Give me the number of AWS security groups by region and identify non-compliant groups where inbound TCP traffic is allowed from unrestricted sources (0.0.0.0/0 or ::/0), listing non-compliant security groups, open ports, and CIDR ranges.

import boto3 import json def get_security_groups_by_region(regions): aws_access_key_id = getEnvVar('AWS_ACCESS_KEY_ID') aws_secret_access_key = getEnvVar('AWS_SECRET_ACCESS_KEY') security_group_summary = {} for region in regions: ec2_client = boto3.client('ec2', region_name=region, aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key) response = ec2_client.describe_security_groups() security_groups = response.get('SecurityGroups', []) total_groups = len(security_groups) non_compliant_groups = [] for sg in security_groups: group_id = sg.get('GroupId') group_name = sg.get('GroupName') for permission in sg.get('IpPermissions', []): if permission.get('IpProtocol') == 'tcp': for ip_range in permission.get('IpRanges', []): cidr_ip = ip_range.get('CidrIp') if cidr_ip == '0.0.0.0/0': non_compliant_groups.append({ 'GroupId': group_id, 'GroupName': group_name, 'Port': permission.get('FromPort'), 'CidrIp': cidr_ip }) for ipv6_range in permission.get('Ipv6Ranges', []): cidr_ipv6 = ipv6_range.get('CidrIpv6') if cidr_ipv6 == '::/0': non_compliant_groups.append({ 'GroupId': group_id, 'GroupName': group_name, 'Port': permission.get('FromPort'), 'CidrIpv6': cidr_ipv6 }) security_group_summary[region] = { 'TotalSecurityGroups': total_groups, 'NonCompliantGroups': non_compliant_groups } return security_group_summary security_group_summary = get_security_groups_by_region(regions) print(json.dumps(security_group_summary, indent=4, default=str))