fix(terraform): Fix outdated CKV_AWS_312 for Elastic Beanstalk health reporting

[AlekseiSokolov2TR]

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

CKV_AWS_312: Elastic Beanstalk environments do not have enhanced health reporting enabled
Checkov produces a false positive. The check references a setting that no longer exists.

The check expects

setting {
  namespace = "aws:elasticbeanstalk:healthreporting:system"
  name      = "HealthStreamingEnabled"
  value     = "true"
}

The actual configuration for the feature being checked should be

setting {
  namespace = "aws:elasticbeanstalk:healthreporting:system"
  name      = "SystemType"
  value     = "enhanced"
}

The relevant documentation can be found here

Fixes #6007

A related setting exists that controls streaming health data to CloudWatch:

setting {
  namespace = "aws:elasticbeanstalk:cloudwatch:logs:health"
  name      = "HealthStreamingEnabled"
  value     = "true"
}

However, the original wording of CKV_AWS_312 suggest that its intent is checking for the health streaming being enabled, not for health data being archived in CloudWatch. Therefore, either CKV_AWS_312 needs to be expanded to include this, or an additional check needs to be introduced, if the CloudWatch archival part is deemed necessary.

New/Edited policies (Delete if not relevant)

CKV_AWS_312

Description

The change addresses an update to the underlying API that makes the current check obsolete.

Checklist:

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation hlxsites/prisma-cloud-docs #1321
• I have added tests that prove my feature, policy, or fix is effective and works
• New and existing tests pass locally with my changes