monitoring for backup vault lock changes

[Khatraf]

A reference to the issue / Description of it

#7265

How does this PR fix the problem?

Integrates with recent updates made to the baseline module: ministryofjustice/modernisation-platform-terraform-baselines#495

This PR adds CloudWatch Log Metric Filter and Metric Alarm to monitor changes to backup vault configurations. The alarm triggers and sends notifications via an SNS topic when specific API calls related to the backup vault are detected.

How has this been tested?

In cooker.

{Please write here}

Deployment Plan / Instructions

Will this deployment impact the platform and / or services on it?

{Please write here}

Checklist (check x in [ ] of list items)

• I have performed a self-review of my own code
• All checks have passed
• I have made corresponding changes to the documentation
• Plan and discussed how it should be deployed to PROD (If needed)

Additional comments (if any)

{Please write here}

[github-actions]

Trivy Scan Success

Show Output

```hcl

---

Trivy will check the following folders:
terraform/environments/bootstrap/member-bootstrap

---

Running Trivy in terraform/environments/bootstrap/member-bootstrap
2024-07-05T10:52:02Z INFO Need to update DB
2024-07-05T10:52:02Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-05T10:52:04Z INFO Vulnerability scanning is enabled
2024-07-05T10:52:04Z INFO Misconfiguration scanning is enabled
2024-07-05T10:52:04Z INFO Need to update the built-in policies
2024-07-05T10:52:04Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-05T10:52:04Z INFO Secret scanning is enabled
2024-07-05T10:52:04Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-05T10:52:04Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-05T10:52:07Z INFO Number of language-specific files num=0
2024-07-05T10:52:07Z INFO Detected config files num=5

github.com/ministryofjustice/modernisation-platform-github-oidc-role?ref=c3bde7c787038ff5536bfb1b73781072edbb74da/main.tf (terraform)

Tests: 3 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 3)
Failures: 0 (HIGH: 0, CRITICAL: 0)

iam.tf (terraform)

Tests: 172 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 172)
Failures: 0 (HIGH: 0, CRITICAL: 0)

instance-scheduler.tf (terraform)

Tests: 13 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 13)
Failures: 0 (HIGH: 0, CRITICAL: 0)

ssm.tf (terraform)

Tests: 8 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 8)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/bootstrap/member-bootstrap

*****************************

Running Checkov in terraform/environments/bootstrap/member-bootstrap
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-07-05 10:52:09,789 [MainThread  ] [WARNI]  Failed to download module github.com/terraform-aws-modules/terraform-aws-iam//modules/iam-assumable-roles?ref=de95e21a3bc51cd3a44b3b95a4c2f61000649ebb:None (for external modules, the --download-external-modules flag is required)
2024-07-05 10:52:09,789 [MainThread  ] [WARNI]  Failed to download module github.com/terraform-aws-modules/terraform-aws-iam//modules/iam-assumable-role?ref=de95e21a3bc51cd3a44b3b95a4c2f61000649ebb:None (for external modules, the --download-external-modules flag is required)
2024-07-05 10:52:09,790 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2024-07-05 10:52:09,790 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-cross-account-access?ref=6819b090bce6d3068d55c7c7b9b3fd18c9dca648:None (for external modules, the --download-external-modules flag is required)
2024-07-05 10:52:09,790 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-github-oidc-role?ref=c3bde7c787038ff5536bfb1b73781072edbb74da:None (for external modules, the --download-external-modules flag is required)
2024-07-05 10:52:09,790 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-github-oidc-provider?ref=82f546bd5f002674138a2ccdade7d7618c6758b3:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 148, Failed checks: 0, Skipped checks: 51


checkov_exitcode=0

CTFLint Scan Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
terraform/environments/bootstrap/member-bootstrap

*****************************

Running tflint in terraform/environments/bootstrap/member-bootstrap
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output

*****************************

Trivy will check the following folders:
terraform/environments/bootstrap/member-bootstrap

*****************************

Running Trivy in terraform/environments/bootstrap/member-bootstrap
2024-07-05T10:52:02Z	INFO	Need to update DB
2024-07-05T10:52:02Z	INFO	Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-05T10:52:04Z	INFO	Vulnerability scanning is enabled
2024-07-05T10:52:04Z	INFO	Misconfiguration scanning is enabled
2024-07-05T10:52:04Z	INFO	Need to update the built-in policies
2024-07-05T10:52:04Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-05T10:52:04Z	INFO	Secret scanning is enabled
2024-07-05T10:52:04Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-05T10:52:04Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-05T10:52:07Z	INFO	Number of language-specific files	num=0
2024-07-05T10:52:07Z	INFO	Detected config files	num=5

github.com/ministryofjustice/modernisation-platform-github-oidc-role?ref=c3bde7c787038ff5536bfb1b73781072edbb74da/main.tf (terraform)
=====================================================================================================================================
Tests: 3 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 3)
Failures: 0 (HIGH: 0, CRITICAL: 0)


iam.tf (terraform)
==================
Tests: 172 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 172)
Failures: 0 (HIGH: 0, CRITICAL: 0)


instance-scheduler.tf (terraform)
=================================
Tests: 13 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 13)
Failures: 0 (HIGH: 0, CRITICAL: 0)


ssm.tf (terraform)
==================
Tests: 8 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 8)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

[github-actions]

Trivy Scan Success

Show Output

```hcl

---

Trivy will check the following folders:
terraform/environments/bootstrap/member-bootstrap

---

Running Trivy in terraform/environments/bootstrap/member-bootstrap
2024-07-05T11:08:23Z INFO Need to update DB
2024-07-05T11:08:23Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-05T11:08:25Z INFO Vulnerability scanning is enabled
2024-07-05T11:08:25Z INFO Misconfiguration scanning is enabled
2024-07-05T11:08:25Z INFO Need to update the built-in policies
2024-07-05T11:08:25Z INFO Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-05T11:08:25Z INFO Secret scanning is enabled
2024-07-05T11:08:25Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-05T11:08:25Z INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-05T11:08:28Z INFO Number of language-specific files num=0
2024-07-05T11:08:28Z INFO Detected config files num=5

github.com/ministryofjustice/modernisation-platform-github-oidc-role?ref=c3bde7c787038ff5536bfb1b73781072edbb74da/main.tf (terraform)

Tests: 3 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 3)
Failures: 0 (HIGH: 0, CRITICAL: 0)

iam.tf (terraform)

Tests: 172 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 172)
Failures: 0 (HIGH: 0, CRITICAL: 0)

instance-scheduler.tf (terraform)

Tests: 13 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 13)
Failures: 0 (HIGH: 0, CRITICAL: 0)

ssm.tf (terraform)

Tests: 8 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 8)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/bootstrap/member-bootstrap

*****************************

Running Checkov in terraform/environments/bootstrap/member-bootstrap
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-07-05 11:08:30,887 [MainThread  ] [WARNI]  Failed to download module github.com/terraform-aws-modules/terraform-aws-iam//modules/iam-assumable-roles?ref=de95e21a3bc51cd3a44b3b95a4c2f61000649ebb:None (for external modules, the --download-external-modules flag is required)
2024-07-05 11:08:30,887 [MainThread  ] [WARNI]  Failed to download module github.com/terraform-aws-modules/terraform-aws-iam//modules/iam-assumable-role?ref=de95e21a3bc51cd3a44b3b95a4c2f61000649ebb:None (for external modules, the --download-external-modules flag is required)
2024-07-05 11:08:30,887 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2024-07-05 11:08:30,887 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-cross-account-access?ref=6819b090bce6d3068d55c7c7b9b3fd18c9dca648:None (for external modules, the --download-external-modules flag is required)
2024-07-05 11:08:30,887 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-github-oidc-role?ref=c3bde7c787038ff5536bfb1b73781072edbb74da:None (for external modules, the --download-external-modules flag is required)
2024-07-05 11:08:30,887 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-github-oidc-provider?ref=82f546bd5f002674138a2ccdade7d7618c6758b3:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 148, Failed checks: 0, Skipped checks: 51


checkov_exitcode=0

CTFLint Scan Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
terraform/environments/bootstrap/member-bootstrap

*****************************

Running tflint in terraform/environments/bootstrap/member-bootstrap
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output

*****************************

Trivy will check the following folders:
terraform/environments/bootstrap/member-bootstrap

*****************************

Running Trivy in terraform/environments/bootstrap/member-bootstrap
2024-07-05T11:08:23Z	INFO	Need to update DB
2024-07-05T11:08:23Z	INFO	Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-07-05T11:08:25Z	INFO	Vulnerability scanning is enabled
2024-07-05T11:08:25Z	INFO	Misconfiguration scanning is enabled
2024-07-05T11:08:25Z	INFO	Need to update the built-in policies
2024-07-05T11:08:25Z	INFO	Downloading the built-in policies...
74.86 KiB / 74.86 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-07-05T11:08:25Z	INFO	Secret scanning is enabled
2024-07-05T11:08:25Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-05T11:08:25Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-05T11:08:28Z	INFO	Number of language-specific files	num=0
2024-07-05T11:08:28Z	INFO	Detected config files	num=5

github.com/ministryofjustice/modernisation-platform-github-oidc-role?ref=c3bde7c787038ff5536bfb1b73781072edbb74da/main.tf (terraform)
=====================================================================================================================================
Tests: 3 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 3)
Failures: 0 (HIGH: 0, CRITICAL: 0)


iam.tf (terraform)
==================
Tests: 172 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 172)
Failures: 0 (HIGH: 0, CRITICAL: 0)


instance-scheduler.tf (terraform)
=================================
Tests: 13 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 13)
Failures: 0 (HIGH: 0, CRITICAL: 0)


ssm.tf (terraform)
==================
Tests: 8 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 8)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0