feat: add support for awscc provider secrets check

[quixoticmonk]

User description

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

The PR intends to extend the CKV_AWS_41 to have an AWSCC variant to the support the provider. Since the IDs have to be unique, I have currently kept it to be CKV_AWSCC_41 with the assumption that the rules are based on the provider and not the target platform. Ideally this can be handled as an extension to CKV_AWS_41, but the tests and any additional resourced based rules would need AWS CC based resources which have a different resource attribute structure in many cases.

Though this PR doesn't fix #6410, the intention is to start contributing rules targeting AWSCC provider.

New/Edited policies (Delete if not relevant)

• [NEW] : CKV_AWSCC_41 : "Ensure no hard coded AWS access key and secret key exists in provider"

Description

The rule maps back to the way a provider is configured to work with AWS.

Fix

How does someone fix the issue in code and/or in runtime?

Checklist:

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests that prove my feature, policy, or fix is effective and works
• New and existing tests pass locally with my changes

---

Generated description

Below is a concise technical summary of the changes proposed in this PR:

Topic	Details
Test Implementation	Adds test files and examples to verify the functionality of the new AWSCC credentials check Modified files (3) tests/terraform/checks/provider/awscc/test_credentials.py tests/terraform/checks/provider/awscc/example_Credentials/main.tf tests/terraform/checks/provider/awscc/__init__.py Latest Contributors(0) User Commit Date
AWSCC Credentials	Implements a new check CKV_AWSCC_41 to detect hard-coded AWS credentials in AWSCC provider configurations Modified files (3) checkov/terraform/checks/provider/awscc/credentials.py checkov/terraform/checks/provider/__init__.py checkov/terraform/checks/provider/awscc/__init__.py Latest Contributors(2) User Commit Date jholland@paloaltonetwo... Initial-panos-terrafor... January 04, 2022 gruebel add-pre-commit-flake8 December 12, 2021

This pull request is reviewed by Baz. Join @quixoticmonk and the rest of your team on (Baz).

[MaryArmaly]

Hey @quixoticmonk,
Could you please merge the latest changes from the main branch into your branch? Thanks!

[tsmithv11]

Thanks for the contribution! Can you please merge main into your branch and make the suggested updates so we can run the tests?

[AdamDev]

Hey @quixoticmonk,
Could you please merge the latest changes from the main branch into your branch? Thanks!

[pazbechor]

Hey @quixoticmonk, I noticed this check already exists in the secrets framework (CKV_SECRET_2).
Could you clarify what makes this one different?
I’m closing this PR for now - happy to reopen if you think otherwise 🙏

[quixoticmonk]

@pazbechor I was porting over AWS provider's credential check while the CKV_SECRET_2 seems to be checking for access key/secrey key anywhere. Does it make the AWS provider one redundant too on the provider configuration ?