UPD: improved sgr check

aws/AwsEnvReview.py

@@ -164,30 +164,21 @@ for r in regions:
 printResult(outTable, "Region, AccountID, PublicIp")
 
 printTitle("Security group review")
-printSubTitle("[Security] Security group allowing ingress from 0.0.0.0/0 - Consider setting more restrictive rules "
+printSubTitle("[Security] Security group rules allowing ingress from 0.0.0.0/0 - Consider setting more restrictive rules "
               "allowing access from specific sources.")
 outTable = []
 
 for r in regions:
     client = boto3.client('ec2', region_name=r)
-    response = client.describe_security_groups()
+    response = client.describe_security_group_rules()
-    for sg in jmespath.search("SecurityGroups[*].GroupId", response):
+    for sgr in jmespath.search("SecurityGroupRules[?IsEgress==`false`]", response):
-        sgrResp = client.describe_security_group_rules(
-            Filters=[
-                {
-                    'Name': 'group-id',
-                    'Values': [sg]
-                },
-            ],
-        )
-        for sgr in sgrResp.get("SecurityGroupRules"):
         if (not sgr.get("IsEgress")
                 and sgr.get("CidrIpv4") == "0.0.0.0/0"
                 and sgr.get("FromPort") != 443
                 and sgr.get("ToPort") != 443
                 and sgr.get("FromPort") != 80
                 and sgr.get("ToPort") != 80):
-                outTable.append([r, aid, sg, sgr.get("SecurityGroupRuleId"), sgr.get("FromPort"), sgr.get("ToPort")])
+            outTable.append([r, aid, sgr.get("GroupId"), sgr.get("SecurityGroupRuleId"), sgr.get("FromPort"), sgr.get("ToPort")])
 printResult(outTable, "Region, AccountID, SecurityGroup, Rule, FromPort, ToPort")
 
 printTitle("Rds service review")