diff --git a/README.md b/README.md
index 19cd42d..021e345 100644
--- a/README.md
+++ b/README.md
@@ -55,7 +55,7 @@ If you're looking to raise an issue with this module, please create a new issue
| Name | Source | Version |
|------|--------|---------|
-| [s3-bucket](#module\_s3-bucket) | github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket | v7.0.0 |
+| [s3-bucket](#module\_s3-bucket) | github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket | 8688bc15a08fbf5a4f4eef9b7433c5a417df8df1 |
## Resources
diff --git a/main.tf b/main.tf
index 33fdc35..a2e0f5a 100644
--- a/main.tf
+++ b/main.tf
@@ -2,7 +2,7 @@
module "s3-bucket" {
count = var.existing_bucket_name == "" ? 1 : 0
- source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.0.0"
+ source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc15a08fbf5a4f4eef9b7433c5a417df8df1" # v7.0.0
providers = {
aws.bucket-replication = aws.bucket-replication
@@ -121,6 +121,16 @@ data "aws_elb_service_account" "default" {}
###### IAM #####
data "aws_iam_policy_document" "ssm-admin-policy-doc" {
+
+ # Not relevant to what we are doing. This sets a high level access policy
+ #checkov:skip=CKV_AWS_110: "Ensure IAM policies does not allow privilege escalation"
+ #checkov:skip=CKV_AWS_109: "Ensure IAM policies does not allow permissions management / resource exposure without constraints"
+ #checkov:skip=CKV_AWS_107: "Ensure IAM policies does not allow credentials exposure"
+ #checkov:skip=CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
+ #checkov:skip=CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
+ #checkov:skip=CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
+ #checkov:skip=CKV_TF_1: "Ensure Terraform module sources use a commit hash"
+
statement {
actions = ["s3:*",
"ec2:*",