False positive for missing encryption in s3 bucket module

[anneadb]

IDs

AVD-AWS-0088, AVD-AWS-0132

Description

Hi,

I am getting errors stating that my s3 bucket is not encrypted. I have used the same code in another repository where I do not get any errors and when I check after applying the bucket is actually encrypted with the correct customer KMS key.
Also, the trivy:ignore statements have not effect.
Have I made some mistake in my code?

In a similar discussion there was a note about bucket name potentially being null. Could that still be an issue? (#4736)

#6024 might also be related but I am using a newer trivy version than 0.50.0.

Reproduction Steps

module "s3_bucket" {
  # https://github.com/terraform-aws-modules/terraform-aws-s3-bucket
  source  = "terraform-aws-modules/s3-bucket/aws"
  version = "4.1.2"

  bucket                                = local.bucket_prefix
  attach_deny_insecure_transport_policy = true

  logging = {
    target_bucket = data.aws_s3_bucket.access_logs.id
    target_prefix = "${local.bucket_prefix}/" # same as bucket name
  }

  # trivy:ignore:AVD-AWS-0088 (false positive)
  # trivy:ignore:AVD-AWS-0132 (false positive)
  server_side_encryption_configuration = {
    rule = {
      bucket_key_enabled = true

      apply_server_side_encryption_by_default = {
        sse_algorithm     = "aws:kms"
        kms_master_key_id = data.aws_ssm_parameter.kms_key_arn.value
      }
    }
  }

  versioning = {
    enabled = true
  }

  lifecycle_rule = [{
    id      = "expiration_rule"
    enabled = true

    expiration                    = { days = 90 }
    noncurrent_version_expiration = { noncurrent_days = 90 }
  }]
}

Target

Filesystem

Scanner

Misconfiguration

Target OS

No response

Debug Output

2024-07-19T12:22:51+02:00       DEBUG   Parsed severities       severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-07-19T12:22:51+02:00       DEBUG   Ignore statuses statuses=[]
2024-07-19T12:22:51+02:00       DEBUG   Cache dir       dir="/Users/***/Library/Caches/trivy"
2024-07-19T12:22:51+02:00       INFO    Misconfiguration scanning is enabled
2024-07-19T12:22:51+02:00       DEBUG   Policies successfully loaded from disk
2024-07-19T12:22:51+02:00       INFO    Secret scanning is enabled
2024-07-19T12:22:51+02:00       INFO    If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-19T12:22:51+02:00       INFO    Please see also https://aquasecurity.github.io/trivy/v0.51/docs/scanner/secret/#recommendation for faster secret detection
2024-07-19T12:22:51+02:00       DEBUG   Enabling misconfiguration scanners      scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-07-19T12:22:51+02:00       DEBUG   [secret] No secret config detected      config_path="trivy-secret.yaml"
2024-07-19T12:22:51+02:00       DEBUG   [nuget] The nuget packages directory couldn't be found. License search disabled
2024-07-19T12:22:51+02:00       DEBUG   Skipping path   path=".git"
2024-07-19T12:22:51+02:00       DEBUG   Skipping path   path="infrastructure/.terraform/modules/s3_bucket/.git"
2024-07-19T12:22:51+02:00       DEBUG   Scanning files for misconfigurations... scanner="Terraform"
2024-07-19T12:22:51+02:00       DEBUG   [misconf] 22:51.386778000 terraform.scanner                Scanning [&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13951779455891567312 474571709 0x10f474740} <nil>} {{{0 0} {[] {} 0x14002b89910} map[] 0}}}) .}] at '.'...
2024-07-19T12:22:51+02:00       DEBUG   [misconf] 22:51.389254000 terraform.scanner.rego           Overriding filesystem for checks!
2024-07-19T12:22:51+02:00       DEBUG   [misconf] 22:51.389916000 terraform.scanner.rego           Loaded 3 embedded libraries.
2024-07-19T12:22:51+02:00       DEBUG   [misconf] 22:51.419463000 terraform.scanner.rego           Loaded 191 embedded policies.
2024-07-19T12:22:51+02:00       DEBUG   [misconf] 22:51.994498000 terraform.scanner.rego           Loaded 195 policies from disk.
2024-07-19T12:22:51+02:00       DEBUG   [misconf] 22:51.994868000 terraform.scanner.rego           Overriding filesystem for data!
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.195932000 terraform.parser.<root>          Setting project/module root to 'infrastructure'
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.195964000 terraform.parser.<root>          Parsing FS from 'infrastructure'
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.195998000 terraform.parser.<root>          Parsing 'infrastructure/data.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.196168000 terraform.parser.<root>          Added file infrastructure/data.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.196192000 terraform.parser.<root>          Parsing 'infrastructure/locals.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.196256000 terraform.parser.<root>          Added file infrastructure/locals.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.196267000 terraform.parser.<root>          Parsing 'infrastructure/main.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.196419000 terraform.parser.<root>          Added file infrastructure/main.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.196436000 terraform.parser.<root>          Parsing 'infrastructure/providers.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.196509000 terraform.parser.<root>          Added file infrastructure/providers.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.196521000 terraform.parser.<root>          Parsing 'infrastructure/variables.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.196752000 terraform.parser.<root>          Added file infrastructure/variables.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.197058000 terraform.scanner                Scanning root module 'infrastructure'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.197065000 terraform.parser.<root>          Setting project/module root to 'infrastructure'
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.197067000 terraform.parser.<root>          Parsing FS from 'infrastructure'
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.197078000 terraform.parser.<root>          Parsing 'infrastructure/data.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.197156000 terraform.parser.<root>          Added file infrastructure/data.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.197167000 terraform.parser.<root>          Parsing 'infrastructure/locals.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.197224000 terraform.parser.<root>          Added file infrastructure/locals.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.197234000 terraform.parser.<root>          Parsing 'infrastructure/main.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.197324000 terraform.parser.<root>          Added file infrastructure/main.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.197334000 terraform.parser.<root>          Parsing 'infrastructure/providers.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.197404000 terraform.parser.<root>          Added file infrastructure/providers.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.197413000 terraform.parser.<root>          Parsing 'infrastructure/variables.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.197643000 terraform.parser.<root>          Added file infrastructure/variables.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.197653000 terraform.parser.<root>          Evaluating module...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.197918000 terraform.parser.<root>          Read 18 block(s) and 2 ignore(s) for module 'root' (5 file[s])...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.197930000 terraform.parser.<root>          Added 0 variables from tfvars.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.197991000 terraform.parser.<root>          Loaded module metadata for 2 module(s) from 'infrastructure/.terraform/modules/modules.json'.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.198019000 terraform.parser.<root>          Working directory for module evaluation is '/Users/***/git/di/infrastructure/tf_ml_product_base'
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.198051000 terraform.parser.<root>.evaluator Filesystem key is '0ed72173909374623a2f866176f08c424b588f3fee3ce2d14f5d1c59fa188edb'
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.198055000 terraform.parser.<root>.evaluator Starting module evaluation...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.198278000 terraform.parser.<root>.evaluator Starting submodule evaluation...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.198289000 terraform.parser.<root>.evaluator Module 'module.s3_bucket' resolved to path 'infrastructure/.terraform/modules/s3_bucket' in filesystem '&{%!s(*mapfs.file=&{ [] {. 256 2147484096 {13951779455891567312 474571709 0x10f474740} <nil>} {{{0 0} {[] {} 0x14002b89910} map[] 0}}}) .}' using modules.json
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.198293000 terraform.parser.<s3_bucket>     Parsing FS from 'infrastructure/.terraform/modules/s3_bucket'
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.198312000 terraform.parser.<s3_bucket>     Parsing 'infrastructure/.terraform/modules/s3_bucket/main.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.201584000 terraform.parser.<s3_bucket>     Added file infrastructure/.terraform/modules/s3_bucket/main.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.201599000 terraform.parser.<s3_bucket>     Parsing 'infrastructure/.terraform/modules/s3_bucket/outputs.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.201870000 terraform.parser.<s3_bucket>     Added file infrastructure/.terraform/modules/s3_bucket/outputs.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.201879000 terraform.parser.<s3_bucket>     Parsing 'infrastructure/.terraform/modules/s3_bucket/variables.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.202835000 terraform.parser.<s3_bucket>     Added file infrastructure/.terraform/modules/s3_bucket/variables.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.202848000 terraform.parser.<s3_bucket>     Parsing 'infrastructure/.terraform/modules/s3_bucket/versions.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.202880000 terraform.parser.<s3_bucket>     Added file infrastructure/.terraform/modules/s3_bucket/versions.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.202891000 terraform.parser.<root>.evaluator found module 'terraform-aws-modules/s3-bucket/aws' in .terraform/modules
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.202895000 terraform.parser.<root>.evaluator Loaded module "s3_bucket" from "infrastructure/.terraform/modules/s3_bucket".
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.202899000 terraform.parser.<s3_bucket>     Evaluating module...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.208864000 terraform.parser.<s3_bucket>     Read 99 block(s) and 0 ignore(s) for module 's3_bucket' (4 file[s])...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.208915000 terraform.parser.<s3_bucket>     Added 9 input variables from module definition.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.208989000 terraform.parser.<s3_bucket>     Loaded module metadata for 2 module(s) from 'infrastructure/.terraform/modules/modules.json'.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.209002000 terraform.parser.<s3_bucket>     Working directory for module evaluation is '/Users/***/git/di/infrastructure/tf_ml_product_base'
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.209078000 terraform.parser.<root>.evaluator Evaluating submodule s3_bucket
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.209090000 terraform.parser.<s3_bucket>.evaluator Filesystem key is '0ed72173909374623a2f866176f08c424b588f3fee3ce2d14f5d1c59fa188edb'
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.209093000 terraform.parser.<s3_bucket>.evaluator Starting module evaluation...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.212497000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket.this' into 1 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.212513000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_accelerate_configuration.this' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.212520000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_acl.this' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.212532000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_cors_configuration.this' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.212694000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_lifecycle_configuration.this' into 1 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.212767000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_logging.this' into 1 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.212785000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_object_lock_configuration.this' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.212793000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_ownership_controls.this' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.212823000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_policy.this' into 1 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.212858000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_public_access_block.this' into 1 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.212870000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_replication_configuration.this' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.212879000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_request_payment_configuration.this' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.212936000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_server_side_encryption_configuration.this' into 1 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.212983000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_versioning.this' into 1 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.212994000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_website_configuration.this' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.213011000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_canonical_user_id.this' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.213026000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.access_log_delivery' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.213117000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.combined' into 1 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.213137000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.deny_incorrect_encryption_headers' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.213152000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.deny_incorrect_kms_key_sse' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.213294000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.deny_insecure_transport' into 1 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.213330000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.deny_unencrypted_object_uploads' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.213349000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.elb_log_delivery' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.213371000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.inventory_and_analytics_destination_policy' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.213388000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.lb_log_delivery' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.213404000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.require_latest_tls' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.213430000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_analytics_configuration.this' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.213441000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_intelligent_tiering_configuration.this' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.213460000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_inventory.this' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.213471000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_metric.this' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.214071000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.tag' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.214345000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.abort_incomplete_multipart_upload' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.214571000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.expiration' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.214797000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.transition' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.215038000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.noncurrent_version_expiration' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.215257000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.noncurrent_version_transition' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.215396000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 1 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.216070000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.216724000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.216860000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.rule' into 1 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.217450000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.tag' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.217479000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.abort_incomplete_multipart_upload' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.217550000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.expiration' into 1 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.217590000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.transition' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.217661000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.noncurrent_version_expiration' into 1 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.217698000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.noncurrent_version_transition' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.217744000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 1 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.217817000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.217883000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.218875000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.partitioned_prefix' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.218953000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.target_object_key_format' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.219173000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.apply_server_side_encryption_by_default' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.219766000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.tag' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.219992000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.abort_incomplete_multipart_upload' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.220217000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.expiration' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.220459000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.transition' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.220689000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.noncurrent_version_expiration' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.220918000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.noncurrent_version_transition' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.221628000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.222304000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.223063000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.tag' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.223116000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.abort_incomplete_multipart_upload' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.223149000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.transition' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.223184000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.noncurrent_version_transition' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.223306000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.223394000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.224371000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.partitioned_prefix' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.224452000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.target_object_key_format' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.224688000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.apply_server_side_encryption_by_default' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.224704000 terraform.parser.<s3_bucket>.evaluator Starting submodule evaluation...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.224709000 terraform.parser.<s3_bucket>.evaluator All submodules are evaluated at i=0
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.224711000 terraform.parser.<s3_bucket>.evaluator Starting post-submodule evaluation...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.225606000 terraform.parser.<s3_bucket>.evaluator Finished processing 0 submodule(s).
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.225614000 terraform.parser.<s3_bucket>.evaluator Module evaluation complete.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.225627000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_arn=cty.StringVal("arn:aws:s3:::").
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.225636000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_bucket_domain_name=cty.StringVal("").
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.225643000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_bucket_regional_domain_name=cty.StringVal("").
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.225652000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_hosted_zone_id=cty.StringVal("").
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.225659000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_id=cty.NilVal.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.225667000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_lifecycle_configuration_rules=cty.StringVal("").
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.225672000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_policy=cty.NilVal.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.225679000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_region=cty.StringVal("").
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.225688000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_website_domain=cty.StringVal("").
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.225694000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_website_endpoint=cty.StringVal("").
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.226002000 terraform.parser.<root>.evaluator Submodule s3_bucket inputs unchanged
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.226008000 terraform.parser.<root>.evaluator All submodules are evaluated at i=1
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.226011000 terraform.parser.<root>.evaluator Starting post-submodule evaluation...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.226226000 terraform.parser.<root>.evaluator Finished processing 1 submodule(s).
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.226232000 terraform.parser.<root>.evaluator Module evaluation complete.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.226236000 terraform.parser.<root>          Finished parsing module 'root'.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.226246000 terraform.executor               Adapting modules...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.226611000 terraform.executor               Adapted 2 module(s) into defsec state data.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.226617000 terraform.executor               Using max routines of 7
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.226664000 terraform.executor               Initialized 486 rule(s).
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.226668000 terraform.executor               Created pool with 7 worker(s) to apply rules.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.227313000 terraform.scanner.rego           Scanning 1 inputs...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.241035000 terraform.executor               Finished applying rules.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.241058000 terraform.executor               Applying ignores...
2024-07-19T12:22:52+02:00       DEBUG   Scanning files for misconfigurations... scanner="Helm"
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.282689000 helm.scanner.rego                Overriding filesystem for checks!
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.283337000 helm.scanner.rego                Loaded 3 embedded libraries.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.311315000 helm.scanner.rego                Loaded 191 embedded policies.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.346310000 helm.scanner.rego                Loaded 195 policies from disk.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.346631000 helm.scanner.rego                Overriding filesystem for data!
2024-07-19T12:22:52+02:00       DEBUG   Scanning files for misconfigurations... scanner="Terraform Plan Snapshot"
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.540107000 terraform.scanner                Scanning [&{%!s(*memoryfs.dir=&{{{0 0} 0 0 {{} 0} {{} 0}} {. 256 {13951779457152917136 1662166667 0x10f474740} 2147484096 <nil>} map[] map[data.tf:0x14002466500 locals.tf:0x14002466580 main.tf:0x14002466600 providers.tf:0x14002466680 variables.tf:0x14002466480]})}] at '.'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.542002000 terraform.scanner.rego           Overriding filesystem for checks!
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.542634000 terraform.scanner.rego           Loaded 3 embedded libraries.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.567807000 terraform.scanner.rego           Loaded 191 embedded policies.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.609505000 terraform.scanner.rego           Loaded 195 policies from disk.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.609788000 terraform.scanner.rego           Overriding filesystem for data!
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.799524000 terraform.parser.<root>          Setting project/module root to '.'
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.799556000 terraform.parser.<root>          Parsing FS from '.'
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.799565000 terraform.parser.<root>          Parsing 'data.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.799684000 terraform.parser.<root>          Added file data.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.799694000 terraform.parser.<root>          Parsing 'locals.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.799764000 terraform.parser.<root>          Added file locals.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.799776000 terraform.parser.<root>          Parsing 'main.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.799925000 terraform.parser.<root>          Added file main.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.799932000 terraform.parser.<root>          Parsing 'providers.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.800003000 terraform.parser.<root>          Added file providers.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.800006000 terraform.parser.<root>          Parsing 'variables.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.800242000 terraform.parser.<root>          Added file variables.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.800615000 terraform.scanner                Scanning root module '.'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.800622000 terraform.parser.<root>          Setting project/module root to '.'
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.800625000 terraform.parser.<root>          Parsing FS from '.'
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.800630000 terraform.parser.<root>          Parsing 'data.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.800708000 terraform.parser.<root>          Added file data.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.800713000 terraform.parser.<root>          Parsing 'locals.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.800782000 terraform.parser.<root>          Added file locals.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.800787000 terraform.parser.<root>          Parsing 'main.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.800872000 terraform.parser.<root>          Added file main.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.800875000 terraform.parser.<root>          Parsing 'providers.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.800939000 terraform.parser.<root>          Added file providers.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.800942000 terraform.parser.<root>          Parsing 'variables.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.801171000 terraform.parser.<root>          Added file variables.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.801176000 terraform.parser.<root>          Evaluating module...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.801498000 terraform.parser.<root>          Read 18 block(s) and 2 ignore(s) for module 'root' (5 file[s])...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.801509000 terraform.parser.<root>          Added 0 variables from tfvars.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.801514000 terraform.parser.<root>          Error loading module metadata: open .terraform/modules/modules.json: file does not exist.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.801534000 terraform.parser.<root>          Working directory for module evaluation is '/Users/***/git/di/infrastructure/tf_ml_product_base'
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.801576000 terraform.parser.<root>.evaluator Filesystem key is '4ce67d33ca99b8b876128cf8d6380a31695acfc92712609b47edbf7d03a6e54d'
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.801580000 terraform.parser.<root>.evaluator Starting module evaluation...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.801803000 terraform.parser.<root>.evaluator Starting submodule evaluation...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.801814000 terraform.parser.<root>.evaluator locating non-initialized module 'terraform-aws-modules/s3-bucket/aws'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.801821000 terraform.parser.<root>.evaluator.resolver Resolving module 'module.s3_bucket' with source: 'terraform-aws-modules/s3-bucket/aws'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.801851000 terraform.parser.<root>.evaluator.resolver Trying to resolve: e4087be56fcdb7812368bc51b2f89ce0
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.801863000 terraform.parser.<root>.evaluator.resolver Module 'module.s3_bucket' resolving via cache...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.801878000 terraform.parser.<root>.evaluator.resolver Module path is .
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.801882000 terraform.parser.<root>.evaluator Module 'module.s3_bucket' resolved to path '.' in filesystem '/var/folders/sp/5br45gn159d_pwcqfqrnvw9d6rng0h/T/.aqua/cache/e4087be56fcdb7812368bc51b2f89ce0' with prefix 'terraform-aws-modules/s3-bucket/aws'
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.801887000 terraform.parser.<s3_bucket>     Parsing FS from '.'
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.803840000 terraform.parser.<s3_bucket>     Parsing 'main.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.840538000 terraform.parser.<s3_bucket>     Added file main.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.840585000 terraform.parser.<s3_bucket>     Parsing 'outputs.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.841709000 terraform.parser.<s3_bucket>     Added file outputs.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.841736000 terraform.parser.<s3_bucket>     Parsing 'variables.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.845357000 terraform.parser.<s3_bucket>     Added file variables.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.845381000 terraform.parser.<s3_bucket>     Parsing 'versions.tf'...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.849125000 terraform.parser.<s3_bucket>     Added file versions.tf.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.849148000 terraform.parser.<root>.evaluator Loaded module "s3_bucket" from ".".
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.849152000 terraform.parser.<s3_bucket>     Evaluating module...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.855441000 terraform.parser.<s3_bucket>     Read 99 block(s) and 0 ignore(s) for module 's3_bucket' (4 file[s])...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.855500000 terraform.parser.<s3_bucket>     Added 9 input variables from module definition.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.855534000 terraform.parser.<s3_bucket>     Error loading module metadata: open .terraform/modules/modules.json: no such file or directory.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.855647000 terraform.parser.<s3_bucket>     Working directory for module evaluation is '/Users/***/git/di/infrastructure/tf_ml_product_base'
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.855767000 terraform.parser.<root>.evaluator Evaluating submodule s3_bucket
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.855780000 terraform.parser.<s3_bucket>.evaluator Filesystem key is '1e43191f5149300ad4b17775e93936ef1c8c3b657c6483417d94022ef4877e78'
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.855784000 terraform.parser.<s3_bucket>.evaluator Starting module evaluation...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.859725000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket.this' into 1 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.859753000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_accelerate_configuration.this' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.859763000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_acl.this' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.859775000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_cors_configuration.this' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.859972000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_lifecycle_configuration.this' into 1 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860056000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_logging.this' into 1 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860079000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_object_lock_configuration.this' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860089000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_ownership_controls.this' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860124000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_policy.this' into 1 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860161000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_public_access_block.this' into 1 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860174000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_replication_configuration.this' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860185000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_request_payment_configuration.this' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860247000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_server_side_encryption_configuration.this' into 1 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860299000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_versioning.this' into 1 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860312000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_website_configuration.this' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860331000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_canonical_user_id.this' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860348000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.access_log_delivery' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860432000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.combined' into 1 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860452000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.deny_incorrect_encryption_headers' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860471000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.deny_incorrect_kms_key_sse' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860537000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.deny_insecure_transport' into 1 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860557000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.deny_unencrypted_object_uploads' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860574000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.elb_log_delivery' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860593000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.inventory_and_analytics_destination_policy' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860610000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.lb_log_delivery' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860628000 terraform.parser.<s3_bucket>.evaluator Expanded block 'data.aws_iam_policy_document.require_latest_tls' into 0 clones via 'count' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860641000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_analytics_configuration.this' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860650000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_intelligent_tiering_configuration.this' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860660000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_inventory.this' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.860669000 terraform.parser.<s3_bucket>.evaluator Expanded block 'aws_s3_bucket_metric.this' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.861303000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.tag' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.861545000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.abort_incomplete_multipart_upload' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.861798000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.expiration' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.862045000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.transition' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.862287000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.noncurrent_version_expiration' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.862550000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.noncurrent_version_transition' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.862699000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 1 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.863431000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.864134000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.864266000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.rule' into 1 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.864910000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.tag' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.864939000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.abort_incomplete_multipart_upload' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.865015000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.expiration' into 1 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.865054000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.transition' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.865122000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.noncurrent_version_expiration' into 1 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.865163000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.noncurrent_version_transition' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.865205000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 1 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.865282000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.865363000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.866458000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.partitioned_prefix' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.866764000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.target_object_key_format' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.866996000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.apply_server_side_encryption_by_default' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.867627000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.tag' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.867864000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.abort_incomplete_multipart_upload' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.868092000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.expiration' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.868331000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.transition' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.868568000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.noncurrent_version_expiration' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.868806000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.noncurrent_version_transition' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.869526000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.870219000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.870856000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.tag' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.870888000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.abort_incomplete_multipart_upload' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.870919000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.transition' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.870950000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.noncurrent_version_transition' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.871029000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.871105000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.filter' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.872174000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.partitioned_prefix' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.872254000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.target_object_key_format' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.872476000 terraform.parser.<s3_bucket>.evaluator Expanded block 'dynamic.apply_server_side_encryption_by_default' into 0 clones via 'for_each' attribute.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.872490000 terraform.parser.<s3_bucket>.evaluator Starting submodule evaluation...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.872494000 terraform.parser.<s3_bucket>.evaluator All submodules are evaluated at i=0
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.872496000 terraform.parser.<s3_bucket>.evaluator Starting post-submodule evaluation...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.873304000 terraform.parser.<s3_bucket>.evaluator Finished processing 0 submodule(s).
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.873310000 terraform.parser.<s3_bucket>.evaluator Module evaluation complete.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.873321000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_arn=cty.StringVal("arn:aws:s3:::").
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.873329000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_bucket_domain_name=cty.StringVal("").
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.873336000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_bucket_regional_domain_name=cty.StringVal("").
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.873343000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_hosted_zone_id=cty.StringVal("").
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.873350000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_id=cty.NilVal.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.873357000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_lifecycle_configuration_rules=cty.StringVal("").
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.873362000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_policy=cty.NilVal.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.873369000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_region=cty.StringVal("").
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.873376000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_website_domain=cty.StringVal("").
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.873383000 terraform.parser.<s3_bucket>.evaluator Added module output s3_bucket_website_endpoint=cty.StringVal("").
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.873699000 terraform.parser.<root>.evaluator Submodule s3_bucket inputs unchanged
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.873705000 terraform.parser.<root>.evaluator All submodules are evaluated at i=1
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.873707000 terraform.parser.<root>.evaluator Starting post-submodule evaluation...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.873920000 terraform.parser.<root>.evaluator Finished processing 1 submodule(s).
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.873925000 terraform.parser.<root>.evaluator Module evaluation complete.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.873928000 terraform.parser.<root>          Finished parsing module 'root'.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.873933000 terraform.executor               Adapting modules...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.874215000 terraform.executor               Adapted 2 module(s) into defsec state data.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.874222000 terraform.executor               Using max routines of 7
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.874267000 terraform.executor               Initialized 486 rule(s).
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.874273000 terraform.executor               Created pool with 7 worker(s) to apply rules.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.874854000 terraform.scanner.rego           Scanning 1 inputs...
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.888958000 terraform.executor               Finished applying rules.
2024-07-19T12:22:52+02:00       DEBUG   [misconf] 22:52.888983000 terraform.executor               Applying ignores...
2024-07-19T12:22:53+02:00       DEBUG   OS is not detected.
2024-07-19T12:22:53+02:00       INFO    Detected config files   num=4
2024-07-19T12:22:53+02:00       DEBUG   Scanned config file     path="."
2024-07-19T12:22:53+02:00       DEBUG   Scanned config file     path="infrastructure"
2024-07-19T12:22:53+02:00       DEBUG   Scanned config file     path="terraform-aws-modules/s3-bucket/aws/infrastructure/.terraform/modules/s3_bucket/main.tf"
2024-07-19T12:22:53+02:00       DEBUG   Scanned config file     path="terraform-aws-modules/s3-bucket/aws/main.tf"

terraform-aws-modules/s3-bucket/aws/infrastructure/.terraform/modules/s3_bucket/main.tf (terraform)

Tests: 9 (SUCCESSES: 7, FAILURES: 2, EXCEPTIONS: 0)
Failures: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 2, CRITICAL: 0)

HIGH: Bucket does not have encryption enabled
════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
S3 Buckets should be encrypted to protect the data that is stored within them if access is compromised.

See https://avd.aquasec.com/misconfig/avd-aws-0088
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 terraform-aws-modules/s3-bucket/aws/infrastructure/.terraform/modules/s3_bucket/main.tf:176-198
   via infrastructure/main.tf:1-38 (module.s3_bucket)
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 176 ┌ resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
 177 │   count = local.create_bucket && length(keys(var.server_side_encryption_configuration)) > 0 ? 1 : 0
 178 │ 
 179 │   bucket                = aws_s3_bucket.this[0].id
 180 │   expected_bucket_owner = var.expected_bucket_owner
 181 │ 
 182 │   dynamic "rule" {
 183 │     for_each = try(flatten([var.server_side_encryption_configuration["rule"]]), [])
 184 └ 
 ...   
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────


HIGH: Bucket does not encrypt data with a customer managed key.
════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
Encryption using AWS keys provides protection for your S3 buckets. To increase control of the encryption and manage factors like rotation use customer managed keys.

See https://avd.aquasec.com/misconfig/avd-aws-0132
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 terraform-aws-modules/s3-bucket/aws/infrastructure/.terraform/modules/s3_bucket/main.tf:176-198
   via infrastructure/main.tf:1-38 (module.s3_bucket)
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 176 ┌ resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
 177 │   count = local.create_bucket && length(keys(var.server_side_encryption_configuration)) > 0 ? 1 : 0
 178 │ 
 179 │   bucket                = aws_s3_bucket.this[0].id
 180 │   expected_bucket_owner = var.expected_bucket_owner
 181 │ 
 182 │   dynamic "rule" {
 183 │     for_each = try(flatten([var.server_side_encryption_configuration["rule"]]), [])
 184 └ 
 ...   
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────



terraform-aws-modules/s3-bucket/aws/main.tf (terraformplan-snapshot)

Tests: 9 (SUCCESSES: 7, FAILURES: 2, EXCEPTIONS: 0)
Failures: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 2, CRITICAL: 0)

HIGH: Bucket does not have encryption enabled
════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
S3 Buckets should be encrypted to protect the data that is stored within them if access is compromised.

See https://avd.aquasec.com/misconfig/avd-aws-0088
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 terraform-aws-modules/s3-bucket/aws/main.tf:176-198
   via main.tf:1-38 (module.s3_bucket)
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 176 ┌ resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
 177 │   count = local.create_bucket && length(keys(var.server_side_encryption_configuration)) > 0 ? 1 : 0
 178 │ 
 179 │   bucket                = aws_s3_bucket.this[0].id
 180 │   expected_bucket_owner = var.expected_bucket_owner
 181 │ 
 182 │   dynamic "rule" {
 183 │     for_each = try(flatten([var.server_side_encryption_configuration["rule"]]), [])
 184 └ 
 ...   
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────


HIGH: Bucket does not encrypt data with a customer managed key.
════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
Encryption using AWS keys provides protection for your S3 buckets. To increase control of the encryption and manage factors like rotation use customer managed keys.

See https://avd.aquasec.com/misconfig/avd-aws-0132
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 terraform-aws-modules/s3-bucket/aws/main.tf:176-198
   via main.tf:1-38 (module.s3_bucket)
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 176 ┌ resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
 177 │   count = local.create_bucket && length(keys(var.server_side_encryption_configuration)) > 0 ? 1 : 0
 178 │ 
 179 │   bucket                = aws_s3_bucket.this[0].id
 180 │   expected_bucket_owner = var.expected_bucket_owner
 181 │ 
 182 │   dynamic "rule" {
 183 │     for_each = try(flatten([var.server_side_encryption_configuration["rule"]]), [])
 184 └ 
 ...   
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Version

0.51.1

Checklist

• Read the documentation regarding wrong detection
• Ran Trivy with -f json that shows data sources and confirmed that the security advisory in data sources was correct

[nikpivkin]

Hi @anneadb !

I'm looking into it.