From 29b399e936a77453746e53c3b9042b0eba67f443 Mon Sep 17 00:00:00 2001
From: Hayk Kocharyan <hayk.kocharyan@sysdig.com>
Date: Wed, 29 Jun 2022 14:49:16 +0200
Subject: [PATCH] fix: Remove v2 scanning (#111)

* Revert "chore: fix precommit (#106)"

This reverts commit 0d9e4167bb45050aa44593e0ce1d891639bacba6.

* Revert "chore: fix precommit errors"

This reverts commit 97c7c2c164205ed705cc4e4e4eea9d4ba78f6a45.

* Revert "chore: fix precommit"

This reverts commit 9efb2dae55c5f3d50b73df9e6c7b464cbb4ac201.

* Revert "feat: org cloud connector based on binary scanner"

This reverts commit 26d85ded661dcad6b462bce9bb908f375b9753c5.

* Revert "chore: fix wrong paramter"

This reverts commit 4b77cf56b4764f8746f66d61543ff819a85a88df.

* Revert "feat: apprunner cloud connector based on binary scanner"

This reverts commit fe45088e53f5bc13e572e4c298206360587d4981.

* Revert "feat: ecs cloud connector based on binary scanner"

This reverts commit 6d37ea00701e73d4deb93642477c03c69c1fe890.

* Revert "fix: missing comma"

This reverts commit ed9aca5248f1995b9b198a9d1264b7736c8121d2.

* Revert "chore: fix missing paramter"

This reverts commit 47d4286c9525ed6c203c5e89613922f5098f0ff8.

* Revert "feat: permission are created based on binary scanner use"

This reverts commit be40cdaef7700aa29759a130d418df08b13eb9a2.

* Revert "feat: create k8s config base on binary scanner use"

This reverts commit 06318906df01887b1e8467eb4db6b30539c77449.

* Revert "feat: add standalone bianry scanner"

This reverts commit 22d6c7cc028b9ba224392e34ef5947ccf92647f6.

* chore: fix precommit
---
 examples/organizational/README.md             |  5 +-
 examples/organizational/main.tf               |  7 +-
 examples/organizational/variables.tf          |  6 +-
 examples/single-account-apprunner/README.md   |  1 -
 examples/single-account-apprunner/main.tf     |  8 +-
 .../single-account-apprunner/variables.tf     |  6 --
 examples/single-account-ecs/README.md         |  1 -
 examples/single-account-ecs/main.tf           |  7 +-
 examples/single-account-ecs/variables.tf      |  5 --
 examples/single-account-k8s/README.md         |  3 +-
 .../single-account-k8s/cloud-connector.tf     | 33 +++-----
 examples/single-account-k8s/credentials.tf    |  3 +-
 examples/single-account-k8s/variables.tf      |  5 --
 examples/trigger-events/README.md             |  2 +-
 modules/infrastructure/cloudtrail/README.md   |  2 +-
 .../cloudtrail_s3-sns-sqs/README.md           |  2 +-
 modules/infrastructure/codebuild/README.md    |  2 +-
 modules/infrastructure/ecs-vpc/README.md      |  2 +-
 .../permissions/cloud-connector/README.md     |  2 +-
 .../permissions/cloud-scanning/README.md      |  3 +-
 .../permissions/cloud-scanning/main.tf        | 19 ++---
 .../permissions/cloud-scanning/variables.tf   |  5 --
 .../permissions/general/README.md             |  2 +-
 .../permissions/iam-user/README.md            |  3 +-
 .../permissions/iam-user/main.tf              |  3 +-
 .../permissions/iam-user/variables.tf         |  5 --
 .../permissions/org-role-ecs/README.md        |  4 +-
 .../permissions/org-role-eks/README.md        |  2 +-
 .../infrastructure/resource-group/README.md   |  2 +-
 .../sqs-sns-subscription/README.md            |  2 +-
 modules/infrastructure/ssm/README.md          |  2 +-
 modules/services/cloud-bench/README.md        |  4 +-
 .../cloud-connector-apprunner/apprunner.tf    |  2 +-
 .../cloudconnector-config.tf                  | 21 ++---
 .../cloud-connector-apprunner/main.tf         |  9 +--
 .../cloud-connector-apprunner/variables.tf    |  5 --
 .../services/cloud-connector-ecs/README.md    |  5 +-
 .../cloudconnector-config.tf                  | 29 +++----
 .../services/cloud-connector-ecs/locals.tf    |  7 +-
 .../cloud-connector-ecs/permissions.tf        |  4 +-
 .../services/cloud-connector-ecs/variables.tf |  8 +-
 .../fixtures/organizational-k8s/backend.tf    |  9 ---
 .../fixtures/organizational-k8s/main.tf       | 81 -------------------
 .../fixtures/organizational-k8s/variables.tf  | 80 ------------------
 .../fixtures/organizational/backend.tf        |  9 ---
 .../fixtures/organizational/main.tf           | 43 ----------
 .../fixtures/organizational/outputs.tf        |  0
 .../fixtures/organizational/variables.tf      | 30 -------
 .../single-account-apprunner/backend.tf       |  9 ---
 .../fixtures/single-account-apprunner/main.tf | 25 ------
 .../single-account-apprunner/outputs.tf       |  0
 .../single-account-apprunner/variables.tf     | 17 ----
 .../fixtures/single-account-ecs/backend.tf    |  9 ---
 .../fixtures/single-account-ecs/main.tf       | 25 ------
 .../fixtures/single-account-ecs/outputs.tf    |  0
 .../fixtures/single-account-ecs/variables.tf  | 23 ------
 .../fixtures/single-account-k8s/backend.tf    |  9 ---
 .../fixtures/single-account-k8s/main.tf       | 30 -------
 .../fixtures/single-account-k8s/outputs.tf    |  0
 .../fixtures/single-account-k8s/variables.tf  | 23 ------
 test/fixtures/organizational/main.tf          |  1 -
 .../fixtures/single-account-apprunner/main.tf |  1 -
 test/fixtures/single-account-ecs/main.tf      |  1 -
 test/fixtures/single-account-k8s/main.tf      |  1 -
 64 files changed, 72 insertions(+), 602 deletions(-)
 delete mode 100644 out/test/terraform-aws-secure-for-cloud/fixtures/organizational-k8s/backend.tf
 delete mode 100644 out/test/terraform-aws-secure-for-cloud/fixtures/organizational-k8s/main.tf
 delete mode 100644 out/test/terraform-aws-secure-for-cloud/fixtures/organizational-k8s/variables.tf
 delete mode 100644 out/test/terraform-aws-secure-for-cloud/fixtures/organizational/backend.tf
 delete mode 100644 out/test/terraform-aws-secure-for-cloud/fixtures/organizational/main.tf
 delete mode 100644 out/test/terraform-aws-secure-for-cloud/fixtures/organizational/outputs.tf
 delete mode 100644 out/test/terraform-aws-secure-for-cloud/fixtures/organizational/variables.tf
 delete mode 100644 out/test/terraform-aws-secure-for-cloud/fixtures/single-account-apprunner/backend.tf
 delete mode 100644 out/test/terraform-aws-secure-for-cloud/fixtures/single-account-apprunner/main.tf
 delete mode 100644 out/test/terraform-aws-secure-for-cloud/fixtures/single-account-apprunner/outputs.tf
 delete mode 100644 out/test/terraform-aws-secure-for-cloud/fixtures/single-account-apprunner/variables.tf
 delete mode 100644 out/test/terraform-aws-secure-for-cloud/fixtures/single-account-ecs/backend.tf
 delete mode 100644 out/test/terraform-aws-secure-for-cloud/fixtures/single-account-ecs/main.tf
 delete mode 100644 out/test/terraform-aws-secure-for-cloud/fixtures/single-account-ecs/outputs.tf
 delete mode 100644 out/test/terraform-aws-secure-for-cloud/fixtures/single-account-ecs/variables.tf
 delete mode 100644 out/test/terraform-aws-secure-for-cloud/fixtures/single-account-k8s/backend.tf
 delete mode 100644 out/test/terraform-aws-secure-for-cloud/fixtures/single-account-k8s/main.tf
 delete mode 100644 out/test/terraform-aws-secure-for-cloud/fixtures/single-account-k8s/outputs.tf
 delete mode 100644 out/test/terraform-aws-secure-for-cloud/fixtures/single-account-k8s/variables.tf

diff --git a/examples/organizational/README.md b/examples/organizational/README.md
index 1ed13eb3..37c40c8e 100644
--- a/examples/organizational/README.md
+++ b/examples/organizational/README.md
@@ -145,8 +145,8 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
-| <a name="provider_aws.member"></a> [aws.member](#provider\_aws.member) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
+| <a name="provider_aws.member"></a> [aws.member](#provider\_aws.member) | 4.20.1 |
 | <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
 
 ## Modules
@@ -195,7 +195,6 @@ $ terraform apply
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |
 | <a name="input_organizational_member_default_admin_role"></a> [organizational\_member\_default\_admin\_role](#input\_organizational\_member\_default\_admin\_role) | Default role created by AWS for management-account users to be able to admin member accounts.<br/>https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html | `string` | `"OrganizationAccountAccessRole"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning | `map(string)` | <pre>{<br>  "product": "sysdig-secure-for-cloud"<br>}</pre> | no |
-| <a name="input_use_standalone_scanner"></a> [use\_standalone\_scanner](#input\_use\_standalone\_scanner) | true/false whether use inline scanner or not | `bool` | `false` | no |
 
 ## Outputs
 
diff --git a/examples/organizational/main.tf b/examples/organizational/main.tf
index e9cb4b58..bcd65784 100644
--- a/examples/organizational/main.tf
+++ b/examples/organizational/main.tf
@@ -1,7 +1,3 @@
-locals {
-  deploy_image_scanning = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs
-  deploy_scanning_infra = local.deploy_image_scanning && !var.use_standalone_scanner
-}
 #-------------------------------------
 # resources deployed always in management account
 # with default provider
@@ -40,7 +36,7 @@ module "ssm" {
 # cloud-connector
 #-------------------------------------
 module "codebuild" {
-  count = local.deploy_scanning_infra ? 1 : 0
+  count = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs ? 1 : 0
 
   providers = {
     aws = aws.member
@@ -66,7 +62,6 @@ module "cloud_connector" {
 
   deploy_image_scanning_ecr = var.deploy_image_scanning_ecr
   deploy_image_scanning_ecs = var.deploy_image_scanning_ecs
-  use_standalone_scanner    = var.use_standalone_scanner
 
   is_organizational = true
   organizational_config = {
diff --git a/examples/organizational/variables.tf b/examples/organizational/variables.tf
index d3c66a60..5717c666 100644
--- a/examples/organizational/variables.tf
+++ b/examples/organizational/variables.tf
@@ -69,11 +69,7 @@ variable "deploy_image_scanning_ecs" {
   default     = false
 }
 
-variable "use_standalone_scanner" {
-  type        = bool
-  description = "true/false whether use inline scanner or not"
-  default     = false
-}
+
 #
 # benchmark configuration
 #
diff --git a/examples/single-account-apprunner/README.md b/examples/single-account-apprunner/README.md
index 6eeaa853..316117fa 100644
--- a/examples/single-account-apprunner/README.md
+++ b/examples/single-account-apprunner/README.md
@@ -104,7 +104,6 @@ $ terraform apply
 | <a name="input_deploy_image_scanning_ecs"></a> [deploy\_image\_scanning\_ecs](#input\_deploy\_image\_scanning\_ecs) | true/false whether to deploy the image scanning on ECS running images | `bool` | `false` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning | `map(string)` | <pre>{<br>  "product": "sysdig-secure-for-cloud"<br>}</pre> | no |
-| <a name="input_use_standalone_scanner"></a> [use\_standalone\_scanner](#input\_use\_standalone\_scanner) | true/false whether use inline scanner or not | `bool` | `false` | no |
 
 ## Outputs
 
diff --git a/examples/single-account-apprunner/main.tf b/examples/single-account-apprunner/main.tf
index 825dd520..8ac8c1c8 100644
--- a/examples/single-account-apprunner/main.tf
+++ b/examples/single-account-apprunner/main.tf
@@ -1,8 +1,3 @@
-locals {
-  deploy_image_scanning = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs
-  deploy_scanning_infra = local.deploy_image_scanning && !var.use_standalone_scanner
-}
-
 #-------------------------------------
 # general resources
 #-------------------------------------
@@ -24,7 +19,7 @@ module "ssm" {
 # cloud-connector
 #-------------------------------------
 module "codebuild" {
-  count = local.deploy_scanning_infra ? 1 : 0
+  count = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs ? 1 : 0
 
   source                       = "../../modules/infrastructure/codebuild"
   name                         = "${var.name}-codebuild"
@@ -50,7 +45,6 @@ module "cloud_connector" {
   cloudconnector_ecr_image_uri = var.cloudconnector_ecr_image_uri
   deploy_image_scanning_ecr    = var.deploy_image_scanning_ecr
   deploy_image_scanning_ecs    = var.deploy_image_scanning_ecs
-  use_standalone_scanner       = var.use_standalone_scanner
 
   cloudtrail_sns_arn = local.cloudtrail_sns_arn
   tags               = var.tags
diff --git a/examples/single-account-apprunner/variables.tf b/examples/single-account-apprunner/variables.tf
index ed1cda96..32cf9bbb 100644
--- a/examples/single-account-apprunner/variables.tf
+++ b/examples/single-account-apprunner/variables.tf
@@ -42,12 +42,6 @@ variable "deploy_image_scanning_ecs" {
   default     = false
 }
 
-variable "use_standalone_scanner" {
-  type        = bool
-  description = "true/false whether use inline scanner or not"
-  default     = false
-}
-
 #
 # benchmark configuration
 #
diff --git a/examples/single-account-ecs/README.md b/examples/single-account-ecs/README.md
index 969ddb18..514af292 100644
--- a/examples/single-account-ecs/README.md
+++ b/examples/single-account-ecs/README.md
@@ -110,7 +110,6 @@ $ terraform apply
 | <a name="input_ecs_vpc_subnets_private_ids"></a> [ecs\_vpc\_subnets\_private\_ids](#input\_ecs\_vpc\_subnets\_private\_ids) | List of VPC subnets where workload is to be deployed. Defaulted to be created when 'ecs\_cluster\_name' is not provided. | `list(string)` | `[]` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning | `map(string)` | <pre>{<br>  "product": "sysdig-secure-for-cloud"<br>}</pre> | no |
-| <a name="input_use_standalone_scanner"></a> [use\_standalone\_scanner](#input\_use\_standalone\_scanner) | true/false whether use inline scanner or not | `bool` | `false` | no |
 
 ## Outputs
 
diff --git a/examples/single-account-ecs/main.tf b/examples/single-account-ecs/main.tf
index 2c8f330a..89842692 100644
--- a/examples/single-account-ecs/main.tf
+++ b/examples/single-account-ecs/main.tf
@@ -1,7 +1,3 @@
-locals {
-  deploy_image_scanning = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs
-  deploy_scanning_infra = local.deploy_image_scanning && !var.use_standalone_scanner
-}
 #-------------------------------------
 # general resources
 #-------------------------------------
@@ -25,7 +21,7 @@ module "ssm" {
 #
 
 module "codebuild" {
-  count = local.deploy_scanning_infra ? 1 : 0
+  count = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs ? 1 : 0
 
   source                       = "../../modules/infrastructure/codebuild"
   name                         = "${var.name}-codebuild"
@@ -49,7 +45,6 @@ module "cloud_connector" {
 
   deploy_image_scanning_ecr = var.deploy_image_scanning_ecr
   deploy_image_scanning_ecs = var.deploy_image_scanning_ecs
-  use_standalone_scanner    = var.use_standalone_scanner
 
   is_organizational = false
 
diff --git a/examples/single-account-ecs/variables.tf b/examples/single-account-ecs/variables.tf
index 93f6cc59..909e0bf7 100644
--- a/examples/single-account-ecs/variables.tf
+++ b/examples/single-account-ecs/variables.tf
@@ -85,11 +85,6 @@ variable "deploy_image_scanning_ecs" {
   default     = false
 }
 
-variable "use_standalone_scanner" {
-  type        = bool
-  description = "true/false whether use inline scanner or not"
-  default     = false
-}
 
 #
 # benchmark configuration
diff --git a/examples/single-account-k8s/README.md b/examples/single-account-k8s/README.md
index a78635cc..b73d0b0e 100644
--- a/examples/single-account-k8s/README.md
+++ b/examples/single-account-k8s/README.md
@@ -84,7 +84,7 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | 2.6.0 |
 | <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
 
@@ -121,7 +121,6 @@ $ terraform apply
 | <a name="input_deploy_image_scanning_ecs"></a> [deploy\_image\_scanning\_ecs](#input\_deploy\_image\_scanning\_ecs) | true/false whether to deploy the image scanning on ECS running images | `bool` | `false` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning | `map(string)` | <pre>{<br>  "product": "sysdig-secure-for-cloud"<br>}</pre> | no |
-| <a name="input_use_standalone_scanner"></a> [use\_standalone\_scanner](#input\_use\_standalone\_scanner) | true/false whether use inline scanner or not | `bool` | `false` | no |
 
 ## Outputs
 
diff --git a/examples/single-account-k8s/cloud-connector.tf b/examples/single-account-k8s/cloud-connector.tf
index 821a5b93..45e88b64 100644
--- a/examples/single-account-k8s/cloud-connector.tf
+++ b/examples/single-account-k8s/cloud-connector.tf
@@ -1,10 +1,5 @@
 locals {
-  deploy_image_scanning   = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs
-  deploy_scanning_infra   = local.deploy_image_scanning && !var.use_standalone_scanner
-  ecr_standalone_scanning = var.deploy_image_scanning_ecr && var.use_standalone_scanner
-  ecs_standalone_scanning = var.deploy_image_scanning_ecs && var.use_standalone_scanner
-  ecr_scanning_with_infra = var.deploy_image_scanning_ecr && !var.use_standalone_scanner
-  ecs_scanning_with_infra = var.deploy_image_scanning_ecs && !var.use_standalone_scanner
+  deploy_image_scanning = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs
 }
 
 #-------------------------------------
@@ -19,7 +14,7 @@ module "cloud_connector_sqs" {
 }
 
 module "codebuild" {
-  count  = local.deploy_scanning_infra ? 1 : 0
+  count  = local.deploy_image_scanning ? 1 : 0
   source = "../../modules/infrastructure/codebuild"
 
   name                         = var.name
@@ -73,8 +68,6 @@ resource "helm_release" "cloud_connector" {
 
   values = [
     yamlencode({
-      logging = "info"
-      rules   = []
       ingestors = [
         {
           cloudtrail-sns-sqs = {
@@ -83,26 +76,18 @@ resource "helm_release" "cloud_connector" {
         }
       ]
       scanners = local.deploy_image_scanning ? [
-        merge(
-          local.ecr_scanning_with_infra ? {
-            aws-ecr = {
-              codeBuildProject         = module.codebuild[0].project_name
-              secureAPITokenSecretName = module.ssm.secure_api_token_secret_name
-            }
+        merge(var.deploy_image_scanning_ecr ? {
+          aws-ecr = {
+            codeBuildProject         = module.codebuild[0].project_name
+            secureAPITokenSecretName = module.ssm.secure_api_token_secret_name
+          }
           } : {},
-          local.ecs_scanning_with_infra ? {
+          var.deploy_image_scanning_ecs ? {
             aws-ecs = {
               codeBuildProject         = module.codebuild[0].project_name
               secureAPITokenSecretName = module.ssm.secure_api_token_secret_name
             }
-          } : {},
-          local.ecr_standalone_scanning ? {
-            aws-ecr-inline = {},
-          } : {},
-          local.ecs_standalone_scanning ? {
-            aws-ecs-inline = {},
-          } : {},
-        )
+        } : {})
       ] : []
     })
   ]
diff --git a/examples/single-account-k8s/credentials.tf b/examples/single-account-k8s/credentials.tf
index 4c0970ac..899230c4 100644
--- a/examples/single-account-k8s/credentials.tf
+++ b/examples/single-account-k8s/credentials.tf
@@ -2,8 +2,7 @@ module "iam_user" {
   source = "../../modules/infrastructure/permissions/iam-user"
   name   = var.name
 
-  deploy_image_scanning  = local.deploy_image_scanning
-  use_standalone_scanner = var.use_standalone_scanner
+  deploy_image_scanning = local.deploy_image_scanning
 
   ssm_secure_api_token_arn       = module.ssm.secure_api_token_secret_arn
   cloudtrail_s3_bucket_arn       = length(module.cloudtrail) > 0 ? module.cloudtrail[0].s3_bucket_arn : "*"
diff --git a/examples/single-account-k8s/variables.tf b/examples/single-account-k8s/variables.tf
index b6713be9..6b59ee49 100644
--- a/examples/single-account-k8s/variables.tf
+++ b/examples/single-account-k8s/variables.tf
@@ -54,11 +54,6 @@ variable "deploy_image_scanning_ecs" {
   default     = false
 }
 
-variable "use_standalone_scanner" {
-  type        = bool
-  description = "true/false whether use inline scanner or not"
-  default     = false
-}
 
 #
 # benchmark configuration
diff --git a/examples/trigger-events/README.md b/examples/trigger-events/README.md
index e60240de..1240d126 100644
--- a/examples/trigger-events/README.md
+++ b/examples/trigger-events/README.md
@@ -49,7 +49,7 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
diff --git a/modules/infrastructure/cloudtrail/README.md b/modules/infrastructure/cloudtrail/README.md
index 3101ecd2..da2c8acb 100644
--- a/modules/infrastructure/cloudtrail/README.md
+++ b/modules/infrastructure/cloudtrail/README.md
@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
diff --git a/modules/infrastructure/cloudtrail_s3-sns-sqs/README.md b/modules/infrastructure/cloudtrail_s3-sns-sqs/README.md
index 594457aa..61848755 100644
--- a/modules/infrastructure/cloudtrail_s3-sns-sqs/README.md
+++ b/modules/infrastructure/cloudtrail_s3-sns-sqs/README.md
@@ -46,7 +46,7 @@ EVENT FILTER/fine-tunning, regarding what we want to send to Sysdig Cloud-Connec
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
diff --git a/modules/infrastructure/codebuild/README.md b/modules/infrastructure/codebuild/README.md
index fb969aee..11002591 100644
--- a/modules/infrastructure/codebuild/README.md
+++ b/modules/infrastructure/codebuild/README.md
@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
diff --git a/modules/infrastructure/ecs-vpc/README.md b/modules/infrastructure/ecs-vpc/README.md
index d681a7b5..1ae15360 100644
--- a/modules/infrastructure/ecs-vpc/README.md
+++ b/modules/infrastructure/ecs-vpc/README.md
@@ -13,7 +13,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
diff --git a/modules/infrastructure/permissions/cloud-connector/README.md b/modules/infrastructure/permissions/cloud-connector/README.md
index 6bc4be91..7feb8aa2 100644
--- a/modules/infrastructure/permissions/cloud-connector/README.md
+++ b/modules/infrastructure/permissions/cloud-connector/README.md
@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
diff --git a/modules/infrastructure/permissions/cloud-scanning/README.md b/modules/infrastructure/permissions/cloud-scanning/README.md
index 3897e088..b7a525c8 100644
--- a/modules/infrastructure/permissions/cloud-scanning/README.md
+++ b/modules/infrastructure/permissions/cloud-scanning/README.md
@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
@@ -34,7 +34,6 @@ No modules.
 | <a name="input_scanning_codebuild_project_arn"></a> [scanning\_codebuild\_project\_arn](#input\_scanning\_codebuild\_project\_arn) | ARN of codebuild to launch the image scanning process | `string` | n/a | yes |
 | <a name="input_sfc_user_name"></a> [sfc\_user\_name](#input\_sfc\_user\_name) | Name of the IAM user to provision permissions | `string` | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |
-| <a name="input_use_standalone_scanner"></a> [use\_standalone\_scanner](#input\_use\_standalone\_scanner) | true/false whether use inline scanner or not | `bool` | `false` | no |
 
 ## Outputs
 
diff --git a/modules/infrastructure/permissions/cloud-scanning/main.tf b/modules/infrastructure/permissions/cloud-scanning/main.tf
index 8a9d255b..b7d272c6 100644
--- a/modules/infrastructure/permissions/cloud-scanning/main.tf
+++ b/modules/infrastructure/permissions/cloud-scanning/main.tf
@@ -1,5 +1,4 @@
 resource "aws_iam_user_policy" "cloud_scanner" {
-
   name   = "${var.name}-cs"
   user   = data.aws_iam_user.this.user_name
   policy = data.aws_iam_policy_document.cloud_scanner.json
@@ -18,18 +17,16 @@ data "aws_iam_policy_document" "cloud_scanner" {
     resources = [var.cloudtrail_subscribed_sqs_arn]
   }
 
-  dynamic "statement" {
-    for_each = var.use_standalone_scanner ? [1] : []
-    content {
-      sid    = "AllowScanningCodeBuildStartBuild"
-      effect = "Allow"
-      actions = [
-        "codebuild:StartBuild"
-      ]
-      resources = [var.scanning_codebuild_project_arn]
-    }
+  statement {
+    sid    = "AllowScanningCodeBuildStartBuild"
+    effect = "Allow"
+    actions = [
+      "codebuild:StartBuild"
+    ]
+    resources = [var.scanning_codebuild_project_arn]
   }
 
+
   statement {
     sid    = "AllowScanningECRRead"
     effect = "Allow"
diff --git a/modules/infrastructure/permissions/cloud-scanning/variables.tf b/modules/infrastructure/permissions/cloud-scanning/variables.tf
index 275ef9a9..a6bfbd91 100644
--- a/modules/infrastructure/permissions/cloud-scanning/variables.tf
+++ b/modules/infrastructure/permissions/cloud-scanning/variables.tf
@@ -14,11 +14,6 @@ variable "scanning_codebuild_project_arn" {
   description = "ARN of codebuild to launch the image scanning process"
 }
 
-variable "use_standalone_scanner" {
-  type        = bool
-  description = "true/false whether use inline scanner or not"
-  default     = false
-}
 
 #---------------------------------
 # optionals - with default
diff --git a/modules/infrastructure/permissions/general/README.md b/modules/infrastructure/permissions/general/README.md
index da082448..29466b5c 100644
--- a/modules/infrastructure/permissions/general/README.md
+++ b/modules/infrastructure/permissions/general/README.md
@@ -15,7 +15,7 @@ General permissions that apply to both cloud-connector and cloud-scanning module
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
diff --git a/modules/infrastructure/permissions/iam-user/README.md b/modules/infrastructure/permissions/iam-user/README.md
index 34b37234..0e01d5e5 100644
--- a/modules/infrastructure/permissions/iam-user/README.md
+++ b/modules/infrastructure/permissions/iam-user/README.md
@@ -45,7 +45,7 @@ Note: Contact us if this authentication system does not match your requirement.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
@@ -72,7 +72,6 @@ Note: Contact us if this authentication system does not match your requirement.
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |
 | <a name="input_scanning_codebuild_project_arn"></a> [scanning\_codebuild\_project\_arn](#input\_scanning\_codebuild\_project\_arn) | ARN of codebuild to launch the image scanning process | `string` | `"*"` | no |
 | <a name="input_ssm_secure_api_token_arn"></a> [ssm\_secure\_api\_token\_arn](#input\_ssm\_secure\_api\_token\_arn) | ARN of the security credentials for the secure\_api\_token | `string` | `"*"` | no |
-| <a name="input_use_standalone_scanner"></a> [use\_standalone\_scanner](#input\_use\_standalone\_scanner) | true/false whether use inline scanner or not | `bool` | `false` | no |
 
 ## Outputs
 
diff --git a/modules/infrastructure/permissions/iam-user/main.tf b/modules/infrastructure/permissions/iam-user/main.tf
index bab8bc04..6caeb7c7 100644
--- a/modules/infrastructure/permissions/iam-user/main.tf
+++ b/modules/infrastructure/permissions/iam-user/main.tf
@@ -1,3 +1,4 @@
+
 resource "aws_iam_user" "this" {
   name          = var.name
   force_destroy = true
@@ -11,6 +12,7 @@ resource "aws_iam_access_key" "this" {
 }
 
 
+
 module "credentials_general" {
   source = "../general"
   name   = var.name
@@ -41,7 +43,6 @@ module "credentials_cloud_scanning" {
   sfc_user_name                  = aws_iam_user.this.name
   scanning_codebuild_project_arn = var.scanning_codebuild_project_arn
   cloudtrail_subscribed_sqs_arn  = var.cloudtrail_subscribed_sqs_arn
-  use_standalone_scanner         = var.use_standalone_scanner
 
   depends_on = [aws_iam_user.this]
 }
diff --git a/modules/infrastructure/permissions/iam-user/variables.tf b/modules/infrastructure/permissions/iam-user/variables.tf
index bcac4458..e3c4548c 100644
--- a/modules/infrastructure/permissions/iam-user/variables.tf
+++ b/modules/infrastructure/permissions/iam-user/variables.tf
@@ -8,11 +8,6 @@ variable "deploy_image_scanning" {
   default     = true
 }
 
-variable "use_standalone_scanner" {
-  type        = bool
-  description = "true/false whether use inline scanner or not"
-  default     = false
-}
 
 # permission defaults to all resources; ARN *
 
diff --git a/modules/infrastructure/permissions/org-role-ecs/README.md b/modules/infrastructure/permissions/org-role-ecs/README.md
index 0d7ffa36..c9d190c7 100644
--- a/modules/infrastructure/permissions/org-role-ecs/README.md
+++ b/modules/infrastructure/permissions/org-role-ecs/README.md
@@ -31,8 +31,8 @@ The aim of this module is to manage the organizational **managed account** requi
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
-| <a name="provider_aws.member"></a> [aws.member](#provider\_aws.member) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
+| <a name="provider_aws.member"></a> [aws.member](#provider\_aws.member) | 4.20.1 |
 
 ## Modules
 
diff --git a/modules/infrastructure/permissions/org-role-eks/README.md b/modules/infrastructure/permissions/org-role-eks/README.md
index 0b5fdb49..5a437260 100644
--- a/modules/infrastructure/permissions/org-role-eks/README.md
+++ b/modules/infrastructure/permissions/org-role-eks/README.md
@@ -29,7 +29,7 @@ The aim of this module is to manage the organizational **managed account** requi
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
diff --git a/modules/infrastructure/resource-group/README.md b/modules/infrastructure/resource-group/README.md
index bfd3000f..0bdf6f50 100644
--- a/modules/infrastructure/resource-group/README.md
+++ b/modules/infrastructure/resource-group/README.md
@@ -13,7 +13,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
diff --git a/modules/infrastructure/sqs-sns-subscription/README.md b/modules/infrastructure/sqs-sns-subscription/README.md
index d0c00d4a..35bf13ff 100644
--- a/modules/infrastructure/sqs-sns-subscription/README.md
+++ b/modules/infrastructure/sqs-sns-subscription/README.md
@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
diff --git a/modules/infrastructure/ssm/README.md b/modules/infrastructure/ssm/README.md
index 8893548a..c0a20fbc 100644
--- a/modules/infrastructure/ssm/README.md
+++ b/modules/infrastructure/ssm/README.md
@@ -16,7 +16,7 @@ and pass it, in a safe way, to all the modules that require it.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
diff --git a/modules/services/cloud-bench/README.md b/modules/services/cloud-bench/README.md
index 7ca0d521..a7ff5f0f 100644
--- a/modules/services/cloud-bench/README.md
+++ b/modules/services/cloud-bench/README.md
@@ -26,8 +26,8 @@ Deployed on **Sysdig Backend**
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.3.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.3.2 |
 | <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
 
 ## Modules
diff --git a/modules/services/cloud-connector-apprunner/apprunner.tf b/modules/services/cloud-connector-apprunner/apprunner.tf
index 30d59541..5deceb57 100644
--- a/modules/services/cloud-connector-apprunner/apprunner.tf
+++ b/modules/services/cloud-connector-apprunner/apprunner.tf
@@ -98,7 +98,7 @@ data "aws_iam_policy_document" "cloud_connector" {
 
 
   dynamic "statement" {
-    for_each = local.deploy_scanning_infra ? [1] : []
+    for_each = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs ? [1] : []
     content {
       sid    = "AllowCodebuild"
       effect = "Allow"
diff --git a/modules/services/cloud-connector-apprunner/cloudconnector-config.tf b/modules/services/cloud-connector-apprunner/cloudconnector-config.tf
index 74366348..77a3202f 100644
--- a/modules/services/cloud-connector-apprunner/cloudconnector-config.tf
+++ b/modules/services/cloud-connector-apprunner/cloudconnector-config.tf
@@ -14,25 +14,18 @@ locals {
     },
     {
       scanners = local.deploy_image_scanning ? [
-        merge(
-          local.ecr_scanning_with_infra ? {
-            aws-ecr = {
-              codeBuildProject         = var.build_project_name
-              secureAPITokenSecretName = var.secure_api_token_secret_name
-            }
+        merge(var.deploy_image_scanning_ecr ? {
+          aws-ecr = {
+            codeBuildProject         = var.build_project_name
+            secureAPITokenSecretName = var.secure_api_token_secret_name
+          }
           } : {},
-          local.ecs_scanning_with_infra ? {
+          var.deploy_image_scanning_ecs ? {
             aws-ecs = {
               codeBuildProject         = var.build_project_name
               secureAPITokenSecretName = var.secure_api_token_secret_name
             }
-        } : {}),
-        local.ecs_standalone_scanning ? {
-          aws-ecs-inline = {}
-        } : {},
-        local.ecr_standalone_scanning ? {
-          aws-ecr-inline = {},
-        } : {}
+        } : {})
       ] : []
     }
   ))
diff --git a/modules/services/cloud-connector-apprunner/main.tf b/modules/services/cloud-connector-apprunner/main.tf
index 94ceafe0..ef296c0f 100644
--- a/modules/services/cloud-connector-apprunner/main.tf
+++ b/modules/services/cloud-connector-apprunner/main.tf
@@ -1,9 +1,4 @@
 locals {
-  verify_ssl              = var.verify_ssl == "auto" ? length(regexall("https://.*?\\.sysdig(cloud)?.com/?", data.sysdig_secure_connection.current.secure_url)) == 1 : var.verify_ssl == "true"
-  deploy_image_scanning   = var.deploy_image_scanning_ecs || var.deploy_image_scanning_ecr
-  deploy_scanning_infra   = local.deploy_image_scanning && !var.use_standalone_scanner
-  ecr_standalone_scanning = var.deploy_image_scanning_ecr && var.use_standalone_scanner
-  ecs_standalone_scanning = var.deploy_image_scanning_ecs && var.use_standalone_scanner
-  ecr_scanning_with_infra = var.deploy_image_scanning_ecr && !var.use_standalone_scanner
-  ecs_scanning_with_infra = var.deploy_image_scanning_ecs && !var.use_standalone_scanner
+  verify_ssl            = var.verify_ssl == "auto" ? length(regexall("https://.*?\\.sysdig(cloud)?.com/?", data.sysdig_secure_connection.current.secure_url)) == 1 : var.verify_ssl == "true"
+  deploy_image_scanning = var.deploy_image_scanning_ecs || var.deploy_image_scanning_ecr
 }
diff --git a/modules/services/cloud-connector-apprunner/variables.tf b/modules/services/cloud-connector-apprunner/variables.tf
index e924b163..f12b2ca1 100644
--- a/modules/services/cloud-connector-apprunner/variables.tf
+++ b/modules/services/cloud-connector-apprunner/variables.tf
@@ -30,11 +30,6 @@ variable "deploy_image_scanning_ecs" {
   default     = false
 }
 
-variable "use_standalone_scanner" {
-  type        = bool
-  description = "true/false whether use inline scanner or not"
-  default     = false
-}
 #
 # general
 #
diff --git a/modules/services/cloud-connector-ecs/README.md b/modules/services/cloud-connector-ecs/README.md
index e868898b..37b856a6 100644
--- a/modules/services/cloud-connector-ecs/README.md
+++ b/modules/services/cloud-connector-ecs/README.md
@@ -15,7 +15,7 @@ A task deployed on an **ECS deployment** will detect events in your infrastructu
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 | <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
 
 ## Modules
@@ -71,14 +71,13 @@ A task deployed on an **ECS deployment** will detect events in your infrastructu
 | <a name="input_deploy_image_scanning_ecr"></a> [deploy\_image\_scanning\_ecr](#input\_deploy\_image\_scanning\_ecr) | true/false whether to deploy the image scanning on ECR pushed images | `bool` | `false` | no |
 | <a name="input_deploy_image_scanning_ecs"></a> [deploy\_image\_scanning\_ecs](#input\_deploy\_image\_scanning\_ecs) | true/false whether to deploy the image scanning on ECS running images | `bool` | `false` | no |
 | <a name="input_ecs_task_cpu"></a> [ecs\_task\_cpu](#input\_ecs\_task\_cpu) | Amount of CPU (in CPU units) to reserve for cloud-connector task | `string` | `"256"` | no |
-| <a name="input_ecs_task_memory"></a> [ecs\_task\_memory](#input\_ecs\_task\_memory) | Amount of memory (in megabytes) to reserve for cloud-connector task | `string` | `"2000"` | no |
+| <a name="input_ecs_task_memory"></a> [ecs\_task\_memory](#input\_ecs\_task\_memory) | Amount of memory (in megabytes) to reserve for cloud-connector task | `string` | `"512"` | no |
 | <a name="input_extra_env_vars"></a> [extra\_env\_vars](#input\_extra\_env\_vars) | Extra environment variables for the Cloud Connector deployment | `map(string)` | `{}` | no |
 | <a name="input_image"></a> [image](#input\_image) | Image of the cloud connector to deploy | `string` | `"quay.io/sysdig/cloud-connector:latest"` | no |
 | <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational) | whether secure-for-cloud should be deployed in an organizational setup | `bool` | `false` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc-cloudconnector"` | no |
 | <a name="input_organizational_config"></a> [organizational\_config](#input\_organizational\_config) | organizational\_config. following attributes must be given<br><ul><br>  <li>`sysdig_secure_for_cloud_role_arn` for cloud-connector assumeRole in order to read cloudtrail s3 events</li><br>  <li>`connector_ecs_task_role_name` which has been granted trusted-relationship over the secure\_for\_cloud\_role</li><br>  <li>`organizational_role_per_account` is the name of the organizational role deployed by AWS in each account of the organization. used for image-scanning only</li><br></ul> | <pre>object({<br>    sysdig_secure_for_cloud_role_arn = string<br>    organizational_role_per_account  = string<br>    connector_ecs_task_role_name     = string<br>  })</pre> | <pre>{<br>  "connector_ecs_task_role_name": null,<br>  "organizational_role_per_account": null,<br>  "sysdig_secure_for_cloud_role_arn": null<br>}</pre> | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning | `map(string)` | <pre>{<br>  "product": "sysdig-secure-for-cloud"<br>}</pre> | no |
-| <a name="input_use_standalone_scanner"></a> [use\_standalone\_scanner](#input\_use\_standalone\_scanner) | true/false whether use inline scanner or not | `bool` | `false` | no |
 | <a name="input_verify_ssl"></a> [verify\_ssl](#input\_verify\_ssl) | true/false to determine ssl verification for sysdig\_secure\_url | `bool` | `true` | no |
 
 ## Outputs
diff --git a/modules/services/cloud-connector-ecs/cloudconnector-config.tf b/modules/services/cloud-connector-ecs/cloudconnector-config.tf
index babaa5c8..78a1c3ee 100644
--- a/modules/services/cloud-connector-ecs/cloudconnector-config.tf
+++ b/modules/services/cloud-connector-ecs/cloudconnector-config.tf
@@ -17,18 +17,17 @@ locals {
     },
     {
       scanners = local.deploy_image_scanning ? [
-        merge(
-          local.ecr_scanning_with_infra ? {
-            aws-ecr = merge({
-              codeBuildProject         = var.build_project_name
-              secureAPITokenSecretName = var.secure_api_token_secret_name
-              },
-              var.is_organizational ? {
-                masterOrganizationRole       = var.organizational_config.sysdig_secure_for_cloud_role_arn
-                organizationalRolePerAccount = var.organizational_config.organizational_role_per_account
-            } : {})
+        merge(var.deploy_image_scanning_ecr ? {
+          aws-ecr = merge({
+            codeBuildProject         = var.build_project_name
+            secureAPITokenSecretName = var.secure_api_token_secret_name
+            },
+            var.is_organizational ? {
+              masterOrganizationRole       = var.organizational_config.sysdig_secure_for_cloud_role_arn
+              organizationalRolePerAccount = var.organizational_config.organizational_role_per_account
+          } : {})
           } : {},
-          local.ecs_scanning_with_infra ? {
+          var.deploy_image_scanning_ecs ? {
             aws-ecs = merge({
               codeBuildProject         = var.build_project_name
               secureAPITokenSecretName = var.secure_api_token_secret_name
@@ -37,13 +36,7 @@ locals {
                 masterOrganizationRole       = var.organizational_config.sysdig_secure_for_cloud_role_arn
                 organizationalRolePerAccount = var.organizational_config.organizational_role_per_account
             } : {})
-        } : {}),
-        local.ecr_standalone_scanning ? {
-          aws-ecr-inline = {},
-        } : {},
-        local.ecs_standalone_scanning ? {
-          aws-ecs-inline = {},
-        } : {}
+        } : {})
       ] : []
     }
   ))
diff --git a/modules/services/cloud-connector-ecs/locals.tf b/modules/services/cloud-connector-ecs/locals.tf
index e621778d..992319c2 100644
--- a/modules/services/cloud-connector-ecs/locals.tf
+++ b/modules/services/cloud-connector-ecs/locals.tf
@@ -1,8 +1,3 @@
 locals {
-  deploy_image_scanning   = var.deploy_image_scanning_ecs || var.deploy_image_scanning_ecr
-  deploy_scanning_infra   = local.deploy_image_scanning && !var.use_standalone_scanner
-  ecr_standalone_scanning = var.deploy_image_scanning_ecr && var.use_standalone_scanner
-  ecs_standalone_scanning = var.deploy_image_scanning_ecs && var.use_standalone_scanner
-  ecr_scanning_with_infra = var.deploy_image_scanning_ecr && !var.use_standalone_scanner
-  ecs_scanning_with_infra = var.deploy_image_scanning_ecs && !var.use_standalone_scanner
+  deploy_image_scanning = var.deploy_image_scanning_ecs || var.deploy_image_scanning_ecr
 }
diff --git a/modules/services/cloud-connector-ecs/permissions.tf b/modules/services/cloud-connector-ecs/permissions.tf
index f563552f..241c6cd9 100644
--- a/modules/services/cloud-connector-ecs/permissions.tf
+++ b/modules/services/cloud-connector-ecs/permissions.tf
@@ -78,13 +78,13 @@ data "aws_iam_policy_document" "iam_role_task_policy" {
 # scan images
 #
 resource "aws_iam_role_policy" "trigger_scan" {
-  count  = local.deploy_scanning_infra ? 1 : 0
+  count  = local.deploy_image_scanning ? 1 : 0
   name   = "${var.name}-TriggerScan"
   role   = local.ecs_task_role_id
   policy = data.aws_iam_policy_document.trigger_scan[0].json
 }
 data "aws_iam_policy_document" "trigger_scan" {
-  count = local.deploy_scanning_infra ? 1 : 0
+  count = local.deploy_image_scanning ? 1 : 0
   statement {
     effect = "Allow"
     actions = [
diff --git a/modules/services/cloud-connector-ecs/variables.tf b/modules/services/cloud-connector-ecs/variables.tf
index 85783f35..67b0b7c0 100644
--- a/modules/services/cloud-connector-ecs/variables.tf
+++ b/modules/services/cloud-connector-ecs/variables.tf
@@ -95,7 +95,7 @@ variable "ecs_task_cpu" {
 variable "ecs_task_memory" {
   type        = string
   description = "Amount of memory (in megabytes) to reserve for cloud-connector task"
-  default     = "2000"
+  default     = "512"
 }
 
 variable "connector_ecs_task_role_name" {
@@ -146,11 +146,7 @@ variable "deploy_image_scanning_ecs" {
   default     = false
 }
 
-variable "use_standalone_scanner" {
-  type        = bool
-  description = "true/false whether use inline scanner or not"
-  default     = false
-}
+
 
 #
 # general
diff --git a/out/test/terraform-aws-secure-for-cloud/fixtures/organizational-k8s/backend.tf b/out/test/terraform-aws-secure-for-cloud/fixtures/organizational-k8s/backend.tf
deleted file mode 100644
index 6d57b03f..00000000
--- a/out/test/terraform-aws-secure-for-cloud/fixtures/organizational-k8s/backend.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-# Terraform state storage backend
-terraform {
-  backend "s3" {
-    bucket         = "secure-cloud-terraform-tests-org" # need to append '-org' to avoid conflict
-    key            = "aws-organizational-k8s-reuse_cloudtrail/terraform.tfstate"
-    dynamodb_table = "secure-cloud-terraform-tests"
-    region         = "eu-west-3"
-  }
-}
diff --git a/out/test/terraform-aws-secure-for-cloud/fixtures/organizational-k8s/main.tf b/out/test/terraform-aws-secure-for-cloud/fixtures/organizational-k8s/main.tf
deleted file mode 100644
index a7430a94..00000000
--- a/out/test/terraform-aws-secure-for-cloud/fixtures/organizational-k8s/main.tf
+++ /dev/null
@@ -1,81 +0,0 @@
-terraform {
-  required_providers {
-    sysdig = {
-      source = "sysdiglabs/sysdig"
-    }
-  }
-}
-
-provider "sysdig" {
-  sysdig_secure_api_token = var.sysdig_secure_api_token
-  sysdig_secure_url       = var.sysdig_secure_url
-}
-
-provider "aws" {
-  alias      = "admin"
-  profile    = var.org_profile
-  access_key = var.org_accessKeyId
-  secret_key = var.org_secretAccessKey
-  region     = var.region
-}
-
-provider "aws" {
-  alias      = "cloudnative"
-  profile    = var.cloudnative_profile
-  access_key = var.cloudnative_accessKeyId
-  secret_key = var.cloudnative_secretAccessKey
-  region     = var.region
-}
-
-provider "helm" {
-  kubernetes {
-    config_path = "~/.kube/config"
-  }
-}
-
-module "cloudtrail_s3_sns_sqs" {
-  providers = {
-    aws = aws.admin
-  }
-  source                              = "../../../modules/infrastructure/cloudtrail_s3-sns-sqs"
-  cloudtrail_s3_name                  = var.cloudtrail_s3_name
-  s3_event_notification_filter_prefix = var.s3_event_notification_filter_prefix
-  name                                = "${var.name}-orgk8s"
-}
-
-
-module "org_user" {
-  providers = {
-    aws = aws.admin
-  }
-  source                        = "../../../modules/infrastructure/permissions/iam-user"
-  deploy_image_scanning         = false
-  cloudtrail_s3_bucket_arn      = module.cloudtrail_s3_sns_sqs.cloudtrail_s3_arn
-  cloudtrail_subscribed_sqs_arn = module.cloudtrail_s3_sns_sqs.cloudtrail_subscribed_sqs_arn
-  name                          = "${var.name}-orgk8s"
-}
-
-
-resource "time_sleep" "wait" {
-  depends_on      = [module.org_user]
-  create_duration = "5s"
-}
-
-# -------------------
-# actual use case
-# -------------------
-
-module "org_k8s_threat_reuse_cloudtrail" {
-  providers = {
-    aws = aws.cloudnative
-  }
-  source = "../../../examples-internal/organizational-k8s-threat-reuse_cloudtrail_s3"
-  name   = var.name
-
-  cloudtrail_s3_sns_sqs_url = module.cloudtrail_s3_sns_sqs.cloudtrail_subscribed_sqs_url
-
-  aws_access_key_id     = module.org_user.sfc_user_access_key_id
-  aws_secret_access_key = module.org_user.sfc_user_secret_access_key
-
-  depends_on = [module.org_user.sfc_user_arn, time_sleep.wait]
-}
diff --git a/out/test/terraform-aws-secure-for-cloud/fixtures/organizational-k8s/variables.tf b/out/test/terraform-aws-secure-for-cloud/fixtures/organizational-k8s/variables.tf
deleted file mode 100644
index 17a0c169..00000000
--- a/out/test/terraform-aws-secure-for-cloud/fixtures/organizational-k8s/variables.tf
+++ /dev/null
@@ -1,80 +0,0 @@
-variable "cloudtrail_s3_name" {
-  type        = string
-  description = "Name of the Cloudtrail S3 bucket"
-}
-
-variable "sysdig_secure_api_token" {
-  type        = string
-  sensitive   = true
-  description = "Sysdig secure api token"
-}
-
-
-
-#---------------------------------
-# provide variables for testing
-#---------------------------------
-
-variable "s3_event_notification_filter_prefix" {
-  type        = string
-  default     = ""
-  description = "S3 Path filter prefix for event notification. Limit the notifications to objects with key starting with specified characters"
-}
-
-variable "org_profile" {
-  type    = string
-  default = ""
-}
-
-variable "cloudnative_profile" {
-  type    = string
-  default = ""
-}
-
-variable "org_accessKeyId" {
-  type      = string
-  sensitive = true
-  default   = ""
-}
-
-variable "org_secretAccessKey" {
-  type      = string
-  sensitive = true
-  default   = ""
-}
-
-variable "cloudnative_accessKeyId" {
-  type      = string
-  sensitive = true
-  default   = ""
-}
-
-variable "cloudnative_secretAccessKey" {
-  type      = string
-  sensitive = true
-  default   = ""
-}
-
-
-
-#---------------------------------
-# optionals - with defaults
-#---------------------------------
-
-variable "sysdig_secure_url" {
-  type        = string
-  description = "Sysdig secure endpoint"
-  default     = "https://secure.sysdig.com"
-}
-
-variable "name" {
-  type        = string
-  description = "Name is the prefix used in the resources will be created"
-  default     = "sfctest-org-k8s"
-}
-
-variable "region" {
-  type        = string
-  description = "Region in which the cloudtrail and EKS are deployed. Currently same region is required"
-  default     = "eu-central-1"
-}
diff --git a/out/test/terraform-aws-secure-for-cloud/fixtures/organizational/backend.tf b/out/test/terraform-aws-secure-for-cloud/fixtures/organizational/backend.tf
deleted file mode 100644
index 181ded29..00000000
--- a/out/test/terraform-aws-secure-for-cloud/fixtures/organizational/backend.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-# Terraform state storage backend
-terraform {
-  backend "s3" {
-    bucket         = "secure-cloud-terraform-tests-org" # need to append '-org' to avoid conflict
-    key            = "aws-organizational/terraform.tfstate"
-    dynamodb_table = "secure-cloud-terraform-tests"
-    region         = "eu-west-3"
-  }
-}
diff --git a/out/test/terraform-aws-secure-for-cloud/fixtures/organizational/main.tf b/out/test/terraform-aws-secure-for-cloud/fixtures/organizational/main.tf
deleted file mode 100644
index 09fa6cb9..00000000
--- a/out/test/terraform-aws-secure-for-cloud/fixtures/organizational/main.tf
+++ /dev/null
@@ -1,43 +0,0 @@
-terraform {
-  required_providers {
-    aws = {
-      version               = ">= 4.0.0"
-      configuration_aliases = [aws.member]
-    }
-    sysdig = {
-      source = "sysdiglabs/sysdig"
-    }
-  }
-}
-
-provider "sysdig" {
-  sysdig_secure_api_token = var.sysdig_secure_api_token
-  sysdig_secure_url       = var.sysdig_secure_url
-}
-
-provider "aws" {
-  region = var.region
-}
-
-
-provider "aws" {
-  alias  = "member"
-  region = var.region
-  assume_role {
-    # 'OrganizationAccountAccessRole' is the default role created by AWS for management-account users to be able to admin member accounts.
-    # <br/>https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html
-    role_arn = "arn:aws:iam::${var.sysdig_secure_for_cloud_member_account_id}:role/OrganizationAccountAccessRole"
-  }
-}
-
-module "cloudvision_aws_organizational" {
-  providers = {
-    aws.member = aws.member
-  }
-  source = "../../../examples/organizational"
-  name   = var.name
-
-  sysdig_secure_for_cloud_member_account_id = var.sysdig_secure_for_cloud_member_account_id
-  deploy_image_scanning_ecr                 = true
-  deploy_image_scanning_ecs                 = true
-}
diff --git a/out/test/terraform-aws-secure-for-cloud/fixtures/organizational/outputs.tf b/out/test/terraform-aws-secure-for-cloud/fixtures/organizational/outputs.tf
deleted file mode 100644
index e69de29b..00000000
diff --git a/out/test/terraform-aws-secure-for-cloud/fixtures/organizational/variables.tf b/out/test/terraform-aws-secure-for-cloud/fixtures/organizational/variables.tf
deleted file mode 100644
index 1d9c4680..00000000
--- a/out/test/terraform-aws-secure-for-cloud/fixtures/organizational/variables.tf
+++ /dev/null
@@ -1,30 +0,0 @@
-variable "sysdig_secure_api_token" {
-  type        = string
-  sensitive   = true
-  description = "Sysdig secure api token"
-}
-variable "sysdig_secure_for_cloud_member_account_id" {
-  type        = string
-  description = "organizational member account where the secure-for-cloud workload is going to be deployed"
-}
-
-
-
-
-variable "name" {
-  type        = string
-  description = "Name is the prefix used in the resources will be created"
-  default     = "sfctest-org-ecs"
-}
-
-variable "region" {
-  type        = string
-  description = "Region to be deployed"
-  default     = "eu-west-3"
-}
-
-variable "sysdig_secure_url" {
-  type        = string
-  description = "Sysdig secure endpoint"
-  default     = "https://secure.sysdig.com"
-}
diff --git a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-apprunner/backend.tf b/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-apprunner/backend.tf
deleted file mode 100644
index 80b6c3b0..00000000
--- a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-apprunner/backend.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-# Terraform state storage backend
-terraform {
-  backend "s3" {
-    bucket         = "secure-cloud-terraform-tests"
-    key            = "aws-single-account-apprunner/terraform.tfstate"
-    dynamodb_table = "secure-cloud-terraform-tests"
-    region         = "eu-west-3"
-  }
-}
diff --git a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-apprunner/main.tf b/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-apprunner/main.tf
deleted file mode 100644
index 647c3b64..00000000
--- a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-apprunner/main.tf
+++ /dev/null
@@ -1,25 +0,0 @@
-terraform {
-  required_providers {
-    sysdig = {
-      source  = "sysdiglabs/sysdig"
-      version = ">=0.5.33"
-    }
-  }
-}
-
-provider "sysdig" {
-  sysdig_secure_api_token = var.sysdig_secure_api_token
-  sysdig_secure_url       = var.sysdig_secure_url
-}
-
-provider "aws" {
-  region = "eu-west-1"
-}
-
-module "cloudvision_aws_apprunner_single_account" {
-  source = "../../../examples/single-account-apprunner"
-  name   = var.name
-
-  deploy_image_scanning_ecr = true
-  deploy_image_scanning_ecs = true
-}
diff --git a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-apprunner/outputs.tf b/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-apprunner/outputs.tf
deleted file mode 100644
index e69de29b..00000000
diff --git a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-apprunner/variables.tf b/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-apprunner/variables.tf
deleted file mode 100644
index 1a3c64f3..00000000
--- a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-apprunner/variables.tf
+++ /dev/null
@@ -1,17 +0,0 @@
-variable "sysdig_secure_api_token" {
-  type        = string
-  sensitive   = true
-  description = "Sysdig secure api token"
-}
-
-variable "name" {
-  type        = string
-  description = "Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances"
-  default     = "sfctest-single-app"
-}
-
-variable "sysdig_secure_url" {
-  type        = string
-  description = "Sysdig secure endpoint"
-  default     = "https://secure.sysdig.com"
-}
diff --git a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-ecs/backend.tf b/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-ecs/backend.tf
deleted file mode 100644
index af3aee26..00000000
--- a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-ecs/backend.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-# Terraform state storage backend
-terraform {
-  backend "s3" {
-    bucket         = "secure-cloud-terraform-tests"
-    key            = "aws-single-account-ecs/terraform.tfstate"
-    dynamodb_table = "secure-cloud-terraform-tests"
-    region         = "eu-west-3"
-  }
-}
diff --git a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-ecs/main.tf b/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-ecs/main.tf
deleted file mode 100644
index 60463e92..00000000
--- a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-ecs/main.tf
+++ /dev/null
@@ -1,25 +0,0 @@
-terraform {
-  required_providers {
-    sysdig = {
-      source  = "sysdiglabs/sysdig"
-      version = ">=0.5.33"
-    }
-  }
-}
-
-provider "sysdig" {
-  sysdig_secure_api_token = var.sysdig_secure_api_token
-  sysdig_secure_url       = var.sysdig_secure_url
-}
-
-provider "aws" {
-  region = var.region
-}
-
-module "cloudvision_aws_single_account_ecs" {
-  source = "../../../examples/single-account-ecs"
-  name   = "${var.name}-single"
-
-  deploy_image_scanning_ecr = true
-  deploy_image_scanning_ecs = true
-}
diff --git a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-ecs/outputs.tf b/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-ecs/outputs.tf
deleted file mode 100644
index e69de29b..00000000
diff --git a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-ecs/variables.tf b/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-ecs/variables.tf
deleted file mode 100644
index a7abb6dd..00000000
--- a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-ecs/variables.tf
+++ /dev/null
@@ -1,23 +0,0 @@
-variable "sysdig_secure_api_token" {
-  type        = string
-  sensitive   = true
-  description = "Sysdig secure api token"
-}
-
-variable "name" {
-  type        = string
-  description = "Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances"
-  default     = "sfctest-single-ecs"
-}
-
-variable "region" {
-  type        = string
-  description = "Region to be deployed"
-  default     = "eu-west-3"
-}
-
-variable "sysdig_secure_url" {
-  type        = string
-  description = "Sysdig secure endpoint"
-  default     = "https://secure.sysdig.com"
-}
diff --git a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-k8s/backend.tf b/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-k8s/backend.tf
deleted file mode 100644
index c35aab3f..00000000
--- a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-k8s/backend.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-# Terraform state storage backend
-terraform {
-  backend "s3" {
-    bucket         = "secure-cloud-terraform-tests"
-    key            = "aws-single-account-k8s/terraform.tfstate"
-    dynamodb_table = "secure-cloud-terraform-tests"
-    region         = "eu-west-3"
-  }
-}
diff --git a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-k8s/main.tf b/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-k8s/main.tf
deleted file mode 100644
index 3c89b52a..00000000
--- a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-k8s/main.tf
+++ /dev/null
@@ -1,30 +0,0 @@
-terraform {
-  required_providers {
-    sysdig = {
-      source = "sysdiglabs/sysdig"
-    }
-  }
-}
-
-provider "sysdig" {
-  sysdig_secure_api_token = var.sysdig_secure_api_token
-  sysdig_secure_url       = var.sysdig_secure_url
-}
-
-provider "aws" {
-  region = var.region
-}
-
-provider "helm" {
-  kubernetes {
-    config_path = "~/.kube/config"
-  }
-}
-
-module "cloudvision_aws_single_account_k8s" {
-  source = "../../../examples/single-account-k8s"
-  name   = "${var.name}-singlek8s"
-
-  deploy_image_scanning_ecr = true
-  deploy_image_scanning_ecs = true
-}
diff --git a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-k8s/outputs.tf b/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-k8s/outputs.tf
deleted file mode 100644
index e69de29b..00000000
diff --git a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-k8s/variables.tf b/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-k8s/variables.tf
deleted file mode 100644
index c61fcc2f..00000000
--- a/out/test/terraform-aws-secure-for-cloud/fixtures/single-account-k8s/variables.tf
+++ /dev/null
@@ -1,23 +0,0 @@
-variable "sysdig_secure_api_token" {
-  type        = string
-  sensitive   = true
-  description = "Sysdig secure api token"
-}
-
-variable "name" {
-  type        = string
-  description = "Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances"
-  default     = "sfc-test-single-k8s"
-}
-
-variable "region" {
-  type        = string
-  description = "Region to be deployed"
-  default     = "eu-west-3"
-}
-
-variable "sysdig_secure_url" {
-  type        = string
-  description = "Sysdig secure endpoint"
-  default     = "https://secure.sysdig.com"
-}
diff --git a/test/fixtures/organizational/main.tf b/test/fixtures/organizational/main.tf
index 48547476..09fa6cb9 100644
--- a/test/fixtures/organizational/main.tf
+++ b/test/fixtures/organizational/main.tf
@@ -40,5 +40,4 @@ module "cloudvision_aws_organizational" {
   sysdig_secure_for_cloud_member_account_id = var.sysdig_secure_for_cloud_member_account_id
   deploy_image_scanning_ecr                 = true
   deploy_image_scanning_ecs                 = true
-  use_standalone_scanner                    = false
 }
diff --git a/test/fixtures/single-account-apprunner/main.tf b/test/fixtures/single-account-apprunner/main.tf
index b81f93a9..647c3b64 100644
--- a/test/fixtures/single-account-apprunner/main.tf
+++ b/test/fixtures/single-account-apprunner/main.tf
@@ -22,5 +22,4 @@ module "cloudvision_aws_apprunner_single_account" {
 
   deploy_image_scanning_ecr = true
   deploy_image_scanning_ecs = true
-  use_standalone_scanner    = false
 }
diff --git a/test/fixtures/single-account-ecs/main.tf b/test/fixtures/single-account-ecs/main.tf
index 3b664c37..60463e92 100644
--- a/test/fixtures/single-account-ecs/main.tf
+++ b/test/fixtures/single-account-ecs/main.tf
@@ -22,5 +22,4 @@ module "cloudvision_aws_single_account_ecs" {
 
   deploy_image_scanning_ecr = true
   deploy_image_scanning_ecs = true
-  use_standalone_scanner    = false
 }
diff --git a/test/fixtures/single-account-k8s/main.tf b/test/fixtures/single-account-k8s/main.tf
index 47687516..3c89b52a 100644
--- a/test/fixtures/single-account-k8s/main.tf
+++ b/test/fixtures/single-account-k8s/main.tf
@@ -27,5 +27,4 @@ module "cloudvision_aws_single_account_k8s" {
 
   deploy_image_scanning_ecr = true
   deploy_image_scanning_ecs = true
-  use_standalone_scanner    = false
 }