UPD: Added more services to the review

aws/AwsEnvReview.py

@@ -155,6 +155,32 @@ for r in regions:
             outTable.append([r, aid, i.get("PublicIp")])
 printResult(outTable, "Region, AccountID, PublicIp")
 
+printTitle("Security group review")
+printSubTitle("[Security] Security group allowing ingress from 0.0.0.0/0 - Consider setting more restrictive sg rules")
+outTable = []
+
+for r in regions:
+    client = boto3.client('ec2', region_name=r)
+    response = client.describe_security_groups()
+    for sg in jmespath.search("SecurityGroups[*].GroupId", response):
+        sgrResp = client.describe_security_group_rules(
+            Filters=[
+                {
+                    'Name': 'group-id',
+                    'Values': [sg]
+                },
+            ],
+        )
+        for sgr in sgrResp.get("SecurityGroupRules"):
+            if (not sgr.get("IsEgress")
+                    and sgr.get("CidrIpv4") == "0.0.0.0/0"
+                    and sgr.get("FromPort") != 443
+                    and sgr.get("ToPort") != 443
+                    and sgr.get("FromPort") != 80
+                    and sgr.get("ToPort") != 80):
+                outTable.append([r, aid, sg, sgr.get("SecurityGroupRuleId"), sgr.get("FromPort"), sgr.get("ToPort")])
+printResult(outTable, "Region, AccountID, SecurityGroup, Rule, FromPort, ToPort")
+
 printTitle("Rds service review")
 printSubTitle("[Security] Unencrypted RDS instances - Consider encrypting RDS instances")
 outTable = []
@@ -365,8 +391,9 @@ for r in regions:
 printResult(outTable, "Region, AccountID, VpnConnection, TunnelCount")
 
 
+
+
 # TODO
 """
-- SG allowing public access
 - config enabled for all regions
 """