From 98c65c186bcd49b503ef4cd38dfaa11cc3c77348 Mon Sep 17 00:00:00 2001
From: Charles Bushong <charles.bushong@cms.hhs.gov>
Date: Thu, 21 Dec 2023 13:56:39 -0500
Subject: [PATCH 1/4] Adding pre-commit config

---
 .github/workflows/pre-commit.yaml | 47 +++++++++++++++++++++++++++++++
 .pre-commit-config.yaml           | 18 ++++++++++--
 2 files changed, 62 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/pre-commit.yaml

diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
new file mode 100644
index 0000000..5dbd054
--- /dev/null
+++ b/.github/workflows/pre-commit.yaml
@@ -0,0 +1,47 @@
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  pre_commit:
+    name: Run pre-commit and commit any autocorrections
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v3
+      with:
+        terraform_version: 1.6.6
+    - name: Setup Terragrunt
+      uses: autero1/action-terragrunt@v1.1.0
+      with:
+        terragrunt_version: 0.54.8
+        # To avoid rate-limiting
+        token: ${{ secrets.GITHUB_TOKEN }}
+    - uses: terraform-linters/setup-tflint@v3
+      name: TFLint - Setup
+      with:
+        tflint_version: latest
+
+    - name: TFLint - Init
+      run: tflint --init
+      env:
+        # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+        GITHUB_TOKEN: ${{ github.token }}
+    - name: TFLint - Show version
+      run: tflint --version
+    - uses: actions/setup-python@v4
+      with:
+        python-version: 3.x
+    - name: Terraform Docs - Install
+      run: |
+        curl -sSLo ./terraform-docs.tar.gz https://terraform-docs.io/dl/v0.17.0/terraform-docs-v0.17.0-$(uname)-amd64.tar.gz
+        tar -xzf terraform-docs.tar.gz -- terraform-docs
+        chmod +x terraform-docs
+        echo $PATH
+        mv terraform-docs /usr/local/bin/terraform-docs
+        terraform-docs --version
+    - uses: pre-commit/action@v3.0.0
+    - uses: pre-commit-ci/lite-action@v1.0.1
+      if: always()
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 11d16c9..ab25c67 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -2,7 +2,7 @@
 # See https://pre-commit.com/hooks.html for more hooks
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v4.5.0
     hooks:
     -   id: trailing-whitespace
     -   id: end-of-file-fixer
@@ -10,10 +10,22 @@ repos:
         args: ["--allow-multiple-documents"]
     -   id: check-added-large-files
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.77.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+    rev: v1.85.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
     hooks:
       - id: terraform_fmt     #  args: ["--enable require-variable-braces,deprecate-which"]
       - id: terraform_tflint
-        exclude: .*
+        args:
+          - "--args=--fix"
       - id: terragrunt_fmt
       - id: terraform_docs
+ci:
+    autofix_commit_msg: |
+        [pre-commit.ci] auto fixes from pre-commit.com hooks
+
+        for more information, see https://pre-commit.ci
+    autofix_prs: true
+    autoupdate_branch: ''
+    autoupdate_commit_msg: '[pre-commit.ci] pre-commit autoupdate'
+    autoupdate_schedule: weekly
+    skip: [terraform_fmt, terraform_tflint, terragrunt_fmt, terraform_docs]
+    submodules: false

From 8329ca8f5c8336940770dce3a9a84eb730896719 Mon Sep 17 00:00:00 2001
From: Charles Bushong <charles.bushong@cms.hhs.gov>
Date: Thu, 21 Dec 2023 13:56:40 -0500
Subject: [PATCH 2/4] Adding markdown files

---
 LICENSE.md  | 34 ++++++++++++++++++++++++++++++++++
 README.md   |  6 ++++--
 SECURITY.md | 17 +++++++++++++++++
 3 files changed, 55 insertions(+), 2 deletions(-)
 create mode 100644 LICENSE.md
 create mode 100644 SECURITY.md

diff --git a/LICENSE.md b/LICENSE.md
new file mode 100644
index 0000000..f2a0872
--- /dev/null
+++ b/LICENSE.md
@@ -0,0 +1,34 @@
+# License
+
+As a work of the [United States government](https://www.usa.gov/), this project
+is in the public domain within the United States of America.
+
+Additionally, we waive copyright and related rights in the work worldwide
+through the CC0 1.0 Universal public domain dedication.
+
+## CC0 1.0 Universal Summary
+
+This is a human-readable summary of the [Legal Code (read the full
+text)](https://creativecommons.org/publicdomain/zero/1.0/legalcode).
+
+### No Copyright
+
+The person who associated a work with this deed has dedicated the work to the
+public domain by waiving all of their rights to the work worldwide under
+copyright law, including all related and neighboring rights, to the extent
+allowed by law.
+
+You can copy, modify, distribute, and perform the work, even for commercial
+purposes, all without asking permission.
+
+### Other Information
+
+In no way are the patent or trademark rights of any person affected by CC0, nor
+are the rights that other persons may have in the work or in how the work is
+used, such as publicity or privacy rights.
+
+Unless expressly stated otherwise, the person who associated a work with this
+deed makes no warranties about the work, and disclaims liability for all uses
+of the work, to the fullest extent permitted by applicable law. When using or
+citing the work, you should not imply endorsement by the author or the
+affirmer.
diff --git a/README.md b/README.md
index 4cd401d..5ef7ec3 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
-# batCAVE Misc Modules
+# batcave-tf-misc-modules
 
-Miscellaneous modules for use in one-off circumstances on batCAVE.
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..90e23aa
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security and Responsible Disclosure Policy
+
+*Submit a vulnerability:* Unfortunately, we cannot accept secure submissions via
+email or via GitHub Issues. Please use our website to submit vulnerabilities at
+[https://hhs.responsibledisclosure.com](https://hhs.responsibledisclosure.com).
+HHS maintains an acknowledgements page to recognize your efforts on behalf of
+the American public, but you are also welcome to submit anonymously.
+
+Review the HHS Disclosure Policy and websites in scope:
+[https://www.hhs.gov/vulnerability-disclosure-policy/index.html](https://www.hhs.gov/vulnerability-disclosure-policy/index.html).
+
+This policy describes *what systems and types of research* are covered under this
+policy, *how to send* us vulnerability reports, and *how long* we ask security
+researchers to wait before publicly disclosing vulnerabilities.
+
+If you have other cybersecurity related questions, please contact us at
+[csirc@hhs.gov.](mailto:csirc@hhs.gov).

From c89b2fe8b7367beb0e124741d1f69ea63933c341 Mon Sep 17 00:00:00 2001
From: Charles Bushong <charles.bushong@cms.hhs.gov>
Date: Thu, 21 Dec 2023 13:57:49 -0500
Subject: [PATCH 3/4] Disable terraform docs

---
 .pre-commit-config.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index ab25c67..79b4aa7 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -17,7 +17,8 @@ repos:
         args:
           - "--args=--fix"
       - id: terragrunt_fmt
-      - id: terraform_docs
+      ## Disable terraform_docs for misc-modules
+      #- id: terraform_docs
 ci:
     autofix_commit_msg: |
         [pre-commit.ci] auto fixes from pre-commit.com hooks

From 695d5b655e812c79bddcd918642bbdf6ef5944a4 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci-lite[bot]"
 <117423508+pre-commit-ci-lite[bot]@users.noreply.github.com>
Date: Thu, 21 Dec 2023 18:58:37 +0000
Subject: [PATCH 4/4] [pre-commit.ci lite] apply automatic fixes

---
 account_alias/README.md                  |  2 +-
 account_alias/main.tf                    |  2 +-
 cwl_subscriptions/firehose.tf            |  4 +-
 delete_ebs_volumes/lambda.tf             | 10 ++--
 delete_ebs_volumes/variables.tf          |  1 -
 role/main.tf                             | 60 ++++++++++++------------
 role/variables.tf                        |  2 +-
 sdl_logs/README.md                       |  1 -
 sdl_logs/eventbridge.tf                  |  6 +--
 sdl_logs/guardduty.tf                    |  2 +-
 sdl_logs/kms.tf                          |  2 +-
 sdl_logs/main.tf                         |  1 -
 sdl_logs/s3.tf                           |  4 +-
 sdl_logs/sns.tf                          |  2 +-
 security-alerts/cloudwatch.tf            |  2 +-
 security-alerts/code/sechub_transform.py |  4 +-
 security-alerts/data.tf                  |  2 +-
 security-alerts/events.tf                |  2 +-
 security-alerts/iam.tf                   |  6 +--
 security-alerts/lambda.tf                |  2 +-
 security-alerts/step_function.tf         |  2 +-
 security-alerts/variables.tf             | 12 +----
 22 files changed, 59 insertions(+), 72 deletions(-)

diff --git a/account_alias/README.md b/account_alias/README.md
index 2d0e002..6efbd50 100644
--- a/account_alias/README.md
+++ b/account_alias/README.md
@@ -2,4 +2,4 @@
 
 Sets the account alias for an AWS account. https://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html
 
-Variable account_alias will be set for the account, e.g. "batcave-dev". Queryable with [ListAccountAliases](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccountAliases.html)
\ No newline at end of file
+Variable account_alias will be set for the account, e.g. "batcave-dev". Queryable with [ListAccountAliases](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccountAliases.html)
diff --git a/account_alias/main.tf b/account_alias/main.tf
index bb9e232..50eff4d 100644
--- a/account_alias/main.tf
+++ b/account_alias/main.tf
@@ -9,4 +9,4 @@ variable "alias_name" {
     condition     = length(var.alias_name) >= 3 && length(var.alias_name) <= 63
     error_message = "Account Alias must have between 3 and 63 characters."
   }
-}
\ No newline at end of file
+}
diff --git a/cwl_subscriptions/firehose.tf b/cwl_subscriptions/firehose.tf
index 9cc5f8c..34e8103 100644
--- a/cwl_subscriptions/firehose.tf
+++ b/cwl_subscriptions/firehose.tf
@@ -3,10 +3,10 @@ resource "aws_kinesis_firehose_delivery_stream" "panther_firehose" {
   destination = "extended_s3"
 
   extended_s3_configuration {
-    bucket_arn      = data.aws_s3_bucket.firehose_bucket.arn
+    bucket_arn         = data.aws_s3_bucket.firehose_bucket.arn
     buffering_size     = var.buffering_size
     buffering_interval = var.buffering_interval_in_seconds
-    role_arn        = aws_iam_role.firehose_s3_role.arn
+    role_arn           = aws_iam_role.firehose_s3_role.arn
 
     prefix              = "cloudwatchlogs/"
     error_output_prefix = "cloudwatchlogs/error/"
diff --git a/delete_ebs_volumes/lambda.tf b/delete_ebs_volumes/lambda.tf
index f84db15..84b105b 100644
--- a/delete_ebs_volumes/lambda.tf
+++ b/delete_ebs_volumes/lambda.tf
@@ -5,9 +5,9 @@ resource "null_resource" "lambda_package" {
   }
   triggers = {
     # re-build when requirements change
-    deps      = filemd5("${path.module}/python/requirements.txt")
+    deps = filemd5("${path.module}/python/requirements.txt")
     # re-build when source code changes
-    source    = jsonencode({for f in fileset("${path.module}/python/", "*.py") : f => filemd5("${path.module}/python/${f}")})
+    source = jsonencode({ for f in fileset("${path.module}/python/", "*.py") : f => filemd5("${path.module}/python/${f}") })
     # re-build if the build output is missing locally or inconsistent with the latest deployed build
     build_log = fileexists("${path.module}/python/build.log") ? filemd5("${path.module}/python/build.log") : timestamp()
   }
@@ -34,7 +34,7 @@ resource "aws_lambda_function" "delete_ebs_volumes" {
       LOG_LEVEL = "INFO"
     }
   }
-  tags             = {
+  tags = {
     environment = var.environment
     project     = var.project
   }
@@ -77,7 +77,7 @@ resource "aws_iam_role" "delete_ebs_volumes_lambda_role" {
   path                 = var.iam_path
   permissions_boundary = var.permissions_boundary
   managed_policy_arns  = [aws_iam_policy.delete_ebs_volumes_lambda_policy.arn]
-  assume_role_policy   = jsonencode(
+  assume_role_policy = jsonencode(
     {
       "Version" : "2012-10-17",
       "Statement" : [
@@ -98,7 +98,7 @@ resource "aws_iam_policy" "delete_ebs_volumes_lambda_policy" {
   name        = "delete_ebs_volumes_lambda_policy"
   path        = var.iam_path
   description = "Policy to be used by lambda which deletes available EBS volumes"
-  policy      = jsonencode(
+  policy = jsonencode(
     {
       "Version" : "2012-10-17",
       "Statement" : [
diff --git a/delete_ebs_volumes/variables.tf b/delete_ebs_volumes/variables.tf
index 0e3a664..cc867ca 100644
--- a/delete_ebs_volumes/variables.tf
+++ b/delete_ebs_volumes/variables.tf
@@ -1,7 +1,6 @@
 variable "iam_path" {}
 variable "permissions_boundary" {}
 variable "lambda_name" {}
-variable "aws_region" {}
 variable "environment" {}
 variable "project" {}
 variable "event_schedule_cron" {}
diff --git a/role/main.tf b/role/main.tf
index 17994c7..6b17e90 100644
--- a/role/main.tf
+++ b/role/main.tf
@@ -4,13 +4,13 @@ data "aws_caller_identity" "current" {}
 resource "aws_iam_role" "api-service-role" {
   name = "${var.GroupName}-api-service-role"
   depends_on = [
-      aws_iam_policy.api-policy
-    ]
-  path = var.iam_role_path
+    aws_iam_policy.api-policy
+  ]
+  path                 = var.iam_role_path
   permissions_boundary = var.permissions_boundary
-  tags = var.tags
-  assume_role_policy = <<-EOF
-  { 
+  tags                 = var.tags
+  assume_role_policy   = <<-EOF
+  {
     "Version": "2012-10-17",
     "Statement": [
       {
@@ -33,13 +33,13 @@ resource "aws_iam_role" "api-service-role" {
 resource "aws_iam_role" "job-scheduler-service-role" {
   name = "${var.GroupName}-job-scheduler-service-role"
   depends_on = [
-      aws_iam_policy.job-scheduler-policy
-    ]
-  path = var.iam_role_path
+    aws_iam_policy.job-scheduler-policy
+  ]
+  path                 = var.iam_role_path
   permissions_boundary = var.permissions_boundary
-  tags = var.tags
-  assume_role_policy = <<-EOF
-  { 
+  tags                 = var.tags
+  assume_role_policy   = <<-EOF
+  {
     "Version": "2012-10-17",
     "Statement": [
     {
@@ -62,15 +62,15 @@ resource "aws_iam_role" "job-scheduler-service-role" {
 resource "aws_iam_role" "cms-cloud-s3-snowflake-role" {
   name = "cms-cloud-${var.GroupName}-s3-snowflake-role"
   depends_on = [
-      aws_iam_policy.snowflake-access-policy
-    ]
-  path = var.iam_role_path
+    aws_iam_policy.snowflake-access-policy
+  ]
+  path                 = var.iam_role_path
   permissions_boundary = var.permissions_boundary
-  tags = var.tags
-  assume_role_policy = <<-EOF
+  tags                 = var.tags
+  assume_role_policy   = <<-EOF
   {
     "Version": "2012-10-17",
-    "Statement": 
+    "Statement":
     [
       {
         "Effect": "Allow",
@@ -84,17 +84,17 @@ resource "aws_iam_role" "cms-cloud-s3-snowflake-role" {
           "StringEquals": {
             "sts:ExternalId": "${var.SDLExternalId}"
             }
-          }  
+          }
       }
     ]
-  }                  
+  }
   EOF
 }
 
 resource "aws_iam_policy" "api-policy" {
-  name        = "${var.GroupName}-api-policy"
-  path        = "/delegatedadmin/developer/"
-  tags        = var.tags
+  name = "${var.GroupName}-api-policy"
+  path = "/delegatedadmin/developer/"
+  tags = var.tags
 
   policy = <<-EOF
   {
@@ -122,13 +122,13 @@ resource "aws_iam_policy" "api-policy" {
 }
 
 locals {
-  ApiResources = "[\"${join("\",\"",var.ApiResources)}\"]"
+  ApiResources = "[\"${join("\",\"", var.ApiResources)}\"]"
 }
 
 resource "aws_iam_policy" "job-scheduler-policy" {
-  name        = "${var.GroupName}-job-scheduler-policy"
-  path        = "/delegatedadmin/developer/"
-  tags        = var.tags
+  name = "${var.GroupName}-job-scheduler-policy"
+  path = "/delegatedadmin/developer/"
+  tags = var.tags
 
   policy = <<-EOF
   {
@@ -150,9 +150,9 @@ resource "aws_iam_policy" "job-scheduler-policy" {
 }
 
 resource "aws_iam_policy" "snowflake-access-policy" {
-  name        = "${var.GroupName}-snowflake-access-policy"
-  path        = "/delegatedadmin/developer/"
-  tags        = var.tags
+  name = "${var.GroupName}-snowflake-access-policy"
+  path = "/delegatedadmin/developer/"
+  tags = var.tags
 
   policy = <<-EOF
   {
diff --git a/role/variables.tf b/role/variables.tf
index 5709602..941e33a 100644
--- a/role/variables.tf
+++ b/role/variables.tf
@@ -61,4 +61,4 @@ variable "tags" {
   description = "A mapping of tags to assign to all resources"
   type        = map(string)
   default     = {}
-}
\ No newline at end of file
+}
diff --git a/sdl_logs/README.md b/sdl_logs/README.md
index 0ae14dc..8a3c37c 100644
--- a/sdl_logs/README.md
+++ b/sdl_logs/README.md
@@ -1,4 +1,3 @@
 # SDL logs
 
 Sends all object create events on the logging bucket to eventbridge, a trigger to SNS, and connection to the Panther SQS queue for ingestion.
-
diff --git a/sdl_logs/eventbridge.tf b/sdl_logs/eventbridge.tf
index 06718de..0cdf132 100644
--- a/sdl_logs/eventbridge.tf
+++ b/sdl_logs/eventbridge.tf
@@ -42,9 +42,9 @@ resource "aws_cloudwatch_event_target" "target" {
             "awsRegion":<region>,
             "eventTime":<time>,
             "eventName":"PutObject",
-            "s3":{  
+            "s3":{
                 "s3SchemaVersion":"1.0",
-                "bucket":{  
+                "bucket":{
                     "name":"${data.aws_s3_bucket.cms_logging_bucket.id}",
                     "arn":"${data.aws_s3_bucket.cms_logging_bucket.arn}"
                 },
@@ -55,4 +55,4 @@ resource "aws_cloudwatch_event_target" "target" {
 }
 EOF
   }
-}
\ No newline at end of file
+}
diff --git a/sdl_logs/guardduty.tf b/sdl_logs/guardduty.tf
index 830e92b..ae750d3 100644
--- a/sdl_logs/guardduty.tf
+++ b/sdl_logs/guardduty.tf
@@ -9,4 +9,4 @@ resource "aws_guardduty_publishing_destination" "s3-export" {
 resource "aws_s3_object" "guardduty_directory" {
   bucket = aws_s3_bucket.gd_export_s3_bucket.id
   key    = "guardduty/"
-}
\ No newline at end of file
+}
diff --git a/sdl_logs/kms.tf b/sdl_logs/kms.tf
index c58522c..4ab58c1 100644
--- a/sdl_logs/kms.tf
+++ b/sdl_logs/kms.tf
@@ -91,4 +91,4 @@ resource "aws_kms_key" "kms_key" {
 resource "aws_kms_alias" "kms_key" {
   name          = "alias/batcave-panther"
   target_key_id = aws_kms_key.kms_key.id
-}
\ No newline at end of file
+}
diff --git a/sdl_logs/main.tf b/sdl_logs/main.tf
index 7125487..33e1592 100644
--- a/sdl_logs/main.tf
+++ b/sdl_logs/main.tf
@@ -88,4 +88,3 @@ resource "aws_iam_role_policy" "kms_decryption" {
     ]
   })
 }
-
diff --git a/sdl_logs/s3.tf b/sdl_logs/s3.tf
index 8be1525..ae2c0a3 100644
--- a/sdl_logs/s3.tf
+++ b/sdl_logs/s3.tf
@@ -3,7 +3,7 @@ data "aws_s3_bucket" "cms_logging_bucket" {
 }
 
 
-# Bucket notifications are managed as a single resource by AWS. 
+# Bucket notifications are managed as a single resource by AWS.
 # If an organizational change is made from cms cloud, our notifications will be overwritten, and if we
 # make a change, we overwrite their settings, so this became a last resort
 # This local-exec requires aws cli on the local machine
@@ -80,4 +80,4 @@ resource "aws_s3_bucket_notification" "panther_bucket_notifications" {
     topic_arn = aws_sns_topic.panther_topic.arn
     events    = ["s3:ObjectCreated:*"]
   }
-}
\ No newline at end of file
+}
diff --git a/sdl_logs/sns.tf b/sdl_logs/sns.tf
index ab86ba4..604b882 100644
--- a/sdl_logs/sns.tf
+++ b/sdl_logs/sns.tf
@@ -106,4 +106,4 @@ resource "aws_sns_topic_subscription" "panther" {
   topic_arn = aws_sns_topic.panther_topic.arn
   protocol  = "sqs"
   endpoint  = "arn:aws:sqs:us-east-1:${var.panther_aws_account_id}:panther-input-data-notifications-queue"
-}
\ No newline at end of file
+}
diff --git a/security-alerts/cloudwatch.tf b/security-alerts/cloudwatch.tf
index 570fc60..fe53d83 100644
--- a/security-alerts/cloudwatch.tf
+++ b/security-alerts/cloudwatch.tf
@@ -41,4 +41,4 @@ resource "aws_cloudwatch_metric_alarm" "sechub_statemachine_alarm" {
   dimensions = {
     StateMachineArn = aws_sfn_state_machine.sechub_state_machine.arn
   }
-}
\ No newline at end of file
+}
diff --git a/security-alerts/code/sechub_transform.py b/security-alerts/code/sechub_transform.py
index a966258..794ac3d 100644
--- a/security-alerts/code/sechub_transform.py
+++ b/security-alerts/code/sechub_transform.py
@@ -1,7 +1,7 @@
 import os
 
 def handler(event, context):
-    
+
     account_name = os.environ.get("ACCOUNT_NAME")
     try:
         event['detail']['findings'][0]['AwsAccountId'] = account_name
@@ -9,4 +9,4 @@ def handler(event, context):
         print('Error encountered during parsing of event for AwsAccountId')
         print(e)
         return event
-    return event
\ No newline at end of file
+    return event
diff --git a/security-alerts/data.tf b/security-alerts/data.tf
index b4c27da..2502393 100644
--- a/security-alerts/data.tf
+++ b/security-alerts/data.tf
@@ -1 +1 @@
-data "aws_region" "current" {}
\ No newline at end of file
+data "aws_region" "current" {}
diff --git a/security-alerts/events.tf b/security-alerts/events.tf
index 3ec5140..627b011 100644
--- a/security-alerts/events.tf
+++ b/security-alerts/events.tf
@@ -65,4 +65,4 @@ resource "aws_cloudwatch_event_target" "target" {
 #   target_id = aws_cloudwatch_event_rule.nessus.name
 #   arn       = aws_sfn_state_machine.sechub_state_machine.arn
 #   role_arn  = aws_iam_role.sfn_target_role.arn
-# }
\ No newline at end of file
+# }
diff --git a/security-alerts/iam.tf b/security-alerts/iam.tf
index ea49c5a..69e2d79 100644
--- a/security-alerts/iam.tf
+++ b/security-alerts/iam.tf
@@ -95,7 +95,7 @@ resource "aws_iam_role" "sfn_sechub_role" {
             "aws:SourceArn" : "arn:aws:states:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:stateMachine:*"
           },
           StringEquals : {
-            "aws:SourceAccount" : "${data.aws_caller_identity.current.account_id}"
+            "aws:SourceAccount" : data.aws_caller_identity.current.account_id
           }
         }
       }
@@ -177,7 +177,7 @@ resource "aws_iam_role" "sfn_target_role" {
         Action : "sts:AssumeRole",
         Condition : {
           StringEquals : {
-            "aws:SourceAccount" : "${data.aws_caller_identity.current.account_id}"
+            "aws:SourceAccount" : data.aws_caller_identity.current.account_id
           }
         }
       }
@@ -206,4 +206,4 @@ resource "aws_iam_policy" "sfn_target_policy" {
   description = "Allows Eventbridge Rules to invoke the SecHub findings state machine"
 
   policy = data.aws_iam_policy_document.sfn_target_policy.json
-}
\ No newline at end of file
+}
diff --git a/security-alerts/lambda.tf b/security-alerts/lambda.tf
index c7c2ce1..99a808d 100644
--- a/security-alerts/lambda.tf
+++ b/security-alerts/lambda.tf
@@ -62,4 +62,4 @@ resource "aws_lambda_function" "transform-lambda" {
       ACCOUNT_NAME = var.account_name
     }
   }
-}
\ No newline at end of file
+}
diff --git a/security-alerts/step_function.tf b/security-alerts/step_function.tf
index b589f7b..36eda6f 100644
--- a/security-alerts/step_function.tf
+++ b/security-alerts/step_function.tf
@@ -74,4 +74,4 @@ resource "aws_sfn_state_machine" "sechub_state_machine" {
       }
     }
   })
-}
\ No newline at end of file
+}
diff --git a/security-alerts/variables.tf b/security-alerts/variables.tf
index 3242603..b137e6c 100644
--- a/security-alerts/variables.tf
+++ b/security-alerts/variables.tf
@@ -13,16 +13,6 @@ variable "step_function_name" {
   default = "sechub_state_machine"
 }
 
-variable "sechub_rule_name" {
-  type    = string
-  default = "sechub-findings-to-lambda"
-}
-
-variable "sechub_nessus_rule_name" {
-  type    = string
-  default = "sechub-findings-to-lambda-nessus"
-}
-
 variable "account_name" {
   type = string
 }
@@ -30,4 +20,4 @@ variable "account_name" {
 variable "slack_channel_id" {
   type    = string
   default = "C036GQ3E9D1"
-}
\ No newline at end of file
+}