diff --git a/.github/workflows/ci-integration-tests.yaml b/.github/workflows/ci-integration-tests.yaml
index 7e18a18c..eef94e19 100644
--- a/.github/workflows/ci-integration-tests.yaml
+++ b/.github/workflows/ci-integration-tests.yaml
@@ -53,8 +53,6 @@ jobs:
           kubectl get deployments -n sfc-tests-kitchen-singlek8s
           kubectl describe deployment cloud-connector -n sfc-tests-kitchen-singlek8s
           kubectl logs deployment.apps/cloud-connector -n sfc-tests-kitchen-singlek8s
-          kubectl logs deployment.apps/cloud-scanning -n sfc-tests-kitchen-singlek8s
-
 
       - name: Destroy single-account-k8s resources
         env:
@@ -85,8 +83,6 @@ jobs:
           kubectl get deployments -n sfc-tests-kitchen-singlek8s
           kubectl describe deployment cloud-connector -n sfc-tests-kitchen-orgk8s
           kubectl logs deployment.apps/cloud-connector -n sfc-tests-kitchen-orgk8s
-          kubectl logs deployment.apps/cloud-scanning -n sfc-tests-kitchen-orgk8s
-
 
       - name: Destroy org-k8s test
         env:
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 4730a937..ac5e1f07 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -23,6 +23,7 @@ repos:
     rev: v1.50.0
     hooks:
       - id: terraform_fmt
+#      - id: terraform_validate
       - id: terraform_docs
         args:
           - '--args=--sort-by required'
diff --git a/examples-internal/single-account-scanning/main.tf b/examples-internal/single-account-scanning/main.tf
deleted file mode 100644
index 9fb8b0d7..00000000
--- a/examples-internal/single-account-scanning/main.tf
+++ /dev/null
@@ -1,69 +0,0 @@
-provider "aws" {
-  region = var.region
-}
-
-#-------------------------------------
-# general resources
-#-------------------------------------
-
-module "resource_group" {
-  source = "../../modules/infrastructure/resource-group"
-  name   = var.name
-  tags   = var.tags
-}
-
-module "cloudtrail" {
-  source                = "../../modules/infrastructure/cloudtrail"
-  name                  = var.name
-  is_organizational     = false
-  is_multi_region_trail = var.cloudtrail_is_multi_region_trail
-  cloudtrail_kms_enable = var.cloudtrail_kms_enable
-
-  tags = var.tags
-}
-
-module "ecs_fargate_cluster" {
-  source = "../../modules/infrastructure/ecs-fargate-cluster"
-  name   = var.name
-  tags   = var.tags
-}
-
-
-module "ssm" {
-  source                  = "../../modules/infrastructure/ssm"
-  name                    = var.name
-  sysdig_secure_api_token = var.sysdig_secure_api_token
-}
-
-
-module "codebuild" {
-  source                       = "../../modules/infrastructure/codebuild"
-  name                         = var.name
-  secure_api_token_secret_name = module.ssm.secure_api_token_secret_name
-
-  tags = var.tags
-  # note. this is required to avoid race conditions
-  depends_on = [module.ssm]
-}
-
-
-module "cloud_scanning" {
-  source = "../../modules/services/cloud-scanning"
-  name   = "${var.name}-cloudscanning"
-
-  sysdig_secure_endpoint       = var.sysdig_secure_endpoint
-  secure_api_token_secret_name = module.ssm.secure_api_token_secret_name
-
-  build_project_arn  = module.codebuild.project_arn
-  build_project_name = module.codebuild.project_name
-
-  sns_topic_arn = module.cloudtrail.sns_topic_arn
-
-  ecs_cluster = module.ecs_fargate_cluster.id
-  vpc_id      = module.ecs_fargate_cluster.vpc_id
-  vpc_subnets = module.ecs_fargate_cluster.vpc_subnets
-
-  tags = var.tags
-  # note. this is required to avoid race conditions
-  depends_on = [module.cloudtrail, module.ecs_fargate_cluster, module.codebuild, module.ssm]
-}
diff --git a/examples-internal/single-account-scanning/outputs.tf b/examples-internal/single-account-scanning/outputs.tf
deleted file mode 100644
index e69de29b..00000000
diff --git a/examples-internal/single-account-scanning/variables.tf b/examples-internal/single-account-scanning/variables.tf
deleted file mode 100644
index 84a5b90c..00000000
--- a/examples-internal/single-account-scanning/variables.tf
+++ /dev/null
@@ -1,58 +0,0 @@
-variable "sysdig_secure_api_token" {
-  sensitive   = true
-  type        = string
-  description = "Sysdig Secure API token"
-}
-
-
-#---------------------------------
-# optionals - with defaults
-#---------------------------------
-
-#
-# cloudtrail configuration
-#
-
-variable "cloudtrail_is_multi_region_trail" {
-  type        = bool
-  default     = true
-  description = "testing/economization purpose. true/false whether cloudtrail will ingest multiregional events"
-}
-
-variable "cloudtrail_kms_enable" {
-  type        = bool
-  default     = true
-  description = "testing/economization purpose. true/false whether s3 should be encrypted"
-}
-
-
-#
-# general
-#
-
-variable "name" {
-  type        = string
-  description = "Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances"
-  default     = "sfc"
-}
-
-
-variable "region" {
-  type        = string
-  default     = "eu-central-1"
-  description = "Default region for resource creation in both organization management and secure-for-cloud member account"
-}
-
-variable "sysdig_secure_endpoint" {
-  type        = string
-  default     = "https://secure.sysdig.com"
-  description = "Sysdig Secure API endpoint"
-}
-
-variable "tags" {
-  type        = map(string)
-  description = "sysdig secure-for-cloud tags"
-  default = {
-    "product" = "sysdig-secure-for-cloud"
-  }
-}
diff --git a/examples-internal/single-account-scanning/versions.tf b/examples-internal/single-account-scanning/versions.tf
deleted file mode 100644
index ed2c3cdc..00000000
--- a/examples-internal/single-account-scanning/versions.tf
+++ /dev/null
@@ -1,8 +0,0 @@
-terraform {
-  required_version = ">= 0.15.0"
-  required_providers {
-    aws = {
-      version = ">= 3.50.0"
-    }
-  }
-}
diff --git a/modules/infrastructure/permissions/ecs-org-role/README.md b/modules/infrastructure/permissions/ecs-org-role/README.md
index 6500cc00..ca23ac9d 100644
--- a/modules/infrastructure/permissions/ecs-org-role/README.md
+++ b/modules/infrastructure/permissions/ecs-org-role/README.md
@@ -5,11 +5,11 @@ The aim of this module is to manage the organizational **managed account** requi
 1. Enables Cloudtrail SNS subscription permissions through a role specified within the Sysdig Secure workload **member account**
 2. Creates a role in the organizational **managed account** with the required permissions
 
-* Threat-Detection through [cloud-connector](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/tree/master/modules/services/cloud-connector).
+* Threat-Detection
   * S3 Get and List permissions in order to fetch the events
   * SNS Subscription permissions in order to subscribe a topic to it
 
-* Image scanning through [cloud-scanning](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/tree/master/modules/services/cloud-scanning).
+* Image scanning
   * Enable this role to assumeRole to member accounts through the `organizational_role_per_account` role,
     in order to be able to fetch images that may be in member-account repositories
 
diff --git a/modules/infrastructure/permissions/eks-org-role/README.md b/modules/infrastructure/permissions/eks-org-role/README.md
index d64e4270..84d25a95 100644
--- a/modules/infrastructure/permissions/eks-org-role/README.md
+++ b/modules/infrastructure/permissions/eks-org-role/README.md
@@ -5,11 +5,11 @@ The aim of this module is to manage the organizational **managed account** requi
 1. Enables Cloudtrail SNS subscription permissions through a role specified within the Sysdig Secure workload **member account**
 2. Creates a role in the organizational **managed account** with the required permissions
 
-* Threat-Detection through [cloud-connector](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/tree/master/modules/services/cloud-connector).
+* Threat-Detection
   * S3 Get and List permissions in order to fetch the events
   * SNS Subscription permissions in order to subscribe a topic to it
 
-* Image scanning through [cloud-scanning](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/tree/master/modules/services/cloud-scanning).
+* Image scanning
   * Enable this role to assumeRole to member accounts through the `organizational_role_per_account` role,
     in order to be able to fetch images that may be in member-account repositories
 
diff --git a/modules/infrastructure/permissions/general/README.md b/modules/infrastructure/permissions/general/README.md
index c2e75bd0..e65cce8d 100644
--- a/modules/infrastructure/permissions/general/README.md
+++ b/modules/infrastructure/permissions/general/README.md
@@ -1,6 +1,6 @@
 # Permissions :: General
 
-General permissions that apply to both cloud-connector and cloud-scanning modules
+General permissions that apply to both threat-detection (cloud-connector) and image-scanning (cloud-scanning) features
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
diff --git a/modules/services/cloud-scanning/README.md b/modules/services/cloud-scanning/README.md
deleted file mode 100644
index ec3189d4..00000000
--- a/modules/services/cloud-scanning/README.md
+++ /dev/null
@@ -1,92 +0,0 @@
-# Cloud Connector
-
-A task deployed on an **ECS deployment** will detect new images and will trigger image scans based on changes in your infrastructure into
-a **Code Build** run that will evaluate its status.
-
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.50.0 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.50.0 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_cloud_scanning_sqs"></a> [cloud\_scanning\_sqs](#module\_cloud\_scanning\_sqs) | ../../infrastructure/sqs-sns-subscription |  |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_cloudwatch_log_group.log](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
-| [aws_cloudwatch_log_stream.stream](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_stream) | resource |
-| [aws_ecs_service.service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource |
-| [aws_ecs_task_definition.task_definition](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource |
-| [aws_iam_role.execution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role.task](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy.ecr_reader](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_iam_role_policy.execution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_iam_role_policy.secrets_reader](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_iam_role_policy.task](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_iam_role_policy.task_definition_reader](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_iam_role_policy.task_read_parameters](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_iam_role_policy.trigger_scan](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_security_group.sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
-| [aws_ecs_cluster.ecs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecs_cluster) | data source |
-| [aws_iam_policy_document.ecr_reader](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.execution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.execution_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.iam_role_task_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.secrets_reader](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.task_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.task_definition_reader](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.task_read_parameters](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.trigger_scan](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_role.task_inherited](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source |
-| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
-| [aws_ssm_parameter.sysdig_secure_api_token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_build_project_arn"></a> [build\_project\_arn](#input\_build\_project\_arn) | Code Build project arn | `string` | n/a | yes |
-| <a name="input_build_project_name"></a> [build\_project\_name](#input\_build\_project\_name) | Code Build project name | `string` | n/a | yes |
-| <a name="input_ecs_cluster"></a> [ecs\_cluster](#input\_ecs\_cluster) | ECS Fargate Cluster where deploy the CloudConnector workload | `string` | n/a | yes |
-| <a name="input_secure_api_token_secret_name"></a> [secure\_api\_token\_secret\_name](#input\_secure\_api\_token\_secret\_name) | Sysdig Secure API Token secret name | `string` | n/a | yes |
-| <a name="input_sns_topic_arn"></a> [sns\_topic\_arn](#input\_sns\_topic\_arn) | CloudTrail module created SNS Topic ARN | `string` | n/a | yes |
-| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC where the workload is deployed | `string` | n/a | yes |
-| <a name="input_vpc_subnets"></a> [vpc\_subnets](#input\_vpc\_subnets) | Subnets where the CloudScanning will be deployed | `list(string)` | n/a | yes |
-| <a name="input_cloudwatch_log_retention"></a> [cloudwatch\_log\_retention](#input\_cloudwatch\_log\_retention) | Days to keep logs for CloudScanning | `number` | `5` | no |
-| <a name="input_extra_env_vars"></a> [extra\_env\_vars](#input\_extra\_env\_vars) | Extra environment variables for the Cloud Scanning deployment | `map(string)` | `{}` | no |
-| <a name="input_image"></a> [image](#input\_image) | Image of the cloud scanning to deploy | `string` | `"quay.io/sysdig/cloud-scanning:latest"` | no |
-| <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational) | whether secure-for-cloud should be deployed in an organizational setup | `bool` | `false` | no |
-| <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc-cloudscanning"` | no |
-| <a name="input_organizational_config"></a> [organizational\_config](#input\_organizational\_config) | organizational\_config. following attributes must be given<br><ul><br>    <li>`sysdig_secure_for_cloud_role_arn` for cloud-connector assumeRole in order to read cloudtrail s3 events</li><br>    <li>`scanning_ecs_task_role_name` which has been granted trusted-relationship over the secure\_for\_cloud\_role</li><br>    <li>`organizational_role_per_account` is the name of the organizational role deployed by AWS in each account of the organization</li><br></ul> | <pre>object({<br>    sysdig_secure_for_cloud_role_arn = string<br>    organizational_role_per_account  = string<br>    scanning_ecs_task_role_name      = string<br>  })</pre> | <pre>{<br>  "organizational_role_per_account": "",<br>  "scanning_ecs_task_role_name": "",<br>  "sysdig_secure_for_cloud_role_arn": ""<br>}</pre> | no |
-| <a name="input_scanning_ecs_task_role_name"></a> [scanning\_ecs\_task\_role\_name](#input\_scanning\_ecs\_task\_role\_name) | Default ecs cloudscanning task role name | `string` | `"ECSTaskRole"` | no |
-| <a name="input_sysdig_secure_endpoint"></a> [sysdig\_secure\_endpoint](#input\_sysdig\_secure\_endpoint) | Sysdig Secure API endpoint | `string` | `"https://secure.sysdig.com"` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | sysdig secure-for-cloud tags | `map(string)` | <pre>{<br>  "product": "sysdig-secure-for-cloud"<br>}</pre> | no |
-| <a name="input_verify_ssl"></a> [verify\_ssl](#input\_verify\_ssl) | true/false to determine ssl secure connection verification | `bool` | `true` | no |
-
-## Outputs
-
-No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-
-## Authors
-
-Module is maintained and supported by [Sysdig](https://sysdig.com).
-
-## License
-
-Apache 2 Licensed. See LICENSE for full details.
diff --git a/modules/services/cloud-scanning/cloudwatch.tf b/modules/services/cloud-scanning/cloudwatch.tf
deleted file mode 100644
index 5522e926..00000000
--- a/modules/services/cloud-scanning/cloudwatch.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-resource "aws_cloudwatch_log_group" "log" {
-  name_prefix       = var.name
-  retention_in_days = var.cloudwatch_log_retention
-  tags              = var.tags
-}
-
-resource "aws_cloudwatch_log_stream" "stream" {
-  name           = "alerts"
-  log_group_name = aws_cloudwatch_log_group.log.name
-}
diff --git a/modules/services/cloud-scanning/ecs-service-security.tf b/modules/services/cloud-scanning/ecs-service-security.tf
deleted file mode 100644
index 58ed57a2..00000000
--- a/modules/services/cloud-scanning/ecs-service-security.tf
+++ /dev/null
@@ -1,185 +0,0 @@
-data "aws_ssm_parameter" "sysdig_secure_api_token" {
-  name = var.secure_api_token_secret_name
-}
-
-locals {
-  ecs_task_role_id          = var.is_organizational ? data.aws_iam_role.task_inherited[0].id : aws_iam_role.task[0].id
-  ecs_task_role_arn         = var.is_organizational ? data.aws_iam_role.task_inherited[0].arn : aws_iam_role.task[0].arn
-  ecs_task_role_name_suffix = var.is_organizational ? var.organizational_config.scanning_ecs_task_role_name : var.scanning_ecs_task_role_name
-}
-
-#---------------------------------
-# task role
-# notes
-# - duplicated in /examples/organizational/credentials.tf, where root lvl role is created, to avoid cyclic dependencies
-#---------------------------------
-data "aws_iam_role" "task_inherited" {
-  count = var.is_organizational ? 1 : 0
-  name  = var.organizational_config.scanning_ecs_task_role_name
-}
-resource "aws_iam_role" "task" {
-  count              = var.is_organizational ? 0 : 1
-  name               = "${var.name}-${local.ecs_task_role_name_suffix}"
-  assume_role_policy = data.aws_iam_policy_document.task_assume_role[0].json
-  path               = "/"
-  tags               = var.tags
-}
-data "aws_iam_policy_document" "task_assume_role" {
-  count = var.is_organizational ? 0 : 1
-  statement {
-    effect = "Allow"
-    principals {
-      identifiers = ["ecs-tasks.amazonaws.com"]
-      type        = "Service"
-    }
-    actions = ["sts:AssumeRole"]
-  }
-}
-
-resource "aws_iam_role_policy" "task" {
-  name   = "${var.name}-TaskRolePolicy"
-  role   = local.ecs_task_role_id
-  policy = data.aws_iam_policy_document.iam_role_task_role_policy.json
-}
-data "aws_iam_policy_document" "iam_role_task_role_policy" {
-  statement {
-    effect = "Allow"
-    actions = [
-      "s3:GetObject",
-      "s3:ListBucket",
-    ]
-    resources = ["*"]
-  }
-  statement {
-    effect = "Allow"
-    actions = [
-      "sqs:DeleteMessage",
-      "sqs:DeleteMessageBatch",
-      "sqs:ReceiveMessage"
-    ]
-    resources = [module.cloud_scanning_sqs.cloudtrail_sns_subscribed_sqs_arn]
-  }
-}
-
-resource "aws_iam_role_policy" "trigger_scan" {
-  name   = "${var.name}-TriggerScan"
-  role   = local.ecs_task_role_id
-  policy = data.aws_iam_policy_document.trigger_scan.json
-}
-data "aws_iam_policy_document" "trigger_scan" {
-  statement {
-    effect = "Allow"
-    actions = [
-      "codebuild:StartBuild"
-    ]
-    resources = [var.build_project_arn]
-  }
-}
-
-resource "aws_iam_role_policy" "task_definition_reader" {
-  name   = "TaskDefinitionReader"
-  role   = local.ecs_task_role_id
-  policy = data.aws_iam_policy_document.task_definition_reader.json
-}
-data "aws_iam_policy_document" "task_definition_reader" {
-  statement {
-    effect = "Allow"
-    actions = [
-      "ecs:DescribeTaskDefinition"
-    ]
-    resources = ["*"]
-  }
-}
-
-resource "aws_iam_role_policy" "secrets_reader" {
-  name   = "SecretsReader"
-  role   = local.ecs_task_role_id
-  policy = data.aws_iam_policy_document.secrets_reader.json
-}
-data "aws_iam_policy_document" "secrets_reader" {
-  statement {
-    effect = "Allow"
-    actions = [
-      "kms:Decrypt",
-      "secretsmanager:GetSecretValue"
-    ]
-    resources = ["*"]
-  }
-}
-
-resource "aws_iam_role_policy" "ecr_reader" {
-  name   = "ECRReader"
-  role   = local.ecs_task_role_id
-  policy = data.aws_iam_policy_document.ecr_reader.json
-}
-data "aws_iam_policy_document" "ecr_reader" {
-  statement {
-    effect = "Allow"
-    actions = [
-      "ecr:GetAuthorizationToken",
-      "ecr:BatchCheckLayerAvailability",
-      "ecr:GetDownloadUrlForLayer",
-      "ecr:GetRepositoryPolicy",
-      "ecr:DescribeRepositories",
-      "ecr:ListImages",
-      "ecr:DescribeImages",
-      "ecr:BatchGetImage",
-      "ecr:GetLifecyclePolicy",
-      "ecr:GetLifecyclePolicyPreview",
-      "ecr:ListTagsForResource",
-      "ecr:DescribeImageScanFindings"
-    ]
-    resources = ["*"]
-  }
-}
-
-
-#---------------------------------
-# execution role
-# This role is required by tasks to pull container images and publish container logs to Amazon CloudWatch on your behalf.
-#---------------------------------
-resource "aws_iam_role" "execution" {
-  name               = "${var.name}-ECSTaskExecutionRole"
-  assume_role_policy = data.aws_iam_policy_document.execution_assume_role.json
-  path               = "/"
-  tags               = var.tags
-}
-data "aws_iam_policy_document" "execution_assume_role" {
-  statement {
-    effect = "Allow"
-    principals {
-      identifiers = ["ecs-tasks.amazonaws.com"]
-      type        = "Service"
-    }
-    actions = ["sts:AssumeRole"]
-  }
-}
-
-resource "aws_iam_role_policy" "execution" {
-  name   = "${var.name}-ExecutionRolePolicy"
-  policy = data.aws_iam_policy_document.execution.json
-  role   = aws_iam_role.execution.id
-}
-data "aws_iam_policy_document" "execution" {
-  statement {
-    effect = "Allow"
-    actions = [
-      "logs:CreateLogStream",
-      "logs:PutLogEvents"
-    ]
-    resources = ["*"]
-  }
-}
-
-resource "aws_iam_role_policy" "task_read_parameters" {
-  name   = "${var.name}-TaskReadParameters"
-  policy = data.aws_iam_policy_document.task_read_parameters.json
-  role   = aws_iam_role.execution.id
-}
-data "aws_iam_policy_document" "task_read_parameters" {
-  statement {
-    effect    = "Allow"
-    actions   = ["ssm:GetParameters"]
-    resources = [data.aws_ssm_parameter.sysdig_secure_api_token.arn]
-  }
-}
diff --git a/modules/services/cloud-scanning/ecs-service.tf b/modules/services/cloud-scanning/ecs-service.tf
deleted file mode 100644
index ee875143..00000000
--- a/modules/services/cloud-scanning/ecs-service.tf
+++ /dev/null
@@ -1,104 +0,0 @@
-data "aws_ecs_cluster" "ecs" {
-  cluster_name = var.ecs_cluster
-}
-
-resource "aws_ecs_service" "service" {
-  name          = var.name
-  cluster       = data.aws_ecs_cluster.ecs.id
-  desired_count = 1
-  launch_type   = "FARGATE"
-
-  network_configuration {
-    subnets         = var.vpc_subnets
-    security_groups = [aws_security_group.sg.id]
-  }
-  task_definition = aws_ecs_task_definition.task_definition.arn
-  tags            = var.tags
-}
-
-
-resource "aws_ecs_task_definition" "task_definition" {
-  family                   = var.name
-  requires_compatibilities = ["FARGATE"]
-  network_mode             = "awsvpc"
-  execution_role_arn       = aws_iam_role.execution.arn # ARN of the task execution role that the Amazon ECS container agent and the Docker daemon can assume
-  task_role_arn            = local.ecs_task_role_arn    # ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS resource-group.
-  cpu                      = "256"
-  memory                   = "512"
-
-  container_definitions = jsonencode([
-    {
-      environment = local.task_env_vars
-      name        = "CloudScanning"
-      image       = var.image
-      essential   = true
-      secrets = [
-        {
-          name      = "SECURE_API_TOKEN"
-          valueFrom = var.secure_api_token_secret_name
-        }
-      ]
-      portMappings = [{
-        containerPort = 5000
-      }]
-      logConfiguration = {
-        logDriver = "awslogs"
-        options = {
-          awslogs-group         = aws_cloudwatch_log_group.log.id
-          awslogs-region        = data.aws_region.current.name
-          awslogs-stream-prefix = "ecs"
-        }
-      }
-    },
-  ])
-  tags = var.tags
-}
-
-locals {
-  task_env_vars = concat([
-    {
-      name  = "VERIFY_SSL"
-      value = tostring(local.verify_ssl)
-    },
-    {
-      name  = "TELEMETRY_DEPLOYMENT_METHOD"
-      value = "terraform"
-    },
-    {
-      name  = "SECURE_URL"
-      value = var.sysdig_secure_endpoint
-    },
-    {
-      name  = "SQS_QUEUE_URL"
-      value = module.cloud_scanning_sqs.cloudtrail_sns_subscribed_sqs_url
-    },
-    {
-      name  = "SQS_QUEUE_INTERVAL"
-      value = "30s"
-    },
-    {
-      name  = "CODEBUILD_PROJECT"
-      value = var.build_project_name
-    },
-    {
-      name  = "SECURE_API_TOKEN_SECRET"
-      value = var.secure_api_token_secret_name
-    }
-    ],
-    local.task_organizational_env_vars,
-    [for env_key, env_value in var.extra_env_vars : {
-      name  = env_key,
-      value = env_value
-    }]
-  )
-  task_organizational_env_vars = [
-    {
-      name  = "MASTER_ORGANIZATION_ROLE"
-      value = var.is_organizational ? var.organizational_config.sysdig_secure_for_cloud_role_arn : ""
-    },
-    {
-      name  = "ORGANIZATIONAL_ROLE_PER_ACCOUNT"
-      value = var.is_organizational ? var.organizational_config.organizational_role_per_account : ""
-    }
-  ]
-}
diff --git a/modules/services/cloud-scanning/main.tf b/modules/services/cloud-scanning/main.tf
deleted file mode 100644
index 12479223..00000000
--- a/modules/services/cloud-scanning/main.tf
+++ /dev/null
@@ -1,5 +0,0 @@
-data "aws_region" "current" {}
-
-locals {
-  verify_ssl = var.verify_ssl == "auto" ? length(regexall("https://.*?\\.sysdig(cloud)?.com/?", var.sysdig_secure_endpoint)) == 1 : var.verify_ssl == "true"
-}
diff --git a/modules/services/cloud-scanning/outputs.tf b/modules/services/cloud-scanning/outputs.tf
deleted file mode 100644
index e69de29b..00000000
diff --git a/modules/services/cloud-scanning/sec-group.tf b/modules/services/cloud-scanning/sec-group.tf
deleted file mode 100644
index 0b140652..00000000
--- a/modules/services/cloud-scanning/sec-group.tf
+++ /dev/null
@@ -1,23 +0,0 @@
-resource "aws_security_group" "sg" {
-  vpc_id      = var.vpc_id
-  name        = var.name
-  description = "CloudScanning workload Security Group"
-
-  # allow all (protocol -1, from 0, to 0)
-  ingress {
-    from_port   = 0
-    protocol    = "-1"
-    to_port     = 0
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  # allow all
-  egress {
-    from_port   = 0
-    protocol    = "-1"
-    to_port     = 0
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  tags = var.tags
-}
diff --git a/modules/services/cloud-scanning/sqs.tf b/modules/services/cloud-scanning/sqs.tf
deleted file mode 100644
index 059abb2b..00000000
--- a/modules/services/cloud-scanning/sqs.tf
+++ /dev/null
@@ -1,6 +0,0 @@
-module "cloud_scanning_sqs" {
-  source        = "../../infrastructure/sqs-sns-subscription"
-  name          = var.name
-  sns_topic_arn = var.sns_topic_arn
-  tags          = var.tags
-}
diff --git a/modules/services/cloud-scanning/variables.tf b/modules/services/cloud-scanning/variables.tf
deleted file mode 100644
index 749bb894..00000000
--- a/modules/services/cloud-scanning/variables.tf
+++ /dev/null
@@ -1,132 +0,0 @@
-#---------------------------------
-# cloud-scanning specific
-#---------------------------------
-variable "secure_api_token_secret_name" {
-  type        = string
-  description = "Sysdig Secure API Token secret name"
-}
-
-variable "build_project_arn" {
-  type        = string
-  description = "Code Build project arn"
-}
-
-variable "build_project_name" {
-  type        = string
-  description = "Code Build project name"
-}
-
-
-variable "sns_topic_arn" {
-  type        = string
-  description = "CloudTrail module created SNS Topic ARN"
-}
-
-variable "ecs_cluster" {
-  type        = string
-  description = "ECS Fargate Cluster where deploy the CloudConnector workload"
-}
-
-
-#---------------------------------
-# vpc
-#---------------------------------
-variable "vpc_id" {
-  type        = string
-  description = "VPC where the workload is deployed"
-}
-
-variable "vpc_subnets" {
-  type        = list(string)
-  description = "Subnets where the CloudScanning will be deployed"
-}
-
-
-#---------------------------------
-# optionals - with default
-#---------------------------------
-
-#
-# cloud-scanning specific
-#
-
-variable "image" {
-  type        = string
-  default     = "quay.io/sysdig/cloud-scanning:latest"
-  description = "Image of the cloud scanning to deploy"
-}
-
-variable "scanning_ecs_task_role_name" {
-  type        = string
-  default     = "ECSTaskRole"
-  description = "Default ecs cloudscanning task role name"
-}
-
-variable "cloudwatch_log_retention" {
-  type        = number
-  default     = 5
-  description = "Days to keep logs for CloudScanning"
-}
-
-variable "verify_ssl" {
-  type        = bool
-  default     = true
-  description = "true/false to determine ssl secure connection verification"
-}
-
-variable "extra_env_vars" {
-  type        = map(string)
-  default     = {}
-  description = "Extra environment variables for the Cloud Scanning deployment"
-}
-
-variable "is_organizational" {
-  type        = bool
-  default     = false
-  description = "whether secure-for-cloud should be deployed in an organizational setup"
-}
-
-variable "organizational_config" {
-  type = object({
-    sysdig_secure_for_cloud_role_arn = string
-    organizational_role_per_account  = string
-    scanning_ecs_task_role_name      = string
-  })
-  default = {
-    sysdig_secure_for_cloud_role_arn = ""
-    organizational_role_per_account  = ""
-    scanning_ecs_task_role_name      = ""
-  }
-
-  description = <<-EOT
-    organizational_config. following attributes must be given
-    <ul>
-        <li>`sysdig_secure_for_cloud_role_arn` for cloud-connector assumeRole in order to read cloudtrail s3 events</li>
-        <li>`scanning_ecs_task_role_name` which has been granted trusted-relationship over the secure_for_cloud_role</li>
-        <li>`organizational_role_per_account` is the name of the organizational role deployed by AWS in each account of the organization</li>
-    </ul>
-  EOT
-}
-
-#
-# general
-#
-variable "sysdig_secure_endpoint" {
-  type        = string
-  default     = "https://secure.sysdig.com"
-  description = "Sysdig Secure API endpoint"
-}
-
-variable "name" {
-  type        = string
-  default     = "sfc-cloudscanning"
-  description = "Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances"
-}
-
-variable "tags" {
-  type        = map(string)
-  description = "sysdig secure-for-cloud tags"
-  default = {
-    "product" = "sysdig-secure-for-cloud"
-  }
-}
diff --git a/modules/services/cloud-scanning/versions.tf b/modules/services/cloud-scanning/versions.tf
deleted file mode 100644
index ed2c3cdc..00000000
--- a/modules/services/cloud-scanning/versions.tf
+++ /dev/null
@@ -1,8 +0,0 @@
-terraform {
-  required_version = ">= 0.15.0"
-  required_providers {
-    aws = {
-      version = ">= 3.50.0"
-    }
-  }
-}