Evaluate all default security groups in every Amazon VPC and verify that they do not allow any inbound or outbound traffic; return NON_COMPLIANT if any default security group has one or more inbound or outbound rules. Tabulate the results.

import boto3 import json # Retrieve AWS credentials from environment variables aws_access_key_id = getEnvVar('AWS_ACCESS_KEY_ID') aws_secret_access_key = getEnvVar('AWS_SECRET_ACCESS_KEY') # Initialize a session using Amazon EC2 session = boto3.Session( aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, region_name='us-east-2' ) ec2_client = session.client('ec2') # Retrieve all regions regions = [region['RegionName'] for region in ec2_client.describe_regions()['Regions']] # List to store all VPCs vpcs = [] # Iterate over each region for region in regions: ec2_client = session.client('ec2', region_name=region) # Describe all VPCs vpcs_in_region = ec2_client.describe_vpcs()['Vpcs'] vpcs.extend(vpcs_in_region) # Print all VPCs print(json.dumps(vpcs, indent=4, default=str))

import boto3 import json # Retrieve AWS credentials from environment variables aws_access_key_id = getEnvVar('AWS_ACCESS_KEY_ID') aws_secret_access_key = getEnvVar('AWS_SECRET_ACCESS_KEY') # Initialize a session using Amazon EC2 session = boto3.Session( aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, region_name='us-east-2' ) ec2_client = session.client('ec2') # Retrieve all regions regions = [region['RegionName'] for region in ec2_client.describe_regions()['Regions']] # List to store all default security groups default_security_groups = [] # Iterate over each region for region in regions: ec2_client = session.client('ec2', region_name=region) # Describe all VPCs vpcs = ec2_client.describe_vpcs()['Vpcs'] # Iterate over each VPC for vpc in vpcs: # Describe security groups for the VPC security_groups = ec2_client.describe_security_groups(Filters=[{'Name': 'vpc-id', 'Values': [vpc['VpcId']]}])['SecurityGroups'] # Filter default security groups for sg in security_groups: if sg['GroupName'] == 'default': default_security_groups.append(sg) # Print all default security groups print(json.dumps(default_security_groups, indent=4, default=str))

import boto3 import json # Retrieve AWS credentials from environment variables aws_access_key_id = getEnvVar('AWS_ACCESS_KEY_ID') aws_secret_access_key = getEnvVar('AWS_SECRET_ACCESS_KEY') # Initialize a session using Amazon EC2 session = boto3.Session( aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, region_name='us-east-2' ) ec2_client = session.client('ec2') # Retrieve all regions regions = [region['RegionName'] for region in ec2_client.describe_regions()['Regions']] # List to store compliance results compliance_results = [] # Iterate over each region for region in regions: ec2_client = session.client('ec2', region_name=region) # Describe all VPCs vpcs = ec2_client.describe_vpcs()['Vpcs'] # Iterate over each VPC for vpc in vpcs: # Describe security groups for the VPC security_groups = ec2_client.describe_security_groups(Filters=[{'Name': 'vpc-id', 'Values': [vpc['VpcId']]}])['SecurityGroups'] # Filter default security groups for sg in security_groups: if sg['GroupName'] == 'default': # Check if there are any inbound or outbound rules if sg['IpPermissions'] or sg['IpPermissionsEgress']: compliance_results.append({ 'VpcId': vpc['VpcId'], 'SecurityGroupId': sg['GroupId'], 'Compliance': 'NON_COMPLIANT' }) else: compliance_results.append({ 'VpcId': vpc['VpcId'], 'SecurityGroupId': sg['GroupId'], 'Compliance': 'COMPLIANT' }) # Print compliance results print(json.dumps(compliance_results, indent=4, default=str))