fix trivy flagging s3 key in modules - static analysis should pass now (

#6680)

* fix trivy flagging s3 key in modules - static analysis should pass now

* use terraform 0.12 interpolation

terraform/modules/baseline/bastion_linux.tf

@@ -3,7 +3,7 @@ module "bastion_linux" {
 
   count = var.bastion_linux.public_key_data != null ? 1 : 0
 
-  source = "github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=v4.2.0"
+  source = "github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=6c4f0918a2db00ababbb40648b2ee57556ab90ab" # temp guid will be replaced with a release ref=v4.2.2? next week
 
   providers = {
     aws.share-host   = aws.core-vpc # core-vpc-(environment) holds the networking for all accounts

terraform/modules/cost_usage_report/main.tf

@@ -14,6 +14,7 @@ resource "aws_cur_report_definition" "cost_usage_report" {
   depends_on                 = [module.s3_bucket] #ensures bucket permissions are applied before athena bucket access validation checks run
 }
 
+#tfsec:ignore:avd-aws-0132 - The bucket policy is attached to the bucket
 module "s3_bucket" {
   #checkov:skip=CKV_TF_1:Ensure Terraform module sources use a commit hash; skip as this is MoJ Repo
 
@@ -56,7 +57,7 @@ data "aws_iam_policy_document" "cur_bucket_policy" {
     condition {
       test     = "StringEquals"
       variable = "aws:SourceAccount"
-      values   = ["${var.account_number}"]
+      values   = [var.account_number]
     }
 
     principals {
@@ -80,7 +81,7 @@ data "aws_iam_policy_document" "cur_bucket_policy" {
     condition {
       test     = "StringEquals"
       variable = "aws:SourceAccount"
-      values   = ["${var.account_number}"]
+      values   = [var.account_number]
     }
 
     principals {