adds policy to check kms on lambdas

pkg/policies/opa/rego/aws/aws_lambda_function/AWS.LambdaFunction.EncryptionandKeyManagement.High.0471.json

@@ -0,0 +1,12 @@
+{
+    "name": "lambdaNotEncryptedWithKms",
+    "file": "lambdaNotEncryptedWithKms.rego",
+    "template_args": {
+        "prefix": ""
+    },
+    "severity": "High",
+    "description": "Lambda does not have KMS key to protect environment variables.",
+    "reference_id": "AWS.LambdaFunction.EncryptionandKeyManagement.High.0471",
+    "category": "Encryption and Key Management",
+    "version": 2
+}

pkg/policies/opa/rego/aws/aws_lambda_function/lambdaNotEncryptedWithKms.rego

@@ -0,0 +1,13 @@
+package accurics
+
+#{{.prefix}}lambdaNotEncryptedWithKms[retVal] {
+  #lambda := input.aws_lambda_function[_]
+  #lambda.config.kms_key_arn == null
+  #traverse = ""
+#  retVal := { "Id": lambda.id, "ReplaceType": "edit", "CodeType": "attribute", "Traverse": traverse, "Attribute": "kms_key_arn", "AttributeDataType": "string", "Expected": "<kms_key_arn>", "Actual": null }
+#}
+
+lambdaNotEncryptedWithKms[lambda.id] {
+  lambda := input.aws_lambda_function[_]
+  not lambda.config.kms_key_arn
+}