fix(misconf): check only clusters in AVD-AWS-0343

[nikpivkin]

If there is no cluster for the database instances, they are added to an empty cluster that we don't have to check.

Discussed in #7894

^{Originally posted by camobrie-ukhsa November 8, 2024}

IDs

AVD-AWS-0343

Description

AVD-AWS-0343 triggers for Terraform resource "aws_rds_cluster_instance". Also, trying to ignore the finding for the resource does not work

Reproduction Steps

1.Create a resource such as 
resource "aws_rds_cluster_instance" "example" {
  cluster_identifier = redacted
  instance_class     = "redacted"
  availability_zone  = var.redacted
  engine             = redacted.engine
  engine_version     = redacted.engine_version
}

2. Run trivy config . on file

3.Output is:

Tests: 1 (SUCCESSES: 0, FAILURES: 1)
Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)

AVD-AWS-0343 (MEDIUM): Cluster does not have Deletion Protection enabled
══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
Ensure deletion protection is enabled for RDS clusters.

See https://avd.aquasec.com/misconfig/avd-aws-0343
────────────────────────────────────────────────────────

Target

AWS

Scanner

Misconfiguration

Target OS

na

Debug Output

N/A, private source

Version

Version: 0.57.0
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-11-08 06:17:22.236878087 +0000 UTC
  NextUpdate: 2024-11-09 06:17:22.236877697 +0000 UTC
  DownloadedAt: 2024-11-08 12:12:57.520835 +0000 UTC
Check Bundle:
  Digest: sha256:9cc30e6eb1c0dc0b4a4791b61c3dbff8799d08daeac893c08317e7b054ecab14
  DownloadedAt: 2024-11-08 12:11:37.754425 +0000 UTC

Checklist

• Read the documentation regarding wrong detection
• Ran Trivy with -f json that shows data sources and confirmed that the security advisory in data sources was correct