| agent: |
q3PLAaLey1Ft3YFfwTmTEvaluate each default security group to verify that they do not allow any inbound or outbound traffic.
Evaluate each default security group to verify that they do not allow any inbound or outbound traffic.
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.
Evaluates each default security group to verify that they do not allow any inbound or outbound traffic and tabulates the compliance results.
inputs
outputs
import boto3
import json
# Retrieve AWS credentials from environment variables
aws_access_key_id = getEnvVar('AWS_ACCESS_KEY_ID')
aws_secret_access_key = getEnvVar('AWS_SECRET_ACCESS_KEY')
# Initialize a session using Amazon EC2
session = boto3.Session(
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
region_name='us-east-2'
)
ec2_client = session.client('ec2')
# Retrieve all regions
regions = [region['RegionName'] for region in ec2_client.describe_regions()['Regions']]
# List to store compliance results
compliance_results = []
# Iterate over each region
for region in regions:
ec2_client = session.client('ec2', region_name=region)
# Describe all VPCs
vpcs = ec2_client.describe_vpcs()['Vpcs']
# Iterate over each VPC
for vpc in vpcs:
# Describe security groups for the VPC
security_groups = ec2_client.describe_security_groups(Filters=[{'Name': 'vpc-id', 'Values': [vpc['VpcId']]}])['SecurityGroups']
# Filter default security groups
for sg in security_groups:
if sg['GroupName'] == 'default':
# Check if there are any inbound or outbound rules
if sg['IpPermissions'] or sg['IpPermissionsEgress']:
compliance_results.append({
'VpcId': vpc['VpcId'],
'SecurityGroupId': sg['GroupId'],
'Compliance': 'NON_COMPLIANT'
})
else:
compliance_results.append({
'VpcId': vpc['VpcId'],
'SecurityGroupId': sg['GroupId'],
'Compliance': 'COMPLIANT'
})
# Print compliance results
print(json.dumps(compliance_results, indent=4, default=str))
copied