Add Terraform Cloud federated trust identification

[msperling-bf]

Terraform Cloud supports OIDC integration with AWS, but these trusts are not reported by CloudFox. Could you please add the logic necessary to identify and report these trusts?

Overview

List Terraform Cloud trusts in federated trusts output, similar to GitHub Actions.

Screenshots / Files

Example trust:

{
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Federated": "arn:aws:iam::000000000000:oidc-provider/app.terraform.io"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "app.terraform.io:aud": "aws.workload.identity"
        },
        "StringLike": {
          "app.terraform.io:sub": "organization:org:project:workspacesname:workspace:*:run_phase:*"
        }
      }
    }
  ]
}

External Documents / Links

Terraform Cloud OIDC documentation: https://developer.hashicorp.com/terraform/cloud-docs/workspaces/dynamic-provider-credentials/aws-configuration AWS Terraform Cloud blog: https://aws.amazon.com/blogs/apn/simplify-and-secure-terraform-workflows-on-aws-with-dynamic-provider-credentials/