9/20: The open source version of Terraform is now OpenTofu   I swear, this is not a recurring series. The problem just -- finally -- got solved. Part 2 is over here . I went back to tfsec after seeing the simple start guide posted here , by Liam Galvin at Ghost Security. There are two aspects of my  code:  Allow buckets starting with [word]  deny buckets that don't start with [word].  The initial guide only has "don't allow buckets that are exactly named this", but that's all I needed to actually get going! The problems could have been; The rego file and the terraform file don't play well in the same folder. Having the options in two separate subfolders helped even though there was a command that I used to read both files in the same folder. Trivy ... I don't know. Maybe the metadata setup was incorrect - but if it's set up as comments -- readable by the program but not acknowledged in the rego -- who knows. I can work on that in the future. The code w...
I research and implement products + infrastructure for the Cloud, software, and other interesting things. My tailored Cloud Project Portfolio is at runtcpip.com