hashicorp · Nagateja2402 · Nov 21, 2025
@@ -47,7 +47,7 @@ referenced_s3_bucket_names = []
 references_all_s3_buckets = false
 for cloudtrail_resources as _, res {
 	event_selector_block = res[const.values][const.event_selector_block]
-	if event_selector_block is empty {
+	if event_selector_block is empty or event_selector_block is not defined {
 		continue
 	}
 
@@ -56,7 +56,7 @@ for cloudtrail_resources as _, res {
 			es[const.read_write_type] is event_type {
 
 			for es[const.data_resource] as _, data_res {
-				if data_res[const.type] is not const.aws_s3_object {
+				if data_res[const.type] is not const.aws_s3_object or data_res[const.values] is not defined {
 					continue
 				}
 

@@ -41,8 +41,13 @@ check_mfa_from_const = func(config) {
 }
 
 is_mfa_enabled = func(res) {
-	return collection.find(res.config.versioning_configuration, func(config) {
-		return config.status.constant_value is const.enabled and
+	return collection.find(maps.get(res.config, "versioning_configuration", []), func(config) {
+		status = maps.get(config, "status", "")
+		if status is empty {
+			return false
+		}
+
+		return status.constant_value is const.enabled and
 			config[const.mfa_delete] is defined and
 			(check_mfa_from_const(config) or check_mfa_from_refrence_var(config))
 	}) is defined