remove secret test

test/testdata/mondoo-terraform-aws-security.mql.yaml

@@ -36,12 +36,6 @@ policies:
 
         If you have any suggestions for how to improve this policy, or if you need support, [join the community](https://github.com/orgs/mondoohq/discussions) in GitHub Discussions.
     groups:
-      - title: AWS General
-        filters: |
-          asset.platform == "terraform" || asset.platform == "terraform-hcl"
-          terraform.providers.any(nameLabel == "aws")
-        checks:
-          - uid: terraform-aws-security-no-static-credentials-in-providers
       - title: Amazon API Gateway
         filters: |
           asset.platform == "terraform" || asset.platform == "terraform-hcl"
@@ -84,55 +78,6 @@ policies:
           - uid: terraform-aws-security-eks-encrypt-secrets
           - uid: terraform-aws-security-eks-no-public-cluster-access-to-cidr
 queries:
-  - uid: terraform-aws-security-no-static-credentials-in-providers
-    title: Providers should not contain hard-coded credentials
-    mql: |
-      terraform.providers.where( nameLabel == "aws" ) {
-        arguments["access_key"] == null || arguments["access_key"].find(/(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}/).all("AKIAIOSFODNN7EXAMPLE")
-        arguments["secret_key"] == null || arguments["secret_key"].find(/([A-Za-z0-9\\\/+\\]{40})/).all( "wJalrXUtnFEMI/A1AAAAA/bPxRfiCYAAAAAAAKEY")
-      }
-    docs:
-      desc: |
-        Hard-coded credentials are not recommended in any Terraform configuration, and risks secret leakage should this file ever be committed to a public version control system.
-      audit: |
-        Check for the existence of hard-coded credentials in the AWS provider
-
-        ```hcl
-        provider "aws" {
-          region     = "us-west-2"
-          access_key = "my-access-key"
-          secret_key = "my-secret-key"
-        }
-        ```
-      remediation: |
-        The following are more secure alternatives for configuring the AWS provider:
-
-        __Environment Variables__
-        You can provide your credentials via the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables representing your AWS Access Key and AWS Secret Key, respectively. Note that setting your AWS credentials using either these (or legacy) environment variables will override the use of `AWS_SHARED_CREDENTIALS_FILE` and `AWS_PROFILE`. The `AWS_DEFAULT_REGION` and `AWS_SESSION_TOKEN` environment variables are also used, if applicable:
-
-        ```bash
-        $ export AWS_ACCESS_KEY_ID="an_accesskey"
-        $ export AWS_SECRET_ACCESS_KEY="a_secretkey"
-        $ export AWS_DEFAULT_REGION="us-west-2"
-        $ terraform plan
-        ```
-
-        ```hcl
-        provider "aws" {}
-        ```
-
-        __Assumed Role__
-        If provided with a role ARN, Terraform will attempt to assume this role using the supplied credentials.
-
-        ```hcl
-        provider "aws" {
-          assume_role {
-            role_arn     = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
-            session_name = "SESSION_NAME"
-            external_id  = "EXTERNAL_ID"
-          }
-        }
-        ```
   - uid: terraform-aws-security-api-gw-cache-enabled-and-encrypted
     title: API Gateway must have cache enabled
     mql: |

test/testdata/terraform/aws-3.xx/fail/provider.tf

@@ -9,7 +9,4 @@ terraform {
 
 provider "aws" {
   # Configuration options
-  region     = "us-west-2"
-  access_key = "AKIAIOSFODNN7AAAAAAA"
-  secret_key = "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"
 }

test/testdata/terraform/aws-4.xx/fail/provider.tf

@@ -9,7 +9,4 @@ terraform {
 
 provider "aws" {
   # Configuration options
-  region     = "us-west-2"
-  access_key = "AKIAIOSFODNN7AAAAAAA"
-  secret_key = "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"
 }