Merge pull request #4 from cullancarey/add_actions

Add actions

.checkov.yaml

@@ -0,0 +1,14 @@
+skip-check:
+  - CKV_AWS_145
+  - CKV_AWS_50
+  - CKV_AWS_115
+  - CKV_AWS_116
+  - CKV_AWS_117
+  - CKV_AWS_68
+  - CKV_AWS_86
+  - CKV_AWS_76
+  - CKV_AWS_272
+  - CKV_AWS_18
+  - CKV_AWS_19
+  - CKV2_AWS_32
+  - CKV_AWS_173

.github/workflows/terraform_checks.yml

@@ -0,0 +1,52 @@
+name: 'Terraform Checks'
+
+on: [push]
+
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+
+    # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    # Install the latest version of Terraform CLI
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v1
+
+    # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
+    - name: Terraform Init
+      id: init
+      run: terraform init
+      continue-on-error: false
+
+    # Checks that all Terraform configuration files adhere to a canonical format
+    - name: Terraform Format
+      id: fmt
+      run: terraform fmt -check
+      continue-on-error: false
+
+    - name: Terraform Validate
+      id: validate
+      run: terraform validate -no-color
+      continue-on-error: false
+
+
+  checkov:
+    needs: Terraform
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Test with Checkov
+        id: checkov
+        uses: bridgecrewio/checkov-action@master
+        with:
+          framework: terraform 
+          config_file: .checkov.yaml

acm.tf

@@ -11,6 +11,9 @@ resource "aws_acm_certificate" "certificate" {
   tags = {
     Name = "website-certificate"
   }
+  lifecycle {
+    create_before_destroy = true
+  }
 
 }