OPA (Open Policy Access) within SF executions

[marshall7m]

Implement OSS OPA project into the Step Function execution flow. This allows users to define guardrails around Terraform plan/apply results and the SF execution input data.

• install opa within ECS task docker image
• Add ECS task logic to run opa after terraform plan/apply operations (For the love of Python, the Python OPA client can be used to parse OPA output)
• Add ECS task logic to run opa before plan operation using Step Function execution input data
• Add Terraform module input for defining opa policies at the account-level and organization-level (possibly TF config level?)
• Store policies within AWS SSM parameter store or AWS S3 bucket associated with tf state files?

OR

For the love of Python and Pydantic, use tftest to parse the terraform plan/apply output and pass the output to custom Pydantic models that can validate the results

OR

For the love of Python, allow users to define policies via terraform-compliance