Describe the issue
CKV_AWS_18 and CKV2_AWS_61 respectively only look for the logging and lifecycle_rule attributes existing in the aws_s3_bucket resource. This works fine when scanning .tf files directly, but when scanning terraform plans instead, those fields will always be set to an empty list value even when no lifecycle / logging configuration is provided, meaning the checks will always pass.

A correct approach would be to check that at least one entry is in those lists, e.g.

    - cond_type: attribute
      resource_types:
        - aws_s3_bucket
      attribute: logging
      operator: length_greater_than
      value: "0"

Examples
N/A

Version (please complete the following information):

• Checkov Version 3.2.489

Additional context
N/A