Sensitive attributes such as passwords and API tokens should not be available in your templates, especially in a plaintext form. You can declare variables to hold the secrets, assuming you can provide values for those variables in a secure fashion. Alternatively, you can store these secrets in a secure secret store, such as AWS KMS.
NOTE: It is also recommended to store your Terraform state in an encrypted form.
The following example will fail the GEN001 check.
The following example will pass the GEN001 check.