fix: issue #304 layer2-aws terraform plan error (#305)

* fix: issue #304 layer2-aws terraform plan error

* issue #305 fix tfsec

* issue #305 fix tfsec

* issue #305 fix tfsec

Author: sviatoslav6

terraform/layer1-aws/aws-cloudtrail.tf

@@ -1,4 +1,4 @@
-#tfsec:ignore:aws-cloudtrail-enable-at-rest-encryption
+#tfsec:ignore:aws-cloudtrail-enable-at-rest-encryption tfsec:ignore:aws-cloudtrail-ensure-cloudwatch-integration
 resource "aws_cloudtrail" "main" {
   name                          = local.name
   s3_bucket_name                = aws_s3_bucket.cloudtrail.id
@@ -10,7 +10,7 @@ resource "aws_cloudtrail" "main" {
   tags = local.tags
 }
 
-#tfsec:ignore:aws-s3-enable-bucket-logging tfsec:ignore:aws-s3-enable-versioning
+#tfsec:ignore:aws-s3-enable-bucket-logging tfsec:ignore:aws-s3-enable-versioning tfsec:ignore:aws-cloudtrail-require-bucket-access-logging
 resource "aws_s3_bucket" "cloudtrail" {
   bucket = "${local.name}-aws-cloudtrail-logs"
 

terraform/layer1-aws/aws-vpc.tf

@@ -13,6 +13,7 @@ data "aws_security_group" "default" {
   vpc_id = module.vpc.vpc_id
 }
 
+#tfsec:ignore:aws-ec2-no-public-ip-subnet
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
   version = "3.12.0"

terraform/layer2-k8s/eks-gitlab-runner.tf

@@ -144,6 +144,8 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "gitlab_runner_enc
 }
 
 resource "aws_s3_bucket_lifecycle_configuration" "gitlab_runner_lifecycle" {
+  count = local.gitlab_runner.enabled ? 1 : 0
+
   bucket = aws_s3_bucket.gitlab_runner_cache[0].id
 
   rule {