webserver_cluster.aws_launch_configuration.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster/main.tf:12-28
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		12 | resource "aws_launch_configuration" "example" {
    		13 |   image_id        = var.ami
    		14 |   instance_type   = var.instance_type
    		15 |   security_groups = [aws_security_group.instance.id]
    		16 | 
    		17 |   user_data       = templatefile("${path.module}/user-data.sh", {
    		18 |     server_port = var.server_port
    		19 |     db_address  = data.terraform_remote_state.db.outputs.address
    		20 |     db_port     = data.terraform_remote_state.db.outputs.port
    		21 |     server_text = var.server_text
    		22 |   })
    		23 | 
    		24 |   # Required when using a launch configuration with an auto scaling group.
    		25 |   lifecycle {
    		26 |     create_before_destroy = true
    		27 |   }
    		28 | }
    
    Check: CKV_AWS_315: "Ensure EC2 Auto Scaling groups use EC2 launch templates"
    	FAILED for resource: module.webserver_cluster.aws_autoscaling_group.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster/main.tf:30-72
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster/main.tf:16-31
    
    		30 | resource "aws_autoscaling_group" "example" {
    		31 |   # Explicitly depend on the launch configuration's name so each time it's
    		32 |   # replaced, this ASG is also replaced
    		33 |   name = "${var.cluster_name}-${aws_launch_configuration.example.name}"
    		34 | 
    		35 |   launch_configuration = aws_launch_configuration.example.name
    		36 |   vpc_zone_identifier  = data.aws_subnets.default.ids
    		37 |   target_group_arns    = [aws_lb_target_group.asg.arn]
    		38 |   health_check_type    = "ELB"
    		39 | 
    		40 |   min_size = var.min_size
    		41 |   max_size = var.max_size
    		42 | 
    		43 |   # Wait for at least this many instances to pass health checks before
    		44 |   # considering the ASG deployment complete
    		45 |   min_elb_capacity = var.min_size
    		46 | 
    		47 |   # When replacing this ASG, create the replacement first, and only delete the
    		48 |   # original after
    		49 |   lifecycle {
    		50 |     create_before_destroy = true
    		51 |   }
    		52 | 
    		53 |   tag {
    		54 |     key                 = "Name"
    		55 |     value               = var.cluster_name
    		56 |     propagate_at_launch = true
    		57 |   }
    		58 | 
    		59 |   dynamic "tag" {
    		60 |     for_each = {
    		61 |       for key, value in var.custom_tags:
    		62 |       key => upper(value)
    		63 |       if key != "Name"
    		64 |     }
    		65 | 
    		66 |     content {
    		67 |       key                 = tag.key
    		68 |       value               = tag.value
    		69 |       propagate_at_launch = true
    		70 |     }
    		71 |   }
    		72 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group.instance
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster/main.tf:96-98
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		96 | resource "aws_security_group" "instance" {
    		97 |   name = "${var.cluster_name}-instance"
    		98 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group_rule.allow_server_http_inbound
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster/main.tf:100-108
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		100 | resource "aws_security_group_rule" "allow_server_http_inbound" {
    		101 |   type              = "ingress"
    		102 |   security_group_id = aws_security_group.instance.id
    		103 | 
    		104 |   from_port   = var.server_port
    		105 |   to_port     = var.server_port
    		106 |   protocol    = local.tcp_protocol
    		107 |   cidr_blocks = local.all_ips
    		108 | }
    
    Check: CKV_AWS_131: "Ensure that ALB drops HTTP headers"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster/main.tf:121-126
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-drops-http-headers.html
    
    		121 | resource "aws_lb" "example" {
    		122 |   name               = var.cluster_name
    		123 |   load_balancer_type = "application"
    		124 |   subnets            = data.aws_subnets.default.ids
    		125 |   security_groups    = [aws_security_group.alb.id]
    		126 | }
    
    Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster/main.tf:121-126
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster/main.tf:16-31
    	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62
    
    		121 | resource "aws_lb" "example" {
    		122 |   name               = var.cluster_name
    		123 |   load_balancer_type = "application"
    		124 |   subnets            = data.aws_subnets.default.ids
    		125 |   security_groups    = [aws_security_group.alb.id]
    		126 | }
    
    Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster/main.tf:121-126
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-22.html
    
    		121 | resource "aws_lb" "example" {
    		122 |   name               = var.cluster_name
    		123 |   load_balancer_type = "application"
    		124 |   subnets            = data.aws_subnets.default.ids
    		125 |   security_groups    = [aws_security_group.alb.id]
    		126 | }
    
    Check: CKV_AWS_2: "Ensure ALB protocol is HTTPS"
    	FAILED for resource: module.webserver_cluster.aws_lb_listener.http
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster/main.tf:128-143
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-29.html
    
    		128 | resource "aws_lb_listener" "http" {
    		129 |   load_balancer_arn = aws_lb.example.arn
    		130 |   port              = local.http_port
    		131 |   protocol          = "HTTP"
    		132 | 
    		133 |   # By default, return a simple 404 page
    		134 |   default_action {
    		135 |     type = "fixed-response"
    		136 | 
    		137 |     fixed_response {
    		138 |       content_type = "text/plain"
    		139 |       message_body = "404: page not found"
    		140 |       status_code  = 404
    		141 |     }
    		142 |   }
    		143 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group.alb
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster/main.tf:178-180
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		178 | resource "aws_security_group" "alb" {
    		179 |   name = "${var.cluster_name}-alb"
    		180 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group_rule.allow_http_inbound
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster/main.tf:182-190
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		182 | resource "aws_security_group_rule" "allow_http_inbound" {
    		183 |   type              = "ingress"
    		184 |   security_group_id = aws_security_group.alb.id
    		185 | 
    		186 |   from_port   = local.http_port
    		187 |   to_port     = local.http_port
    		188 |   protocol    = local.tcp_protocol
    		189 |   cidr_blocks = local.all_ips
    		190 | }
    
    Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
    	FAILED for resource: module.webserver_cluster.aws_security_group_rule.allow_http_inbound
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster/main.tf:182-190
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
    
    		182 | resource "aws_security_group_rule" "allow_http_inbound" {
    		183 |   type              = "ingress"
    		184 |   security_group_id = aws_security_group.alb.id
    		185 | 
    		186 |   from_port   = local.http_port
    		187 |   to_port     = local.http_port
    		188 |   protocol    = local.tcp_protocol
    		189 |   cidr_blocks = local.all_ips
    		190 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.webserver_cluster.aws_security_group_rule.allow_all_outbound
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster/main.tf:192-200
    	Calling File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/services/webserver-cluster/main.tf:16-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		192 | resource "aws_security_group_rule" "allow_all_outbound" {
    		193 |   type              = "egress"
    		194 |   security_group_id = aws_security_group.alb.id
    		195 | 
    		196 |   from_port   = local.any_port
    		197 |   to_port     = local.any_port
    		198 |   protocol    = local.any_protocol
    		199 |   cidr_blocks = local.all_ips
    		200 | }
    
    Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
    	FAILED for resource: aws_iam_policy_document.ec2_admin_permissions
    	File: /code/terraform/06-managing-secrets-with-terraform/ec2-iam-role/main.tf:50-56
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint.html
    
    		50 | data "aws_iam_policy_document" "ec2_admin_permissions" {
    		51 |   statement {
    		52 |     effect    = "Allow"
    		53 |     actions   = ["ec2:*"]
    		54 |     resources = ["*"]
    		55 |   }
    		56 | }
    
    Check: CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure"
    	FAILED for resource: aws_iam_policy_document.ec2_admin_permissions
    	File: /code/terraform/06-managing-secrets-with-terraform/ec2-iam-role/main.tf:50-56
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-credentials-exposure.html
    
    		50 | data "aws_iam_policy_document" "ec2_admin_permissions" {
    		51 |   statement {
    		52 |     effect    = "Allow"
    		53 |     actions   = ["ec2:*"]
    		54 |     resources = ["*"]
    		55 |   }
    		56 | }
    
    Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
    	FAILED for resource: aws_iam_policy_document.ec2_admin_permissions
    	File: /code/terraform/06-managing-secrets-with-terraform/ec2-iam-role/main.tf:50-56
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html
    
    		50 | data "aws_iam_policy_document" "ec2_admin_permissions" {
    		51 |   statement {
    		52 |     effect    = "Allow"
    		53 |     actions   = ["ec2:*"]
    		54 |     resources = ["*"]
    		55 |   }
    		56 | }
    
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: aws_iam_policy_document.ec2_admin_permissions
    	File: /code/terraform/06-managing-secrets-with-terraform/ec2-iam-role/main.tf:50-56
    
    		50 | data "aws_iam_policy_document" "ec2_admin_permissions" {
    		51 |   statement {
    		52 |     effect    = "Allow"
    		53 |     actions   = ["ec2:*"]
    		54 |     resources = ["*"]
    		55 |   }
    		56 | }
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/ec2-iam-role/main.tf:16-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   # Attach the instance profile
    		21 |   iam_instance_profile = aws_iam_instance_profile.instance.name
    		22 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/ec2-iam-role/main.tf:16-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   # Attach the instance profile
    		21 |   iam_instance_profile = aws_iam_instance_profile.instance.name
    		22 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/ec2-iam-role/main.tf:16-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   # Attach the instance profile
    		21 |   iam_instance_profile = aws_iam_instance_profile.instance.name
    		22 | }
    
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/ec2-iam-role/main.tf:16-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   # Attach the instance profile
    		21 |   iam_instance_profile = aws_iam_instance_profile.instance.name
    		22 | }
    
    Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
    	FAILED for resource: aws_iam_policy_document.ec2_admin_permissions
    	File: /code/terraform/06-managing-secrets-with-terraform/github-actions-oidc/main.tf:67-73
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint.html
    
    		67 | data "aws_iam_policy_document" "ec2_admin_permissions" {
    		68 |   statement {
    		69 |     effect    = "Allow"
    		70 |     actions   = ["ec2:*"]
    		71 |     resources = ["*"]
    		72 |   }
    		73 | }
    Check: CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure"
    	FAILED for resource: aws_iam_policy_document.ec2_admin_permissions
    	File: /code/terraform/06-managing-secrets-with-terraform/github-actions-oidc/main.tf:67-73
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-credentials-exposure.html
    
    		67 | data "aws_iam_policy_document" "ec2_admin_permissions" {
    		68 |   statement {
    		69 |     effect    = "Allow"
    		70 |     actions   = ["ec2:*"]
    		71 |     resources = ["*"]
    		72 |   }
    		73 | }
    Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
    	FAILED for resource: aws_iam_policy_document.ec2_admin_permissions
    	File: /code/terraform/06-managing-secrets-with-terraform/github-actions-oidc/main.tf:67-73
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html
    
    		67 | data "aws_iam_policy_document" "ec2_admin_permissions" {
    		68 |   statement {
    		69 |     effect    = "Allow"
    		70 |     actions   = ["ec2:*"]
    		71 |     resources = ["*"]
    		72 |   }
    		73 | }
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: aws_iam_policy_document.ec2_admin_permissions
    	File: /code/terraform/06-managing-secrets-with-terraform/github-actions-oidc/main.tf:67-73
    
    		67 | data "aws_iam_policy_document" "ec2_admin_permissions" {
    		68 |   statement {
    		69 |     effect    = "Allow"
    		70 |     actions   = ["ec2:*"]
    		71 |     resources = ["*"]
    		72 |   }
    		73 | }
    Check: CKV_AWS_109: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
    	FAILED for resource: aws_iam_policy_document.cmk_admin_policy
    	File: /code/terraform/06-managing-secrets-with-terraform/kms-cmk/main.tf:27-37
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint.html
    
    		27 | data "aws_iam_policy_document" "cmk_admin_policy" {
    		28 |   statement {
    		29 |     effect    = "Allow"
    		30 |     resources = ["*"]
    		31 |     actions   = ["kms:*"]
    		32 |     principals {
    		33 |       type        = "AWS"
    		34 |       identifiers = [data.aws_caller_identity.self.arn]
    		35 |     }
    		36 |   }
    		37 | }
    
    Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
    	FAILED for resource: aws_iam_policy_document.cmk_admin_policy
    	File: /code/terraform/06-managing-secrets-with-terraform/kms-cmk/main.tf:27-37
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint.html
    
    		27 | data "aws_iam_policy_document" "cmk_admin_policy" {
    		28 |   statement {
    		29 |     effect    = "Allow"
    		30 |     resources = ["*"]
    		31 |     actions   = ["kms:*"]
    		32 |     principals {
    		33 |       type        = "AWS"
    		34 |       identifiers = [data.aws_caller_identity.self.arn]
    		35 |     }
    		36 |   }
    		37 | }
    
    Check: CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
    	FAILED for resource: aws_iam_policy_document.cmk_admin_policy
    	File: /code/terraform/06-managing-secrets-with-terraform/kms-cmk/main.tf:27-37
    
    		27 | data "aws_iam_policy_document" "cmk_admin_policy" {
    		28 |   statement {
    		29 |     effect    = "Allow"
    		30 |     resources = ["*"]
    		31 |     actions   = ["kms:*"]
    		32 |     principals {
    		33 |       type        = "AWS"
    		34 |       identifiers = [data.aws_caller_identity.self.arn]
    		35 |     }
    		36 |   }
    		37 | }
    
    Check: CKV_AWS_7: "Ensure rotation for customer created CMKs is enabled"
    	FAILED for resource: aws_kms_key.cmk
    	File: /code/terraform/06-managing-secrets-with-terraform/kms-cmk/main.tf:17-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/logging-8.html
    
    		17 | resource "aws_kms_key" "cmk" {
    		18 |   policy = data.aws_iam_policy_document.cmk_admin_policy.json
    		19 | 
    		20 |   # We set a short deletion window, as these keys are only used
    		21 |   # for testing/learning, and we want to minimize the AWS charges
    		22 |   deletion_window_in_days = 7
    		23 | }
    
    Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-aws-secrets-mgr/main.tf:26-37
    
    		26 | resource "aws_db_instance" "example" {
    		27 |   identifier_prefix   = "terraform-up-and-running"
    		28 |   engine              = "mysql"
    		29 |   allocated_storage   = 10
    		30 |   instance_class      = "db.t2.micro"
    		31 |   skip_final_snapshot = true
    		32 |   db_name             = var.db_name
    		33 | 
    		34 |   # Pass the secrets to the resource
    		35 |   username = local.db_creds.username
    		36 |   password = local.db_creds.password
    		37 | }
    
    Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-aws-secrets-mgr/main.tf:26-37
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
    
    		26 | resource "aws_db_instance" "example" {
    		27 |   identifier_prefix   = "terraform-up-and-running"
    		28 |   engine              = "mysql"
    		29 |   allocated_storage   = 10
    		30 |   instance_class      = "db.t2.micro"
    		31 |   skip_final_snapshot = true
    		32 |   db_name             = var.db_name
    		33 | 
    		34 |   # Pass the secrets to the resource
    		35 |   username = local.db_creds.username
    		36 |   password = local.db_creds.password
    		37 | }
    
    Check: CKV_AWS_161: "Ensure RDS database has IAM authentication enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-aws-secrets-mgr/main.tf:26-37
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-database-has-iam-authentication-enabled.html
    
    		26 | resource "aws_db_instance" "example" {
    		27 |   identifier_prefix   = "terraform-up-and-running"
    		28 |   engine              = "mysql"
    		29 |   allocated_storage   = 10
    		30 |   instance_class      = "db.t2.micro"
    		31 |   skip_final_snapshot = true
    		32 |   db_name             = var.db_name
    		33 | 
    		34 |   # Pass the secrets to the resource
    		35 |   username = local.db_creds.username
    		36 |   password = local.db_creds.password
    		37 | }
    
    Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-aws-secrets-mgr/main.tf:26-37
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
    
    		26 | resource "aws_db_instance" "example" {
    		27 |   identifier_prefix   = "terraform-up-and-running"
    		28 |   engine              = "mysql"
    		29 |   allocated_storage   = 10
    		30 |   instance_class      = "db.t2.micro"
    		31 |   skip_final_snapshot = true
    		32 |   db_name             = var.db_name
    		33 | 
    		34 |   # Pass the secrets to the resource
    		35 |   username = local.db_creds.username
    		36 |   password = local.db_creds.password
    		37 | }
    
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-aws-secrets-mgr/main.tf:26-37
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		26 | resource "aws_db_instance" "example" {
    		27 |   identifier_prefix   = "terraform-up-and-running"
    		28 |   engine              = "mysql"
    		29 |   allocated_storage   = 10
    		30 |   instance_class      = "db.t2.micro"
    		31 |   skip_final_snapshot = true
    		32 |   db_name             = var.db_name
    		33 | 
    		34 |   # Pass the secrets to the resource
    		35 |   username = local.db_creds.username
    		36 |   password = local.db_creds.password
    		37 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-aws-secrets-mgr/main.tf:26-37
    
    		26 | resource "aws_db_instance" "example" {
    		27 |   identifier_prefix   = "terraform-up-and-running"
    		28 |   engine              = "mysql"
    		29 |   allocated_storage   = 10
    		30 |   instance_class      = "db.t2.micro"
    		31 |   skip_final_snapshot = true
    		32 |   db_name             = var.db_name
    		33 | 
    		34 |   # Pass the secrets to the resource
    		35 |   username = local.db_creds.username
    		36 |   password = local.db_creds.password
    		37 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-aws-secrets-mgr/main.tf:26-37
    
    		26 | resource "aws_db_instance" "example" {
    		27 |   identifier_prefix   = "terraform-up-and-running"
    		28 |   engine              = "mysql"
    		29 |   allocated_storage   = 10
    		30 |   instance_class      = "db.t2.micro"
    		31 |   skip_final_snapshot = true
    		32 |   db_name             = var.db_name
    		33 | 
    		34 |   # Pass the secrets to the resource
    		35 |   username = local.db_creds.username
    		36 |   password = local.db_creds.password
    		37 | }
    
    Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-aws-secrets-mgr/main.tf:26-37
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
    
    		26 | resource "aws_db_instance" "example" {
    		27 |   identifier_prefix   = "terraform-up-and-running"
    		28 |   engine              = "mysql"
    		29 |   allocated_storage   = 10
    		30 |   instance_class      = "db.t2.micro"
    		31 |   skip_final_snapshot = true
    		32 |   db_name             = var.db_name
    		33 | 
    		34 |   # Pass the secrets to the resource
    		35 |   username = local.db_creds.username
    		36 |   password = local.db_creds.password
    		37 | }
    
    Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-aws-secrets-mgr/main.tf:26-37
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
    
    		26 | resource "aws_db_instance" "example" {
    		27 |   identifier_prefix   = "terraform-up-and-running"
    		28 |   engine              = "mysql"
    		29 |   allocated_storage   = 10
    		30 |   instance_class      = "db.t2.micro"
    		31 |   skip_final_snapshot = true
    		32 |   db_name             = var.db_name
    		33 | 
    		34 |   # Pass the secrets to the resource
    		35 |   username = local.db_creds.username
    		36 |   password = local.db_creds.password
    		37 | }
    
    Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-kms/main.tf:27-38
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   skip_final_snapshot = true
    		33 |   db_name             = var.db_name
    		34 | 
    		35 |   # Pass the secrets to the resource
    		36 |   username = local.db_creds.username
    		37 |   password = local.db_creds.password
    		38 | }
    
    Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-kms/main.tf:27-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   skip_final_snapshot = true
    		33 |   db_name             = var.db_name
    		34 | 
    		35 |   # Pass the secrets to the resource
    		36 |   username = local.db_creds.username
    		37 |   password = local.db_creds.password
    		38 | }
    
    Check: CKV_AWS_161: "Ensure RDS database has IAM authentication enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-kms/main.tf:27-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-database-has-iam-authentication-enabled.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   skip_final_snapshot = true
    		33 |   db_name             = var.db_name
    		34 | 
    		35 |   # Pass the secrets to the resource
    		36 |   username = local.db_creds.username
    		37 |   password = local.db_creds.password
    		38 | }
    
    Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-kms/main.tf:27-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   skip_final_snapshot = true
    		33 |   db_name             = var.db_name
    		34 | 
    		35 |   # Pass the secrets to the resource
    		36 |   username = local.db_creds.username
    		37 |   password = local.db_creds.password
    		38 | }
    
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-kms/main.tf:27-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   skip_final_snapshot = true
    		33 |   db_name             = var.db_name
    		34 | 
    		35 |   # Pass the secrets to the resource
    		36 |   username = local.db_creds.username
    		37 |   password = local.db_creds.password
    		38 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-kms/main.tf:27-38
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   skip_final_snapshot = true
    		33 |   db_name             = var.db_name
    		34 | 
    		35 |   # Pass the secrets to the resource
    		36 |   username = local.db_creds.username
    		37 |   password = local.db_creds.password
    		38 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-kms/main.tf:27-38
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   skip_final_snapshot = true
    		33 |   db_name             = var.db_name
    		34 | 
    		35 |   # Pass the secrets to the resource
    		36 |   username = local.db_creds.username
    		37 |   password = local.db_creds.password
    		38 | }
    
    Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-kms/main.tf:27-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   skip_final_snapshot = true
    		33 |   db_name             = var.db_name
    		34 | 
    		35 |   # Pass the secrets to the resource
    		36 |   username = local.db_creds.username
    		37 |   password = local.db_creds.password
    		38 | }
    
    Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-kms/main.tf:27-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   skip_final_snapshot = true
    		33 |   db_name             = var.db_name
    		34 | 
    		35 |   # Pass the secrets to the resource
    		36 |   username = local.db_creds.username
    		37 |   password = local.db_creds.password
    		38 | }
    
    Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-vars/main.tf:17-28
    
    		17 | resource "aws_db_instance" "example" {
    		18 |   identifier_prefix   = "terraform-up-and-running"
    		19 |   engine              = "mysql"
    		20 |   allocated_storage   = 10
    		21 |   instance_class      = "db.t2.micro"
    		22 |   skip_final_snapshot = true
    		23 |   db_name             = var.db_name
    		24 | 
    		25 |   # Pass the secrets to the resource
    		26 |   username = var.db_username
    		27 |   password = var.db_password
    		28 | }
    
    Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-vars/main.tf:17-28
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
    
    		17 | resource "aws_db_instance" "example" {
    		18 |   identifier_prefix   = "terraform-up-and-running"
    		19 |   engine              = "mysql"
    		20 |   allocated_storage   = 10
    		21 |   instance_class      = "db.t2.micro"
    		22 |   skip_final_snapshot = true
    		23 |   db_name             = var.db_name
    		24 | 
    		25 |   # Pass the secrets to the resource
    		26 |   username = var.db_username
    		27 |   password = var.db_password
    		28 | }
    
    Check: CKV_AWS_161: "Ensure RDS database has IAM authentication enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-vars/main.tf:17-28
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-database-has-iam-authentication-enabled.html
    
    		17 | resource "aws_db_instance" "example" {
    		18 |   identifier_prefix   = "terraform-up-and-running"
    		19 |   engine              = "mysql"
    		20 |   allocated_storage   = 10
    		21 |   instance_class      = "db.t2.micro"
    		22 |   skip_final_snapshot = true
    		23 |   db_name             = var.db_name
    		24 | 
    		25 |   # Pass the secrets to the resource
    		26 |   username = var.db_username
    		27 |   password = var.db_password
    		28 | }
    
    Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-vars/main.tf:17-28
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
    
    		17 | resource "aws_db_instance" "example" {
    		18 |   identifier_prefix   = "terraform-up-and-running"
    		19 |   engine              = "mysql"
    		20 |   allocated_storage   = 10
    		21 |   instance_class      = "db.t2.micro"
    		22 |   skip_final_snapshot = true
    		23 |   db_name             = var.db_name
    		24 | 
    		25 |   # Pass the secrets to the resource
    		26 |   username = var.db_username
    		27 |   password = var.db_password
    		28 | }
    
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-vars/main.tf:17-28
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		17 | resource "aws_db_instance" "example" {
    		18 |   identifier_prefix   = "terraform-up-and-running"
    		19 |   engine              = "mysql"
    		20 |   allocated_storage   = 10
    		21 |   instance_class      = "db.t2.micro"
    		22 |   skip_final_snapshot = true
    		23 |   db_name             = var.db_name
    		24 | 
    		25 |   # Pass the secrets to the resource
    		26 |   username = var.db_username
    		27 |   password = var.db_password
    		28 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-vars/main.tf:17-28
    
    		17 | resource "aws_db_instance" "example" {
    		18 |   identifier_prefix   = "terraform-up-and-running"
    		19 |   engine              = "mysql"
    		20 |   allocated_storage   = 10
    		21 |   instance_class      = "db.t2.micro"
    		22 |   skip_final_snapshot = true
    		23 |   db_name             = var.db_name
    		24 | 
    		25 |   # Pass the secrets to the resource
    		26 |   username = var.db_username
    		27 |   password = var.db_password
    		28 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-vars/main.tf:17-28
    
    		17 | resource "aws_db_instance" "example" {
    		18 |   identifier_prefix   = "terraform-up-and-running"
    		19 |   engine              = "mysql"
    		20 |   allocated_storage   = 10
    		21 |   instance_class      = "db.t2.micro"
    		22 |   skip_final_snapshot = true
    		23 |   db_name             = var.db_name
    		24 | 
    		25 |   # Pass the secrets to the resource
    		26 |   username = var.db_username
    		27 |   password = var.db_password
    		28 | }
    
    Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-vars/main.tf:17-28
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
    
    		17 | resource "aws_db_instance" "example" {
    		18 |   identifier_prefix   = "terraform-up-and-running"
    		19 |   engine              = "mysql"
    		20 |   allocated_storage   = 10
    		21 |   instance_class      = "db.t2.micro"
    		22 |   skip_final_snapshot = true
    		23 |   db_name             = var.db_name
    		24 | 
    		25 |   # Pass the secrets to the resource
    		26 |   username = var.db_username
    		27 |   password = var.db_password
    		28 | }
    
    Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-vars/main.tf:17-28
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
    
    		17 | resource "aws_db_instance" "example" {
    		18 |   identifier_prefix   = "terraform-up-and-running"
    		19 |   engine              = "mysql"
    		20 |   allocated_storage   = 10
    		21 |   instance_class      = "db.t2.micro"
    		22 |   skip_final_snapshot = true
    		23 |   db_name             = var.db_name
    		24 | 
    		25 |   # Pass the secrets to the resource
    		26 |   username = var.db_username
    		27 |   password = var.db_password
    		28 | }
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.region_1
    	File: /code/terraform/07-working-with-multiple-providers/examples/multi-region/main.tf:30-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		30 | resource "aws_instance" "region_1" {
    		31 |   provider = aws.region_1
    		32 | 
    		33 |   ami           = data.aws_ami.ubuntu_region_1.id
    		34 |   instance_type = "t2.micro"
    		35 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.region_1
    	File: /code/terraform/07-working-with-multiple-providers/examples/multi-region/main.tf:30-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		30 | resource "aws_instance" "region_1" {
    		31 |   provider = aws.region_1
    		32 | 
    		33 |   ami           = data.aws_ami.ubuntu_region_1.id
    		34 |   instance_type = "t2.micro"
    		35 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.region_1
    	File: /code/terraform/07-working-with-multiple-providers/examples/multi-region/main.tf:30-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		30 | resource "aws_instance" "region_1" {
    		31 |   provider = aws.region_1
    		32 | 
    		33 |   ami           = data.aws_ami.ubuntu_region_1.id
    		34 |   instance_type = "t2.micro"
    		35 | }
    
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.region_1
    	File: /code/terraform/07-working-with-multiple-providers/examples/multi-region/main.tf:30-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		30 | resource "aws_instance" "region_1" {
    		31 |   provider = aws.region_1
    		32 | 
    		33 |   ami           = data.aws_ami.ubuntu_region_1.id
    		34 |   instance_type = "t2.micro"
    		35 | }
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.region_2
    	File: /code/terraform/07-working-with-multiple-providers/examples/multi-region/main.tf:37-42
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		37 | resource "aws_instance" "region_2" {
    		38 |   provider = aws.region_2
    		39 | 
    		40 |   ami           = data.aws_ami.ubuntu_region_2.id
    		41 |   instance_type = "t2.micro"
    		42 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.region_2
    	File: /code/terraform/07-working-with-multiple-providers/examples/multi-region/main.tf:37-42
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		37 | resource "aws_instance" "region_2" {
    		38 |   provider = aws.region_2
    		39 | 
    		40 |   ami           = data.aws_ami.ubuntu_region_2.id
    		41 |   instance_type = "t2.micro"
    		42 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.region_2
    	File: /code/terraform/07-working-with-multiple-providers/examples/multi-region/main.tf:37-42
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		37 | resource "aws_instance" "region_2" {
    		38 |   provider = aws.region_2
    		39 | 
    		40 |   ami           = data.aws_ami.ubuntu_region_2.id
    		41 |   instance_type = "t2.micro"
    		42 | }
    
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.region_2
    	File: /code/terraform/07-working-with-multiple-providers/examples/multi-region/main.tf:37-42
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		37 | resource "aws_instance" "region_2" {
    		38 |   provider = aws.region_2
    		39 | 
    		40 |   ami           = data.aws_ami.ubuntu_region_2.id
    		41 |   instance_type = "t2.micro"
    		42 | }
    
    Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
    	FAILED for resource: module.mysql_primary.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/prod/data-stores/mysql/main.tf:33-47
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
    	FAILED for resource: module.mysql_primary.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/prod/data-stores/mysql/main.tf:33-47
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
    	FAILED for resource: module.mysql_primary.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/prod/data-stores/mysql/main.tf:33-47
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: module.mysql_primary.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/prod/data-stores/mysql/main.tf:33-47
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: module.mysql_primary.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/prod/data-stores/mysql/main.tf:33-47
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: module.mysql_primary.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/prod/data-stores/mysql/main.tf:33-47
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
    	FAILED for resource: module.mysql_primary.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/prod/data-stores/mysql/main.tf:33-47
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
    	FAILED for resource: module.mysql_primary.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/prod/data-stores/mysql/main.tf:33-47
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
    	FAILED for resource: module.mysql_replica.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/prod/data-stores/mysql/main.tf:49-58
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
    	FAILED for resource: module.mysql_replica.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/prod/data-stores/mysql/main.tf:49-58
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
    	FAILED for resource: module.mysql_replica.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/prod/data-stores/mysql/main.tf:49-58
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: module.mysql_replica.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/prod/data-stores/mysql/main.tf:49-58
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: module.mysql_replica.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/prod/data-stores/mysql/main.tf:49-58
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: module.mysql_replica.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/prod/data-stores/mysql/main.tf:49-58
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
    	FAILED for resource: module.mysql_replica.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/prod/data-stores/mysql/main.tf:49-58
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
    	FAILED for resource: module.mysql_replica.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/prod/data-stores/mysql/main.tf:49-58
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/stage/data-stores/mysql/main.tf:27-33
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/stage/data-stores/mysql/main.tf:27-33
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/stage/data-stores/mysql/main.tf:27-33
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/stage/data-stores/mysql/main.tf:27-33
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/stage/data-stores/mysql/main.tf:27-33
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/stage/data-stores/mysql/main.tf:27-33
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/stage/data-stores/mysql/main.tf:27-33
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    	Calling File: /code/terraform/07-working-with-multiple-providers/live/stage/data-stores/mysql/main.tf:27-33
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV_AWS_39: "Ensure Amazon EKS public endpoint disabled"
    	FAILED for resource: module.eks_cluster.aws_eks_cluster.cluster
    	File: /code/terraform/07-working-with-multiple-providers/modules/services/eks-cluster/main.tf:13-28
    	Calling File: /code/terraform/07-working-with-multiple-providers/examples/kubernetes-eks/main.tf:37-52
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-kubernetes-policies/bc-aws-kubernetes-2.html
    
    		13 | resource "aws_eks_cluster" "cluster" {
    		14 |   name     = var.name
    		15 |   role_arn = aws_iam_role.cluster.arn
    		16 |   version  = "1.21"
    		17 | 
    		18 |   vpc_config {
    		19 |     subnet_ids = data.aws_subnets.default.ids
    		20 |   }
    		21 | 
    		22 |   # Ensure that IAM Role permissions are created before and deleted after
    		23 |   # the EKS Cluster. Otherwise, EKS will not be able to properly delete
    		24 |   # EKS managed EC2 infrastructure such as Security Groups.
    		25 |   depends_on = [
    		26 |     aws_iam_role_policy_attachment.AmazonEKSClusterPolicy
    		27 |   ]
    		28 | }
    
    Check: CKV_AWS_37: "Ensure Amazon EKS control plane logging enabled for all log types"
    	FAILED for resource: module.eks_cluster.aws_eks_cluster.cluster
    	File: /code/terraform/07-working-with-multiple-providers/modules/services/eks-cluster/main.tf:13-28
    	Calling File: /code/terraform/07-working-with-multiple-providers/examples/kubernetes-eks/main.tf:37-52
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-kubernetes-policies/bc-aws-kubernetes-4.html
    
    		13 | resource "aws_eks_cluster" "cluster" {
    		14 |   name     = var.name
    		15 |   role_arn = aws_iam_role.cluster.arn
    		16 |   version  = "1.21"
    		17 | 
    		18 |   vpc_config {
    		19 |     subnet_ids = data.aws_subnets.default.ids
    		20 |   }
    		21 | 
    		22 |   # Ensure that IAM Role permissions are created before and deleted after
    		23 |   # the EKS Cluster. Otherwise, EKS will not be able to properly delete
    		24 |   # EKS managed EC2 infrastructure such as Security Groups.
    		25 |   depends_on = [
    		26 |     aws_iam_role_policy_attachment.AmazonEKSClusterPolicy
    		27 |   ]
    		28 | }
    
    Check: CKV_AWS_38: "Ensure Amazon EKS public endpoint not accessible to 0.0.0.0/0"
    	FAILED for resource: module.eks_cluster.aws_eks_cluster.cluster
    	File: /code/terraform/07-working-with-multiple-providers/modules/services/eks-cluster/main.tf:13-28
    	Calling File: /code/terraform/07-working-with-multiple-providers/examples/kubernetes-eks/main.tf:37-52
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-kubernetes-policies/bc-aws-kubernetes-1.html
    
    		13 | resource "aws_eks_cluster" "cluster" {
    		14 |   name     = var.name
    		15 |   role_arn = aws_iam_role.cluster.arn
    		16 |   version  = "1.21"
    		17 | 
    		18 |   vpc_config {
    		19 |     subnet_ids = data.aws_subnets.default.ids
    		20 |   }
    		21 | 
    		22 |   # Ensure that IAM Role permissions are created before and deleted after
    		23 |   # the EKS Cluster. Otherwise, EKS will not be able to properly delete
    		24 |   # EKS managed EC2 infrastructure such as Security Groups.
    		25 |   depends_on = [
    		26 |     aws_iam_role_policy_attachment.AmazonEKSClusterPolicy
    		27 |   ]
    		28 | }
    
    Check: CKV_AWS_339: "Ensure EKS clusters run on a supported Kubernetes version"
    	FAILED for resource: module.eks_cluster.aws_eks_cluster.cluster
    	File: /code/terraform/07-working-with-multiple-providers/modules/services/eks-cluster/main.tf:13-28
    	Calling File: /code/terraform/07-working-with-multiple-providers/examples/kubernetes-eks/main.tf:37-52
    
    		13 | resource "aws_eks_cluster" "cluster" {
    		14 |   name     = var.name
    		15 |   role_arn = aws_iam_role.cluster.arn
    		16 |   version  = "1.21"
    		17 | 
    		18 |   vpc_config {
    		19 |     subnet_ids = data.aws_subnets.default.ids
    		20 |   }
    		21 | 
    		22 |   # Ensure that IAM Role permissions are created before and deleted after
    		23 |   # the EKS Cluster. Otherwise, EKS will not be able to properly delete
    		24 |   # EKS managed EC2 infrastructure such as Security Groups.
    		25 |   depends_on = [
    		26 |     aws_iam_role_policy_attachment.AmazonEKSClusterPolicy
    		27 |   ]
    		28 | }
    
    Check: CKV_AWS_58: "Ensure EKS Cluster has Secrets Encryption Enabled"
    	FAILED for resource: module.eks_cluster.aws_eks_cluster.cluster
    	File: /code/terraform/07-working-with-multiple-providers/modules/services/eks-cluster/main.tf:13-28
    	Calling File: /code/terraform/07-working-with-multiple-providers/examples/kubernetes-eks/main.tf:37-52
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-kubernetes-policies/bc-aws-kubernetes-3.html
    
    		13 | resource "aws_eks_cluster" "cluster" {
    		14 |   name     = var.name
    		15 |   role_arn = aws_iam_role.cluster.arn
    		16 |   version  = "1.21"
    		17 | 
    		18 |   vpc_config {
    		19 |     subnet_ids = data.aws_subnets.default.ids
    		20 |   }
    		21 | 
    		22 |   # Ensure that IAM Role permissions are created before and deleted after
    		23 |   # the EKS Cluster. Otherwise, EKS will not be able to properly delete
    		24 |   # EKS managed EC2 infrastructure such as Security Groups.
    		25 |   depends_on = [
    		26 |     aws_iam_role_policy_attachment.AmazonEKSClusterPolicy
    		27 |   ]
    		28 | }
    
    Check: CKV_K8S_11: "CPU Limits should be set"
    	FAILED for resource: module.simple_webapp.kubernetes_deployment.app
    	File: /code/terraform/07-working-with-multiple-providers/modules/services/k8s-app/main.tf:19-56
    	Calling File: /code/terraform/07-working-with-multiple-providers/examples/kubernetes-local/main.tf:20-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-10.html
    
    		19 | resource "kubernetes_deployment" "app" {
    		20 |   metadata {
    		21 |     name = var.name
    		22 |   }
    		23 | 
    		24 |   spec {
    		25 |     replicas = var.replicas
    		26 | 
    		27 |     template {
    		28 |       metadata {
    		29 |         labels = local.pod_labels
    		30 |       }
    		31 | 
    		32 |       spec {
    		33 |         container {
    		34 |           name  = var.name
    		35 |           image = var.image
    		36 | 
    		37 |           port {
    		38 |             container_port = var.container_port
    		39 |           }
    		40 | 
    		41 |           dynamic "env" {
    		42 |             for_each = var.environment_variables
    		43 |             content {
    		44 |               name  = env.key
    		45 |               value = env.value
    		46 |             }
    		47 |           }
    		48 |         }
    		49 |       }
    		50 |     }
    		51 | 
    		52 |     selector {
    		53 |       match_labels = local.pod_labels
    		54 |     }
    		55 |   }
    		56 | }
    
    Check: CKV_K8S_10: "CPU requests should be set"
    	FAILED for resource: module.simple_webapp.kubernetes_deployment.app
    	File: /code/terraform/07-working-with-multiple-providers/modules/services/k8s-app/main.tf:19-56
    	Calling File: /code/terraform/07-working-with-multiple-providers/examples/kubernetes-local/main.tf:20-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-9.html
    
    		19 | resource "kubernetes_deployment" "app" {
    		20 |   metadata {
    		21 |     name = var.name
    		22 |   }
    		23 | 
    		24 |   spec {
    		25 |     replicas = var.replicas
    		26 | 
    		27 |     template {
    		28 |       metadata {
    		29 |         labels = local.pod_labels
    		30 |       }
    		31 | 
    		32 |       spec {
    		33 |         container {
    		34 |           name  = var.name
    		35 |           image = var.image
    		36 | 
    		37 |           port {
    		38 |             container_port = var.container_port
    		39 |           }
    		40 | 
    		41 |           dynamic "env" {
    		42 |             for_each = var.environment_variables
    		43 |             content {
    		44 |               name  = env.key
    		45 |               value = env.value
    		46 |             }
    		47 |           }
    		48 |         }
    		49 |       }
    		50 |     }
    		51 | 
    		52 |     selector {
    		53 |       match_labels = local.pod_labels
    		54 |     }
    		55 |   }
    		56 | }
    
    Check: CKV_K8S_21: "The default namespace should not be used"
    	FAILED for resource: module.simple_webapp.kubernetes_deployment.app
    	File: /code/terraform/07-working-with-multiple-providers/modules/services/k8s-app/main.tf:19-56
    	Calling File: /code/terraform/07-working-with-multiple-providers/examples/kubernetes-local/main.tf:20-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20.html
    
    		19 | resource "kubernetes_deployment" "app" {
    		20 |   metadata {
    		21 |     name = var.name
    		22 |   }
    		23 | 
    		24 |   spec {
    		25 |     replicas = var.replicas
    		26 | 
    		27 |     template {
    		28 |       metadata {
    		29 |         labels = local.pod_labels
    		30 |       }
    		31 | 
    		32 |       spec {
    		33 |         container {
    		34 |           name  = var.name
    		35 |           image = var.image
    		36 | 
    		37 |           port {
    		38 |             container_port = var.container_port
    		39 |           }
    		40 | 
    		41 |           dynamic "env" {
    		42 |             for_each = var.environment_variables
    		43 |             content {
    		44 |               name  = env.key
    		45 |               value = env.value
    		46 |             }
    		47 |           }
    		48 |         }
    		49 |       }
    		50 |     }
    		51 | 
    		52 |     selector {
    		53 |       match_labels = local.pod_labels
    		54 |     }
    		55 |   }
    		56 | }
    
    Check: CKV_K8S_30: "Apply security context to your pods and containers"
    	FAILED for resource: module.simple_webapp.kubernetes_deployment.app
    	File: /code/terraform/07-working-with-multiple-providers/modules/services/k8s-app/main.tf:19-56
    	Calling File: /code/terraform/07-working-with-multiple-providers/examples/kubernetes-local/main.tf:20-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-28.html
    
    		19 | resource "kubernetes_deployment" "app" {
    		20 |   metadata {
    		21 |     name = var.name
    		22 |   }
    		23 | 
    		24 |   spec {
    		25 |     replicas = var.replicas
    		26 | 
    		27 |     template {
    		28 |       metadata {
    		29 |         labels = local.pod_labels
    		30 |       }
    		31 | 
    		32 |       spec {
    		33 |         container {
    		34 |           name  = var.name
    		35 |           image = var.image
    		36 | 
    		37 |           port {
    		38 |             container_port = var.container_port
    		39 |           }
    		40 | 
    		41 |           dynamic "env" {
    		42 |             for_each = var.environment_variables
    		43 |             content {
    		44 |               name  = env.key
    		45 |               value = env.value
    		46 |             }
    		47 |           }
    		48 |         }
    		49 |       }
    		50 |     }
    		51 | 
    		52 |     selector {
    		53 |       match_labels = local.pod_labels
    		54 |     }
    		55 |   }
    		56 | }
    
    Check: CKV_K8S_29: "Apply security context to your pods, deployments and daemon_sets"
    	FAILED for resource: module.simple_webapp.kubernetes_deployment.app
    	File: /code/terraform/07-working-with-multiple-providers/modules/services/k8s-app/main.tf:19-56
    	Calling File: /code/terraform/07-working-with-multiple-providers/examples/kubernetes-local/main.tf:20-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-securitycontext-is-applied-to-pods-and-containers.html
    
    		19 | resource "kubernetes_deployment" "app" {
    		20 |   metadata {
    		21 |     name = var.name
    		22 |   }
    		23 | 
    		24 |   spec {
    		25 |     replicas = var.replicas
    		26 | 
    		27 |     template {
    		28 |       metadata {
    		29 |         labels = local.pod_labels
    		30 |       }
    		31 | 
    		32 |       spec {
    		33 |         container {
    		34 |           name  = var.name
    		35 |           image = var.image
    		36 | 
    		37 |           port {
    		38 |             container_port = var.container_port
    		39 |           }
    		40 | 
    		41 |           dynamic "env" {
    		42 |             for_each = var.environment_variables
    		43 |             content {
    		44 |               name  = env.key
    		45 |               value = env.value
    		46 |             }
    		47 |           }
    		48 |         }
    		49 |       }
    		50 |     }
    		51 | 
    		52 |     selector {
    		53 |       match_labels = local.pod_labels
    		54 |     }
    		55 |   }
    		56 | }
    
    Check: CKV_K8S_9: "Readiness Probe Should be Configured"
    	FAILED for resource: module.simple_webapp.kubernetes_deployment.app
    	File: /code/terraform/07-working-with-multiple-providers/modules/services/k8s-app/main.tf:19-56
    	Calling File: /code/terraform/07-working-with-multiple-providers/examples/kubernetes-local/main.tf:20-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-8.html
    
    		19 | resource "kubernetes_deployment" "app" {
    		20 |   metadata {
    		21 |     name = var.name
    		22 |   }
    		23 | 
    		24 |   spec {
    		25 |     replicas = var.replicas
    		26 | 
    		27 |     template {
    		28 |       metadata {
    		29 |         labels = local.pod_labels
    		30 |       }
    		31 | 
    		32 |       spec {
    		33 |         container {
    		34 |           name  = var.name
    		35 |           image = var.image
    		36 | 
    		37 |           port {
    		38 |             container_port = var.container_port
    		39 |           }
    		40 | 
    		41 |           dynamic "env" {
    		42 |             for_each = var.environment_variables
    		43 |             content {
    		44 |               name  = env.key
    		45 |               value = env.value
    		46 |             }
    		47 |           }
    		48 |         }
    		49 |       }
    		50 |     }
    		51 | 
    		52 |     selector {
    		53 |       match_labels = local.pod_labels
    		54 |     }
    		55 |   }
    		56 | }
    
    Check: CKV_K8S_43: "Image should use digest"
    	FAILED for resource: module.simple_webapp.kubernetes_deployment.app
    	File: /code/terraform/07-working-with-multiple-providers/modules/services/k8s-app/main.tf:19-56
    	Calling File: /code/terraform/07-working-with-multiple-providers/examples/kubernetes-local/main.tf:20-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-39.html
    
    		19 | resource "kubernetes_deployment" "app" {
    		20 |   metadata {
    		21 |     name = var.name
    		22 |   }
    		23 | 
    		24 |   spec {
    		25 |     replicas = var.replicas
    		26 | 
    		27 |     template {
    		28 |       metadata {
    		29 |         labels = local.pod_labels
    		30 |       }
    		31 | 
    		32 |       spec {
    		33 |         container {
    		34 |           name  = var.name
    		35 |           image = var.image
    		36 | 
    		37 |           port {
    		38 |             container_port = var.container_port
    		39 |           }
    		40 | 
    		41 |           dynamic "env" {
    		42 |             for_each = var.environment_variables
    		43 |             content {
    		44 |               name  = env.key
    		45 |               value = env.value
    		46 |             }
    		47 |           }
    		48 |         }
    		49 |       }
    		50 |     }
    		51 | 
    		52 |     selector {
    		53 |       match_labels = local.pod_labels
    		54 |     }
    		55 |   }
    		56 | }
    
    Check: CKV_K8S_8: "Liveness Probe Should be Configured"
    	FAILED for resource: module.simple_webapp.kubernetes_deployment.app
    	File: /code/terraform/07-working-with-multiple-providers/modules/services/k8s-app/main.tf:19-56
    	Calling File: /code/terraform/07-working-with-multiple-providers/examples/kubernetes-local/main.tf:20-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-7.html
    
    		19 | resource "kubernetes_deployment" "app" {
    		20 |   metadata {
    		21 |     name = var.name
    		22 |   }
    		23 | 
    		24 |   spec {
    		25 |     replicas = var.replicas
    		26 | 
    		27 |     template {
    		28 |       metadata {
    		29 |         labels = local.pod_labels
    		30 |       }
    		31 | 
    		32 |       spec {
    		33 |         container {
    		34 |           name  = var.name
    		35 |           image = var.image
    		36 | 
    		37 |           port {
    		38 |             container_port = var.container_port
    		39 |           }
    		40 | 
    		41 |           dynamic "env" {
    		42 |             for_each = var.environment_variables
    		43 |             content {
    		44 |               name  = env.key
    		45 |               value = env.value
    		46 |             }
    		47 |           }
    		48 |         }
    		49 |       }
    		50 |     }
    		51 | 
    		52 |     selector {
    		53 |       match_labels = local.pod_labels
    		54 |     }
    		55 |   }
    		56 | }
    
    Check: CKV_K8S_12: "Memory Limits should be set"
    	FAILED for resource: module.simple_webapp.kubernetes_deployment.app
    	File: /code/terraform/07-working-with-multiple-providers/modules/services/k8s-app/main.tf:19-56
    	Calling File: /code/terraform/07-working-with-multiple-providers/examples/kubernetes-local/main.tf:20-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-11.html
    
    		19 | resource "kubernetes_deployment" "app" {
    		20 |   metadata {
    		21 |     name = var.name
    		22 |   }
    		23 | 
    		24 |   spec {
    		25 |     replicas = var.replicas
    		26 | 
    		27 |     template {
    		28 |       metadata {
    		29 |         labels = local.pod_labels
    		30 |       }
    		31 | 
    		32 |       spec {
    		33 |         container {
    		34 |           name  = var.name
    		35 |           image = var.image
    		36 | 
    		37 |           port {
    		38 |             container_port = var.container_port
    		39 |           }
    		40 | 
    		41 |           dynamic "env" {
    		42 |             for_each = var.environment_variables
    		43 |             content {
    		44 |               name  = env.key
    		45 |               value = env.value
    		46 |             }
    		47 |           }
    		48 |         }
    		49 |       }
    		50 |     }
    		51 | 
    		52 |     selector {
    		53 |       match_labels = local.pod_labels
    		54 |     }
    		55 |   }
    		56 | }
    
    Check: CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability"
    	FAILED for resource: module.simple_webapp.kubernetes_deployment.app
    	File: /code/terraform/07-working-with-multiple-providers/modules/services/k8s-app/main.tf:19-56
    	Calling File: /code/terraform/07-working-with-multiple-providers/examples/kubernetes-local/main.tf:20-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-27.html
    
    		19 | resource "kubernetes_deployment" "app" {
    		20 |   metadata {
    		21 |     name = var.name
    		22 |   }
    		23 | 
    		24 |   spec {
    		25 |     replicas = var.replicas
    		26 | 
    		27 |     template {
    		28 |       metadata {
    		29 |         labels = local.pod_labels
    		30 |       }
    		31 | 
    		32 |       spec {
    		33 |         container {
    		34 |           name  = var.name
    		35 |           image = var.image
    		36 | 
    		37 |           port {
    		38 |             container_port = var.container_port
    		39 |           }
    		40 | 
    		41 |           dynamic "env" {
    		42 |             for_each = var.environment_variables
    		43 |             content {
    		44 |               name  = env.key
    		45 |               value = env.value
    		46 |             }
    		47 |           }
    		48 |         }
    		49 |       }
    		50 |     }
    		51 | 
    		52 |     selector {
    		53 |       match_labels = local.pod_labels
    		54 |     }
    		55 |   }
    		56 | }
    
    Check: CKV_K8S_13: "Memory requests should be set"
    	FAILED for resource: module.simple_webapp.kubernetes_deployment.app
    	File: /code/terraform/07-working-with-multiple-providers/modules/services/k8s-app/main.tf:19-56
    	Calling File: /code/terraform/07-working-with-multiple-providers/examples/kubernetes-local/main.tf:20-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-12.html
    
    		19 | resource "kubernetes_deployment" "app" {
    		20 |   metadata {
    		21 |     name = var.name
    		22 |   }
    		23 | 
    		24 |   spec {
    		25 |     replicas = var.replicas
    		26 | 
    		27 |     template {
    		28 |       metadata {
    		29 |         labels = local.pod_labels
    		30 |       }
    		31 | 
    		32 |       spec {
    		33 |         container {
    		34 |           name  = var.name
    		35 |           image = var.image
    		36 | 
    		37 |           port {
    		38 |             container_port = var.container_port
    		39 |           }
    		40 | 
    		41 |           dynamic "env" {
    		42 |             for_each = var.environment_variables
    		43 |             content {
    		44 |               name  = env.key
    		45 |               value = env.value
    		46 |             }
    		47 |           }
    		48 |         }
    		49 |       }
    		50 |     }
    		51 | 
    		52 |     selector {
    		53 |       match_labels = local.pod_labels
    		54 |     }
    		55 |   }
    		56 | }
    
    Check: CKV_K8S_15: "Image Pull Policy should be Always"
    	FAILED for resource: module.simple_webapp.kubernetes_deployment.app
    	File: /code/terraform/07-working-with-multiple-providers/modules/services/k8s-app/main.tf:19-56
    	Calling File: /code/terraform/07-working-with-multiple-providers/examples/kubernetes-local/main.tf:20-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-14.html
    
    		19 | resource "kubernetes_deployment" "app" {
    		20 |   metadata {
    		21 |     name = var.name
    		22 |   }
    		23 | 
    		24 |   spec {
    		25 |     replicas = var.replicas
    		26 | 
    		27 |     template {
    		28 |       metadata {
    		29 |         labels = local.pod_labels
    		30 |       }
    		31 | 
    		32 |       spec {
    		33 |         container {
    		34 |           name  = var.name
    		35 |           image = var.image
    		36 | 
    		37 |           port {
    		38 |             container_port = var.container_port
    		39 |           }
    		40 | 
    		41 |           dynamic "env" {
    		42 |             for_each = var.environment_variables
    		43 |             content {
    		44 |               name  = env.key
    		45 |               value = env.value
    		46 |             }
    		47 |           }
    		48 |         }
    		49 |       }
    		50 |     }
    		51 | 
    		52 |     selector {
    		53 |       match_labels = local.pod_labels
    		54 |     }
    		55 |   }
    		56 | }
    
    Check: CKV_K8S_14: "Image Tag should be fixed - not latest or blank"
    	FAILED for resource: module.simple_webapp.kubernetes_deployment.app
    	File: /code/terraform/07-working-with-multiple-providers/modules/services/k8s-app/main.tf:19-56
    	Calling File: /code/terraform/07-working-with-multiple-providers/examples/kubernetes-local/main.tf:20-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-13.html
    
    		19 | resource "kubernetes_deployment" "app" {
    		20 |   metadata {
    		21 |     name = var.name
    		22 |   }
    		23 | 
    		24 |   spec {
    		25 |     replicas = var.replicas
    		26 | 
    		27 |     template {
    		28 |       metadata {
    		29 |         labels = local.pod_labels
    		30 |       }
    		31 | 
    		32 |       spec {
    		33 |         container {
    		34 |           name  = var.name
    		35 |           image = var.image
    		36 | 
    		37 |           port {
    		38 |             container_port = var.container_port
    		39 |           }
    		40 | 
    		41 |           dynamic "env" {
    		42 |             for_each = var.environment_variables
    		43 |             content {
    		44 |               name  = env.key
    		45 |               value = env.value
    		46 |             }
    		47 |           }
    		48 |         }
    		49 |       }
    		50 |     }
    		51 | 
    		52 |     selector {
    		53 |       match_labels = local.pod_labels
    		54 |     }
    		55 |   }
    		56 | }
    
    Check: CKV_K8S_21: "The default namespace should not be used"
    	FAILED for resource: module.simple_webapp.kubernetes_service.app
    	File: /code/terraform/07-working-with-multiple-providers/modules/services/k8s-app/main.tf:60-74
    	Calling File: /code/terraform/07-working-with-multiple-providers/examples/kubernetes-local/main.tf:20-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20.html
    
    		60 | resource "kubernetes_service" "app" {
    		61 |   metadata {
    		62 |     name = var.name
    		63 |   }
    		64 | 
    		65 |   spec {
    		66 |     type = "LoadBalancer"
    		67 |     port {
    		68 |       port        = 80
    		69 |       target_port = var.container_port
    		70 |       protocol    = "TCP"
    		71 |     }
    		72 |     selector = local.pod_labels
    		73 |   }
    		74 | }
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/more-than-terraform/local-exec-provisioner/main.tf:16-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   provisioner "local-exec" {
    		21 |     command = "echo \"Hello, World from $(uname -smp)\""
    		22 |   }
    		23 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/more-than-terraform/local-exec-provisioner/main.tf:16-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   provisioner "local-exec" {
    		21 |     command = "echo \"Hello, World from $(uname -smp)\""
    		22 |   }
    		23 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/more-than-terraform/local-exec-provisioner/main.tf:16-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   provisioner "local-exec" {
    		21 |     command = "echo \"Hello, World from $(uname -smp)\""
    		22 |   }
    		23 | }
    
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/more-than-terraform/local-exec-provisioner/main.tf:16-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   provisioner "local-exec" {
    		21 |     command = "echo \"Hello, World from $(uname -smp)\""
    		22 |   }
    		23 | }
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/more-than-terraform/remote-exec-provisioner/main.tf:41-58
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		41 | resource "aws_instance" "example" {
    		42 |   ami                    = data.aws_ami.ubuntu.id
    		43 |   instance_type          = "t2.micro"
    		44 |   vpc_security_group_ids = [aws_security_group.instance.id]
    		45 |   key_name               = aws_key_pair.generated_key.key_name
    		46 | 
    		47 |   provisioner "remote-exec" {
    		48 |     inline = ["echo \"Hello, World from $(uname -smp)\""]
    		49 |   }
    		50 | 
    		51 |   connection {
    		52 |     type        = "ssh"
    		53 |     host        = self.public_ip
    		54 |     user        = "ubuntu"
    		55 |     private_key = tls_private_key.example.private_key_pem
    		56 |   }
    		57 | 
    		58 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/more-than-terraform/remote-exec-provisioner/main.tf:41-58
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		41 | resource "aws_instance" "example" {
    		42 |   ami                    = data.aws_ami.ubuntu.id
    		43 |   instance_type          = "t2.micro"
    		44 |   vpc_security_group_ids = [aws_security_group.instance.id]
    		45 |   key_name               = aws_key_pair.generated_key.key_name
    		46 | 
    		47 |   provisioner "remote-exec" {
    		48 |     inline = ["echo \"Hello, World from $(uname -smp)\""]
    		49 |   }
    		50 | 
    		51 |   connection {
    		52 |     type        = "ssh"
    		53 |     host        = self.public_ip
    		54 |     user        = "ubuntu"
    		55 |     private_key = tls_private_key.example.private_key_pem
    		56 |   }
    		57 | 
    		58 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/more-than-terraform/remote-exec-provisioner/main.tf:41-58
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		41 | resource "aws_instance" "example" {
    		42 |   ami                    = data.aws_ami.ubuntu.id
    		43 |   instance_type          = "t2.micro"
    		44 |   vpc_security_group_ids = [aws_security_group.instance.id]
    		45 |   key_name               = aws_key_pair.generated_key.key_name
    		46 | 
    		47 |   provisioner "remote-exec" {
    		48 |     inline = ["echo \"Hello, World from $(uname -smp)\""]
    		49 |   }
    		50 | 
    		51 |   connection {
    		52 |     type        = "ssh"
    		53 |     host        = self.public_ip
    		54 |     user        = "ubuntu"
    		55 |     private_key = tls_private_key.example.private_key_pem
    		56 |   }
    		57 | 
    		58 | }
    
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/more-than-terraform/remote-exec-provisioner/main.tf:41-58
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		41 | resource "aws_instance" "example" {
    		42 |   ami                    = data.aws_ami.ubuntu.id
    		43 |   instance_type          = "t2.micro"
    		44 |   vpc_security_group_ids = [aws_security_group.instance.id]
    		45 |   key_name               = aws_key_pair.generated_key.key_name
    		46 | 
    		47 |   provisioner "remote-exec" {
    		48 |     inline = ["echo \"Hello, World from $(uname -smp)\""]
    		49 |   }
    		50 | 
    		51 |   connection {
    		52 |     type        = "ssh"
    		53 |     host        = self.public_ip
    		54 |     user        = "ubuntu"
    		55 |     private_key = tls_private_key.example.private_key_pem
    		56 |   }
    		57 | 
    		58 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: aws_security_group.instance
    	File: /code/terraform/08-production-grade-infrastructure/more-than-terraform/remote-exec-provisioner/main.tf:60-70
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		60 | resource "aws_security_group" "instance" {
    		61 |   ingress {
    		62 |     from_port = 22
    		63 |     to_port   = 22
    		64 |     protocol  = "tcp"
    		65 | 
    		66 |     # To make this example easy to try out, we allow all SSH connections.
    		67 |     # In real world usage, you should lock this down to solely trusted IPs.
    		68 |     cidr_blocks = ["0.0.0.0/0"]
    		69 |   }
    		70 | }
    
    Check: CKV_AWS_24: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 22"
    	FAILED for resource: aws_security_group.instance
    	File: /code/terraform/08-production-grade-infrastructure/more-than-terraform/remote-exec-provisioner/main.tf:60-70
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-1-port-security.html
    
    		60 | resource "aws_security_group" "instance" {
    		61 |   ingress {
    		62 |     from_port = 22
    		63 |     to_port   = 22
    		64 |     protocol  = "tcp"
    		65 | 
    		66 |     # To make this example easy to try out, we allow all SSH connections.
    		67 |     # In real world usage, you should lock this down to solely trusted IPs.
    		68 |     cidr_blocks = ["0.0.0.0/0"]
    		69 |   }
    		70 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: module.asg.aws_launch_configuration.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/cluster/asg-rolling-deploy/main.tf:12-26
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/examples/asg/main.tf:16-29
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		12 | resource "aws_launch_configuration" "example" {
    		13 |   image_id        = var.ami
    		14 |   instance_type   = var.instance_type
    		15 |   security_groups = [aws_security_group.instance.id]
    		16 |   user_data       = var.user_data
    		17 | 
    		18 |   # Required when using a launch configuration with an auto scaling group.
    		19 |   lifecycle {
    		20 |     create_before_destroy = true
    		21 |     precondition {
    		22 |       condition     = data.aws_ec2_instance_type.instance.free_tier_eligible
    		23 |       error_message = "${var.instance_type} is not part of the AWS Free Tier!"
    		24 |     }
    		25 |   }
    		26 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: module.asg.aws_launch_configuration.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/cluster/asg-rolling-deploy/main.tf:12-26
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/examples/asg/main.tf:16-29
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		12 | resource "aws_launch_configuration" "example" {
    		13 |   image_id        = var.ami
    		14 |   instance_type   = var.instance_type
    		15 |   security_groups = [aws_security_group.instance.id]
    		16 |   user_data       = var.user_data
    		17 | 
    		18 |   # Required when using a launch configuration with an auto scaling group.
    		19 |   lifecycle {
    		20 |     create_before_destroy = true
    		21 |     precondition {
    		22 |       condition     = data.aws_ec2_instance_type.instance.free_tier_eligible
    		23 |       error_message = "${var.instance_type} is not part of the AWS Free Tier!"
    		24 |     }
    		25 |   }
    		26 | }
    
    Check: CKV_AWS_315: "Ensure EC2 Auto Scaling groups use EC2 launch templates"
    	FAILED for resource: module.asg.aws_autoscaling_group.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/cluster/asg-rolling-deploy/main.tf:28-76
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/examples/asg/main.tf:16-29
    
    		28 | resource "aws_autoscaling_group" "example" {
    		29 |   name                 = var.cluster_name
    		30 |   launch_configuration = aws_launch_configuration.example.name
    		31 | 
    		32 |   vpc_zone_identifier  = var.subnet_ids
    		33 | 
    		34 |   # Configure integrations with a load balancer
    		35 |   target_group_arns    = var.target_group_arns
    		36 |   health_check_type    = var.health_check_type
    		37 | 
    		38 |   min_size = var.min_size
    		39 |   max_size = var.max_size
    		40 | 
    		41 |   # Use instance refresh to roll out changes to the ASG
    		42 |   instance_refresh {
    		43 |     strategy = "Rolling"
    		44 |     preferences {
    		45 |       min_healthy_percentage = 50
    		46 |     }
    		47 |   }
    		48 | 
    		49 |   tag {
    		50 |     key                 = "Name"
    		51 |     value               = var.cluster_name
    		52 |     propagate_at_launch = true
    		53 |   }
    		54 | 
    		55 |   dynamic "tag" {
    		56 |     for_each = {
    		57 |       for key, value in var.custom_tags:
    		58 |       key => upper(value)
    		59 |       if key != "Name"
    		60 |     }
    		61 | 
    		62 |     content {
    		63 |       key                 = tag.key
    		64 |       value               = tag.value
    		65 |       propagate_at_launch = true
    		66 |     }
    		67 |   }
    		68 | 
    		69 |   lifecycle {
    		70 |     postcondition {
    		71 |       condition     = length(self.availability_zones) > 1
    		72 |       error_message = "You must use more than one AZ for high availability!"
    		73 |     }
    		74 |   }
    		75 | 
    		76 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.asg.aws_security_group.instance
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/cluster/asg-rolling-deploy/main.tf:100-102
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/examples/asg/main.tf:16-29
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		100 | resource "aws_security_group" "instance" {
    		101 |   name = "${var.cluster_name}-instance"
    		102 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.asg.aws_security_group_rule.allow_server_http_inbound
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/cluster/asg-rolling-deploy/main.tf:104-112
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/examples/asg/main.tf:16-29
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		104 | resource "aws_security_group_rule" "allow_server_http_inbound" {
    		105 |   type              = "ingress"
    		106 |   security_group_id = aws_security_group.instance.id
    		107 | 
    		108 |   from_port   = var.server_port
    		109 |   to_port     = var.server_port
    		110 |   protocol    = local.tcp_protocol
    		111 |   cidr_blocks = local.all_ips
    		112 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: module.hello_world_app.module.asg.aws_launch_configuration.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/cluster/asg-rolling-deploy/main.tf:12-26
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/services/hello-world-app/main.tf:14-37
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		12 | resource "aws_launch_configuration" "example" {
    		13 |   image_id        = var.ami
    		14 |   instance_type   = var.instance_type
    		15 |   security_groups = [aws_security_group.instance.id]
    		16 |   user_data       = var.user_data
    		17 | 
    		18 |   # Required when using a launch configuration with an auto scaling group.
    		19 |   lifecycle {
    		20 |     create_before_destroy = true
    		21 |     precondition {
    		22 |       condition     = data.aws_ec2_instance_type.instance.free_tier_eligible
    		23 |       error_message = "${var.instance_type} is not part of the AWS Free Tier!"
    		24 |     }
    		25 |   }
    		26 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: module.hello_world_app.module.asg.aws_launch_configuration.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/cluster/asg-rolling-deploy/main.tf:12-26
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/services/hello-world-app/main.tf:14-37
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		12 | resource "aws_launch_configuration" "example" {
    		13 |   image_id        = var.ami
    		14 |   instance_type   = var.instance_type
    		15 |   security_groups = [aws_security_group.instance.id]
    		16 |   user_data       = var.user_data
    		17 | 
    		18 |   # Required when using a launch configuration with an auto scaling group.
    		19 |   lifecycle {
    		20 |     create_before_destroy = true
    		21 |     precondition {
    		22 |       condition     = data.aws_ec2_instance_type.instance.free_tier_eligible
    		23 |       error_message = "${var.instance_type} is not part of the AWS Free Tier!"
    		24 |     }
    		25 |   }
    		26 | }
    
    Check: CKV_AWS_315: "Ensure EC2 Auto Scaling groups use EC2 launch templates"
    	FAILED for resource: module.hello_world_app.module.asg.aws_autoscaling_group.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/cluster/asg-rolling-deploy/main.tf:28-76
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/services/hello-world-app/main.tf:14-37
    
    		28 | resource "aws_autoscaling_group" "example" {
    		29 |   name                 = var.cluster_name
    		30 |   launch_configuration = aws_launch_configuration.example.name
    		31 | 
    		32 |   vpc_zone_identifier  = var.subnet_ids
    		33 | 
    		34 |   # Configure integrations with a load balancer
    		35 |   target_group_arns    = var.target_group_arns
    		36 |   health_check_type    = var.health_check_type
    		37 | 
    		38 |   min_size = var.min_size
    		39 |   max_size = var.max_size
    		40 | 
    		41 |   # Use instance refresh to roll out changes to the ASG
    		42 |   instance_refresh {
    		43 |     strategy = "Rolling"
    		44 |     preferences {
    		45 |       min_healthy_percentage = 50
    		46 |     }
    		47 |   }
    		48 | 
    		49 |   tag {
    		50 |     key                 = "Name"
    		51 |     value               = var.cluster_name
    		52 |     propagate_at_launch = true
    		53 |   }
    		54 | 
    		55 |   dynamic "tag" {
    		56 |     for_each = {
    		57 |       for key, value in var.custom_tags:
    		58 |       key => upper(value)
    		59 |       if key != "Name"
    		60 |     }
    		61 | 
    		62 |     content {
    		63 |       key                 = tag.key
    		64 |       value               = tag.value
    		65 |       propagate_at_launch = true
    		66 |     }
    		67 |   }
    		68 | 
    		69 |   lifecycle {
    		70 |     postcondition {
    		71 |       condition     = length(self.availability_zones) > 1
    		72 |       error_message = "You must use more than one AZ for high availability!"
    		73 |     }
    		74 |   }
    		75 | 
    		76 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.hello_world_app.module.asg.aws_security_group.instance
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/cluster/asg-rolling-deploy/main.tf:100-102
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/services/hello-world-app/main.tf:14-37
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		100 | resource "aws_security_group" "instance" {
    		101 |   name = "${var.cluster_name}-instance"
    		102 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.hello_world_app.module.asg.aws_security_group_rule.allow_server_http_inbound
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/cluster/asg-rolling-deploy/main.tf:104-112
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/services/hello-world-app/main.tf:14-37
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		104 | resource "aws_security_group_rule" "allow_server_http_inbound" {
    		105 |   type              = "ingress"
    		106 |   security_group_id = aws_security_group.instance.id
    		107 | 
    		108 |   from_port   = var.server_port
    		109 |   to_port     = var.server_port
    		110 |   protocol    = local.tcp_protocol
    		111 |   cidr_blocks = local.all_ips
    		112 | }
    
    Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/data-stores/mysql/main.tf:12-21
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/live/stage/data-stores/mysql/main.tf:27-33
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/data-stores/mysql/main.tf:12-21
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/live/stage/data-stores/mysql/main.tf:27-33
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV_AWS_161: "Ensure RDS database has IAM authentication enabled"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/data-stores/mysql/main.tf:12-21
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/live/stage/data-stores/mysql/main.tf:27-33
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-database-has-iam-authentication-enabled.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/data-stores/mysql/main.tf:12-21
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/live/stage/data-stores/mysql/main.tf:27-33
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/data-stores/mysql/main.tf:12-21
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/live/stage/data-stores/mysql/main.tf:27-33
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/data-stores/mysql/main.tf:12-21
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/live/stage/data-stores/mysql/main.tf:27-33
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/data-stores/mysql/main.tf:12-21
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/live/stage/data-stores/mysql/main.tf:27-33
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/data-stores/mysql/main.tf:12-21
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/live/stage/data-stores/mysql/main.tf:27-33
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/data-stores/mysql/main.tf:12-21
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/live/stage/data-stores/mysql/main.tf:27-33
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV_AWS_131: "Ensure that ALB drops HTTP headers"
    	FAILED for resource: module.alb.aws_lb.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:12-19
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/examples/alb/main.tf:16-21
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-drops-http-headers.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 | 
    		16 |   subnets            = var.subnet_ids
    		17 | 
    		18 |   security_groups    = [aws_security_group.alb.id]
    		19 | }
    
    Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
    	FAILED for resource: module.alb.aws_lb.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:12-19
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/examples/alb/main.tf:16-21
    	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 | 
    		16 |   subnets            = var.subnet_ids
    		17 | 
    		18 |   security_groups    = [aws_security_group.alb.id]
    		19 | }
    
    Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
    	FAILED for resource: module.alb.aws_lb.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:12-19
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/examples/alb/main.tf:16-21
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-22.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 | 
    		16 |   subnets            = var.subnet_ids
    		17 | 
    		18 |   security_groups    = [aws_security_group.alb.id]
    		19 | }
    
    Check: CKV_AWS_2: "Ensure ALB protocol is HTTPS"
    	FAILED for resource: module.alb.aws_lb_listener.http
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:21-36
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/examples/alb/main.tf:16-21
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-29.html
    
    		21 | resource "aws_lb_listener" "http" {
    		22 |   load_balancer_arn = aws_lb.example.arn
    		23 |   port              = local.http_port
    		24 |   protocol          = "HTTP"
    		25 | 
    		26 |   # By default, return a simple 404 page
    		27 |   default_action {
    		28 |     type = "fixed-response"
    		29 | 
    		30 |     fixed_response {
    		31 |       content_type = "text/plain"
    		32 |       message_body = "404: page not found"
    		33 |       status_code  = 404
    		34 |     }
    		35 |   }
    		36 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.alb.aws_security_group.alb
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:38-40
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/examples/alb/main.tf:16-21
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		38 | resource "aws_security_group" "alb" {
    		39 |   name = var.alb_name
    		40 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.alb.aws_security_group_rule.allow_http_inbound
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:42-50
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/examples/alb/main.tf:16-21
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		42 | resource "aws_security_group_rule" "allow_http_inbound" {
    		43 |   type              = "ingress"
    		44 |   security_group_id = aws_security_group.alb.id
    		45 | 
    		46 |   from_port   = local.http_port
    		47 |   to_port     = local.http_port
    		48 |   protocol    = local.tcp_protocol
    		49 |   cidr_blocks = local.all_ips
    		50 | }
    
    Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
    	FAILED for resource: module.alb.aws_security_group_rule.allow_http_inbound
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:42-50
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/examples/alb/main.tf:16-21
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
    
    		42 | resource "aws_security_group_rule" "allow_http_inbound" {
    		43 |   type              = "ingress"
    		44 |   security_group_id = aws_security_group.alb.id
    		45 | 
    		46 |   from_port   = local.http_port
    		47 |   to_port     = local.http_port
    		48 |   protocol    = local.tcp_protocol
    		49 |   cidr_blocks = local.all_ips
    		50 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.alb.aws_security_group_rule.allow_all_outbound
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:52-60
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/examples/alb/main.tf:16-21
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		52 | resource "aws_security_group_rule" "allow_all_outbound" {
    		53 |   type              = "egress"
    		54 |   security_group_id = aws_security_group.alb.id
    		55 | 
    		56 |   from_port   = local.any_port
    		57 |   to_port     = local.any_port
    		58 |   protocol    = local.any_protocol
    		59 |   cidr_blocks = local.all_ips
    		60 | }
    
    Check: CKV_AWS_131: "Ensure that ALB drops HTTP headers"
    	FAILED for resource: module.hello_world_app.module.alb.aws_lb.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:12-19
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/services/hello-world-app/main.tf:39-44
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-drops-http-headers.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 | 
    		16 |   subnets            = var.subnet_ids
    		17 | 
    		18 |   security_groups    = [aws_security_group.alb.id]
    		19 | }
    
    Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
    	FAILED for resource: module.hello_world_app.module.alb.aws_lb.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:12-19
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/services/hello-world-app/main.tf:39-44
    	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 | 
    		16 |   subnets            = var.subnet_ids
    		17 | 
    		18 |   security_groups    = [aws_security_group.alb.id]
    		19 | }
    
    Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
    	FAILED for resource: module.hello_world_app.module.alb.aws_lb.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:12-19
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/services/hello-world-app/main.tf:39-44
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-22.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 | 
    		16 |   subnets            = var.subnet_ids
    		17 | 
    		18 |   security_groups    = [aws_security_group.alb.id]
    		19 | }
    
    Check: CKV_AWS_2: "Ensure ALB protocol is HTTPS"
    	FAILED for resource: module.hello_world_app.module.alb.aws_lb_listener.http
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:21-36
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/services/hello-world-app/main.tf:39-44
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-29.html
    
    		21 | resource "aws_lb_listener" "http" {
    		22 |   load_balancer_arn = aws_lb.example.arn
    		23 |   port              = local.http_port
    		24 |   protocol          = "HTTP"
    		25 | 
    		26 |   # By default, return a simple 404 page
    		27 |   default_action {
    		28 |     type = "fixed-response"
    		29 | 
    		30 |     fixed_response {
    		31 |       content_type = "text/plain"
    		32 |       message_body = "404: page not found"
    		33 |       status_code  = 404
    		34 |     }
    		35 |   }
    		36 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.hello_world_app.module.alb.aws_security_group.alb
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:38-40
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/services/hello-world-app/main.tf:39-44
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		38 | resource "aws_security_group" "alb" {
    		39 |   name = var.alb_name
    		40 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.hello_world_app.module.alb.aws_security_group_rule.allow_http_inbound
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:42-50
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/services/hello-world-app/main.tf:39-44
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		42 | resource "aws_security_group_rule" "allow_http_inbound" {
    		43 |   type              = "ingress"
    		44 |   security_group_id = aws_security_group.alb.id
    		45 | 
    		46 |   from_port   = local.http_port
    		47 |   to_port     = local.http_port
    		48 |   protocol    = local.tcp_protocol
    		49 |   cidr_blocks = local.all_ips
    		50 | }
    
    Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
    	FAILED for resource: module.hello_world_app.module.alb.aws_security_group_rule.allow_http_inbound
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:42-50
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/services/hello-world-app/main.tf:39-44
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
    
    		42 | resource "aws_security_group_rule" "allow_http_inbound" {
    		43 |   type              = "ingress"
    		44 |   security_group_id = aws_security_group.alb.id
    		45 | 
    		46 |   from_port   = local.http_port
    		47 |   to_port     = local.http_port
    		48 |   protocol    = local.tcp_protocol
    		49 |   cidr_blocks = local.all_ips
    		50 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.hello_world_app.module.alb.aws_security_group_rule.allow_all_outbound
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:52-60
    	Calling File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/services/hello-world-app/main.tf:39-44
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		52 | resource "aws_security_group_rule" "allow_all_outbound" {
    		53 |   type              = "egress"
    		54 |   security_group_id = aws_security_group.alb.id
    		55 | 
    		56 |   from_port   = local.any_port
    		57 |   to_port     = local.any_port
    		58 |   protocol    = local.any_protocol
    		59 |   cidr_blocks = local.all_ips
    		60 | }
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/09-testing-terraform-code/examples/opa/main.tf:16-21
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   tags = var.tags
    		21 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/09-testing-terraform-code/examples/opa/main.tf:16-21
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   tags = var.tags
    		21 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/09-testing-terraform-code/examples/opa/main.tf:16-21
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   tags = var.tags
    		21 | }
    
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/09-testing-terraform-code/examples/opa/main.tf:16-21
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   tags = var.tags
    		21 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: module.asg.aws_launch_configuration.example
    	File: /code/terraform/09-testing-terraform-code/modules/cluster/asg-rolling-deploy/main.tf:12-22
    	Calling File: /code/terraform/09-testing-terraform-code/examples/asg/main.tf:16-29
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		12 | resource "aws_launch_configuration" "example" {
    		13 |   image_id        = var.ami
    		14 |   instance_type   = var.instance_type
    		15 |   security_groups = [aws_security_group.instance.id]
    		16 |   user_data       = var.user_data
    		17 | 
    		18 |   # Required when using a launch configuration with an auto scaling group.
    		19 |   lifecycle {
    		20 |     create_before_destroy = true
    		21 |   }
    		22 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: module.asg.aws_launch_configuration.example
    	File: /code/terraform/09-testing-terraform-code/modules/cluster/asg-rolling-deploy/main.tf:12-22
    	Calling File: /code/terraform/09-testing-terraform-code/examples/asg/main.tf:16-29
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		12 | resource "aws_launch_configuration" "example" {
    		13 |   image_id        = var.ami
    		14 |   instance_type   = var.instance_type
    		15 |   security_groups = [aws_security_group.instance.id]
    		16 |   user_data       = var.user_data
    		17 | 
    		18 |   # Required when using a launch configuration with an auto scaling group.
    		19 |   lifecycle {
    		20 |     create_before_destroy = true
    		21 |   }
    		22 | }
    
    Check: CKV_AWS_315: "Ensure EC2 Auto Scaling groups use EC2 launch templates"
    	FAILED for resource: module.asg.aws_autoscaling_group.example
    	File: /code/terraform/09-testing-terraform-code/modules/cluster/asg-rolling-deploy/main.tf:24-63
    	Calling File: /code/terraform/09-testing-terraform-code/examples/asg/main.tf:16-29
    
    		24 | resource "aws_autoscaling_group" "example" {
    		25 |   name                 = var.cluster_name
    		26 |   launch_configuration = aws_launch_configuration.example.name
    		27 |   vpc_zone_identifier  = var.subnet_ids
    		28 | 
    		29 |   # Configure integrations with a load balancer
    		30 |   target_group_arns    = var.target_group_arns
    		31 |   health_check_type    = var.health_check_type
    		32 | 
    		33 |   min_size = var.min_size
    		34 |   max_size = var.max_size
    		35 | 
    		36 |   # Use instance refresh to roll out changes to the ASG
    		37 |   instance_refresh {
    		38 |     strategy = "Rolling"
    		39 |     preferences {
    		40 |       min_healthy_percentage = 50
    		41 |     }
    		42 |   }
    		43 | 
    		44 |   tag {
    		45 |     key                 = "Name"
    		46 |     value               = var.cluster_name
    		47 |     propagate_at_launch = true
    		48 |   }
    		49 | 
    		50 |   dynamic "tag" {
    		51 |     for_each = {
    		52 |       for key, value in var.custom_tags:
    		53 |       key => upper(value)
    		54 |       if key != "Name"
    		55 |     }
    		56 | 
    		57 |     content {
    		58 |       key                 = tag.key
    		59 |       value               = tag.value
    		60 |       propagate_at_launch = true
    		61 |     }
    		62 |   }
    		63 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.asg.aws_security_group.instance
    	File: /code/terraform/09-testing-terraform-code/modules/cluster/asg-rolling-deploy/main.tf:87-89
    	Calling File: /code/terraform/09-testing-terraform-code/examples/asg/main.tf:16-29
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		87 | resource "aws_security_group" "instance" {
    		88 |   name = "${var.cluster_name}-instance"
    		89 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.asg.aws_security_group_rule.allow_server_http_inbound
    	File: /code/terraform/09-testing-terraform-code/modules/cluster/asg-rolling-deploy/main.tf:91-99
    	Calling File: /code/terraform/09-testing-terraform-code/examples/asg/main.tf:16-29
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		91 | resource "aws_security_group_rule" "allow_server_http_inbound" {
    		92 |   type              = "ingress"
    		93 |   security_group_id = aws_security_group.instance.id
    		94 | 
    		95 |   from_port   = var.server_port
    		96 |   to_port     = var.server_port
    		97 |   protocol    = local.tcp_protocol
    		98 |   cidr_blocks = local.all_ips
    		99 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: module.hello_world_app.module.asg.aws_launch_configuration.example
    	File: /code/terraform/09-testing-terraform-code/modules/cluster/asg-rolling-deploy/main.tf:12-22
    	Calling File: /code/terraform/09-testing-terraform-code/modules/services/hello-world-app/main.tf:13-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		12 | resource "aws_launch_configuration" "example" {
    		13 |   image_id        = var.ami
    		14 |   instance_type   = var.instance_type
    		15 |   security_groups = [aws_security_group.instance.id]
    		16 |   user_data       = var.user_data
    		17 | 
    		18 |   # Required when using a launch configuration with an auto scaling group.
    		19 |   lifecycle {
    		20 |     create_before_destroy = true
    		21 |   }
    		22 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: module.hello_world_app.module.asg.aws_launch_configuration.example
    	File: /code/terraform/09-testing-terraform-code/modules/cluster/asg-rolling-deploy/main.tf:12-22
    	Calling File: /code/terraform/09-testing-terraform-code/modules/services/hello-world-app/main.tf:13-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		12 | resource "aws_launch_configuration" "example" {
    		13 |   image_id        = var.ami
    		14 |   instance_type   = var.instance_type
    		15 |   security_groups = [aws_security_group.instance.id]
    		16 |   user_data       = var.user_data
    		17 | 
    		18 |   # Required when using a launch configuration with an auto scaling group.
    		19 |   lifecycle {
    		20 |     create_before_destroy = true
    		21 |   }
    		22 | }
    
    Check: CKV_AWS_315: "Ensure EC2 Auto Scaling groups use EC2 launch templates"
    	FAILED for resource: module.hello_world_app.module.asg.aws_autoscaling_group.example
    	File: /code/terraform/09-testing-terraform-code/modules/cluster/asg-rolling-deploy/main.tf:24-63
    	Calling File: /code/terraform/09-testing-terraform-code/modules/services/hello-world-app/main.tf:13-36
    
    		24 | resource "aws_autoscaling_group" "example" {
    		25 |   name                 = var.cluster_name
    		26 |   launch_configuration = aws_launch_configuration.example.name
    		27 |   vpc_zone_identifier  = var.subnet_ids
    		28 | 
    		29 |   # Configure integrations with a load balancer
    		30 |   target_group_arns    = var.target_group_arns
    		31 |   health_check_type    = var.health_check_type
    		32 | 
    		33 |   min_size = var.min_size
    		34 |   max_size = var.max_size
    		35 | 
    		36 |   # Use instance refresh to roll out changes to the ASG
    		37 |   instance_refresh {
    		38 |     strategy = "Rolling"
    		39 |     preferences {
    		40 |       min_healthy_percentage = 50
    		41 |     }
    		42 |   }
    		43 | 
    		44 |   tag {
    		45 |     key                 = "Name"
    		46 |     value               = var.cluster_name
    		47 |     propagate_at_launch = true
    		48 |   }
    		49 | 
    		50 |   dynamic "tag" {
    		51 |     for_each = {
    		52 |       for key, value in var.custom_tags:
    		53 |       key => upper(value)
    		54 |       if key != "Name"
    		55 |     }
    		56 | 
    		57 |     content {
    		58 |       key                 = tag.key
    		59 |       value               = tag.value
    		60 |       propagate_at_launch = true
    		61 |     }
    		62 |   }
    		63 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.hello_world_app.module.asg.aws_security_group.instance
    	File: /code/terraform/09-testing-terraform-code/modules/cluster/asg-rolling-deploy/main.tf:87-89
    	Calling File: /code/terraform/09-testing-terraform-code/modules/services/hello-world-app/main.tf:13-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		87 | resource "aws_security_group" "instance" {
    		88 |   name = "${var.cluster_name}-instance"
    		89 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.hello_world_app.module.asg.aws_security_group_rule.allow_server_http_inbound
    	File: /code/terraform/09-testing-terraform-code/modules/cluster/asg-rolling-deploy/main.tf:91-99
    	Calling File: /code/terraform/09-testing-terraform-code/modules/services/hello-world-app/main.tf:13-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		91 | resource "aws_security_group_rule" "allow_server_http_inbound" {
    		92 |   type              = "ingress"
    		93 |   security_group_id = aws_security_group.instance.id
    		94 | 
    		95 |   from_port   = var.server_port
    		96 |   to_port     = var.server_port
    		97 |   protocol    = local.tcp_protocol
    		98 |   cidr_blocks = local.all_ips
    		99 | }
    
    Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/09-testing-terraform-code/modules/data-stores/mysql/main.tf:12-21
    	Calling File: /code/terraform/09-testing-terraform-code/live/stage/data-stores/mysql/main.tf:29-35
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/09-testing-terraform-code/modules/data-stores/mysql/main.tf:12-21
    	Calling File: /code/terraform/09-testing-terraform-code/live/stage/data-stores/mysql/main.tf:29-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV_AWS_161: "Ensure RDS database has IAM authentication enabled"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/09-testing-terraform-code/modules/data-stores/mysql/main.tf:12-21
    	Calling File: /code/terraform/09-testing-terraform-code/live/stage/data-stores/mysql/main.tf:29-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-database-has-iam-authentication-enabled.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/09-testing-terraform-code/modules/data-stores/mysql/main.tf:12-21
    	Calling File: /code/terraform/09-testing-terraform-code/live/stage/data-stores/mysql/main.tf:29-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/09-testing-terraform-code/modules/data-stores/mysql/main.tf:12-21
    	Calling File: /code/terraform/09-testing-terraform-code/live/stage/data-stores/mysql/main.tf:29-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/09-testing-terraform-code/modules/data-stores/mysql/main.tf:12-21
    	Calling File: /code/terraform/09-testing-terraform-code/live/stage/data-stores/mysql/main.tf:29-35
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/09-testing-terraform-code/modules/data-stores/mysql/main.tf:12-21
    	Calling File: /code/terraform/09-testing-terraform-code/live/stage/data-stores/mysql/main.tf:29-35
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/09-testing-terraform-code/modules/data-stores/mysql/main.tf:12-21
    	Calling File: /code/terraform/09-testing-terraform-code/live/stage/data-stores/mysql/main.tf:29-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/09-testing-terraform-code/modules/data-stores/mysql/main.tf:12-21
    	Calling File: /code/terraform/09-testing-terraform-code/live/stage/data-stores/mysql/main.tf:29-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV_AWS_131: "Ensure that ALB drops HTTP headers"
    	FAILED for resource: module.alb.aws_lb.example
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:12-17
    	Calling File: /code/terraform/09-testing-terraform-code/examples/alb/main.tf:16-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-drops-http-headers.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 |   subnets            = var.subnet_ids
    		16 |   security_groups    = [aws_security_group.alb.id]
    		17 | }
    
    Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
    	FAILED for resource: module.alb.aws_lb.example
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:12-17
    	Calling File: /code/terraform/09-testing-terraform-code/examples/alb/main.tf:16-22
    	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 |   subnets            = var.subnet_ids
    		16 |   security_groups    = [aws_security_group.alb.id]
    		17 | }
    
    Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
    	FAILED for resource: module.alb.aws_lb.example
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:12-17
    	Calling File: /code/terraform/09-testing-terraform-code/examples/alb/main.tf:16-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-22.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 |   subnets            = var.subnet_ids
    		16 |   security_groups    = [aws_security_group.alb.id]
    		17 | }
    
    Check: CKV_AWS_2: "Ensure ALB protocol is HTTPS"
    	FAILED for resource: module.alb.aws_lb_listener.http
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:19-34
    	Calling File: /code/terraform/09-testing-terraform-code/examples/alb/main.tf:16-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-29.html
    
    		19 | resource "aws_lb_listener" "http" {
    		20 |   load_balancer_arn = aws_lb.example.arn
    		21 |   port              = local.http_port
    		22 |   protocol          = "HTTP"
    		23 | 
    		24 |   # By default, return a simple 404 page
    		25 |   default_action {
    		26 |     type = "fixed-response"
    		27 | 
    		28 |     fixed_response {
    		29 |       content_type = "text/plain"
    		30 |       message_body = "404: page not found"
    		31 |       status_code  = 404
    		32 |     }
    		33 |   }
    		34 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.alb.aws_security_group.alb
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:36-38
    	Calling File: /code/terraform/09-testing-terraform-code/examples/alb/main.tf:16-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		36 | resource "aws_security_group" "alb" {
    		37 |   name = var.alb_name
    		38 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.alb.aws_security_group_rule.allow_http_inbound
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:40-48
    	Calling File: /code/terraform/09-testing-terraform-code/examples/alb/main.tf:16-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		40 | resource "aws_security_group_rule" "allow_http_inbound" {
    		41 |   type              = "ingress"
    		42 |   security_group_id = aws_security_group.alb.id
    		43 | 
    		44 |   from_port   = local.http_port
    		45 |   to_port     = local.http_port
    		46 |   protocol    = local.tcp_protocol
    		47 |   cidr_blocks = local.all_ips
    		48 | }
    
    Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
    	FAILED for resource: module.alb.aws_security_group_rule.allow_http_inbound
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:40-48
    	Calling File: /code/terraform/09-testing-terraform-code/examples/alb/main.tf:16-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
    
    		40 | resource "aws_security_group_rule" "allow_http_inbound" {
    		41 |   type              = "ingress"
    		42 |   security_group_id = aws_security_group.alb.id
    		43 | 
    		44 |   from_port   = local.http_port
    		45 |   to_port     = local.http_port
    		46 |   protocol    = local.tcp_protocol
    		47 |   cidr_blocks = local.all_ips
    		48 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.alb.aws_security_group_rule.allow_all_outbound
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:50-58
    	Calling File: /code/terraform/09-testing-terraform-code/examples/alb/main.tf:16-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		50 | resource "aws_security_group_rule" "allow_all_outbound" {
    		51 |   type              = "egress"
    		52 |   security_group_id = aws_security_group.alb.id
    		53 | 
    		54 |   from_port   = local.any_port
    		55 |   to_port     = local.any_port
    		56 |   protocol    = local.any_protocol
    		57 |   cidr_blocks = local.all_ips
    		58 | }
    
    Check: CKV_AWS_131: "Ensure that ALB drops HTTP headers"
    	FAILED for resource: module.hello_world_app.module.alb.aws_lb.example
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:12-17
    	Calling File: /code/terraform/09-testing-terraform-code/modules/services/hello-world-app/main.tf:38-43
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-drops-http-headers.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 |   subnets            = var.subnet_ids
    		16 |   security_groups    = [aws_security_group.alb.id]
    		17 | }
    
    Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
    	FAILED for resource: module.hello_world_app.module.alb.aws_lb.example
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:12-17
    	Calling File: /code/terraform/09-testing-terraform-code/modules/services/hello-world-app/main.tf:38-43
    	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 |   subnets            = var.subnet_ids
    		16 |   security_groups    = [aws_security_group.alb.id]
    		17 | }
    
    Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
    	FAILED for resource: module.hello_world_app.module.alb.aws_lb.example
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:12-17
    	Calling File: /code/terraform/09-testing-terraform-code/modules/services/hello-world-app/main.tf:38-43
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-22.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 |   subnets            = var.subnet_ids
    		16 |   security_groups    = [aws_security_group.alb.id]
    		17 | }
    
    Check: CKV_AWS_2: "Ensure ALB protocol is HTTPS"
    	FAILED for resource: module.hello_world_app.module.alb.aws_lb_listener.http
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:19-34
    	Calling File: /code/terraform/09-testing-terraform-code/modules/services/hello-world-app/main.tf:38-43
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-29.html
    
    		19 | resource "aws_lb_listener" "http" {
    		20 |   load_balancer_arn = aws_lb.example.arn
    		21 |   port              = local.http_port
    		22 |   protocol          = "HTTP"
    		23 | 
    		24 |   # By default, return a simple 404 page
    		25 |   default_action {
    		26 |     type = "fixed-response"
    		27 | 
    		28 |     fixed_response {
    		29 |       content_type = "text/plain"
    		30 |       message_body = "404: page not found"
    		31 |       status_code  = 404
    		32 |     }
    		33 |   }
    		34 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.hello_world_app.module.alb.aws_security_group.alb
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:36-38
    	Calling File: /code/terraform/09-testing-terraform-code/modules/services/hello-world-app/main.tf:38-43
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		36 | resource "aws_security_group" "alb" {
    		37 |   name = var.alb_name
    		38 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.hello_world_app.module.alb.aws_security_group_rule.allow_http_inbound
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:40-48
    	Calling File: /code/terraform/09-testing-terraform-code/modules/services/hello-world-app/main.tf:38-43
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		40 | resource "aws_security_group_rule" "allow_http_inbound" {
    		41 |   type              = "ingress"
    		42 |   security_group_id = aws_security_group.alb.id
    		43 | 
    		44 |   from_port   = local.http_port
    		45 |   to_port     = local.http_port
    		46 |   protocol    = local.tcp_protocol
    		47 |   cidr_blocks = local.all_ips
    		48 | }
    
    Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
    	FAILED for resource: module.hello_world_app.module.alb.aws_security_group_rule.allow_http_inbound
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:40-48
    	Calling File: /code/terraform/09-testing-terraform-code/modules/services/hello-world-app/main.tf:38-43
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
    
    		40 | resource "aws_security_group_rule" "allow_http_inbound" {
    		41 |   type              = "ingress"
    		42 |   security_group_id = aws_security_group.alb.id
    		43 | 
    		44 |   from_port   = local.http_port
    		45 |   to_port     = local.http_port
    		46 |   protocol    = local.tcp_protocol
    		47 |   cidr_blocks = local.all_ips
    		48 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.hello_world_app.module.alb.aws_security_group_rule.allow_all_outbound
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:50-58
    	Calling File: /code/terraform/09-testing-terraform-code/modules/services/hello-world-app/main.tf:38-43
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		50 | resource "aws_security_group_rule" "allow_all_outbound" {
    		51 |   type              = "egress"
    		52 |   security_group_id = aws_security_group.alb.id
    		53 | 
    		54 |   from_port   = local.any_port
    		55 |   to_port     = local.any_port
    		56 |   protocol    = local.any_protocol
    		57 |   cidr_blocks = local.all_ips
    		58 | }
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.foo
    	File: /code/terraform/10-terraform-team/live/stage/services/conflict-anna/main.tf:16-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		16 | resource "aws_instance" "foo" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.medium"
    		19 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.foo
    	File: /code/terraform/10-terraform-team/live/stage/services/conflict-anna/main.tf:16-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		16 | resource "aws_instance" "foo" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.medium"
    		19 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.foo
    	File: /code/terraform/10-terraform-team/live/stage/services/conflict-anna/main.tf:16-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		16 | resource "aws_instance" "foo" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.medium"
    		19 | }
    
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.foo
    	File: /code/terraform/10-terraform-team/live/stage/services/conflict-anna/main.tf:16-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		16 | resource "aws_instance" "foo" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.medium"
    		19 | }
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.foo
    	File: /code/terraform/10-terraform-team/live/stage/services/conflict-bill/main.tf:16-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		16 | resource "aws_instance" "foo" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   tags = {
    		21 |     Name = "foo"
    		22 |   }
    		23 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.foo
    	File: /code/terraform/10-terraform-team/live/stage/services/conflict-bill/main.tf:16-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		16 | resource "aws_instance" "foo" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   tags = {
    		21 |     Name = "foo"
    		22 |   }
    		23 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.foo
    	File: /code/terraform/10-terraform-team/live/stage/services/conflict-bill/main.tf:16-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		16 | resource "aws_instance" "foo" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   tags = {
    		21 |     Name = "foo"
    		22 |   }
    		23 | }
    
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.foo
    	File: /code/terraform/10-terraform-team/live/stage/services/conflict-bill/main.tf:16-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		16 | resource "aws_instance" "foo" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   tags = {
    		21 |     Name = "foo"
    		22 |   }
    		23 | }
    
    Check: CKV_AWS_126: "Ensure that detailed monitoring is enabled for EC2 instances"
    	FAILED for resource: aws_instance.foo
    	File: /code/terraform/10-terraform-team/live/stage/services/conflict-original/main.tf:16-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances.html
    
    		16 | resource "aws_instance" "foo" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: aws_instance.foo
    	File: /code/terraform/10-terraform-team/live/stage/services/conflict-original/main.tf:16-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		16 | resource "aws_instance" "foo" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: aws_instance.foo
    	File: /code/terraform/10-terraform-team/live/stage/services/conflict-original/main.tf:16-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		16 | resource "aws_instance" "foo" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | }
    
    Check: CKV_AWS_135: "Ensure that EC2 is EBS optimized"
    	FAILED for resource: aws_instance.foo
    	File: /code/terraform/10-terraform-team/live/stage/services/conflict-original/main.tf:16-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized.html
    
    		16 | resource "aws_instance" "foo" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | }
    
    Check: CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
    	FAILED for resource: module.asg.aws_launch_configuration.example
    	File: /code/terraform/10-terraform-team/modules/cluster/asg-rolling-deploy/main.tf:12-22
    	Calling File: /code/terraform/10-terraform-team/modules/services/hello-world-app/main.tf:18-40
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-13.html
    
    		12 | resource "aws_launch_configuration" "example" {
    		13 |   image_id        = var.ami
    		14 |   instance_type   = var.instance_type
    		15 |   security_groups = [aws_security_group.instance.id]
    		16 |   user_data       = var.user_data
    		17 | 
    		18 |   # Required when using a launch configuration with an auto scaling group.
    		19 |   lifecycle {
    		20 |     create_before_destroy = true
    		21 |   }
    		22 | }
    
    Check: CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
    	FAILED for resource: module.asg.aws_launch_configuration.example
    	File: /code/terraform/10-terraform-team/modules/cluster/asg-rolling-deploy/main.tf:12-22
    	Calling File: /code/terraform/10-terraform-team/modules/services/hello-world-app/main.tf:18-40
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-31.html
    
    		12 | resource "aws_launch_configuration" "example" {
    		13 |   image_id        = var.ami
    		14 |   instance_type   = var.instance_type
    		15 |   security_groups = [aws_security_group.instance.id]
    		16 |   user_data       = var.user_data
    		17 | 
    		18 |   # Required when using a launch configuration with an auto scaling group.
    		19 |   lifecycle {
    		20 |     create_before_destroy = true
    		21 |   }
    		22 | }
    
    Check: CKV_AWS_315: "Ensure EC2 Auto Scaling groups use EC2 launch templates"
    	FAILED for resource: module.asg.aws_autoscaling_group.example
    	File: /code/terraform/10-terraform-team/modules/cluster/asg-rolling-deploy/main.tf:24-63
    	Calling File: /code/terraform/10-terraform-team/modules/services/hello-world-app/main.tf:18-40
    
    		24 | resource "aws_autoscaling_group" "example" {
    		25 |   name                 = var.cluster_name
    		26 |   launch_configuration = aws_launch_configuration.example.name
    		27 |   vpc_zone_identifier  = var.subnet_ids
    		28 | 
    		29 |   # Configure integrations with a load balancer
    		30 |   target_group_arns    = var.target_group_arns
    		31 |   health_check_type    = var.health_check_type
    		32 | 
    		33 |   min_size = var.min_size
    		34 |   max_size = var.max_size
    		35 | 
    		36 |   # Use instance refresh to roll out changes to the ASG
    		37 |   instance_refresh {
    		38 |     strategy = "Rolling"
    		39 |     preferences {
    		40 |       min_healthy_percentage = 50
    		41 |     }
    		42 |   }
    		43 | 
    		44 |   tag {
    		45 |     key                 = "Name"
    		46 |     value               = var.cluster_name
    		47 |     propagate_at_launch = true
    		48 |   }
    		49 | 
    		50 |   dynamic "tag" {
    		51 |     for_each = {
    		52 |       for key, value in var.custom_tags:
    		53 |       key => upper(value)
    		54 |       if key != "Name"
    		55 |     }
    		56 | 
    		57 |     content {
    		58 |       key                 = tag.key
    		59 |       value               = tag.value
    		60 |       propagate_at_launch = true
    		61 |     }
    		62 |   }
    		63 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.asg.aws_security_group.instance
    	File: /code/terraform/10-terraform-team/modules/cluster/asg-rolling-deploy/main.tf:87-89
    	Calling File: /code/terraform/10-terraform-team/modules/services/hello-world-app/main.tf:18-40
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		87 | resource "aws_security_group" "instance" {
    		88 |   name = "${var.cluster_name}-instance"
    		89 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.asg.aws_security_group_rule.allow_server_http_inbound
    	File: /code/terraform/10-terraform-team/modules/cluster/asg-rolling-deploy/main.tf:91-99
    	Calling File: /code/terraform/10-terraform-team/modules/services/hello-world-app/main.tf:18-40
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		91 | resource "aws_security_group_rule" "allow_server_http_inbound" {
    		92 |   type              = "ingress"
    		93 |   security_group_id = aws_security_group.instance.id
    		94 | 
    		95 |   from_port   = var.server_port
    		96 |   to_port     = var.server_port
    		97 |   protocol    = local.tcp_protocol
    		98 |   cidr_blocks = local.all_ips
    		99 | }
    
    Check: CKV_AWS_293: "Ensure that AWS database instances have deletion protection enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/10-terraform-team/modules/data-stores/mysql/main.tf:18-27
    
    		18 | resource "aws_db_instance" "example" {
    		19 |   identifier_prefix   = "terraform-up-and-running"
    		20 |   engine              = "mysql"
    		21 |   allocated_storage   = 10
    		22 |   instance_class      = "db.t2.micro"
    		23 |   db_name             = var.db_name
    		24 |   username            = var.db_username
    		25 |   password            = var.db_password
    		26 |   skip_final_snapshot = true
    		27 | }
    
    Check: CKV_AWS_129: "Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/10-terraform-team/modules/data-stores/mysql/main.tf:18-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled.html
    
    		18 | resource "aws_db_instance" "example" {
    		19 |   identifier_prefix   = "terraform-up-and-running"
    		20 |   engine              = "mysql"
    		21 |   allocated_storage   = 10
    		22 |   instance_class      = "db.t2.micro"
    		23 |   db_name             = var.db_name
    		24 |   username            = var.db_username
    		25 |   password            = var.db_password
    		26 |   skip_final_snapshot = true
    		27 | }
    
    Check: CKV_AWS_161: "Ensure RDS database has IAM authentication enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/10-terraform-team/modules/data-stores/mysql/main.tf:18-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-database-has-iam-authentication-enabled.html
    
    		18 | resource "aws_db_instance" "example" {
    		19 |   identifier_prefix   = "terraform-up-and-running"
    		20 |   engine              = "mysql"
    		21 |   allocated_storage   = 10
    		22 |   instance_class      = "db.t2.micro"
    		23 |   db_name             = var.db_name
    		24 |   username            = var.db_username
    		25 |   password            = var.db_password
    		26 |   skip_final_snapshot = true
    		27 | }
    
    Check: CKV_AWS_226: "Ensure DB instance gets all minor upgrades automatically"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/10-terraform-team/modules/data-stores/mysql/main.tf:18-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically.html
    
    		18 | resource "aws_db_instance" "example" {
    		19 |   identifier_prefix   = "terraform-up-and-running"
    		20 |   engine              = "mysql"
    		21 |   allocated_storage   = 10
    		22 |   instance_class      = "db.t2.micro"
    		23 |   db_name             = var.db_name
    		24 |   username            = var.db_username
    		25 |   password            = var.db_password
    		26 |   skip_final_snapshot = true
    		27 | }
    
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/10-terraform-team/modules/data-stores/mysql/main.tf:18-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		18 | resource "aws_db_instance" "example" {
    		19 |   identifier_prefix   = "terraform-up-and-running"
    		20 |   engine              = "mysql"
    		21 |   allocated_storage   = 10
    		22 |   instance_class      = "db.t2.micro"
    		23 |   db_name             = var.db_name
    		24 |   username            = var.db_username
    		25 |   password            = var.db_password
    		26 |   skip_final_snapshot = true
    		27 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/10-terraform-team/modules/data-stores/mysql/main.tf:18-27
    
    		18 | resource "aws_db_instance" "example" {
    		19 |   identifier_prefix   = "terraform-up-and-running"
    		20 |   engine              = "mysql"
    		21 |   allocated_storage   = 10
    		22 |   instance_class      = "db.t2.micro"
    		23 |   db_name             = var.db_name
    		24 |   username            = var.db_username
    		25 |   password            = var.db_password
    		26 |   skip_final_snapshot = true
    		27 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/10-terraform-team/modules/data-stores/mysql/main.tf:18-27
    
    		18 | resource "aws_db_instance" "example" {
    		19 |   identifier_prefix   = "terraform-up-and-running"
    		20 |   engine              = "mysql"
    		21 |   allocated_storage   = 10
    		22 |   instance_class      = "db.t2.micro"
    		23 |   db_name             = var.db_name
    		24 |   username            = var.db_username
    		25 |   password            = var.db_password
    		26 |   skip_final_snapshot = true
    		27 | }
    
    Check: CKV_AWS_16: "Ensure all data stored in the RDS is securely encrypted at rest"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/10-terraform-team/modules/data-stores/mysql/main.tf:18-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-4.html
    
    		18 | resource "aws_db_instance" "example" {
    		19 |   identifier_prefix   = "terraform-up-and-running"
    		20 |   engine              = "mysql"
    		21 |   allocated_storage   = 10
    		22 |   instance_class      = "db.t2.micro"
    		23 |   db_name             = var.db_name
    		24 |   username            = var.db_username
    		25 |   password            = var.db_password
    		26 |   skip_final_snapshot = true
    		27 | }
    
    Check: CKV_AWS_157: "Ensure that RDS instances have Multi-AZ enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/10-terraform-team/modules/data-stores/mysql/main.tf:18-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/general-73.html
    
    		18 | resource "aws_db_instance" "example" {
    		19 |   identifier_prefix   = "terraform-up-and-running"
    		20 |   engine              = "mysql"
    		21 |   allocated_storage   = 10
    		22 |   instance_class      = "db.t2.micro"
    		23 |   db_name             = var.db_name
    		24 |   username            = var.db_username
    		25 |   password            = var.db_password
    		26 |   skip_final_snapshot = true
    		27 | }
    
    Check: CKV_AWS_131: "Ensure that ALB drops HTTP headers"
    	FAILED for resource: module.alb.aws_lb.example
    	File: /code/terraform/10-terraform-team/modules/networking/alb/main.tf:12-17
    	Calling File: /code/terraform/10-terraform-team/modules/services/hello-world-app/main.tf:42-47
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-drops-http-headers.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 |   subnets            = var.subnet_ids
    		16 |   security_groups    = [aws_security_group.alb.id]
    		17 | }
    
    Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
    	FAILED for resource: module.alb.aws_lb.example
    	File: /code/terraform/10-terraform-team/modules/networking/alb/main.tf:12-17
    	Calling File: /code/terraform/10-terraform-team/modules/services/hello-world-app/main.tf:42-47
    	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 |   subnets            = var.subnet_ids
    		16 |   security_groups    = [aws_security_group.alb.id]
    		17 | }
    
    Check: CKV_AWS_91: "Ensure the ELBv2 (Application/Network) has access logging enabled"
    	FAILED for resource: module.alb.aws_lb.example
    	File: /code/terraform/10-terraform-team/modules/networking/alb/main.tf:12-17
    	Calling File: /code/terraform/10-terraform-team/modules/services/hello-world-app/main.tf:42-47
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-22.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 |   subnets            = var.subnet_ids
    		16 |   security_groups    = [aws_security_group.alb.id]
    		17 | }
    
    Check: CKV_AWS_2: "Ensure ALB protocol is HTTPS"
    	FAILED for resource: module.alb.aws_lb_listener.http
    	File: /code/terraform/10-terraform-team/modules/networking/alb/main.tf:19-34
    	Calling File: /code/terraform/10-terraform-team/modules/services/hello-world-app/main.tf:42-47
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-29.html
    
    		19 | resource "aws_lb_listener" "http" {
    		20 |   load_balancer_arn = aws_lb.example.arn
    		21 |   port              = local.http_port
    		22 |   protocol          = "HTTP"
    		23 | 
    		24 |   # By default, return a simple 404 page
    		25 |   default_action {
    		26 |     type = "fixed-response"
    		27 | 
    		28 |     fixed_response {
    		29 |       content_type = "text/plain"
    		30 |       message_body = "404: page not found"
    		31 |       status_code  = 404
    		32 |     }
    		33 |   }
    		34 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.alb.aws_security_group.alb
    	File: /code/terraform/10-terraform-team/modules/networking/alb/main.tf:36-38
    	Calling File: /code/terraform/10-terraform-team/modules/services/hello-world-app/main.tf:42-47
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		36 | resource "aws_security_group" "alb" {
    		37 |   name = var.alb_name
    		38 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.alb.aws_security_group_rule.allow_http_inbound
    	File: /code/terraform/10-terraform-team/modules/networking/alb/main.tf:40-48
    	Calling File: /code/terraform/10-terraform-team/modules/services/hello-world-app/main.tf:42-47
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		40 | resource "aws_security_group_rule" "allow_http_inbound" {
    		41 |   type              = "ingress"
    		42 |   security_group_id = aws_security_group.alb.id
    		43 | 
    		44 |   from_port   = local.http_port
    		45 |   to_port     = local.http_port
    		46 |   protocol    = local.tcp_protocol
    		47 |   cidr_blocks = local.all_ips
    		48 | }
    
    Check: CKV_AWS_260: "Ensure no security groups allow ingress from 0.0.0.0:0 to port 80"
    	FAILED for resource: module.alb.aws_security_group_rule.allow_http_inbound
    	File: /code/terraform/10-terraform-team/modules/networking/alb/main.tf:40-48
    	Calling File: /code/terraform/10-terraform-team/modules/services/hello-world-app/main.tf:42-47
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80.html
    
    		40 | resource "aws_security_group_rule" "allow_http_inbound" {
    		41 |   type              = "ingress"
    		42 |   security_group_id = aws_security_group.alb.id
    		43 | 
    		44 |   from_port   = local.http_port
    		45 |   to_port     = local.http_port
    		46 |   protocol    = local.tcp_protocol
    		47 |   cidr_blocks = local.all_ips
    		48 | }
    
    Check: CKV_AWS_23: "Ensure every security groups rule has a description"
    	FAILED for resource: module.alb.aws_security_group_rule.allow_all_outbound
    	File: /code/terraform/10-terraform-team/modules/networking/alb/main.tf:50-58
    	Calling File: /code/terraform/10-terraform-team/modules/services/hello-world-app/main.tf:42-47
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/networking-31.html
    
    		50 | resource "aws_security_group_rule" "allow_all_outbound" {
    		51 |   type              = "egress"
    		52 |   security_group_id = aws_security_group.alb.id
    		53 | 
    		54 |   from_port   = local.any_port
    		55 |   to_port     = local.any_port
    		56 |   protocol    = local.any_protocol
    		57 |   cidr_blocks = local.all_ips
    		58 | }
    
    Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
    	FAILED for resource: module.users[1].aws_iam_user.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/landing-zone/iam-user/main.tf:12-14
    	Calling File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-module-count/main.tf:16-21
    
    		12 | resource "aws_iam_user" "example" {
    		13 |   name = var.user_name
    		14 | }
    
    Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
    	FAILED for resource: module.users[2].aws_iam_user.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/landing-zone/iam-user/main.tf:12-14
    	Calling File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-module-count/main.tf:16-21
    
    		12 | resource "aws_iam_user" "example" {
    		13 |   name = var.user_name
    		14 | }
    
    Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
    	FAILED for resource: module.users["trinity"].aws_iam_user.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/landing-zone/iam-user/main.tf:12-14
    	Calling File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-module-for-each/main.tf:16-21
    
    		12 | resource "aws_iam_user" "example" {
    		13 |   name = var.user_name
    		14 | }
    
    Check: CKV_AWS_273: "Ensure access is controlled through SSO and not AWS IAM defined users"
    	FAILED for resource: module.users["neo"].aws_iam_user.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/landing-zone/iam-user/main.tf:12-14
    	Calling File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/global/three-iam-users-module-for-each/main.tf:16-21
    
    		12 | resource "aws_iam_user" "example" {
    		13 |   name = var.user_name
    		14 | }
    
    Check: CKV_AWS_144: "Ensure that S3 bucket has cross-region replication enabled"
    	FAILED for resource: aws_s3_bucket.terraform_state
    	File: /code/terraform/03-terraform-state/file-layout-example/global/s3/main.tf:16-24
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-s3-bucket-has-cross-region-replication-enabled.html
    
    		16 | resource "aws_s3_bucket" "terraform_state" {
    		17 | 
    		18 |   bucket = var.bucket_name
    		19 | 
    		20 |   // This is only here so we can destroy the bucket as part of automated tests. You should not copy this for production
    		21 |   // usage
    		22 |   force_destroy = true
    		23 | 
    		24 | }
    
    Check: CKV2_AWS_62: "Ensure S3 buckets should have event notifications enabled"
    	FAILED for resource: aws_s3_bucket.terraform_state
    	File: /code/terraform/03-terraform-state/file-layout-example/global/s3/main.tf:16-24
    
    		16 | resource "aws_s3_bucket" "terraform_state" {
    		17 | 
    		18 |   bucket = var.bucket_name
    		19 | 
    		20 |   // This is only here so we can destroy the bucket as part of automated tests. You should not copy this for production
    		21 |   // usage
    		22 |   force_destroy = true
    		23 | 
    		24 | }
    
    Check: CKV2_AWS_60: "Ensure RDS instance with copy tags to snapshots is enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/data-stores/mysql/main.tf:29-40
    
    		29 | resource "aws_db_instance" "example" {
    		30 |   identifier_prefix   = "terraform-up-and-running"
    		31 |   engine              = "mysql"
    		32 |   allocated_storage   = 10
    		33 |   instance_class      = "db.t2.micro"
    		34 |   skip_final_snapshot = true
    		35 | 
    		36 |   db_name             = var.db_name
    		37 | 
    		38 |   username = var.db_username
    		39 |   password = var.db_password
    		40 | }
    
    Check: CKV2_AWS_60: "Ensure RDS instance with copy tags to snapshots is enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/prod/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV2_AWS_60: "Ensure RDS instance with copy tags to snapshots is enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/module-example/stage/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV2_AWS_60: "Ensure RDS instance with copy tags to snapshots is enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/prod/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV2_AWS_60: "Ensure RDS instance with copy tags to snapshots is enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/04-terraform-module/multi-repo-example/live/stage/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV2_AWS_60: "Ensure RDS instance with copy tags to snapshots is enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/prod/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV2_AWS_60: "Ensure RDS instance with copy tags to snapshots is enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV2_AWS_60: "Ensure RDS instance with copy tags to snapshots is enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/prod/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV2_AWS_60: "Ensure RDS instance with copy tags to snapshots is enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/stage/data-stores/mysql/main.tf:27-36
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   db_name             = var.db_name
    		33 |   username            = var.db_username
    		34 |   password            = var.db_password
    		35 |   skip_final_snapshot = true
    		36 | }
    
    Check: CKV2_AWS_60: "Ensure RDS instance with copy tags to snapshots is enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-aws-secrets-mgr/main.tf:26-37
    
    		26 | resource "aws_db_instance" "example" {
    		27 |   identifier_prefix   = "terraform-up-and-running"
    		28 |   engine              = "mysql"
    		29 |   allocated_storage   = 10
    		30 |   instance_class      = "db.t2.micro"
    		31 |   skip_final_snapshot = true
    		32 |   db_name             = var.db_name
    		33 | 
    		34 |   # Pass the secrets to the resource
    		35 |   username = local.db_creds.username
    		36 |   password = local.db_creds.password
    		37 | }
    
    Check: CKV2_AWS_60: "Ensure RDS instance with copy tags to snapshots is enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-kms/main.tf:27-38
    
    		27 | resource "aws_db_instance" "example" {
    		28 |   identifier_prefix   = "terraform-up-and-running"
    		29 |   engine              = "mysql"
    		30 |   allocated_storage   = 10
    		31 |   instance_class      = "db.t2.micro"
    		32 |   skip_final_snapshot = true
    		33 |   db_name             = var.db_name
    		34 | 
    		35 |   # Pass the secrets to the resource
    		36 |   username = local.db_creds.username
    		37 |   password = local.db_creds.password
    		38 | }
    
    Check: CKV2_AWS_60: "Ensure RDS instance with copy tags to snapshots is enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/06-managing-secrets-with-terraform/mysql-vars/main.tf:17-28
    
    		17 | resource "aws_db_instance" "example" {
    		18 |   identifier_prefix   = "terraform-up-and-running"
    		19 |   engine              = "mysql"
    		20 |   allocated_storage   = 10
    		21 |   instance_class      = "db.t2.micro"
    		22 |   skip_final_snapshot = true
    		23 |   db_name             = var.db_name
    		24 | 
    		25 |   # Pass the secrets to the resource
    		26 |   username = var.db_username
    		27 |   password = var.db_password
    		28 | }
    
    Check: CKV2_AWS_60: "Ensure RDS instance with copy tags to snapshots is enabled"
    	FAILED for resource: module.mysql_primary.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV2_AWS_60: "Ensure RDS instance with copy tags to snapshots is enabled"
    	FAILED for resource: module.mysql_replica.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV2_AWS_60: "Ensure RDS instance with copy tags to snapshots is enabled"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/07-working-with-multiple-providers/modules/data-stores/mysql/main.tf:12-29
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   allocated_storage   = 10
    		15 |   instance_class      = "db.t2.micro"
    		16 |   skip_final_snapshot = true
    		17 | 
    		18 |   # Enable backups
    		19 |   backup_retention_period = var.backup_retention_period
    		20 | 
    		21 |   # If specified, this DB will be a replica
    		22 |   replicate_source_db = var.replicate_source_db
    		23 | 
    		24 |   # Only set these params if replicate_source_db is not set
    		25 |   engine   = var.replicate_source_db == null ? "mysql" : null
    		26 |   db_name  = var.replicate_source_db == null ? var.db_name : null
    		27 |   username = var.replicate_source_db == null ? var.db_username : null
    		28 |   password = var.replicate_source_db == null ? var.db_password : null
    		29 | }
    
    Check: CKV2_AWS_60: "Ensure RDS instance with copy tags to snapshots is enabled"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/data-stores/mysql/main.tf:12-21
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV2_AWS_60: "Ensure RDS instance with copy tags to snapshots is enabled"
    	FAILED for resource: module.mysql.aws_db_instance.example
    	File: /code/terraform/09-testing-terraform-code/modules/data-stores/mysql/main.tf:12-21
    
    		12 | resource "aws_db_instance" "example" {
    		13 |   identifier_prefix   = "terraform-up-and-running"
    		14 |   engine              = "mysql"
    		15 |   allocated_storage   = 10
    		16 |   instance_class      = "db.t2.micro"
    		17 |   db_name             = var.db_name
    		18 |   username            = var.db_username
    		19 |   password            = var.db_password
    		20 |   skip_final_snapshot = true
    		21 | }
    
    Check: CKV2_AWS_60: "Ensure RDS instance with copy tags to snapshots is enabled"
    	FAILED for resource: aws_db_instance.example
    	File: /code/terraform/10-terraform-team/modules/data-stores/mysql/main.tf:18-27
    
    		18 | resource "aws_db_instance" "example" {
    		19 |   identifier_prefix   = "terraform-up-and-running"
    		20 |   engine              = "mysql"
    		21 |   allocated_storage   = 10
    		22 |   instance_class      = "db.t2.micro"
    		23 |   db_name             = var.db_name
    		24 |   username            = var.db_username
    		25 |   password            = var.db_password
    		26 |   skip_final_snapshot = true
    		27 | }
    
    Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
    	FAILED for resource: aws_lb.example
    	File: /code/terraform/02-intro-to-terraform-syntax/webserver-cluster/main.tf:72-79
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf.html
    
    		72 | resource "aws_lb" "example" {
    		73 | 
    		74 |   name               = var.alb_name
    		75 | 
    		76 |   load_balancer_type = "application"
    		77 |   subnets            = data.aws_subnets.default.ids
    		78 |   security_groups    = [aws_security_group.alb.id]
    		79 | }
    
    Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
    	FAILED for resource: aws_lb.example
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/services/webserver-cluster/main.tf:62-67
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf.html
    
    		62 | resource "aws_lb" "example" {
    		63 |   name               = var.alb_name
    		64 |   load_balancer_type = "application"
    		65 |   subnets            = data.aws_subnets.default.ids
    		66 |   security_groups    = [aws_security_group.alb.id]
    		67 | }
    
    Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster/main.tf:59-64
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf.html
    
    		59 | resource "aws_lb" "example" {
    		60 |   name               = var.cluster_name
    		61 |   load_balancer_type = "application"
    		62 |   subnets            = data.aws_subnets.default.ids
    		63 |   security_groups    = [aws_security_group.alb.id]
    		64 | }
    
    Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/services/webserver-cluster/main.tf:106-111
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf.html
    
    		106 | resource "aws_lb" "example" {
    		107 |   name               = var.cluster_name
    		108 |   load_balancer_type = "application"
    		109 |   subnets            = data.aws_subnets.default.ids
    		110 |   security_groups    = [aws_security_group.alb.id]
    		111 | }
    
    Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster-instance-refresh/main.tf:115-120
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf.html
    
    		115 | resource "aws_lb" "example" {
    		116 |   name               = var.cluster_name
    		117 |   load_balancer_type = "application"
    		118 |   subnets            = data.aws_subnets.default.ids
    		119 |   security_groups    = [aws_security_group.alb.id]
    		120 | }
    
    Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster/main.tf:121-126
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf.html
    
    		121 | resource "aws_lb" "example" {
    		122 |   name               = var.cluster_name
    		123 |   load_balancer_type = "application"
    		124 |   subnets            = data.aws_subnets.default.ids
    		125 |   security_groups    = [aws_security_group.alb.id]
    		126 | }
    
    Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
    	FAILED for resource: module.alb.aws_lb.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:12-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 | 
    		16 |   subnets            = var.subnet_ids
    		17 | 
    		18 |   security_groups    = [aws_security_group.alb.id]
    		19 | }
    
    Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
    	FAILED for resource: module.hello_world_app.module.alb.aws_lb.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:12-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 | 
    		16 |   subnets            = var.subnet_ids
    		17 | 
    		18 |   security_groups    = [aws_security_group.alb.id]
    		19 | }
    
    Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
    	FAILED for resource: module.alb.aws_lb.example
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:12-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 |   subnets            = var.subnet_ids
    		16 |   security_groups    = [aws_security_group.alb.id]
    		17 | }
    
    Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
    	FAILED for resource: module.hello_world_app.module.alb.aws_lb.example
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:12-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 |   subnets            = var.subnet_ids
    		16 |   security_groups    = [aws_security_group.alb.id]
    		17 | }
    
    Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
    	FAILED for resource: module.alb.aws_lb.example
    	File: /code/terraform/10-terraform-team/modules/networking/alb/main.tf:12-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 |   subnets            = var.subnet_ids
    		16 |   security_groups    = [aws_security_group.alb.id]
    		17 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: aws_lb_listener.http
    	File: /code/terraform/02-intro-to-terraform-syntax/webserver-cluster/main.tf:81-96
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		81 | resource "aws_lb_listener" "http" {
    		82 |   load_balancer_arn = aws_lb.example.arn
    		83 |   port              = 80
    		84 |   protocol          = "HTTP"
    		85 | 
    		86 |   # By default, return a simple 404 page
    		87 |   default_action {
    		88 |     type = "fixed-response"
    		89 | 
    		90 |     fixed_response {
    		91 |       content_type = "text/plain"
    		92 |       message_body = "404: page not found"
    		93 |       status_code  = 404
    		94 |     }
    		95 |   }
    		96 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: aws_lb_listener.http
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/services/webserver-cluster/main.tf:69-84
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		69 | resource "aws_lb_listener" "http" {
    		70 |   load_balancer_arn = aws_lb.example.arn
    		71 |   port              = 80
    		72 |   protocol          = "HTTP"
    		73 | 
    		74 |   # By default, return a simple 404 page
    		75 |   default_action {
    		76 |     type = "fixed-response"
    		77 | 
    		78 |     fixed_response {
    		79 |       content_type = "text/plain"
    		80 |       message_body = "404: page not found"
    		81 |       status_code  = 404
    		82 |     }
    		83 |   }
    		84 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.webserver_cluster.aws_lb_listener.http
    	File: /code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster/main.tf:66-83
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		66 | resource "aws_lb_listener" "http" {
    		67 |   load_balancer_arn = aws_lb.example.arn
    		68 | 
    		69 |   port              = local.http_port
    		70 | 
    		71 |   protocol          = "HTTP"
    		72 | 
    		73 |   # By default, return a simple 404 page
    		74 |   default_action {
    		75 |     type = "fixed-response"
    		76 | 
    		77 |     fixed_response {
    		78 |       content_type = "text/plain"
    		79 |       message_body = "404: page not found"
    		80 |       status_code  = 404
    		81 |     }
    		82 |   }
    		83 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.webserver_cluster.aws_lb_listener.http
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/services/webserver-cluster/main.tf:113-128
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		113 | resource "aws_lb_listener" "http" {
    		114 |   load_balancer_arn = aws_lb.example.arn
    		115 |   port              = local.http_port
    		116 |   protocol          = "HTTP"
    		117 | 
    		118 |   # By default, return a simple 404 page
    		119 |   default_action {
    		120 |     type = "fixed-response"
    		121 | 
    		122 |     fixed_response {
    		123 |       content_type = "text/plain"
    		124 |       message_body = "404: page not found"
    		125 |       status_code  = 404
    		126 |     }
    		127 |   }
    		128 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.webserver_cluster.aws_lb_listener.http
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster-instance-refresh/main.tf:122-137
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		122 | resource "aws_lb_listener" "http" {
    		123 |   load_balancer_arn = aws_lb.example.arn
    		124 |   port              = local.http_port
    		125 |   protocol          = "HTTP"
    		126 | 
    		127 |   # By default, return a simple 404 page
    		128 |   default_action {
    		129 |     type = "fixed-response"
    		130 | 
    		131 |     fixed_response {
    		132 |       content_type = "text/plain"
    		133 |       message_body = "404: page not found"
    		134 |       status_code  = 404
    		135 |     }
    		136 |   }
    		137 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.webserver_cluster.aws_lb_listener.http
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster/main.tf:128-143
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		128 | resource "aws_lb_listener" "http" {
    		129 |   load_balancer_arn = aws_lb.example.arn
    		130 |   port              = local.http_port
    		131 |   protocol          = "HTTP"
    		132 | 
    		133 |   # By default, return a simple 404 page
    		134 |   default_action {
    		135 |     type = "fixed-response"
    		136 | 
    		137 |     fixed_response {
    		138 |       content_type = "text/plain"
    		139 |       message_body = "404: page not found"
    		140 |       status_code  = 404
    		141 |     }
    		142 |   }
    		143 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.alb.aws_lb_listener.http
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:21-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		21 | resource "aws_lb_listener" "http" {
    		22 |   load_balancer_arn = aws_lb.example.arn
    		23 |   port              = local.http_port
    		24 |   protocol          = "HTTP"
    		25 | 
    		26 |   # By default, return a simple 404 page
    		27 |   default_action {
    		28 |     type = "fixed-response"
    		29 | 
    		30 |     fixed_response {
    		31 |       content_type = "text/plain"
    		32 |       message_body = "404: page not found"
    		33 |       status_code  = 404
    		34 |     }
    		35 |   }
    		36 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.hello_world_app.module.alb.aws_lb_listener.http
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:21-36
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		21 | resource "aws_lb_listener" "http" {
    		22 |   load_balancer_arn = aws_lb.example.arn
    		23 |   port              = local.http_port
    		24 |   protocol          = "HTTP"
    		25 | 
    		26 |   # By default, return a simple 404 page
    		27 |   default_action {
    		28 |     type = "fixed-response"
    		29 | 
    		30 |     fixed_response {
    		31 |       content_type = "text/plain"
    		32 |       message_body = "404: page not found"
    		33 |       status_code  = 404
    		34 |     }
    		35 |   }
    		36 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.alb.aws_lb_listener.http
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:19-34
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		19 | resource "aws_lb_listener" "http" {
    		20 |   load_balancer_arn = aws_lb.example.arn
    		21 |   port              = local.http_port
    		22 |   protocol          = "HTTP"
    		23 | 
    		24 |   # By default, return a simple 404 page
    		25 |   default_action {
    		26 |     type = "fixed-response"
    		27 | 
    		28 |     fixed_response {
    		29 |       content_type = "text/plain"
    		30 |       message_body = "404: page not found"
    		31 |       status_code  = 404
    		32 |     }
    		33 |   }
    		34 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.hello_world_app.module.alb.aws_lb_listener.http
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:19-34
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		19 | resource "aws_lb_listener" "http" {
    		20 |   load_balancer_arn = aws_lb.example.arn
    		21 |   port              = local.http_port
    		22 |   protocol          = "HTTP"
    		23 | 
    		24 |   # By default, return a simple 404 page
    		25 |   default_action {
    		26 |     type = "fixed-response"
    		27 | 
    		28 |     fixed_response {
    		29 |       content_type = "text/plain"
    		30 |       message_body = "404: page not found"
    		31 |       status_code  = 404
    		32 |     }
    		33 |   }
    		34 | }
    
    Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
    	FAILED for resource: module.alb.aws_lb_listener.http
    	File: /code/terraform/10-terraform-team/modules/networking/alb/main.tf:19-34
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-43.html
    
    		19 | resource "aws_lb_listener" "http" {
    		20 |   load_balancer_arn = aws_lb.example.arn
    		21 |   port              = local.http_port
    		22 |   protocol          = "HTTP"
    		23 | 
    		24 |   # By default, return a simple 404 page
    		25 |   default_action {
    		26 |     type = "fixed-response"
    		27 | 
    		28 |     fixed_response {
    		29 |       content_type = "text/plain"
    		30 |       message_body = "404: page not found"
    		31 |       status_code  = 404
    		32 |     }
    		33 |   }
    		34 | }
    
    Check: CKV2_AWS_20: "Ensure that ALB redirects HTTP requests into HTTPS ones"
    	FAILED for resource: aws_lb.example
    	File: /code/terraform/02-intro-to-terraform-syntax/webserver-cluster/main.tf:72-79
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-redirects-http-requests-into-https-ones.html
    
    		72 | resource "aws_lb" "example" {
    		73 | 
    		74 |   name               = var.alb_name
    		75 | 
    		76 |   load_balancer_type = "application"
    		77 |   subnets            = data.aws_subnets.default.ids
    		78 |   security_groups    = [aws_security_group.alb.id]
    		79 | }
    
    Check: CKV2_AWS_20: "Ensure that ALB redirects HTTP requests into HTTPS ones"
    	FAILED for resource: aws_lb.example
    	File: /code/terraform/03-terraform-state/file-layout-example/stage/services/webserver-cluster/main.tf:62-67
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-redirects-http-requests-into-https-ones.html
    
    		62 | resource "aws_lb" "example" {
    		63 |   name               = var.alb_name
    		64 |   load_balancer_type = "application"
    		65 |   subnets            = data.aws_subnets.default.ids
    		66 |   security_groups    = [aws_security_group.alb.id]
    		67 | }
    
    Check: CKV2_AWS_20: "Ensure that ALB redirects HTTP requests into HTTPS ones"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/04-terraform-module/module-example/modules/services/webserver-cluster/main.tf:59-64
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-redirects-http-requests-into-https-ones.html
    
    		59 | resource "aws_lb" "example" {
    		60 |   name               = var.cluster_name
    		61 |   load_balancer_type = "application"
    		62 |   subnets            = data.aws_subnets.default.ids
    		63 |   security_groups    = [aws_security_group.alb.id]
    		64 | }
    
    Check: CKV2_AWS_20: "Ensure that ALB redirects HTTP requests into HTTPS ones"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/modules/services/webserver-cluster/main.tf:106-111
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-redirects-http-requests-into-https-ones.html
    
    		106 | resource "aws_lb" "example" {
    		107 |   name               = var.cluster_name
    		108 |   load_balancer_type = "application"
    		109 |   subnets            = data.aws_subnets.default.ids
    		110 |   security_groups    = [aws_security_group.alb.id]
    		111 | }
    
    Check: CKV2_AWS_20: "Ensure that ALB redirects HTTP requests into HTTPS ones"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster-instance-refresh/main.tf:115-120
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-redirects-http-requests-into-https-ones.html
    
    		115 | resource "aws_lb" "example" {
    		116 |   name               = var.cluster_name
    		117 |   load_balancer_type = "application"
    		118 |   subnets            = data.aws_subnets.default.ids
    		119 |   security_groups    = [aws_security_group.alb.id]
    		120 | }
    
    Check: CKV2_AWS_20: "Ensure that ALB redirects HTTP requests into HTTPS ones"
    	FAILED for resource: module.webserver_cluster.aws_lb.example
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/modules/services/webserver-cluster/main.tf:121-126
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-redirects-http-requests-into-https-ones.html
    
    		121 | resource "aws_lb" "example" {
    		122 |   name               = var.cluster_name
    		123 |   load_balancer_type = "application"
    		124 |   subnets            = data.aws_subnets.default.ids
    		125 |   security_groups    = [aws_security_group.alb.id]
    		126 | }
    
    Check: CKV2_AWS_20: "Ensure that ALB redirects HTTP requests into HTTPS ones"
    	FAILED for resource: module.alb.aws_lb.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:12-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-redirects-http-requests-into-https-ones.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 | 
    		16 |   subnets            = var.subnet_ids
    		17 | 
    		18 |   security_groups    = [aws_security_group.alb.id]
    		19 | }
    
    Check: CKV2_AWS_20: "Ensure that ALB redirects HTTP requests into HTTPS ones"
    	FAILED for resource: module.hello_world_app.module.alb.aws_lb.example
    	File: /code/terraform/08-production-grade-infrastructure/small-modules/modules/networking/alb/main.tf:12-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-redirects-http-requests-into-https-ones.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 | 
    		16 |   subnets            = var.subnet_ids
    		17 | 
    		18 |   security_groups    = [aws_security_group.alb.id]
    		19 | }
    
    Check: CKV2_AWS_20: "Ensure that ALB redirects HTTP requests into HTTPS ones"
    	FAILED for resource: module.alb.aws_lb.example
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:12-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-redirects-http-requests-into-https-ones.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 |   subnets            = var.subnet_ids
    		16 |   security_groups    = [aws_security_group.alb.id]
    		17 | }
    
    Check: CKV2_AWS_20: "Ensure that ALB redirects HTTP requests into HTTPS ones"
    	FAILED for resource: module.hello_world_app.module.alb.aws_lb.example
    	File: /code/terraform/09-testing-terraform-code/modules/networking/alb/main.tf:12-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-redirects-http-requests-into-https-ones.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 |   subnets            = var.subnet_ids
    		16 |   security_groups    = [aws_security_group.alb.id]
    		17 | }
    
    Check: CKV2_AWS_20: "Ensure that ALB redirects HTTP requests into HTTPS ones"
    	FAILED for resource: module.alb.aws_lb.example
    	File: /code/terraform/10-terraform-team/modules/networking/alb/main.tf:12-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-redirects-http-requests-into-https-ones.html
    
    		12 | resource "aws_lb" "example" {
    		13 |   name               = var.alb_name
    		14 |   load_balancer_type = "application"
    		15 |   subnets            = var.subnet_ids
    		16 |   security_groups    = [aws_security_group.alb.id]
    		17 | }
    
    Check: CKV2_AWS_5: "Ensure that Security Groups are attached to another resource"
    	FAILED for resource: aws_security_group.cluster_instance
    	File: /code/terraform/05-tips-and-tricks/zero-downtime-deployment/live/global/moved-example/main.tf:21-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis.html
    
    		21 | resource "aws_security_group" "cluster_instance" {
    		22 |   name = var.security_group_name
    		23 | }
    
    Check: CKV2_AWS_61: "Ensure that an S3 bucket has a lifecycle configuration"
    	FAILED for resource: aws_s3_bucket.terraform_state
    	File: /code/terraform/03-terraform-state/file-layout-example/global/s3/main.tf:16-24
    
    		16 | resource "aws_s3_bucket" "terraform_state" {
    		17 | 
    		18 |   bucket = var.bucket_name
    		19 | 
    		20 |   // This is only here so we can destroy the bucket as part of automated tests. You should not copy this for production
    		21 |   // usage
    		22 |   force_destroy = true
    		23 | 
    		24 | }
    
    Check: CKV_AWS_18: "Ensure the S3 bucket has access logging enabled"
    	FAILED for resource: aws_s3_bucket.terraform_state
    	File: /code/terraform/03-terraform-state/file-layout-example/global/s3/main.tf:16-24
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/s3-policies/s3-13-enable-logging.html
    
    		16 | resource "aws_s3_bucket" "terraform_state" {
    		17 | 
    		18 |   bucket = var.bucket_name
    		19 | 
    		20 |   // This is only here so we can destroy the bucket as part of automated tests. You should not copy this for production
    		21 |   // usage
    		22 |   force_destroy = true
    		23 | 
    		24 | }
    
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/00-preface/hello-world/main.tf:16-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type = "t2.micro"
    		19 | }
    
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.app
    	File: /code/terraform/01-why-terraform/web-server/main.tf:16-25
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		16 | resource "aws_instance" "app" {
    		17 |   instance_type     = "t2.micro"
    		18 |   availability_zone = "us-east-2a"
    		19 |   ami               = "ami-0fb653ca2d3203ac1"
    		20 | 
    		21 |   user_data = <<-EOF
    		22 |               #!/bin/bash
    		23 |               sudo service apache2 start
    		24 |               EOF
    		25 | }
    
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/02-intro-to-terraform-syntax/one-server/main.tf:16-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   tags = {
    		21 |     Name = "terraform-example"
    		22 |   }
    		23 | }
    
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/02-intro-to-terraform-syntax/one-webserver-with-vars/main.tf:16-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami                    = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type          = "t2.micro"
    		19 |   vpc_security_group_ids = [aws_security_group.instance.id]
    		20 | 
    		21 |   user_data = <<-EOF
    		22 |               #!/bin/bash
    		23 |               echo "Hello, World" > index.html
    		24 |               nohup busybox httpd -f -p ${var.server_port} &
    		25 |               EOF
    		26 | 
    		27 |   user_data_replace_on_change = true
    		28 | 
    		29 |   tags = {
    		30 |     Name = "terraform-example"
    		31 |   }
    		32 | }
    
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/02-intro-to-terraform-syntax/one-webserver/main.tf:16-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami                    = "ami-0fb653ca2d3203ac1"
    		18 |   instance_type          = "t2.micro"
    		19 |   vpc_security_group_ids = [aws_security_group.instance.id]
    		20 | 
    		21 |   user_data = <<-EOF
    		22 |               #!/bin/bash
    		23 |               echo "Hello, World" > index.html
    		24 |               nohup busybox httpd -f -p 8080 &
    		25 |               EOF
    		26 | 
    		27 |   user_data_replace_on_change = true
    		28 | 
    		29 |   tags = {
    		30 |     Name = "terraform-example"
    		31 |   }
    		32 | }
    
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/03-terraform-state/workspaces-example/one-instance/main.tf:29-34
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		29 | resource "aws_instance" "example" {
    		30 |   ami           = "ami-0fb653ca2d3203ac1"
    		31 | 
    		32 |   instance_type = terraform.workspace == "default" ? "t2.medium" : "t2.micro"
    		33 | 
    		34 | }
    
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.example_1[0]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:16-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		16 | resource "aws_instance" "example_1" {
    		17 |   count         = 3
    		18 |   ami           = "ami-0fb653ca2d3203ac1"
    		19 |   instance_type = "t2.micro"
    		20 | }
    
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.example_2
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:22-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		22 | resource "aws_instance" "example_2" {
    		23 |   count             = length(data.aws_availability_zones.all.names)
    		24 |   availability_zone = data.aws_availability_zones.all.names[count.index]
    		25 |   ami               = "ami-0fb653ca2d3203ac1"
    		26 |   instance_type     = "t2.micro"
    		27 | }
    
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.region_1
    	File: /code/terraform/07-working-with-multiple-providers/examples/multi-region/main.tf:30-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		30 | resource "aws_instance" "region_1" {
    		31 |   provider = aws.region_1
    		32 | 
    		33 |   ami           = data.aws_ami.ubuntu_region_1.id
    		34 |   instance_type = "t2.micro"
    		35 | }
    
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.region_2
    	File: /code/terraform/07-working-with-multiple-providers/examples/multi-region/main.tf:37-42
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		37 | resource "aws_instance" "region_2" {
    		38 |   provider = aws.region_2
    		39 | 
    		40 |   ami           = data.aws_ami.ubuntu_region_2.id
    		41 |   instance_type = "t2.micro"
    		42 | }
    
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/more-than-terraform/local-exec-provisioner/main.tf:16-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   provisioner "local-exec" {
    		21 |     command = "echo \"Hello, World from $(uname -smp)\""
    		22 |   }
    		23 | }
    
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/08-production-grade-infrastructure/more-than-terraform/remote-exec-provisioner/main.tf:41-58
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		41 | resource "aws_instance" "example" {
    		42 |   ami                    = data.aws_ami.ubuntu.id
    		43 |   instance_type          = "t2.micro"
    		44 |   vpc_security_group_ids = [aws_security_group.instance.id]
    		45 |   key_name               = aws_key_pair.generated_key.key_name
    		46 | 
    		47 |   provisioner "remote-exec" {
    		48 |     inline = ["echo \"Hello, World from $(uname -smp)\""]
    		49 |   }
    		50 | 
    		51 |   connection {
    		52 |     type        = "ssh"
    		53 |     host        = self.public_ip
    		54 |     user        = "ubuntu"
    		55 |     private_key = tls_private_key.example.private_key_pem
    		56 |   }
    		57 | 
    		58 | }
    
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.example
    	File: /code/terraform/09-testing-terraform-code/examples/opa/main.tf:16-21
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		16 | resource "aws_instance" "example" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   tags = var.tags
    		21 | }
    
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.foo
    	File: /code/terraform/10-terraform-team/live/stage/services/conflict-anna/main.tf:16-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		16 | resource "aws_instance" "foo" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.medium"
    		19 | }
    
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.foo
    	File: /code/terraform/10-terraform-team/live/stage/services/conflict-bill/main.tf:16-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		16 | resource "aws_instance" "foo" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | 
    		20 |   tags = {
    		21 |     Name = "foo"
    		22 |   }
    		23 | }
    
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.foo
    	File: /code/terraform/10-terraform-team/live/stage/services/conflict-original/main.tf:16-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		16 | resource "aws_instance" "foo" {
    		17 |   ami           = data.aws_ami.ubuntu.id
    		18 |   instance_type = "t2.micro"
    		19 | }
    
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.example_1[1]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:16-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		16 | resource "aws_instance" "example_1" {
    		17 |   count         = 3
    		18 |   ami           = "ami-0fb653ca2d3203ac1"
    		19 |   instance_type = "t2.micro"
    		20 | }
    
    Check: CKV2_AWS_41: "Ensure an IAM role is attached to EC2 instance"
    	FAILED for resource: aws_instance.example_1[2]
    	File: /code/terraform/05-tips-and-tricks/loops-and-if-statements/live/stage/services/multiple-ec2-instances/main.tf:16-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance.html
    
    		16 | resource "aws_instance" "example_1" {
    		17 |   count         = 3
    		18 |   ami           = "ami-0fb653ca2d3203ac1"
    		19 |   instance_type = "t2.micro"
    		20 | }
    
    Check: CKV_AWS_145: "Ensure that S3 buckets are encrypted with KMS by default"
    	FAILED for resource: aws_s3_bucket.terraform_state
    	File: /code/terraform/03-terraform-state/file-layout-example/global/s3/main.tf:16-24
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-s3-buckets-are-encrypted-with-kms-by-default.html
    
    		16 | resource "aws_s3_bucket" "terraform_state" {
    		17 | 
    		18 |   bucket = var.bucket_name
    		19 | 
    		20 |   // This is only here so we can destroy the bucket as part of automated tests. You should not copy this for production
    		21 |   // usage
    		22 |   force_destroy = true
    		23 | 
    		24 | }
    
    ansible scan results:
    
    Passed checks: 6, Failed checks: 0, Skipped checks: 0
    
    
    
                    
                  

    Linting

    This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to: