CKV_TF_3 doesn't fully support partial S3 backend configurations

[srgoni]

Describe the issue
In #6927 , a fix for partial S3 backend configurations was introduced, but it only works when the backend block is completely empty, requiring a full external backend configuration to make the check succeed.

Since only some configuration options are actually mandatory, it would make sense to base the decision if the check should be executed (or result set to UNKNOWN) only on the required options, as described in https://developer.hashicorp.com/terraform/language/backend/s3#configuration .

If all required options are specified, it is reasonable to assume they form the whole configuration or a working default set. If any of them are missing, they are guaranteed to require an external backend config.

Examples
Please share an example code sample (in the IaC of your choice) + the expected outcomes.

# backend.tf
terraform {
  backend "s3" {
    key = "terraform.tfstate"
    region = "us-east-1"
    encrypt = true
  }
}

# backend.config
bucket = "example-s3-state"
dynamodb_table = "example-dynamodb-lock"

Version (please complete the following information):

• Checkov Version 3.2.346

Additional context
These options are required at this time: region, bucket and key.

[tsmithv11]

We're removing this check with #6937

[tsmithv11]

The check was removed. We may add it back in the future and will consider this scenario. Thanks for reporting.