Feat : terraform module client scanner

.gitignore

@@ -30,4 +30,4 @@ venv/
 *tfvars
 *override*.tf
 .terraform
-.terraform.lock.hcl
+.terraform.lock.hcl

lambdas/functions/iroco2-client-side-scanner/.gitignore

@@ -0,0 +1,22 @@
+# Terraform files
+*.tfstate
+*.tfstate.*
+*.tfvars
+!terraform.tfvars.example
+.terraform/
+.terraform.lock.hcl
+crash.log
+crash.*.log
+
+# IDE files
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# Pre-commit
+.secrets.baseline

lambdas/functions/iroco2-client-side-scanner/.pre-commit-config.yaml

@@ -0,0 +1,43 @@
+# Simplified pre-commit configuration for IROCO2 Client Side Scanner Terraform module
+# This configuration includes only essential checks that work without additional tool installation
+repos:
+  # General hooks
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v6.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-added-large-files
+      - id: check-case-conflict
+      - id: check-merge-conflict
+
+  # Terraform hooks (minimal set)
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.100.0
+    hooks:
+      - id: terraform_fmt
+        description: Rewrites all Terraform configuration files to a canonical format
+        exclude : lambdas/functions/iroco2-client-side-scanner/examples/
+        files : ^lambdas/functions/iroco2-client-side-scanner/
+
+      - id: terraform_validate
+        description: Validates all Terraform configuration files
+        exclude : lambdas/functions/iroco2-client-side-scanner/examples/
+        files : ^lambdas/functions/iroco2-client-side-scanner/
+        args:
+          - --hook-config=--retry-once-with-cleanup=true
+
+# Configuration for specific hooks
+default_language_version:
+  python: python3
+
+# Global excludes
+exclude: |
+  (?x)^(
+    \.terraform/.*|
+    \.terraform\.lock\.hcl|
+    terraform\.tfstate.*|
+    \.git/.*|
+    examples\.*
+  )$

lambdas/functions/iroco2-client-side-scanner/.tflint.hcl

@@ -0,0 +1,95 @@
+# TFLint configuration for IROCO2 Client Side Scanner Terraform module
+
+config {
+  # Enable all rules by default
+  disabled_by_default = false
+
+  # Plugin directory
+  plugin_dir = "~/.tflint.d/plugins"
+
+  # Call module inspection
+  call_module_type = "all"
+}
+
+# AWS plugin configuration
+plugin "aws" {
+  enabled = true
+  version = "0.29.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+
+  # Deep checking requires AWS credentials
+  deep_check = false
+}
+
+# Terraform plugin configuration
+plugin "terraform" {
+  enabled = true
+  preset  = "recommended"
+}
+
+# Rule configurations
+rule "terraform_deprecated_interpolation" {
+  enabled = true
+}
+
+rule "terraform_deprecated_index" {
+  enabled = true
+}
+
+rule "terraform_unused_declarations" {
+  enabled = true
+}
+
+rule "terraform_comment_syntax" {
+  enabled = true
+}
+
+rule "terraform_documented_outputs" {
+  enabled = true
+}
+
+rule "terraform_documented_variables" {
+  enabled = true
+}
+
+rule "terraform_typed_variables" {
+  enabled = true
+}
+
+rule "terraform_module_pinned_source" {
+  enabled = true
+}
+
+rule "terraform_naming_convention" {
+  enabled = true
+  format  = "snake_case"
+}
+
+rule "terraform_required_version" {
+  enabled = true
+}
+
+rule "terraform_required_providers" {
+  enabled = true
+}
+
+rule "terraform_standard_module_structure" {
+  enabled = true
+}
+
+# AWS specific rules
+rule "aws_instance_invalid_type" {
+  enabled = true
+}
+
+rule "aws_lambda_function_invalid_runtime" {
+  enabled = true
+}
+
+rule "aws_s3_bucket_invalid_region" {
+  enabled = true
+}
+
+rule "aws_iam_policy_invalid_policy" {
+  enabled = true
+}