func FindUnusedSecurityGroupRules()

in vpc-utils/awsutils.go [154:202]

• 38 lines of code
• 10 McCabe index (conditional complexity)

func FindUnusedSecurityGroupRules(ctx context.Context, ec2Client *ec2.Client, securityHubClient *securityhub.Client) ([]SecurityGroupRuleDetails, error) {

	findings, err := common.ReturnFindings(ctx, securityHubClient, "EC2.2", 100)
	if err != nil {
		return nil, err
	}

	securityGroups := []string{}
	for _, finding := range findings.Findings {
		for _, resource := range finding.Resources {
			sgId := IdFromArn(*resource.Id)
			securityGroups = append(securityGroups, sgId)
		}
	}

	unusedSecurityGroups, err := findUnusedSecurityGroups(ctx, ec2Client, securityGroups)
	if err != nil {
		return nil, err
	}
	securityGroupRuleDetails := []SecurityGroupRuleDetails{}

	for _, sg := range unusedSecurityGroups {
		rules, err := getSecurityGroupRuleDetails(ctx, ec2Client, sg)
		if err != nil {
			return nil, err
		}
		securityGroupRuleDetails = append(securityGroupRuleDetails, rules...)
	}

	if len(securityGroupRuleDetails) > 0 {

		fmt.Println("Ingress/egress rules on unused default security groups:")

		// Print out results as a table
		w := tabwriter.NewWriter(os.Stdout, 0, 0, 1, ' ', tabwriter.Debug)
		fmt.Fprintln(w, "Security Group\tVPC Name\tVPC ID\tRule Id\tFrom Port\tTo Port\tIP Protocol\tDirection")
		for _, sg := range securityGroupRuleDetails {
			fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%d\t%d\t%s\t%s\n", sg.SecurityGroup, sg.VpcDetails.VpcName, sg.VpcDetails.VpcId, sg.Rule.GroupRuleId, sg.Rule.FromPort, sg.Rule.ToPort, sg.Rule.IpProtocol, sg.Rule.Direction)
		}

		err = w.Flush()
	}

	if err != nil {
		return nil, err
	}

	return securityGroupRuleDetails, nil
}