List and Identify AWS security groups where incoming SSH traffic (port 22) is open to 0.0.0.0/0 or ::/0 and flag them as NON_COMPLIANT, while marking others as COMPLIANT.

import boto3 import json # Initialize boto3 client for EC2 client = boto3.client('ec2', region_name='us-east-2', aws_access_key_id=getEnvVar('AWS_ACCESS_KEY_ID'), aws_secret_access_key=getEnvVar('AWS_SECRET_ACCESS_KEY')) # Retrieve all security groups response = client.describe_security_groups() security_groups = response.get('SecurityGroups', []) # Prepare table compliance_table = context.newtable() compliance_table.num_rows = len(security_groups) + 1 compliance_table.num_cols = 3 compliance_table.title = "Security Group Compliance" compliance_table.has_header_row = True # Set header row compliance_table.setval(0, 0, "Security Group ID") compliance_table.setval(0, 1, "Security Group Name") compliance_table.setval(0, 2, "Compliance Status") # Check each security group for SSH access open to the world for idx, sg in enumerate(security_groups, start=1): sg_id = sg.get('GroupId', 'Unknown') sg_name = sg.get('GroupName', 'Unknown') compliance_status = "COMPLIANT" for permission in sg.get('IpPermissions', []): if permission.get('FromPort') == 22 and permission.get('ToPort') == 22: for ip_range in permission.get('IpRanges', []): if ip_range.get('CidrIp') == '0.0.0.0/0': compliance_status = "NON_COMPLIANT" for ipv6_range in permission.get('Ipv6Ranges', []): if ipv6_range.get('CidrIpv6') == '::/0': compliance_status = "NON_COMPLIANT" # Set values in the table compliance_table.setval(idx, 0, sg_id) compliance_table.setval(idx, 1, sg_name) compliance_table.setval(idx, 2, compliance_status) print("Security Group Compliance Table Created Successfully")