in bucket-utils/awsutils.go [110:135]
func FindBucketsToBlock(ctx context.Context, securityHubClient *securityhub.Client, s3Client *s3.Client, cfnClient *cloudformation.Client, bucketCount int32, exclusions []string) ([]string, error) {
failingBuckets, err := findFailingBuckets(ctx, securityHubClient, bucketCount)
if err != nil {
return nil, err
}
failingBucketCount := len(failingBuckets)
excludedBuckets := append(listBucketsInStacks(ctx, cfnClient), exclusions...)
fmt.Println("\nBuckets to exclude:")
bucketsToBlock := common.Complement(failingBuckets, excludedBuckets)
bucketsToBlockCount := len(bucketsToBlock)
bucketsToSkipCount := failingBucketCount - bucketsToBlockCount
fmt.Println("\nBlocking the following buckets:")
for idx, bucket := range bucketsToBlock {
fmt.Println(idx+1, bucket)
}
fmt.Print("\n")
fmt.Println(failingBucketCount, "failing buckets found.")
fmt.Println(bucketsToBlockCount, "to block, and", bucketsToSkipCount, "to skip.")
return bucketsToBlock, nil
}