feat: add tag compliance with cloud custodian

.codecatalyst/workflows/tf-sandbox-sbx0-ec2.yml

@@ -9,8 +9,31 @@ Triggers:
       - sandbox\/sbx0\/ec2\/.*
 
 Actions:
+  tag-compliance:
+    Identifier: aws/build@v1
+    Inputs:
+      Sources:
+        - WorkflowSource
+    Environment:
+      Name: sandbox
+      Connections:
+        - Name: lanandra-sandbox
+          Role: tf-codecatalyst-admin-sandbox
+    Configuration:
+      Container:
+        Registry: DockerHub
+        Image: python:3.12.8-bookworm
+      Steps:
+      - Run: cd sandbox/sbx0/ec2
+      - Run: pip install c7n
+      - Run: pip install c7n-left
+      - Run: c7n-left run -p . -d .
+    Compute:
+      Type: EC2
   terraform-plan:
     Identifier: aws/build@v1
+    DependsOn:
+      - tag-compliance
     Inputs:
       Sources:
         - WorkflowSource

README.md

@@ -29,41 +29,22 @@ Example:
             └── variables.tf
 ```
 
-Note: 
-- You may see directory structure that does not follow pattern above. That being used by legacy pattern and haven't been changed and updated
-- No solid plan when old pattern will be updated. Sorry :pray:
-
 ## Terraform Configuration
 
-Terraform configuration in this repository is using Terraform Cloud and S3 as a backend. You can differentiate each backend by refer this configuration.
+Terraform configuration in this repository is using S3 as a backend
 
 For example:
 
-- Terraform Cloud
-    ```
-    terraform {
-      backend "remote" {
-        hostname     = "app.terraform.io"
-        organization = "my-organization"
-
-        workspaces {
-          name = "my-workspace"
-        }
-      }
-    }
-    ```
-
-- S3
-    ```
-    terraform {
-      backend "s3" {
-        bucket         = "my-tfbucket"
-        key            = "path/to/terraform.tfstate"
-        region         = "ap-southeast-1"
-        dynamodb_table = "my-tflocks"
-        encrypt        = true
-      }
-    }
-    ```
+ ```
+ terraform {
+   backend "s3" {
+     bucket         = "my-tfbucket"
+     key            = "path/to/terraform.tfstate"
+     region         = "ap-southeast-1"
+     dynamodb_table = "my-tflocks"
+     encrypt        = true
+   }
+ }
+ ```
 
 Terraform filenames more likely will follow Terraform configuration language style guide as referred to this [terraform style guide](https://developer.hashicorp.com/terraform/language/style). Although not really similar and have some adjustments in some of the files