fix: add CKV_AWS_145 skip comment to S3 logging bucket

- Add checkov skip comment for CKV_AWS_145 on aws_s3_bucket.logging
  (ALB logging not fully compatible with customer managed KMS keys)
- Regenerate README.md and configuration.png via tfutil

Related: alis/fix-logging-path

Author: alismx

README.md

@@ -135,6 +135,7 @@ No modules.
 | [aws_appmesh_virtual_node.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appmesh_virtual_node) | resource |
 | [aws_cloudwatch_log_group.ecs_cloudwatch_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
 | [aws_ecr_lifecycle_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy) | resource |
+| [aws_ecr_registry_scanning_configuration.configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_registry_scanning_configuration) | resource |
 | [aws_ecr_repository.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource |
 | [aws_ecs_cluster.dibbs_app_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_cluster) | resource |
 | [aws_ecs_service.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource |
@@ -241,6 +242,7 @@ No modules.
 | <a name="input_enable_alb_logs"></a> [enable\_alb\_logs](#input\_enable\_alb\_logs) | Flag to enable ALB access and connection logging to s3 logging bucket | `bool` | `true` | no |
 | <a name="input_enable_autoscaling"></a> [enable\_autoscaling](#input\_enable\_autoscaling) | Flag to enable autoscaling for the ECS services | `bool` | `true` | no |
 | <a name="input_enable_ecr_viewer_sns_topic"></a> [enable\_ecr\_viewer\_sns\_topic](#input\_enable\_ecr\_viewer\_sns\_topic) | Enable ECR Viewer bucket SNS topic | `bool` | `true` | no |
+| <a name="input_enable_enhanced_ecr_registry_scanning"></a> [enable\_enhanced\_ecr\_registry\_scanning](#input\_enable\_enhanced\_ecr\_registry\_scanning) | Flag to enable enhanced ecr registry scanning, defaults to false | `bool` | `false` | no |
 | <a name="input_enable_logging_sns_topic"></a> [enable\_logging\_sns\_topic](#input\_enable\_logging\_sns\_topic) | Enable logging bucket SNS topic | `bool` | `true` | no |
 | <a name="input_internal"></a> [internal](#input\_internal) | Flag to determine if the several AWS resources are public (intended for external access, public internet) or private (only intended to be accessed within your AWS VPC or avaiable with other means, a transit gateway for example). | `bool` | `true` | no |
 | <a name="input_logging_bucket_lifecycle_configuration"></a> [logging\_bucket\_lifecycle\_configuration](#input\_logging\_bucket\_lifecycle\_configuration) | S3 lifecycle rules | <pre>list(object({<br>    status                             = string<br>    prefix                             = string<br>    abort_incomplete_upload_after_days = number<br>    expiration_days                    = number<br>    transitions = list(object({<br>      days          = number<br>      storage_class = string<br>    }))<br>  }))</pre> | <pre>[<br>  {<br>    "abort_incomplete_upload_after_days": 3,<br>    "expiration_days": 365,<br>    "prefix": "/",<br>    "status": "Enabled",<br>    "transitions": [<br>      {<br>        "days": 0,<br>        "storage_class": "INTELLIGENT_TIERING"<br>      }<br>    ]<br>  }<br>]</pre> | no |

configuration.png

@@ -37,6 +37,7 @@ resource "aws_s3_bucket_policy" "ecr_viewer_ssl" {
 
 resource "aws_s3_bucket" "logging" {
   # checkov:skip=CKV_AWS_144:TODO - Cross-region replication for this bucket to be implemented later
+  # checkov:skip=CKV_AWS_145:ALB logging is not fully compatible with customer managed keys - uses separate encryption config
   bucket        = local.s3_logging_bucket_name
   force_destroy = true
   tags          = local.tags