tfsec is not evaluating my variables

[balq60]

Here is my module:

resource "aws_iam_account_password_policy" "default" {
provider = aws.src
count = var.password_policy_definition.create_policy ? 1 : 0
minimum_password_length = var.password_policy_definition.minimum_password_length
password_reuse_prevention = var.password_policy_definition.password_reuse_prevention
require_lowercase_characters = var.password_policy_definition.require_lowercase_characters
require_numbers = var.password_policy_definition.require_numbers
require_uppercase_characters = var.password_policy_definition.require_uppercase_characters
require_symbols = var.password_policy_definition.require_symbols
allow_users_to_change_password = var.password_policy_definition.allow_users_to_change_password
max_password_age = var.password_policy_definition.max_password_age
hard_expiry = var.password_policy_definition.hard_expiry
}

here is my variable definition:
variable "password_policy_definition" {
description = <<-EOF
Variable definition for password_policy_definition configuration options, including:

Attributes:
- tagging_config: Object contains the configuration for tagging
  - environment_name: Name of the environment this will be deployed to. (Test, Staging, Prod, Shared, PlayGround)
  - tag_owner: Value for Owner for the default tags.
  - tag_project: Value for Project for the default tags.
  - tag_feature: Value for Feature for the default tags.
- password_config:
  - create_policy: Whether to run the module or not
  - max_password_age: (Optional) The number of days that an user password is valid.
  - minimum_password_length: (Optional) Minimum length to require for user passwords.
  - password_reuse_prevention: (Optional) The number of previous passwords that users are prevented from reusing.
  - require_lowercase_characters: (Optional) Whether to require lowercase characters for user passwords.
  - require_numbers: (Optional) Whether to require numbers for user passwords.
  - require_uppercase_characters: (Optional) Whether to require uppercase characters for user passwords.
  - require_symbols: (Optional) Whether to require symbols for user passwords.
  - allow_users_to_change_password: (Optional) Whether to allow users to change their own password
  - hard_expiry: (Optional) Whether users are prevented from setting a new password after their password has expired (i.e., require administrator reset)

EOF
type = object({
tagging_config = object({
environment_name = string
tag_owner = string
tag_project = string
tag_feature = string
})
password_config = object({
create_policy = bool
max_password_age = number
minimum_password_length = number
password_reuse_prevention = number
require_lowercase_characters = bool
require_numbers = bool
require_uppercase_characters = bool
require_symbols = bool
allow_users_to_change_password = bool
hard_expiry = bool
})
})
default = {
tagging_config = {
environment_name = "Test"
tag_owner = "Sample Company"
tag_project = "Sample Project"
tag_feature = "IAM Password Policy"
}
password_config = {
create_policy = true
max_password_age = 90
minimum_password_length = 14
password_reuse_prevention = 5
require_lowercase_characters = true
require_numbers = true
require_uppercase_characters = true
require_symbols = true
allow_users_to_change_password = true
hard_expiry = false
}
}
}

tfsec is throwing errors and is not SEEING my default variables setting, but when I run my Terraform apply, all the values are set correctly in AWS.