Terraform smells

[joaotgoncalves]

Smells

Refactored smells:

• Suspicious comment
• Hard-coded password
• Hard-coded secret
• Invalid IP address binding

Implemented security code smells defined for Terraform scripts:

• Use of HTTP without TLS
• Integrity Policy
• SSL/TLS/mTLS Policy
• Use of DNS without DNSSEC
• Associated Public IP address
• Insecure Access Control
• Disabled/Weak Authentication
• Missing Encryption
• Firewall Misconfiguration
• Missing Threats Detection/Alerts
• Weak Password/Key Policy
• Sensitive Action by IAM
• Key Management
• Network Security Rules
• Permission of IAM Policies
• Logging
• Attached Resource
• Versioning
• Naming
• Replication

A new Config file was created to be used for analyse Terraform files.
Each code smell was implemented using smell checkers to facilitate the interpretation and organization of the code.

[Nfsaavedra]

Thanks for the PR! Also sorry for taking so long to review it. First, there are some merge conflicts that should be fixed. I also left some comments for improvements in the code. If you don't have the time to apply them, you can tell me and I'll do it. If you only want to apply them partially, you can also tell me what are the ones you will handle and I'll handle the remaining comments. Congrats again in your great work 🎉

[Nfsaavedra]

Merging! Thank you @joaotgoncalves!