diff --git a/.github/workflows/actions/scan-infra/action.yml b/.github/workflows/actions/scan-infra/action.yml
new file mode 100644
index 00000000..89609397
--- /dev/null
+++ b/.github/workflows/actions/scan-infra/action.yml
@@ -0,0 +1,24 @@
+name: Scan Infra
+
+inputs:
+  working_directory:
+    description: "Folder location where the TF scripts lives"
+    required: true
+  environment:
+    description: "Environment name"
+    required: true
+
+jobs:
+  tfsec:
+    name: Scan Terraform Code
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: tfsec
+        uses: aquasecurity/tfsec-action@v1.0.3
+        with:
+          working_directory: ${{ inputs.working_directory }}
+          additional_args: "--tfvars-file=${{ inputs.working_directory }}/${{ inputs.environment }}.tfvars"
+          soft_fail: false
+          github_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/aws-template-terraform.yml b/.github/workflows/aws-template-terraform.yml
index 9e2f78a0..640002bf 100644
--- a/.github/workflows/aws-template-terraform.yml
+++ b/.github/workflows/aws-template-terraform.yml
@@ -54,19 +54,10 @@ jobs:
 
   scan:
     name: Scan TF Code
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-      - name: tfsec
-        uses: aquasecurity/tfsec-action@v1.0.3
-        with:
-          working_directory: ${{ inputs.CONTEXT_FOLDER }}
-          soft_fail: false
+    uses: ./.github/workflows/actions/scan-infra
+    with:
+      working_directory: ${{ inputs.CONTEXT_FOLDER }}
+      environment: ${{ inputs.ENVIRONMENT_NAME }}
     needs: [check_changes]
 
   deploy_infra: