Describe the bug
I am not 100% sure this is a bug, I might be using Regula incorrectly.
I believe I am getting incorrect results from FG_R00054 when using for_each in the terraform definition for the vpc reference.

How you're running Regula
When running "regula version" I get the following:

unknown-version, build unknown-commit, built with OPA v0.37.2

I'm running it on a terraform plan file generated with Terraform v1.1.7, executing the following command:

regula run tfplan.json

Operating System
Windows

Steps to reproduce
Create the main.tf file below, generate the plan file, run regula.
The output I am getting is:

FG_R00054: VPC flow logging should be enabled [Medium]
           https://docs.fugue.co/FG_R00054.html

  [1]: aws_vpc.example["one"]
       in tfplan.json

  [2]: aws_vpc.example["two"]
       in tfplan.json

FG_R00089: VPC default security group should restrict all traffic [Medium]
           https://docs.fugue.co/FG_R00089.html

  [1]: aws_vpc.example["one"]
       in tfplan.json

  [2]: aws_vpc.example["two"]
       in tfplan.json

Found 4 problems.

IaC Configuration
I believe FG_R00054 should pass on the following terraform file:

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 3.0"
    }
  }
}

# Configure the AWS Provider
provider "aws" {
  region = "us-east-1"
  skip_credentials_validation = true
  skip_requesting_account_id  = true
  skip_metadata_api_check     = true
  s3_force_path_style         = true
  access_key                  = "mock_access_key"
  secret_key                  = "mock_secret_key"
}

# Create a VPC
resource "aws_vpc" "example" {
  for_each = toset( ["one", "two"] )
  cidr_block = "10.0.0.0/16"
}

resource "aws_flow_log" "example" {
  for_each = toset( ["one", "two"] )
  traffic_type    = "ALL"
  vpc_id          = aws_vpc.example[each.value].id
}

Additional context
I am writing rules for boundary protection, which requires a lot of jumping over references. I encountered issues when the terraform template uses for_each, in which case it is difficult to resolve references from the "configuration" section of the plan file. I wanted to see how others solved the problem so I tried regula's AWS flow-logs rule, which is very similar to some of the things I am trying to do (although I am not working with the AWS provider).

I am using this issue as a means to contact Regula maintainers for a discussion. Feel free to close this issue if it is not a bug and not the right venue for a discussion.

We are missing proper support for for_each currently. It's on our roadmap, and I think the implementation will be similar to #321 but we haven't gotten around to this yet.

Thanks @jaspervdj-luminal. If I understand correctly, you will be implementing Terraform's logic for unrolling for_each behind the scenes. I believe a more general solution would be to enhance Terraform so that the plan file would have the necessary information, making the solution available for everyone. I am considering opening a feature request -- would you support my request? Do you have input on how this should be solved on the Terraform side?
If you are interested in a discussion, I am available on the OPA slack workspace (@karen Yorav)

This was addressed by #383 and should work in regula v3.0.0.

@jaspervdj-luminal I tried with regula v3.2.1 and I still see FG_R00054 failing with the same output as before. Is there some argument I need to set to make for_each work properly?