From c5363add29603499254ac676dde23d0ac28b394d Mon Sep 17 00:00:00 2001
From: Wessel van Heerde <wvanheerde@schubergphilis.com>
Date: Tue, 7 Sep 2021 11:59:28 +0200
Subject: [PATCH 1/3] Update IAM activity filter

---
 locals.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/locals.tf b/locals.tf
index a578dea..08e4b8c 100644
--- a/locals.tf
+++ b/locals.tf
@@ -10,10 +10,10 @@ locals {
 
   iam_activity = merge(
     {
-      Root = "{ $.userIdentity.type = \"Root\" }"
+      Root = "{$.userIdentity.type=\"Root\" && $.userIdentity.invokedBy NOT EXISTS && $.eventType != \"AwsServiceEvent\"}"
     },
     var.monitor_iam_activity_sso == true ? {
-      SSO = "{ $.readOnly IS FALSE  && $.userIdentity.sessionContext.sessionIssuer.userName = \"AWSReservedSSO_*\" && $.eventName != \"ConsoleLogin\" }"
+      SSO = "{$.readOnly IS FALSE  && $.userIdentity.sessionContext.sessionIssuer.userName = \"AWSReservedSSO_*\" && $.eventName != \"ConsoleLogin\"}"
     } : {}
   )
 }

From cf38aa5d58b55b1b57a9b780d0a857d3e01e8f87 Mon Sep 17 00:00:00 2001
From: Wessel van Heerde <wvanheerde@schubergphilis.com>
Date: Tue, 7 Sep 2021 13:35:37 +0200
Subject: [PATCH 2/3] Update tfsec workflow step

---
 .github/workflows/terraform.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
index 0a06ff7..b9552b1 100644
--- a/.github/workflows/terraform.yml
+++ b/.github/workflows/terraform.yml
@@ -46,4 +46,4 @@ jobs:
       - name: Check out code
         uses: actions/checkout@master
       - name: Terraform security scan
-        uses: triat/terraform-security-scan@v2.1.0
+        uses: triat/terraform-security-scan@v3.0.0

From 8b3b17f6a5aca381954573499c7355857c47cd9c Mon Sep 17 00:00:00 2001
From: Wessel van Heerde <wvanheerde@schubergphilis.com>
Date: Wed, 8 Sep 2021 11:27:11 +0200
Subject: [PATCH 3/3] Bring back spacing

---
 locals.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/locals.tf b/locals.tf
index 08e4b8c..13c6a9d 100644
--- a/locals.tf
+++ b/locals.tf
@@ -10,10 +10,10 @@ locals {
 
   iam_activity = merge(
     {
-      Root = "{$.userIdentity.type=\"Root\" && $.userIdentity.invokedBy NOT EXISTS && $.eventType != \"AwsServiceEvent\"}"
+      Root = "{ $.userIdentity.type=\"Root\" && $.userIdentity.invokedBy NOT EXISTS && $.eventType != \"AwsServiceEvent\" }"
     },
     var.monitor_iam_activity_sso == true ? {
-      SSO = "{$.readOnly IS FALSE  && $.userIdentity.sessionContext.sessionIssuer.userName = \"AWSReservedSSO_*\" && $.eventName != \"ConsoleLogin\"}"
+      SSO = "{ $.readOnly IS FALSE  && $.userIdentity.sessionContext.sessionIssuer.userName = \"AWSReservedSSO_*\" && $.eventName != \"ConsoleLogin\" }"
     } : {}
   )
 }