Experience Builder


Terraform

< Back

Repository
cloudposse / terraform-aws-rds-cluster
Description

Terraform module to provision an RDS Aurora cluster for MySQL or Postgres

Stars

 128

Failed Checks
  •  Security Scanning
     Linting

  • Scan Date

    2023-10-30 17:57:40

    Security Scanning

    This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to:

    Checkov Output
                    
                      2023-10-05 14:55:45,679 [MainThread  ] [WARNI]  Failed to download module cloudposse/label/null:0.25.0 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:55:45,679 [MainThread  ] [WARNI]  Failed to download module cloudposse/route53-cluster-hostname/aws:0.12.2 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:55:45,680 [MainThread  ] [WARNI]  Failed to download module cloudposse/vpc/aws:2.1.0 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:55:45,680 [MainThread  ] [WARNI]  Failed to download module cloudposse/dynamic-subnets/aws:2.4.1 (for external modules, the --download-external-modules flag is required)
    terraform scan results:
    
    Passed checks: 143, Failed checks: 85, Skipped checks: 0
    
    Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
    	FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/enhanced_monitoring/main.tf:35-58
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
    	FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/enhanced_monitoring/main.tf:35-58
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_96: "Ensure all data stored in Aurora is securely encrypted at rest"
    	FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/enhanced_monitoring/main.tf:35-58
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-38.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
    	FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/enhanced_monitoring/main.tf:35-58
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
    	FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/enhanced_monitoring/main.tf:35-58
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_139: "Ensure that RDS clusters have deletion protection enabled"
    	FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/enhanced_monitoring/main.tf:35-58
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
    	FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/enhanced_monitoring/main.tf:35-58
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
    	FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/enhanced_monitoring/main.tf:35-58
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_96: "Ensure all data stored in Aurora is securely encrypted at rest"
    	FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/enhanced_monitoring/main.tf:35-58
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-38.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
    	FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/enhanced_monitoring/main.tf:35-58
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
    	FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/enhanced_monitoring/main.tf:35-58
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_139: "Ensure that RDS clusters have deletion protection enabled"
    	FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/enhanced_monitoring/main.tf:35-58
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster_instance.default
    	File: /main.tf:241-284
    	Calling File: /examples/basic/main.tf:7-24
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		241 | resource "aws_rds_cluster_instance" "default" {
    		242 |   count                                 = local.cluster_instance_count
    		243 |   identifier                            = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
    		244 |   cluster_identifier                    = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
    		245 |   instance_class                        = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
    		246 |   db_subnet_group_name                  = join("", aws_db_subnet_group.default[*].name)
    		247 |   db_parameter_group_name               = join("", aws_db_parameter_group.default[*].name)
    		248 |   publicly_accessible                   = var.publicly_accessible
    		249 |   tags                                  = module.this.tags
    		250 |   engine                                = var.engine
    		251 |   engine_version                        = var.engine_version
    		252 |   auto_minor_version_upgrade            = var.auto_minor_version_upgrade
    		253 |   monitoring_interval                   = var.rds_monitoring_interval
    		254 |   monitoring_role_arn                   = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
    		255 |   performance_insights_enabled          = var.performance_insights_enabled
    		256 |   performance_insights_kms_key_id       = var.performance_insights_kms_key_id
    		257 |   performance_insights_retention_period = var.performance_insights_retention_period
    		258 |   availability_zone                     = var.instance_availability_zone
    		259 |   apply_immediately                     = var.apply_immediately
    		260 |   preferred_maintenance_window          = var.maintenance_window
    		261 |   copy_tags_to_snapshot                 = var.copy_tags_to_snapshot
    		262 |   ca_cert_identifier                    = var.ca_cert_identifier
    		263 | 
    		264 |   dynamic "timeouts" {
    		265 |     for_each = var.timeouts_configuration
    		266 |     content {
    		267 |       create = lookup(timeouts.value, "create", "120m")
    		268 |       update = lookup(timeouts.value, "update", "120m")
    		269 |       delete = lookup(timeouts.value, "delete", "120m")
    		270 |     }
    		271 |   }
    		272 | 
    		273 |   depends_on = [
    		274 |     aws_db_subnet_group.default,
    		275 |     aws_db_parameter_group.default,
    		276 |     aws_iam_role.enhanced_monitoring,
    		277 |     aws_rds_cluster.secondary,
    		278 |     aws_rds_cluster_parameter_group.default,
    		279 |   ]
    		280 | 
    		281 |   lifecycle {
    		282 |     ignore_changes = [engine_version]
    		283 |   }
    		284 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster_instance.default
    	File: /main.tf:241-284
    	Calling File: /examples/enhanced_monitoring/main.tf:35-58
    
    		241 | resource "aws_rds_cluster_instance" "default" {
    		242 |   count                                 = local.cluster_instance_count
    		243 |   identifier                            = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
    		244 |   cluster_identifier                    = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
    		245 |   instance_class                        = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
    		246 |   db_subnet_group_name                  = join("", aws_db_subnet_group.default[*].name)
    		247 |   db_parameter_group_name               = join("", aws_db_parameter_group.default[*].name)
    		248 |   publicly_accessible                   = var.publicly_accessible
    		249 |   tags                                  = module.this.tags
    		250 |   engine                                = var.engine
    		251 |   engine_version                        = var.engine_version
    		252 |   auto_minor_version_upgrade            = var.auto_minor_version_upgrade
    		253 |   monitoring_interval                   = var.rds_monitoring_interval
    		254 |   monitoring_role_arn                   = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
    		255 |   performance_insights_enabled          = var.performance_insights_enabled
    		256 |   performance_insights_kms_key_id       = var.performance_insights_kms_key_id
    		257 |   performance_insights_retention_period = var.performance_insights_retention_period
    		258 |   availability_zone                     = var.instance_availability_zone
    		259 |   apply_immediately                     = var.apply_immediately
    		260 |   preferred_maintenance_window          = var.maintenance_window
    		261 |   copy_tags_to_snapshot                 = var.copy_tags_to_snapshot
    		262 |   ca_cert_identifier                    = var.ca_cert_identifier
    		263 | 
    		264 |   dynamic "timeouts" {
    		265 |     for_each = var.timeouts_configuration
    		266 |     content {
    		267 |       create = lookup(timeouts.value, "create", "120m")
    		268 |       update = lookup(timeouts.value, "update", "120m")
    		269 |       delete = lookup(timeouts.value, "delete", "120m")
    		270 |     }
    		271 |   }
    		272 | 
    		273 |   depends_on = [
    		274 |     aws_db_subnet_group.default,
    		275 |     aws_db_parameter_group.default,
    		276 |     aws_iam_role.enhanced_monitoring,
    		277 |     aws_rds_cluster.secondary,
    		278 |     aws_rds_cluster_parameter_group.default,
    		279 |   ]
    		280 | 
    		281 |   lifecycle {
    		282 |     ignore_changes = [engine_version]
    		283 |   }
    		284 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster_instance.default
    	File: /main.tf:241-284
    	Calling File: /examples/enhanced_monitoring/main.tf:35-58
    
    		241 | resource "aws_rds_cluster_instance" "default" {
    		242 |   count                                 = local.cluster_instance_count
    		243 |   identifier                            = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
    		244 |   cluster_identifier                    = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
    		245 |   instance_class                        = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
    		246 |   db_subnet_group_name                  = join("", aws_db_subnet_group.default[*].name)
    		247 |   db_parameter_group_name               = join("", aws_db_parameter_group.default[*].name)
    		248 |   publicly_accessible                   = var.publicly_accessible
    		249 |   tags                                  = module.this.tags
    		250 |   engine                                = var.engine
    		251 |   engine_version                        = var.engine_version
    		252 |   auto_minor_version_upgrade            = var.auto_minor_version_upgrade
    		253 |   monitoring_interval                   = var.rds_monitoring_interval
    		254 |   monitoring_role_arn                   = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
    		255 |   performance_insights_enabled          = var.performance_insights_enabled
    		256 |   performance_insights_kms_key_id       = var.performance_insights_kms_key_id
    		257 |   performance_insights_retention_period = var.performance_insights_retention_period
    		258 |   availability_zone                     = var.instance_availability_zone
    		259 |   apply_immediately                     = var.apply_immediately
    		260 |   preferred_maintenance_window          = var.maintenance_window
    		261 |   copy_tags_to_snapshot                 = var.copy_tags_to_snapshot
    		262 |   ca_cert_identifier                    = var.ca_cert_identifier
    		263 | 
    		264 |   dynamic "timeouts" {
    		265 |     for_each = var.timeouts_configuration
    		266 |     content {
    		267 |       create = lookup(timeouts.value, "create", "120m")
    		268 |       update = lookup(timeouts.value, "update", "120m")
    		269 |       delete = lookup(timeouts.value, "delete", "120m")
    		270 |     }
    		271 |   }
    		272 | 
    		273 |   depends_on = [
    		274 |     aws_db_subnet_group.default,
    		275 |     aws_db_parameter_group.default,
    		276 |     aws_iam_role.enhanced_monitoring,
    		277 |     aws_rds_cluster.secondary,
    		278 |     aws_rds_cluster_parameter_group.default,
    		279 |   ]
    		280 | 
    		281 |   lifecycle {
    		282 |     ignore_changes = [engine_version]
    		283 |   }
    		284 | }
    
    Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
    	FAILED for resource: module.rds_cluster.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/postgres/main.tf:28-51
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
    	FAILED for resource: module.rds_cluster.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/postgres/main.tf:28-51
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_96: "Ensure all data stored in Aurora is securely encrypted at rest"
    	FAILED for resource: module.rds_cluster.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/postgres/main.tf:28-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-38.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
    	FAILED for resource: module.rds_cluster.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/postgres/main.tf:28-51
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
    	FAILED for resource: module.rds_cluster.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/postgres/main.tf:28-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
    	FAILED for resource: module.rds_cluster.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/postgres/main.tf:28-51
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
    	FAILED for resource: module.rds_cluster.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/postgres/main.tf:28-51
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_96: "Ensure all data stored in Aurora is securely encrypted at rest"
    	FAILED for resource: module.rds_cluster.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/postgres/main.tf:28-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-38.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
    	FAILED for resource: module.rds_cluster.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/postgres/main.tf:28-51
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
    	FAILED for resource: module.rds_cluster.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/postgres/main.tf:28-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: module.rds_cluster.aws_rds_cluster_instance.default
    	File: /main.tf:241-284
    	Calling File: /examples/postgres/main.tf:28-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		241 | resource "aws_rds_cluster_instance" "default" {
    		242 |   count                                 = local.cluster_instance_count
    		243 |   identifier                            = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
    		244 |   cluster_identifier                    = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
    		245 |   instance_class                        = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
    		246 |   db_subnet_group_name                  = join("", aws_db_subnet_group.default[*].name)
    		247 |   db_parameter_group_name               = join("", aws_db_parameter_group.default[*].name)
    		248 |   publicly_accessible                   = var.publicly_accessible
    		249 |   tags                                  = module.this.tags
    		250 |   engine                                = var.engine
    		251 |   engine_version                        = var.engine_version
    		252 |   auto_minor_version_upgrade            = var.auto_minor_version_upgrade
    		253 |   monitoring_interval                   = var.rds_monitoring_interval
    		254 |   monitoring_role_arn                   = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
    		255 |   performance_insights_enabled          = var.performance_insights_enabled
    		256 |   performance_insights_kms_key_id       = var.performance_insights_kms_key_id
    		257 |   performance_insights_retention_period = var.performance_insights_retention_period
    		258 |   availability_zone                     = var.instance_availability_zone
    		259 |   apply_immediately                     = var.apply_immediately
    		260 |   preferred_maintenance_window          = var.maintenance_window
    		261 |   copy_tags_to_snapshot                 = var.copy_tags_to_snapshot
    		262 |   ca_cert_identifier                    = var.ca_cert_identifier
    		263 | 
    		264 |   dynamic "timeouts" {
    		265 |     for_each = var.timeouts_configuration
    		266 |     content {
    		267 |       create = lookup(timeouts.value, "create", "120m")
    		268 |       update = lookup(timeouts.value, "update", "120m")
    		269 |       delete = lookup(timeouts.value, "delete", "120m")
    		270 |     }
    		271 |   }
    		272 | 
    		273 |   depends_on = [
    		274 |     aws_db_subnet_group.default,
    		275 |     aws_db_parameter_group.default,
    		276 |     aws_iam_role.enhanced_monitoring,
    		277 |     aws_rds_cluster.secondary,
    		278 |     aws_rds_cluster_parameter_group.default,
    		279 |   ]
    		280 | 
    		281 |   lifecycle {
    		282 |     ignore_changes = [engine_version]
    		283 |   }
    		284 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: module.rds_cluster.aws_rds_cluster_instance.default
    	File: /main.tf:241-284
    	Calling File: /examples/postgres/main.tf:28-51
    
    		241 | resource "aws_rds_cluster_instance" "default" {
    		242 |   count                                 = local.cluster_instance_count
    		243 |   identifier                            = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
    		244 |   cluster_identifier                    = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
    		245 |   instance_class                        = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
    		246 |   db_subnet_group_name                  = join("", aws_db_subnet_group.default[*].name)
    		247 |   db_parameter_group_name               = join("", aws_db_parameter_group.default[*].name)
    		248 |   publicly_accessible                   = var.publicly_accessible
    		249 |   tags                                  = module.this.tags
    		250 |   engine                                = var.engine
    		251 |   engine_version                        = var.engine_version
    		252 |   auto_minor_version_upgrade            = var.auto_minor_version_upgrade
    		253 |   monitoring_interval                   = var.rds_monitoring_interval
    		254 |   monitoring_role_arn                   = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
    		255 |   performance_insights_enabled          = var.performance_insights_enabled
    		256 |   performance_insights_kms_key_id       = var.performance_insights_kms_key_id
    		257 |   performance_insights_retention_period = var.performance_insights_retention_period
    		258 |   availability_zone                     = var.instance_availability_zone
    		259 |   apply_immediately                     = var.apply_immediately
    		260 |   preferred_maintenance_window          = var.maintenance_window
    		261 |   copy_tags_to_snapshot                 = var.copy_tags_to_snapshot
    		262 |   ca_cert_identifier                    = var.ca_cert_identifier
    		263 | 
    		264 |   dynamic "timeouts" {
    		265 |     for_each = var.timeouts_configuration
    		266 |     content {
    		267 |       create = lookup(timeouts.value, "create", "120m")
    		268 |       update = lookup(timeouts.value, "update", "120m")
    		269 |       delete = lookup(timeouts.value, "delete", "120m")
    		270 |     }
    		271 |   }
    		272 | 
    		273 |   depends_on = [
    		274 |     aws_db_subnet_group.default,
    		275 |     aws_db_parameter_group.default,
    		276 |     aws_iam_role.enhanced_monitoring,
    		277 |     aws_rds_cluster.secondary,
    		278 |     aws_rds_cluster_parameter_group.default,
    		279 |   ]
    		280 | 
    		281 |   lifecycle {
    		282 |     ignore_changes = [engine_version]
    		283 |   }
    		284 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: module.rds_cluster.aws_rds_cluster_instance.default
    	File: /main.tf:241-284
    	Calling File: /examples/postgres/main.tf:28-51
    
    		241 | resource "aws_rds_cluster_instance" "default" {
    		242 |   count                                 = local.cluster_instance_count
    		243 |   identifier                            = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
    		244 |   cluster_identifier                    = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
    		245 |   instance_class                        = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
    		246 |   db_subnet_group_name                  = join("", aws_db_subnet_group.default[*].name)
    		247 |   db_parameter_group_name               = join("", aws_db_parameter_group.default[*].name)
    		248 |   publicly_accessible                   = var.publicly_accessible
    		249 |   tags                                  = module.this.tags
    		250 |   engine                                = var.engine
    		251 |   engine_version                        = var.engine_version
    		252 |   auto_minor_version_upgrade            = var.auto_minor_version_upgrade
    		253 |   monitoring_interval                   = var.rds_monitoring_interval
    		254 |   monitoring_role_arn                   = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
    		255 |   performance_insights_enabled          = var.performance_insights_enabled
    		256 |   performance_insights_kms_key_id       = var.performance_insights_kms_key_id
    		257 |   performance_insights_retention_period = var.performance_insights_retention_period
    		258 |   availability_zone                     = var.instance_availability_zone
    		259 |   apply_immediately                     = var.apply_immediately
    		260 |   preferred_maintenance_window          = var.maintenance_window
    		261 |   copy_tags_to_snapshot                 = var.copy_tags_to_snapshot
    		262 |   ca_cert_identifier                    = var.ca_cert_identifier
    		263 | 
    		264 |   dynamic "timeouts" {
    		265 |     for_each = var.timeouts_configuration
    		266 |     content {
    		267 |       create = lookup(timeouts.value, "create", "120m")
    		268 |       update = lookup(timeouts.value, "update", "120m")
    		269 |       delete = lookup(timeouts.value, "delete", "120m")
    		270 |     }
    		271 |   }
    		272 | 
    		273 |   depends_on = [
    		274 |     aws_db_subnet_group.default,
    		275 |     aws_db_parameter_group.default,
    		276 |     aws_iam_role.enhanced_monitoring,
    		277 |     aws_rds_cluster.secondary,
    		278 |     aws_rds_cluster_parameter_group.default,
    		279 |   ]
    		280 | 
    		281 |   lifecycle {
    		282 |     ignore_changes = [engine_version]
    		283 |   }
    		284 | }
    
    Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
    	FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/serverless_mysql57/main.tf:9-38
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
    	FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/serverless_mysql57/main.tf:9-38
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
    	FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/serverless_mysql57/main.tf:9-38
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
    	FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/serverless_mysql57/main.tf:9-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_139: "Ensure that RDS clusters have deletion protection enabled"
    	FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/serverless_mysql57/main.tf:9-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
    	FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/serverless_mysql57/main.tf:9-38
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
    	FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/serverless_mysql57/main.tf:9-38
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
    	FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/serverless_mysql57/main.tf:9-38
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
    	FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/serverless_mysql57/main.tf:9-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_139: "Ensure that RDS clusters have deletion protection enabled"
    	FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/serverless_mysql57/main.tf:9-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster_instance.default
    	File: /main.tf:241-284
    	Calling File: /examples/serverless_mysql57/main.tf:9-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		241 | resource "aws_rds_cluster_instance" "default" {
    		242 |   count                                 = local.cluster_instance_count
    		243 |   identifier                            = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
    		244 |   cluster_identifier                    = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
    		245 |   instance_class                        = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
    		246 |   db_subnet_group_name                  = join("", aws_db_subnet_group.default[*].name)
    		247 |   db_parameter_group_name               = join("", aws_db_parameter_group.default[*].name)
    		248 |   publicly_accessible                   = var.publicly_accessible
    		249 |   tags                                  = module.this.tags
    		250 |   engine                                = var.engine
    		251 |   engine_version                        = var.engine_version
    		252 |   auto_minor_version_upgrade            = var.auto_minor_version_upgrade
    		253 |   monitoring_interval                   = var.rds_monitoring_interval
    		254 |   monitoring_role_arn                   = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
    		255 |   performance_insights_enabled          = var.performance_insights_enabled
    		256 |   performance_insights_kms_key_id       = var.performance_insights_kms_key_id
    		257 |   performance_insights_retention_period = var.performance_insights_retention_period
    		258 |   availability_zone                     = var.instance_availability_zone
    		259 |   apply_immediately                     = var.apply_immediately
    		260 |   preferred_maintenance_window          = var.maintenance_window
    		261 |   copy_tags_to_snapshot                 = var.copy_tags_to_snapshot
    		262 |   ca_cert_identifier                    = var.ca_cert_identifier
    		263 | 
    		264 |   dynamic "timeouts" {
    		265 |     for_each = var.timeouts_configuration
    		266 |     content {
    		267 |       create = lookup(timeouts.value, "create", "120m")
    		268 |       update = lookup(timeouts.value, "update", "120m")
    		269 |       delete = lookup(timeouts.value, "delete", "120m")
    		270 |     }
    		271 |   }
    		272 | 
    		273 |   depends_on = [
    		274 |     aws_db_subnet_group.default,
    		275 |     aws_db_parameter_group.default,
    		276 |     aws_iam_role.enhanced_monitoring,
    		277 |     aws_rds_cluster.secondary,
    		278 |     aws_rds_cluster_parameter_group.default,
    		279 |   ]
    		280 | 
    		281 |   lifecycle {
    		282 |     ignore_changes = [engine_version]
    		283 |   }
    		284 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster_instance.default
    	File: /main.tf:241-284
    	Calling File: /examples/serverless_mysql57/main.tf:9-38
    
    		241 | resource "aws_rds_cluster_instance" "default" {
    		242 |   count                                 = local.cluster_instance_count
    		243 |   identifier                            = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
    		244 |   cluster_identifier                    = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
    		245 |   instance_class                        = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
    		246 |   db_subnet_group_name                  = join("", aws_db_subnet_group.default[*].name)
    		247 |   db_parameter_group_name               = join("", aws_db_parameter_group.default[*].name)
    		248 |   publicly_accessible                   = var.publicly_accessible
    		249 |   tags                                  = module.this.tags
    		250 |   engine                                = var.engine
    		251 |   engine_version                        = var.engine_version
    		252 |   auto_minor_version_upgrade            = var.auto_minor_version_upgrade
    		253 |   monitoring_interval                   = var.rds_monitoring_interval
    		254 |   monitoring_role_arn                   = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
    		255 |   performance_insights_enabled          = var.performance_insights_enabled
    		256 |   performance_insights_kms_key_id       = var.performance_insights_kms_key_id
    		257 |   performance_insights_retention_period = var.performance_insights_retention_period
    		258 |   availability_zone                     = var.instance_availability_zone
    		259 |   apply_immediately                     = var.apply_immediately
    		260 |   preferred_maintenance_window          = var.maintenance_window
    		261 |   copy_tags_to_snapshot                 = var.copy_tags_to_snapshot
    		262 |   ca_cert_identifier                    = var.ca_cert_identifier
    		263 | 
    		264 |   dynamic "timeouts" {
    		265 |     for_each = var.timeouts_configuration
    		266 |     content {
    		267 |       create = lookup(timeouts.value, "create", "120m")
    		268 |       update = lookup(timeouts.value, "update", "120m")
    		269 |       delete = lookup(timeouts.value, "delete", "120m")
    		270 |     }
    		271 |   }
    		272 | 
    		273 |   depends_on = [
    		274 |     aws_db_subnet_group.default,
    		275 |     aws_db_parameter_group.default,
    		276 |     aws_iam_role.enhanced_monitoring,
    		277 |     aws_rds_cluster.secondary,
    		278 |     aws_rds_cluster_parameter_group.default,
    		279 |   ]
    		280 | 
    		281 |   lifecycle {
    		282 |     ignore_changes = [engine_version]
    		283 |   }
    		284 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster_instance.default
    	File: /main.tf:241-284
    	Calling File: /examples/serverless_mysql57/main.tf:9-38
    
    		241 | resource "aws_rds_cluster_instance" "default" {
    		242 |   count                                 = local.cluster_instance_count
    		243 |   identifier                            = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
    		244 |   cluster_identifier                    = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
    		245 |   instance_class                        = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
    		246 |   db_subnet_group_name                  = join("", aws_db_subnet_group.default[*].name)
    		247 |   db_parameter_group_name               = join("", aws_db_parameter_group.default[*].name)
    		248 |   publicly_accessible                   = var.publicly_accessible
    		249 |   tags                                  = module.this.tags
    		250 |   engine                                = var.engine
    		251 |   engine_version                        = var.engine_version
    		252 |   auto_minor_version_upgrade            = var.auto_minor_version_upgrade
    		253 |   monitoring_interval                   = var.rds_monitoring_interval
    		254 |   monitoring_role_arn                   = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
    		255 |   performance_insights_enabled          = var.performance_insights_enabled
    		256 |   performance_insights_kms_key_id       = var.performance_insights_kms_key_id
    		257 |   performance_insights_retention_period = var.performance_insights_retention_period
    		258 |   availability_zone                     = var.instance_availability_zone
    		259 |   apply_immediately                     = var.apply_immediately
    		260 |   preferred_maintenance_window          = var.maintenance_window
    		261 |   copy_tags_to_snapshot                 = var.copy_tags_to_snapshot
    		262 |   ca_cert_identifier                    = var.ca_cert_identifier
    		263 | 
    		264 |   dynamic "timeouts" {
    		265 |     for_each = var.timeouts_configuration
    		266 |     content {
    		267 |       create = lookup(timeouts.value, "create", "120m")
    		268 |       update = lookup(timeouts.value, "update", "120m")
    		269 |       delete = lookup(timeouts.value, "delete", "120m")
    		270 |     }
    		271 |   }
    		272 | 
    		273 |   depends_on = [
    		274 |     aws_db_subnet_group.default,
    		275 |     aws_db_parameter_group.default,
    		276 |     aws_iam_role.enhanced_monitoring,
    		277 |     aws_rds_cluster.secondary,
    		278 |     aws_rds_cluster_parameter_group.default,
    		279 |   ]
    		280 | 
    		281 |   lifecycle {
    		282 |     ignore_changes = [engine_version]
    		283 |   }
    		284 | }
    
    Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
    	FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/serverlessv2_postgres/main.tf:28-50
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
    	FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/serverlessv2_postgres/main.tf:28-50
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_96: "Ensure all data stored in Aurora is securely encrypted at rest"
    	FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/serverlessv2_postgres/main.tf:28-50
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-38.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
    	FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/serverlessv2_postgres/main.tf:28-50
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
    	FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/serverlessv2_postgres/main.tf:28-50
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
    	FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/serverlessv2_postgres/main.tf:28-50
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
    	FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/serverlessv2_postgres/main.tf:28-50
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_96: "Ensure all data stored in Aurora is securely encrypted at rest"
    	FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/serverlessv2_postgres/main.tf:28-50
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-38.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
    	FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/serverlessv2_postgres/main.tf:28-50
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
    	FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/serverlessv2_postgres/main.tf:28-50
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster_instance.default
    	File: /main.tf:241-284
    	Calling File: /examples/serverlessv2_postgres/main.tf:28-50
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		241 | resource "aws_rds_cluster_instance" "default" {
    		242 |   count                                 = local.cluster_instance_count
    		243 |   identifier                            = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
    		244 |   cluster_identifier                    = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
    		245 |   instance_class                        = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
    		246 |   db_subnet_group_name                  = join("", aws_db_subnet_group.default[*].name)
    		247 |   db_parameter_group_name               = join("", aws_db_parameter_group.default[*].name)
    		248 |   publicly_accessible                   = var.publicly_accessible
    		249 |   tags                                  = module.this.tags
    		250 |   engine                                = var.engine
    		251 |   engine_version                        = var.engine_version
    		252 |   auto_minor_version_upgrade            = var.auto_minor_version_upgrade
    		253 |   monitoring_interval                   = var.rds_monitoring_interval
    		254 |   monitoring_role_arn                   = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
    		255 |   performance_insights_enabled          = var.performance_insights_enabled
    		256 |   performance_insights_kms_key_id       = var.performance_insights_kms_key_id
    		257 |   performance_insights_retention_period = var.performance_insights_retention_period
    		258 |   availability_zone                     = var.instance_availability_zone
    		259 |   apply_immediately                     = var.apply_immediately
    		260 |   preferred_maintenance_window          = var.maintenance_window
    		261 |   copy_tags_to_snapshot                 = var.copy_tags_to_snapshot
    		262 |   ca_cert_identifier                    = var.ca_cert_identifier
    		263 | 
    		264 |   dynamic "timeouts" {
    		265 |     for_each = var.timeouts_configuration
    		266 |     content {
    		267 |       create = lookup(timeouts.value, "create", "120m")
    		268 |       update = lookup(timeouts.value, "update", "120m")
    		269 |       delete = lookup(timeouts.value, "delete", "120m")
    		270 |     }
    		271 |   }
    		272 | 
    		273 |   depends_on = [
    		274 |     aws_db_subnet_group.default,
    		275 |     aws_db_parameter_group.default,
    		276 |     aws_iam_role.enhanced_monitoring,
    		277 |     aws_rds_cluster.secondary,
    		278 |     aws_rds_cluster_parameter_group.default,
    		279 |   ]
    		280 | 
    		281 |   lifecycle {
    		282 |     ignore_changes = [engine_version]
    		283 |   }
    		284 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster_instance.default
    	File: /main.tf:241-284
    	Calling File: /examples/serverlessv2_postgres/main.tf:28-50
    
    		241 | resource "aws_rds_cluster_instance" "default" {
    		242 |   count                                 = local.cluster_instance_count
    		243 |   identifier                            = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
    		244 |   cluster_identifier                    = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
    		245 |   instance_class                        = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
    		246 |   db_subnet_group_name                  = join("", aws_db_subnet_group.default[*].name)
    		247 |   db_parameter_group_name               = join("", aws_db_parameter_group.default[*].name)
    		248 |   publicly_accessible                   = var.publicly_accessible
    		249 |   tags                                  = module.this.tags
    		250 |   engine                                = var.engine
    		251 |   engine_version                        = var.engine_version
    		252 |   auto_minor_version_upgrade            = var.auto_minor_version_upgrade
    		253 |   monitoring_interval                   = var.rds_monitoring_interval
    		254 |   monitoring_role_arn                   = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
    		255 |   performance_insights_enabled          = var.performance_insights_enabled
    		256 |   performance_insights_kms_key_id       = var.performance_insights_kms_key_id
    		257 |   performance_insights_retention_period = var.performance_insights_retention_period
    		258 |   availability_zone                     = var.instance_availability_zone
    		259 |   apply_immediately                     = var.apply_immediately
    		260 |   preferred_maintenance_window          = var.maintenance_window
    		261 |   copy_tags_to_snapshot                 = var.copy_tags_to_snapshot
    		262 |   ca_cert_identifier                    = var.ca_cert_identifier
    		263 | 
    		264 |   dynamic "timeouts" {
    		265 |     for_each = var.timeouts_configuration
    		266 |     content {
    		267 |       create = lookup(timeouts.value, "create", "120m")
    		268 |       update = lookup(timeouts.value, "update", "120m")
    		269 |       delete = lookup(timeouts.value, "delete", "120m")
    		270 |     }
    		271 |   }
    		272 | 
    		273 |   depends_on = [
    		274 |     aws_db_subnet_group.default,
    		275 |     aws_db_parameter_group.default,
    		276 |     aws_iam_role.enhanced_monitoring,
    		277 |     aws_rds_cluster.secondary,
    		278 |     aws_rds_cluster_parameter_group.default,
    		279 |   ]
    		280 | 
    		281 |   lifecycle {
    		282 |     ignore_changes = [engine_version]
    		283 |   }
    		284 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster_instance.default
    	File: /main.tf:241-284
    	Calling File: /examples/serverlessv2_postgres/main.tf:28-50
    
    		241 | resource "aws_rds_cluster_instance" "default" {
    		242 |   count                                 = local.cluster_instance_count
    		243 |   identifier                            = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
    		244 |   cluster_identifier                    = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
    		245 |   instance_class                        = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
    		246 |   db_subnet_group_name                  = join("", aws_db_subnet_group.default[*].name)
    		247 |   db_parameter_group_name               = join("", aws_db_parameter_group.default[*].name)
    		248 |   publicly_accessible                   = var.publicly_accessible
    		249 |   tags                                  = module.this.tags
    		250 |   engine                                = var.engine
    		251 |   engine_version                        = var.engine_version
    		252 |   auto_minor_version_upgrade            = var.auto_minor_version_upgrade
    		253 |   monitoring_interval                   = var.rds_monitoring_interval
    		254 |   monitoring_role_arn                   = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
    		255 |   performance_insights_enabled          = var.performance_insights_enabled
    		256 |   performance_insights_kms_key_id       = var.performance_insights_kms_key_id
    		257 |   performance_insights_retention_period = var.performance_insights_retention_period
    		258 |   availability_zone                     = var.instance_availability_zone
    		259 |   apply_immediately                     = var.apply_immediately
    		260 |   preferred_maintenance_window          = var.maintenance_window
    		261 |   copy_tags_to_snapshot                 = var.copy_tags_to_snapshot
    		262 |   ca_cert_identifier                    = var.ca_cert_identifier
    		263 | 
    		264 |   dynamic "timeouts" {
    		265 |     for_each = var.timeouts_configuration
    		266 |     content {
    		267 |       create = lookup(timeouts.value, "create", "120m")
    		268 |       update = lookup(timeouts.value, "update", "120m")
    		269 |       delete = lookup(timeouts.value, "delete", "120m")
    		270 |     }
    		271 |   }
    		272 | 
    		273 |   depends_on = [
    		274 |     aws_db_subnet_group.default,
    		275 |     aws_db_parameter_group.default,
    		276 |     aws_iam_role.enhanced_monitoring,
    		277 |     aws_rds_cluster.secondary,
    		278 |     aws_rds_cluster_parameter_group.default,
    		279 |   ]
    		280 | 
    		281 |   lifecycle {
    		282 |     ignore_changes = [engine_version]
    		283 |   }
    		284 | }
    
    Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
    	FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/with_cluster_parameters/main.tf:7-71
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
    	FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/with_cluster_parameters/main.tf:7-71
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_96: "Ensure all data stored in Aurora is securely encrypted at rest"
    	FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/with_cluster_parameters/main.tf:7-71
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-38.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
    	FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/with_cluster_parameters/main.tf:7-71
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
    	FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/with_cluster_parameters/main.tf:7-71
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_139: "Ensure that RDS clusters have deletion protection enabled"
    	FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Calling File: /examples/with_cluster_parameters/main.tf:7-71
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_327: "Ensure RDS Clusters are encrypted using KMS CMKs"
    	FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/with_cluster_parameters/main.tf:7-71
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
    	FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/with_cluster_parameters/main.tf:7-71
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_96: "Ensure all data stored in Aurora is securely encrypted at rest"
    	FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/with_cluster_parameters/main.tf:7-71
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-general-38.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
    	FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/with_cluster_parameters/main.tf:7-71
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
    	FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/with_cluster_parameters/main.tf:7-71
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_139: "Ensure that RDS clusters have deletion protection enabled"
    	FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Calling File: /examples/with_cluster_parameters/main.tf:7-71
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AWS_118: "Ensure that enhanced monitoring is enabled for Amazon RDS instances"
    	FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster_instance.default
    	File: /main.tf:241-284
    	Calling File: /examples/with_cluster_parameters/main.tf:7-71
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances.html
    
    		241 | resource "aws_rds_cluster_instance" "default" {
    		242 |   count                                 = local.cluster_instance_count
    		243 |   identifier                            = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
    		244 |   cluster_identifier                    = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
    		245 |   instance_class                        = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
    		246 |   db_subnet_group_name                  = join("", aws_db_subnet_group.default[*].name)
    		247 |   db_parameter_group_name               = join("", aws_db_parameter_group.default[*].name)
    		248 |   publicly_accessible                   = var.publicly_accessible
    		249 |   tags                                  = module.this.tags
    		250 |   engine                                = var.engine
    		251 |   engine_version                        = var.engine_version
    		252 |   auto_minor_version_upgrade            = var.auto_minor_version_upgrade
    		253 |   monitoring_interval                   = var.rds_monitoring_interval
    		254 |   monitoring_role_arn                   = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
    		255 |   performance_insights_enabled          = var.performance_insights_enabled
    		256 |   performance_insights_kms_key_id       = var.performance_insights_kms_key_id
    		257 |   performance_insights_retention_period = var.performance_insights_retention_period
    		258 |   availability_zone                     = var.instance_availability_zone
    		259 |   apply_immediately                     = var.apply_immediately
    		260 |   preferred_maintenance_window          = var.maintenance_window
    		261 |   copy_tags_to_snapshot                 = var.copy_tags_to_snapshot
    		262 |   ca_cert_identifier                    = var.ca_cert_identifier
    		263 | 
    		264 |   dynamic "timeouts" {
    		265 |     for_each = var.timeouts_configuration
    		266 |     content {
    		267 |       create = lookup(timeouts.value, "create", "120m")
    		268 |       update = lookup(timeouts.value, "update", "120m")
    		269 |       delete = lookup(timeouts.value, "delete", "120m")
    		270 |     }
    		271 |   }
    		272 | 
    		273 |   depends_on = [
    		274 |     aws_db_subnet_group.default,
    		275 |     aws_db_parameter_group.default,
    		276 |     aws_iam_role.enhanced_monitoring,
    		277 |     aws_rds_cluster.secondary,
    		278 |     aws_rds_cluster_parameter_group.default,
    		279 |   ]
    		280 | 
    		281 |   lifecycle {
    		282 |     ignore_changes = [engine_version]
    		283 |   }
    		284 | }
    
    Check: CKV_AWS_354: "Ensure RDS Performance Insights are encrypted using KMS CMKs"
    	FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster_instance.default
    	File: /main.tf:241-284
    	Calling File: /examples/with_cluster_parameters/main.tf:7-71
    
    		241 | resource "aws_rds_cluster_instance" "default" {
    		242 |   count                                 = local.cluster_instance_count
    		243 |   identifier                            = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
    		244 |   cluster_identifier                    = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
    		245 |   instance_class                        = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
    		246 |   db_subnet_group_name                  = join("", aws_db_subnet_group.default[*].name)
    		247 |   db_parameter_group_name               = join("", aws_db_parameter_group.default[*].name)
    		248 |   publicly_accessible                   = var.publicly_accessible
    		249 |   tags                                  = module.this.tags
    		250 |   engine                                = var.engine
    		251 |   engine_version                        = var.engine_version
    		252 |   auto_minor_version_upgrade            = var.auto_minor_version_upgrade
    		253 |   monitoring_interval                   = var.rds_monitoring_interval
    		254 |   monitoring_role_arn                   = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
    		255 |   performance_insights_enabled          = var.performance_insights_enabled
    		256 |   performance_insights_kms_key_id       = var.performance_insights_kms_key_id
    		257 |   performance_insights_retention_period = var.performance_insights_retention_period
    		258 |   availability_zone                     = var.instance_availability_zone
    		259 |   apply_immediately                     = var.apply_immediately
    		260 |   preferred_maintenance_window          = var.maintenance_window
    		261 |   copy_tags_to_snapshot                 = var.copy_tags_to_snapshot
    		262 |   ca_cert_identifier                    = var.ca_cert_identifier
    		263 | 
    		264 |   dynamic "timeouts" {
    		265 |     for_each = var.timeouts_configuration
    		266 |     content {
    		267 |       create = lookup(timeouts.value, "create", "120m")
    		268 |       update = lookup(timeouts.value, "update", "120m")
    		269 |       delete = lookup(timeouts.value, "delete", "120m")
    		270 |     }
    		271 |   }
    		272 | 
    		273 |   depends_on = [
    		274 |     aws_db_subnet_group.default,
    		275 |     aws_db_parameter_group.default,
    		276 |     aws_iam_role.enhanced_monitoring,
    		277 |     aws_rds_cluster.secondary,
    		278 |     aws_rds_cluster_parameter_group.default,
    		279 |   ]
    		280 | 
    		281 |   lifecycle {
    		282 |     ignore_changes = [engine_version]
    		283 |   }
    		284 | }
    
    Check: CKV_AWS_353: "Ensure that RDS instances have performance insights enabled"
    	FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster_instance.default
    	File: /main.tf:241-284
    	Calling File: /examples/with_cluster_parameters/main.tf:7-71
    
    		241 | resource "aws_rds_cluster_instance" "default" {
    		242 |   count                                 = local.cluster_instance_count
    		243 |   identifier                            = var.cluster_identifier == "" ? "${module.this.id}-${count.index + 1}" : "${var.cluster_identifier}-${count.index + 1}"
    		244 |   cluster_identifier                    = coalesce(join("", aws_rds_cluster.primary[*].id), join("", aws_rds_cluster.secondary[*].id))
    		245 |   instance_class                        = var.serverlessv2_scaling_configuration != null ? "db.serverless" : var.instance_type
    		246 |   db_subnet_group_name                  = join("", aws_db_subnet_group.default[*].name)
    		247 |   db_parameter_group_name               = join("", aws_db_parameter_group.default[*].name)
    		248 |   publicly_accessible                   = var.publicly_accessible
    		249 |   tags                                  = module.this.tags
    		250 |   engine                                = var.engine
    		251 |   engine_version                        = var.engine_version
    		252 |   auto_minor_version_upgrade            = var.auto_minor_version_upgrade
    		253 |   monitoring_interval                   = var.rds_monitoring_interval
    		254 |   monitoring_role_arn                   = var.enhanced_monitoring_role_enabled ? join("", aws_iam_role.enhanced_monitoring[*].arn) : var.rds_monitoring_role_arn
    		255 |   performance_insights_enabled          = var.performance_insights_enabled
    		256 |   performance_insights_kms_key_id       = var.performance_insights_kms_key_id
    		257 |   performance_insights_retention_period = var.performance_insights_retention_period
    		258 |   availability_zone                     = var.instance_availability_zone
    		259 |   apply_immediately                     = var.apply_immediately
    		260 |   preferred_maintenance_window          = var.maintenance_window
    		261 |   copy_tags_to_snapshot                 = var.copy_tags_to_snapshot
    		262 |   ca_cert_identifier                    = var.ca_cert_identifier
    		263 | 
    		264 |   dynamic "timeouts" {
    		265 |     for_each = var.timeouts_configuration
    		266 |     content {
    		267 |       create = lookup(timeouts.value, "create", "120m")
    		268 |       update = lookup(timeouts.value, "update", "120m")
    		269 |       delete = lookup(timeouts.value, "delete", "120m")
    		270 |     }
    		271 |   }
    		272 | 
    		273 |   depends_on = [
    		274 |     aws_db_subnet_group.default,
    		275 |     aws_db_parameter_group.default,
    		276 |     aws_iam_role.enhanced_monitoring,
    		277 |     aws_rds_cluster.secondary,
    		278 |     aws_rds_cluster_parameter_group.default,
    		279 |   ]
    		280 | 
    		281 |   lifecycle {
    		282 |     ignore_changes = [engine_version]
    		283 |   }
    		284 | }
    
    Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
    	FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
    	FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
    	FAILED for resource: module.rds_cluster.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
    	FAILED for resource: module.rds_cluster.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
    	FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
    	FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
    	FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
    	FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
    	FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AWS_8: "Ensure that RDS clusters has backup plan of AWS Backup"
    	FAILED for resource: module.rds_cluster_aurora_mysql.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AWS_27: "Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled"
    	FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-logging-32.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AWS_27: "Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled"
    	FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-logging-32.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AWS_27: "Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled"
    	FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.primary
    	File: /main.tf:71-163
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-logging-32.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AWS_27: "Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled"
    	FAILED for resource: module.rds_cluster_aurora_postgres.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-logging-32.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AWS_27: "Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled"
    	FAILED for resource: module.rds_cluster_aurora_mysql_serverless.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-logging-32.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AWS_27: "Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled"
    	FAILED for resource: module.rds_cluster_aurora_serverlessv2_postgres_13.aws_rds_cluster.secondary
    	File: /main.tf:166-239
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/aws-policies/aws-general-policies/bc-aws-logging-32.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    secrets scan results:
    
    Passed checks: 0, Failed checks: 3, Skipped checks: 0
    
    Check: CKV_SECRET_6: "Base64 High Entropy String"
    	FAILED for resource: d7fdba0dadfe661ed9c33f403184e0aa00ce77b2
    	File: /examples/basic/main.tf:16-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-6.html
    
    		16 |   admin_password  = "Tes**********"
    
    Check: CKV_SECRET_6: "Base64 High Entropy String"
    	FAILED for resource: d7fdba0dadfe661ed9c33f403184e0aa00ce77b2
    	File: /examples/enhanced_monitoring/main.tf:44-45
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-6.html
    
    		44 |   admin_password  = "Tes**********"
    
    Check: CKV_SECRET_6: "Base64 High Entropy String"
    	FAILED for resource: d7fdba0dadfe661ed9c33f403184e0aa00ce77b2
    	File: /examples/with_cluster_parameters/main.tf:16-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-6.html
    
    		16 |   admin_password  = "Tes**********"
    
    github_actions scan results:
    
    Passed checks: 40, Failed checks: 0, Skipped checks: 0
    
    
    
                    
                  

    Linting

    This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to: