[
  {
    "path": ".coveragerc",
    "content": "[report]\ninclude =   ScoutSuite/*.py\n            ScoutSuite/core/*.py\n            ScoutSuite/output/*.py\n            ScoutSuite/providers/aws/*.py\n            ScoutSuite/providers/aws/facade/*.py\n            ScoutSuite/providers/aws/resources/*.py\n            ScoutSuite/providers/azure/*.py\n            ScoutSuite/providers/azure/facade/*.py\n            ScoutSuite/providers/azure/resources/*.py\n            ScoutSuite/providers/gcp/*.py\n            ScoutSuite/providers/gcp/facade/*.py\n            ScoutSuite/providers/gcp/resources/*.py\n"
  },
  {
    "path": ".flake8",
    "content": "[flake8]\nselect =\n    E901,\n    E999,\n    F821,\n    F822,\n    F823\nstatistics = True\nshow-source = True\nmax-line-length = 127\nmax-complexity = 10\nexclude =\n    .git,\n    __pycache__,\n    docs/source/conf.py,\n    old,\n    build,\n    dist,\n    venv\n\n[pycodestyle]\nmax_line_length = 127\nignore = E501"
  },
  {
    "path": ".github/ISSUE_TEMPLATE/bug_report.md",
    "content": "---\nname: Bug report\nabout: Create a report to help us improve Scout Suite!\ntitle: ''\nlabels: bug, potential\nassignees: ''\n\n---\n\n**Describe the bug**\n\nPlease provide:\n\n- A clear and concise description of what the bug is.\n- Console output using the `--debug` argument.\n- If possible, the errors JSON file generated at the end of execution (the CLI output will provide the path to this file). The file can be sent to <scoutsuite@nccgroup.com> to avoid including sensitive content in the GitHub issue.\n\n**To Reproduce**\n\nPlease provide:\n\n- The **exact** CLI parameters used to run Scout Suite.\n- Any specific configuration within the cloud account which might have lead to the issue.\n\n**Additional context**\n\nAdd any other context about the problem here.\n"
  },
  {
    "path": ".github/ISSUE_TEMPLATE/feature_request.md",
    "content": "---\nname: Feature request\nabout: Suggest an idea to improve Scout Suite!\ntitle: ''\nlabels: enhancement\nassignees: ''\n\n---\n\n**Is your feature request related to a problem? Please describe.**\n\nA clear and concise description of what the problem is. Ex. I'm always frustrated when [...]\n\n**Describe the solution you'd like**\n\nA clear and concise description of what you want to happen.\n\n**Describe alternatives you've considered**\n\nA clear and concise description of any alternative solutions or features you've considered.\n\n**Additional context**\n\nAdd any other context or screenshots about the feature request here.\n"
  },
  {
    "path": ".github/PULL_REQUEST_TEMPLATE.md",
    "content": "# Description\n\n**Make sure the PR is against the `develop` branch (see [Contributing](https://github.com/nccgroup/ScoutSuite/blob/master/CONTRIBUTING.md)).**\n\n**Make sure to set the corresponding milestone in the PR.**\n\nPlease include a summary of the change(s) and which issue(s) it addresses. Please also include relevant motivation and context.\n\nFixes # (issue)\n\n## Type of change\n\nSelect the relevant option(s):\n\n- [ ] Bug fix (non-breaking change which fixes an issue)\n- [ ] New feature (non-breaking change which adds functionality)\n- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)\n- [ ] This change requires a documentation update\n\n## Checklist:\n\n- [ ] My code follows the style guidelines of this project\n- [ ] I have performed a self-review of my own code\n- [ ] I have commented my code, particularly in hard-to-understand areas\n- [ ] My changes generate no new warnings\n- [ ] I have added tests that prove my fix is effective or that my feature works (optional)\n- [ ] New and existing unit tests pass locally with my changes\n"
  },
  {
    "path": ".github/workflows/frontend-build.yml",
    "content": "name: Fronted Build CI (dummy version)\n\non:\n  # Triggers the workflow on push or pull request events but only for the master branch\n  push:\n    branches: [ v6-master ]\n\njobs:\n  test:\n    runs-on: ubuntu-18.04\n    steps:\n      - name: Show environment v1\n        run: env | grep ^GITHUB\n      - name: Show ref v1\n        run: echo \"===============> Version from $GITHUB_REF\""
  },
  {
    "path": ".github/workflows/testing.yml",
    "content": "name: CI Workflow\n\non:\n  push:\n    branches:\n      - develop\n      - master\n  pull_request:\n\n\njobs:\n  build:\n\n    runs-on: ubuntu-20.04\n    strategy:\n      matrix:\n        python-version: ['3.9', '3.10', '3.11']\n\n    steps:\n    - uses: actions/checkout@v3\n    - name: Set up Python ${{ matrix.python-version }}\n      uses: actions/setup-python@v4\n      with:\n        python-version: ${{ matrix.python-version }}\n    - name: Cache pip\n      uses: actions/cache@v2\n      with:\n        # This path is specific to Ubuntu\n        path: ~/.cache/pip\n        # Look to see if there is a cache hit for the corresponding requirements file\n        key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }}\n        restore-keys: |\n          ${{ runner.os }}-pip-\n          ${{ runner.os }}-\n    - name: Install dependencies\n      run: |\n        python -m pip install --upgrade pip\n        pip install -U setuptools\n        pip install -r dev-requirements.txt\n    - name: Lint with flake8\n      run: |\n        # stop the build if there are Python syntax errors or undefined names\n        flake8 .\n        # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide\n        flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics\n    - name: Autopep 8\n      run: |\n        autopep8 --diff --recursive --max-line-length=127 .\n    - name: Test with pytest and generate coverage report\n      run: |\n        python -m pytest --cov=./ --cov-report=xml\n    - name: Upload coverage to Codecov\n      uses: codecov/codecov-action@v1\n      with:\n        file: ./coverage.xml\n"
  },
  {
    "path": ".gitignore",
    "content": "# virtualenv \nenv/\nvenv/\n\n# Compiled files\n*.py[cod]\n\n# C extensions\n*.so\n\n# Packages\n*.egg\n*.egg-info\n.eggs\n.cache/\ndist\nbuild\neggs\nparts\nbin\nvar\nsdist\ndevelop-eggs\n.installed.cfg\nlib\nlib64\n__pycache__\n\n# Installer logs\npip-log.txt\n\n# Unit test / coverage reports\n.coverage\n.tox\nnosetests.xml\n\n# Translations\n*.mo\n\n# Mr Developer\n.mr.developer.cfg\n.project\n.pydevproject\n\n# In case people do a `git add .` ...\n*.csv\n\n# Data folder and files\nscoutsuite-report*\ninc-scoutsuite-run*\nreport-*\n*.db\n\n# IntelliJ files\n.idea/\n*.iml\n\n# Vs Code\n.vscode/\n\n# Mac cruft\n.DS_Store\n\n# Emacs backups\n*~\n\n# Private files\n*private.*\n# Private folders\n/private*/\n/**/private*/\n\n#Profiling output\n*.prof\n\n!docker/bin"
  },
  {
    "path": "CODE_OF_CONDUCT.md",
    "content": "# Code of conduct \n\n## Our Pledge\nIn the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.\n\n## Our Standards\nExamples of behavior that contributes to creating a positive environment include:\n\n* Using welcoming and inclusive language\n* Being respectful of differing viewpoints and experiences\n* Gracefully accepting constructive criticism\n* Focusing on what is best for the community\n* Showing empathy towards other community members\n\nExamples of unacceptable behavior by participants include:\n\n* The use of sexualized language or imagery and unwelcome sexual attention or advances\n* Trolling, insulting/derogatory comments, and personal or political attacks\n* Public or private harassment\n* Publishing others’ private information, such as a physical or electronic address, without explicit permission\n* Other conduct which could reasonably be considered inappropriate in a professional setting\n\n## Our Responsibilities\n\nProject maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.\n\nProject maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.\n\n## Scope\n\nThis Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.\n\n## Enforcement\n\nInstances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at <scout@nccgroup.com>. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.\n\nProject maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project’s leadership.\n\n## Attribution\n\nThis Code of Conduct is adapted from the Contributor Covenant, version 1.4, available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html\n\nFor answers to common questions about this code of conduct, see https://www.contributor-covenant.org/faq\n"
  },
  {
    "path": "CONTRIBUTING.md",
    "content": "# Contributing \n\n## Table of Contents\n * [Introduction](#introduction)\n * [Getting started](#getting-started)\n * [How to report a bug](#How-to-report-a-bug)\n * [How to suggest a new feature](#How-to-suggest-a-new-feature)\n * [Code review process](#Code-review-process)\n\n## Introduction\n\nFirst off, thank you for considering contributing to Scout Suite, you're awesome! 🎉\n\nFollowing these guidelines helps to communicate that you respect the time of the developers managing and developing this open source project. In return, they should reciprocate that respect in addressing your issue, assessing changes, and helping you finalize your pull requests.\n\n## Getting started\n\nSo you want to contribute some code, that's great! This project follows the [GitHub Workflow](https://guides.github.com/introduction/flow/). \n\n1. If it's a complex issue, please describe how you plan on going about addressing it on the issue thread.\n2. Assign yourself to the issue\n3. Create a branch using the following naming convention:\n    * If it's a feature: `feature/issuenumber-descriptive-name` \n    * If it's a bug fix: `bugfix/issuenumber-descriptive-name` \n    * If it's a hot fix: `hotfix/issuenumber-descriptive-name` \n4. Implement your solution and the associated tests\n5. Make sure your code follows the [PEP8 guidelines](https://www.python.org/dev/peps/pep-0008/)\n6. [Create a pull request](https://help.github.com/articles/creating-a-pull-request/) against `develop`\n7. Wait for people to review it\n8. Address the comments people left on your pull request\n9. Go back to 7. and repeat until your PR is 💯 \n10. Wait for someone from the team to merge your PR\n\n## How to report a bug\n\nWhen filing an issue, make sure to answer these five questions:\n\n 1. What version of Python are you using?\n 2. What operating system and processor architecture are you using?\n 3. What did you do?\n 4. What did you expect to see?\n 5. What did you see instead?\n\n## How to suggest a new feature\n\nIf you find yourself wishing for a feature that doesn't exist in Scout Suite, you are probably not alone. There are bound to be others out there with similar needs. Many of the features that Scout Suite has today have been added because our users saw the need. Open an issue on our issues list on GitHub which describes the feature you would like to see, why you need it, and how it should work.\n\n## Code review process\n\nPull requests are regularly reviewed by the core team. We require a minimum of two reviewers before allowing to merge. \n"
  },
  {
    "path": "LICENSE",
    "content": "                    GNU GENERAL PUBLIC LICENSE\n                       Version 2, June 1991\n\n Copyright (C) 1989, 1991 Free Software Foundation, Inc.,\n 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n Everyone is permitted to copy and distribute verbatim copies\n of this license document, but changing it is not allowed.\n\n                            Preamble\n\n  The licenses for most software are designed to take away your\nfreedom to share and change it.  By contrast, the GNU General Public\nLicense is intended to guarantee your freedom to share and change free\nsoftware--to make sure the software is free for all its users.  This\nGeneral Public License applies to most of the Free Software\nFoundation's software and to any other program whose authors commit to\nusing it.  (Some other Free Software Foundation software is covered by\nthe GNU Lesser General Public License instead.)  You can apply it to\nyour programs, too.\n\n  When we speak of free software, we are referring to freedom, not\nprice.  Our General Public Licenses are designed to make sure that you\nhave the freedom to distribute copies of free software (and charge for\nthis service if you wish), that you receive source code or can get it\nif you want it, that you can change the software or use pieces of it\nin new free programs; and that you know you can do these things.\n\n  To protect your rights, we need to make restrictions that forbid\nanyone to deny you these rights or to ask you to surrender the rights.\nThese restrictions translate to certain responsibilities for you if you\ndistribute copies of the software, or if you modify it.\n\n  For example, if you distribute copies of such a program, whether\ngratis or for a fee, you must give the recipients all the rights that\nyou have.  You must make sure that they, too, receive or can get the\nsource code.  And you must show them these terms so they know their\nrights.\n\n  We protect your rights with two steps: (1) copyright the software, and\n(2) offer you this license which gives you legal permission to copy,\ndistribute and/or modify the software.\n\n  Also, for each author's protection and ours, we want to make certain\nthat everyone understands that there is no warranty for this free\nsoftware.  If the software is modified by someone else and passed on, we\nwant its recipients to know that what they have is not the original, so\nthat any problems introduced by others will not reflect on the original\nauthors' reputations.\n\n  Finally, any free program is threatened constantly by software\npatents.  We wish to avoid the danger that redistributors of a free\nprogram will individually obtain patent licenses, in effect making the\nprogram proprietary.  To prevent this, we have made it clear that any\npatent must be licensed for everyone's free use or not licensed at all.\n\n  The precise terms and conditions for copying, distribution and\nmodification follow.\n\n                    GNU GENERAL PUBLIC LICENSE\n   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n  0. This License applies to any program or other work which contains\na notice placed by the copyright holder saying it may be distributed\nunder the terms of this General Public License.  The \"Program\", below,\nrefers to any such program or work, and a \"work based on the Program\"\nmeans either the Program or any derivative work under copyright law:\nthat is to say, a work containing the Program or a portion of it,\neither verbatim or with modifications and/or translated into another\nlanguage.  (Hereinafter, translation is included without limitation in\nthe term \"modification\".)  Each licensee is addressed as \"you\".\n\nActivities other than copying, distribution and modification are not\ncovered by this License; they are outside its scope.  The act of\nrunning the Program is not restricted, and the output from the Program\nis covered only if its contents constitute a work based on the\nProgram (independent of having been made by running the Program).\nWhether that is true depends on what the Program does.\n\n  1. You may copy and distribute verbatim copies of the Program's\nsource code as you receive it, in any medium, provided that you\nconspicuously and appropriately publish on each copy an appropriate\ncopyright notice and disclaimer of warranty; keep intact all the\nnotices that refer to this License and to the absence of any warranty;\nand give any other recipients of the Program a copy of this License\nalong with the Program.\n\nYou may charge a fee for the physical act of transferring a copy, and\nyou may at your option offer warranty protection in exchange for a fee.\n\n  2. You may modify your copy or copies of the Program or any portion\nof it, thus forming a work based on the Program, and copy and\ndistribute such modifications or work under the terms of Section 1\nabove, provided that you also meet all of these conditions:\n\n    a) You must cause the modified files to carry prominent notices\n    stating that you changed the files and the date of any change.\n\n    b) You must cause any work that you distribute or publish, that in\n    whole or in part contains or is derived from the Program or any\n    part thereof, to be licensed as a whole at no charge to all third\n    parties under the terms of this License.\n\n    c) If the modified program normally reads commands interactively\n    when run, you must cause it, when started running for such\n    interactive use in the most ordinary way, to print or display an\n    announcement including an appropriate copyright notice and a\n    notice that there is no warranty (or else, saying that you provide\n    a warranty) and that users may redistribute the program under\n    these conditions, and telling the user how to view a copy of this\n    License.  (Exception: if the Program itself is interactive but\n    does not normally print such an announcement, your work based on\n    the Program is not required to print an announcement.)\n\nThese requirements apply to the modified work as a whole.  If\nidentifiable sections of that work are not derived from the Program,\nand can be reasonably considered independent and separate works in\nthemselves, then this License, and its terms, do not apply to those\nsections when you distribute them as separate works.  But when you\ndistribute the same sections as part of a whole which is a work based\non the Program, the distribution of the whole must be on the terms of\nthis License, whose permissions for other licensees extend to the\nentire whole, and thus to each and every part regardless of who wrote it.\n\nThus, it is not the intent of this section to claim rights or contest\nyour rights to work written entirely by you; rather, the intent is to\nexercise the right to control the distribution of derivative or\ncollective works based on the Program.\n\nIn addition, mere aggregation of another work not based on the Program\nwith the Program (or with a work based on the Program) on a volume of\na storage or distribution medium does not bring the other work under\nthe scope of this License.\n\n  3. You may copy and distribute the Program (or a work based on it,\nunder Section 2) in object code or executable form under the terms of\nSections 1 and 2 above provided that you also do one of the following:\n\n    a) Accompany it with the complete corresponding machine-readable\n    source code, which must be distributed under the terms of Sections\n    1 and 2 above on a medium customarily used for software interchange; or,\n\n    b) Accompany it with a written offer, valid for at least three\n    years, to give any third party, for a charge no more than your\n    cost of physically performing source distribution, a complete\n    machine-readable copy of the corresponding source code, to be\n    distributed under the terms of Sections 1 and 2 above on a medium\n    customarily used for software interchange; or,\n\n    c) Accompany it with the information you received as to the offer\n    to distribute corresponding source code.  (This alternative is\n    allowed only for noncommercial distribution and only if you\n    received the program in object code or executable form with such\n    an offer, in accord with Subsection b above.)\n\nThe source code for a work means the preferred form of the work for\nmaking modifications to it.  For an executable work, complete source\ncode means all the source code for all modules it contains, plus any\nassociated interface definition files, plus the scripts used to\ncontrol compilation and installation of the executable.  However, as a\nspecial exception, the source code distributed need not include\nanything that is normally distributed (in either source or binary\nform) with the major components (compiler, kernel, and so on) of the\noperating system on which the executable runs, unless that component\nitself accompanies the executable.\n\nIf distribution of executable or object code is made by offering\naccess to copy from a designated place, then offering equivalent\naccess to copy the source code from the same place counts as\ndistribution of the source code, even though third parties are not\ncompelled to copy the source along with the object code.\n\n  4. You may not copy, modify, sublicense, or distribute the Program\nexcept as expressly provided under this License.  Any attempt\notherwise to copy, modify, sublicense or distribute the Program is\nvoid, and will automatically terminate your rights under this License.\nHowever, parties who have received copies, or rights, from you under\nthis License will not have their licenses terminated so long as such\nparties remain in full compliance.\n\n  5. You are not required to accept this License, since you have not\nsigned it.  However, nothing else grants you permission to modify or\ndistribute the Program or its derivative works.  These actions are\nprohibited by law if you do not accept this License.  Therefore, by\nmodifying or distributing the Program (or any work based on the\nProgram), you indicate your acceptance of this License to do so, and\nall its terms and conditions for copying, distributing or modifying\nthe Program or works based on it.\n\n  6. Each time you redistribute the Program (or any work based on the\nProgram), the recipient automatically receives a license from the\noriginal licensor to copy, distribute or modify the Program subject to\nthese terms and conditions.  You may not impose any further\nrestrictions on the recipients' exercise of the rights granted herein.\nYou are not responsible for enforcing compliance by third parties to\nthis License.\n\n  7. If, as a consequence of a court judgment or allegation of patent\ninfringement or for any other reason (not limited to patent issues),\nconditions are imposed on you (whether by court order, agreement or\notherwise) that contradict the conditions of this License, they do not\nexcuse you from the conditions of this License.  If you cannot\ndistribute so as to satisfy simultaneously your obligations under this\nLicense and any other pertinent obligations, then as a consequence you\nmay not distribute the Program at all.  For example, if a patent\nlicense would not permit royalty-free redistribution of the Program by\nall those who receive copies directly or indirectly through you, then\nthe only way you could satisfy both it and this License would be to\nrefrain entirely from distribution of the Program.\n\nIf any portion of this section is held invalid or unenforceable under\nany particular circumstance, the balance of the section is intended to\napply and the section as a whole is intended to apply in other\ncircumstances.\n\nIt is not the purpose of this section to induce you to infringe any\npatents or other property right claims or to contest validity of any\nsuch claims; this section has the sole purpose of protecting the\nintegrity of the free software distribution system, which is\nimplemented by public license practices.  Many people have made\ngenerous contributions to the wide range of software distributed\nthrough that system in reliance on consistent application of that\nsystem; it is up to the author/donor to decide if he or she is willing\nto distribute software through any other system and a licensee cannot\nimpose that choice.\n\nThis section is intended to make thoroughly clear what is believed to\nbe a consequence of the rest of this License.\n\n  8. If the distribution and/or use of the Program is restricted in\ncertain countries either by patents or by copyrighted interfaces, the\noriginal copyright holder who places the Program under this License\nmay add an explicit geographical distribution limitation excluding\nthose countries, so that distribution is permitted only in or among\ncountries not thus excluded.  In such case, this License incorporates\nthe limitation as if written in the body of this License.\n\n  9. The Free Software Foundation may publish revised and/or new versions\nof the General Public License from time to time.  Such new versions will\nbe similar in spirit to the present version, but may differ in detail to\naddress new problems or concerns.\n\nEach version is given a distinguishing version number.  If the Program\nspecifies a version number of this License which applies to it and \"any\nlater version\", you have the option of following the terms and conditions\neither of that version or of any later version published by the Free\nSoftware Foundation.  If the Program does not specify a version number of\nthis License, you may choose any version ever published by the Free Software\nFoundation.\n\n  10. If you wish to incorporate parts of the Program into other free\nprograms whose distribution conditions are different, write to the author\nto ask for permission.  For software which is copyrighted by the Free\nSoftware Foundation, write to the Free Software Foundation; we sometimes\nmake exceptions for this.  Our decision will be guided by the two goals\nof preserving the free status of all derivatives of our free software and\nof promoting the sharing and reuse of software generally.\n\n                            NO WARRANTY\n\n  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY\nFOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN\nOTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES\nPROVIDE THE PROGRAM \"AS IS\" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED\nOR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF\nMERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS\nTO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE\nPROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,\nREPAIR OR CORRECTION.\n\n  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING\nWILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR\nREDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,\nINCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING\nOUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED\nTO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY\nYOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER\nPROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE\nPOSSIBILITY OF SUCH DAMAGES.\n"
  },
  {
    "path": "MANIFEST.in",
    "content": "include LICENSE\ninclude README.md\ninclude requirements.txt\nrecursive-include ScoutSuite/data *\nrecursive-include ScoutSuite/output/data *\nrecursive-include ScoutSuite/providers/aws *\nrecursive-include ScoutSuite/providers/aws/rules *\nrecursive-include ScoutSuite/providers/azure *\nrecursive-include ScoutSuite/providers/azure/rules *\nrecursive-include ScoutSuite/providers/gcp *\nrecursive-include ScoutSuite/providers/gcp/rules *\nrecursive-include ScoutSuite/providers/aliyun *\nrecursive-include ScoutSuite/providers/aliyun/rules *\nrecursive-include ScoutSuite/providers/oci *\nrecursive-include ScoutSuite/providers/oci/rules *\nrecursive-include ScoutSuite/providers/kubernetes *\nrecursive-include ScoutSuite/providers/kubernetes/rules *"
  },
  {
    "path": "README.md",
    "content": "<p align=\"center\">\n  <img src=\"https://user-images.githubusercontent.com/4206926/49877604-10457580-fe26-11e8-92d7-cd876c4f6454.png\" width=350/>\n</p>\n\n#\n\n[![Workflow](https://github.com/nccgroup/ScoutSuite/workflows/CI%20Workflow/badge.svg)](https://github.com/nccgroup/ScoutSuite/actions)\n[![CodeCov](https://codecov.io/gh/nccgroup/ScoutSuite/branch/master/graph/badge.svg)](https://codecov.io/gh/nccgroup/ScoutSuite)\n\n[![PyPI version](https://badge.fury.io/py/ScoutSuite.svg)](https://badge.fury.io/py/ScoutSuite)\n[![PyPI downloads](https://img.shields.io/pypi/dm/scoutsuite)](https://img.shields.io/pypi/dm/scoutsuite)\n[![Docker Hub](https://img.shields.io/badge/Docker%20Hub-rossja%2Fncc--scoutsuite-blue)](https://hub.docker.com/r/rossja/ncc-scoutsuite/)\n[![Docker Pulls](https://img.shields.io/docker/pulls/rossja/ncc-scoutsuite.svg?style=flat-square)](https://hub.docker.com/r/rossja/ncc-scoutsuite/)\n\n## Description\n\nScout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.\n\nScout Suite was designed by security consultants/auditors. It is meant to provide a point-in-time security-oriented view of the cloud account it was run in. Once the data has been gathered, all usage may be performed offline.\n\nThe project team can be contacted at <scoutsuite@nccgroup.com>.\n\n### Cloud Provider Support\n\nThe following cloud providers are currently supported:\n\n- Amazon Web Services\n- Microsoft Azure\n- Google Cloud Platform\n- Alibaba Cloud (alpha)\n- Oracle Cloud Infrastructure (alpha)\n- Kubernetes clusters on a cloud provider (alpha)\n- DigitalOcean Cloud (alpha)\n\n## Installation\n\nRefer to the [wiki](https://github.com/nccgroup/ScoutSuite/wiki/Setup).\n\n## Usage\n\nScout Suite is run through the CLI:\n\n![Running Scout Suite](https://user-images.githubusercontent.com/13310971/78389085-22659d00-75b0-11ea-9f22-ea6fcaa6a1cd.gif)\n\nOnce this has completed, it will generate an HTML report including findings and Cloud account configuration:\n\n![Scout Suite Report](https://user-images.githubusercontent.com/13310971/77861662-342bf680-71e4-11ea-8eed-ccaeb78c5f45.gif)\n\nThe above report was generated by running Scout Suite against https://github.com/nccgroup/sadcloud.\n\nAdditional information can be found in the [wiki](https://github.com/nccgroup/ScoutSuite/wiki). \nThere are also a number of handy [tools](https://github.com/nccgroup/ScoutSuite/tree/master/tools) for automation of common tasks.\n\n\n"
  },
  {
    "path": "ScoutSuite/__init__.py",
    "content": "__author__ = 'NCC Group'\n__version__ = '5.14.0'\n\nERRORS_LIST = []\n\nDEFAULT_REPORT_DIRECTORY = 'scoutsuite-report'\nDEFAULT_REPORT_RESULTS_DIRECTORY = 'scoutsuite-results'\nDEFAULT_INCLUDES_DIRECTORY = 'inc-scoutsuite'\n"
  },
  {
    "path": "ScoutSuite/__main__.py",
    "content": "import asyncio\nimport os\nimport webbrowser\n\nfrom asyncio_throttle import Throttler\nfrom ScoutSuite import ERRORS_LIST\n\nfrom concurrent.futures import ThreadPoolExecutor\n\nfrom ScoutSuite.core.cli_parser import ScoutSuiteArgumentParser\nfrom ScoutSuite.core.console import set_logger_configuration, print_info, print_exception\nfrom ScoutSuite.core.exceptions import RuleExceptions\nfrom ScoutSuite.core.processingengine import ProcessingEngine\nfrom ScoutSuite.core.ruleset import Ruleset\nfrom ScoutSuite.core.server import Server\nfrom ScoutSuite.output.html import ScoutReport\nfrom ScoutSuite.output.utils import get_filename\nfrom ScoutSuite.providers import get_provider\nfrom ScoutSuite.providers.base.authentication_strategy_factory import get_authentication_strategy\n# Dirty workaround for compatibility with Python >= 3.10\nimport collections\ncollections.Callable = collections.abc.Callable\n\n\ndef run_from_cli():\n    parser = ScoutSuiteArgumentParser()\n    args = parser.parse_args()\n\n    # Get the dictionary to get None instead of a crash\n    args = args.__dict__\n\n    # TODO provider-specific arguments should be prepended with the provider's code\n    #  (e.g. aws_profile, azure_user_account)\n\n    try:\n        return run(provider=args.get('provider'),\n                   # AWS\n                   profile=args.get('profile'),\n                   aws_access_key_id=args.get('aws_access_key_id'),\n                   aws_secret_access_key=args.get('aws_secret_access_key'),\n                   aws_session_token=args.get('aws_session_token'),\n                   # Azure\n                   cli=args.get('cli'),\n                   user_account=args.get('user_account'),\n                   user_account_browser=args.get('user_account_browser'),\n                   service_account=args.get('service_account'),\n                   msi=args.get('msi'),\n                   service_principal=args.get('service_principal'), file_auth=args.get('file_auth'),\n                   client_id=args.get('client_id'), client_secret=args.get('client_secret'),\n                   username=args.get('username'), password=args.get('password'),\n                   tenant_id=args.get('tenant_id'),\n                   subscription_ids=args.get('subscription_ids'), all_subscriptions=args.get('all_subscriptions'),\n                   # GCP\n                   project_id=args.get('project_id'), folder_id=args.get('folder_id'),\n                   organization_id=args.get('organization_id'), all_projects=args.get('all_projects'),\n                   # Aliyun\n                   access_key_id=args.get('access_key_id'), access_key_secret=args.get('access_key_secret'),\n                   # Kubernetes\n                   kubernetes_cluster_provider=args.get('kubernetes_cluster_provider'),\n                   kubernetes_config_file=args.get('kubernetes_config_file'),\n                   kubernetes_context=args.get('kubernetes_context'),\n                   kubernetes_persist_config=args.get('kubernetes_persist_config'),\n                   kubernetes_azure_subscription_id=args.get('kubernetes_azure_subscription_id'),\n                   #DigitalOcean\n                   token=args.get('token'),\n                   access_key=args.get('access_key'),\n                   access_secret=args.get('access_secret'),\n                   # General\n                   report_name=args.get('report_name'), report_dir=args.get('report_dir'),\n                   timestamp=args.get('timestamp'),\n                   services=args.get('services'), skipped_services=args.get('skipped_services'),\n                   list_services=args.get('list_services'),\n                   result_format=args.get('result_format'),\n                   database_name=args.get('database_name'),\n                   host_ip=args.get('host_ip'),\n                   host_port=args.get('host_port'),\n                   max_workers=args.get('max_workers'),\n                   regions=args.get('regions'),\n                   excluded_regions=args.get('excluded_regions'),\n                   fetch_local=args.get('fetch_local'), update=args.get('update'),\n                   max_rate=args.get('max_rate'),\n                   ip_ranges=args.get('ip_ranges'), ip_ranges_name_key=args.get('ip_ranges_name_key'),\n                   ruleset=args.get('ruleset'), exceptions=args.get('exceptions'),\n                   force_write=args.get('force_write'),\n                   debug=args.get('debug'),\n                   quiet=args.get('quiet'),\n                   log_file=args.get('log_file'),\n                   no_browser=args.get('no_browser'),\n                   programmatic_execution=False)\n    except (KeyboardInterrupt, SystemExit):\n        print_info('Exiting')\n        return 130\n\n\ndef run(provider,\n        # AWS\n        profile=None,\n        aws_access_key_id=None,\n        aws_secret_access_key=None,\n        aws_session_token=None,\n        # Azure\n        user_account=False,\n        user_account_browser=False,\n        cli=False, msi=False, service_principal=False, file_auth=None,\n        client_id=None, client_secret=None,\n        username=None, password=None,\n        tenant_id=None,\n        subscription_ids=None, all_subscriptions=None,\n        # GCP\n        service_account=None,\n        project_id=None, folder_id=None, organization_id=None, all_projects=False,\n        # Aliyun\n        access_key_id=None, access_key_secret=None,\n        # Kubernetes\n        kubernetes_cluster_provider=None,\n        kubernetes_config_file=None,\n        kubernetes_context=None,\n        kubernetes_persist_config=True,\n        kubernetes_azure_subscription_id=None,\n        #DigitalOcean\n        token=None,\n        access_key=None,\n        access_secret=None,\n        # General\n        report_name=None, report_dir=None,\n        timestamp=False,\n        services=[], skipped_services=[], list_services=None,\n        result_format='json',\n        database_name=None, host_ip='127.0.0.1', host_port=8000,\n        max_workers=10,\n        regions=[],\n        excluded_regions=[],\n        fetch_local=False, update=False,\n        max_rate=None,\n        ip_ranges=[], ip_ranges_name_key='name',\n        ruleset='default.json', exceptions=None,\n        force_write=False,\n        debug=False,\n        quiet=False,\n        log_file=None,\n        no_browser=False,\n        programmatic_execution=True):\n    \"\"\"\n    Run a scout job in an async event loop.\n    \"\"\"\n\n    loop = asyncio.get_event_loop()\n    if loop.is_closed():\n        loop = asyncio.new_event_loop()\n    # Set the throttler within the loop so it's accessible later on\n    loop.throttler = Throttler(rate_limit=max_rate if max_rate else 999999, period=1)\n    loop.set_default_executor(ThreadPoolExecutor(max_workers=max_workers))\n    result = loop.run_until_complete(_run(**locals()))  # pass through all the parameters\n    loop.close()\n    return result\n\n\nasync def _run(provider,\n               # AWS\n               profile,\n               aws_access_key_id,\n               aws_secret_access_key,\n               aws_session_token,\n               # Azure\n               cli, user_account, user_account_browser,\n               msi, service_principal, file_auth,\n               tenant_id,\n               subscription_ids, all_subscriptions,\n               client_id, client_secret,\n               username, password,\n               # GCP\n               service_account,\n               project_id, folder_id, organization_id, all_projects,\n               # Aliyun\n               access_key_id, access_key_secret,\n               # Kubernetes\n               kubernetes_cluster_provider,\n               kubernetes_config_file,\n               kubernetes_context,\n               kubernetes_persist_config,\n               kubernetes_azure_subscription_id,\n               #DigitalOcean\n               token,\n               access_key,\n               access_secret,\n               # General\n               report_name, report_dir,\n               timestamp,\n               services, skipped_services, list_services,\n               result_format,\n               database_name, host_ip, host_port,\n               regions,\n               excluded_regions,\n               fetch_local, update,\n               ip_ranges, ip_ranges_name_key,\n               ruleset, exceptions,\n               force_write,\n               debug,\n               quiet,\n               log_file,\n               no_browser,\n               programmatic_execution,\n               **kwargs):\n    \"\"\"\n    Run a scout job.\n    \"\"\"\n\n    # Configure the debug level\n    set_logger_configuration(debug, quiet, log_file)\n\n    print_info('Launching Scout')\n\n    print_info('Authenticating to cloud provider')\n    auth_strategy = get_authentication_strategy(provider)\n\n    try:\n        credentials = auth_strategy.authenticate(profile=profile,\n                                                 aws_access_key_id=aws_access_key_id,\n                                                 aws_secret_access_key=aws_secret_access_key,\n                                                 aws_session_token=aws_session_token,\n                                                 user_account=user_account,\n                                                 user_account_browser=user_account_browser,\n                                                 service_account=service_account,\n                                                 cli=cli,\n                                                 msi=msi,\n                                                 service_principal=service_principal,\n                                                 file_auth=file_auth,\n                                                 tenant_id=tenant_id,\n                                                 client_id=client_id,\n                                                 client_secret=client_secret,\n                                                 username=username,\n                                                 password=password,\n                                                 access_key_id=access_key_id,\n                                                 access_key_secret=access_key_secret,\n\n                                                #DigitalOcean\n                                                token=token,\n                                                access_key=access_key,\n                                                access_secret=access_secret,\n\n                                                 # Kubernetes\n                                                 kubernetes_cluster_provider=kubernetes_cluster_provider,\n                                                 kubernetes_config_file=kubernetes_config_file,\n                                                 kubernetes_context=kubernetes_context,\n                                                 kubernetes_persist_config=kubernetes_persist_config,\n                                                 kubernetes_azure_subscription_id=kubernetes_azure_subscription_id,\n                                                 kubernetes_fetch_local=fetch_local)\n\n        if not credentials:\n            return 101\n    except Exception as e:\n        print_exception(f'Authentication failure: {e}')\n        return 101\n\n    # Create a cloud provider object\n    try:\n        cloud_provider = get_provider(provider=provider,\n                                      # AWS\n                                      profile=profile,\n                                      # Azure\n                                      subscription_ids=subscription_ids,\n                                      all_subscriptions=all_subscriptions,\n                                      # GCP\n                                      project_id=project_id,\n                                      folder_id=folder_id,\n                                      organization_id=organization_id,\n                                      all_projects=all_projects,\n                                      # Kubernetes\n                                      kubernetes_config_file=kubernetes_config_file,\n                                      kubernetes_context=kubernetes_context,\n                                      kubernetes_cluster_provider=kubernetes_cluster_provider,\n                                      # Other\n                                      report_dir=report_dir,\n                                      timestamp=timestamp,\n                                      services=services,\n                                      skipped_services=skipped_services,\n                                      programmatic_execution=programmatic_execution,\n                                      credentials=credentials)\n    except Exception as e:\n        print_exception(f'Initialization failure: {e}')\n        return 102\n\n    # Create a new report\n    try:\n        report_name = report_name if report_name else cloud_provider.get_report_name()\n        report = ScoutReport(cloud_provider.provider_code,\n                             report_name,\n                             report_dir,\n                             timestamp,\n                             result_format=result_format)\n\n        if database_name:\n            database_file, _ = get_filename('RESULTS', report_name, report_dir, file_extension=\"db\")\n            Server.init(database_file, host_ip, host_port)\n            return\n    except Exception as e:\n        print_exception('Report initialization failure: {}'.format(e))\n        return 103\n\n    # If this command, run and exit\n    if list_services:\n        available_services = [x for x in dir(cloud_provider.services) if\n                              not (x.startswith('_') or x in ['credentials', 'fetch'])]\n        print_info('The available services are: \"{}\"'.format('\", \"'.join(available_services)))\n        return 0\n\n    # Complete run, including pulling data from provider\n    if not fetch_local:\n\n        # Fetch data from provider APIs\n        try:\n            print_info('Gathering data from APIs')\n            await cloud_provider.fetch(regions=regions, excluded_regions=excluded_regions)\n        except KeyboardInterrupt:\n            print_info('\\nCancelled by user')\n            return 130\n        except Exception as e:\n            print_exception('Unhandled exception thrown while gathering data: {}'.format(e))\n            return 104\n\n        # Update means we reload the whole config and overwrite part of it\n        if update:\n            try:\n                print_info('Updating existing data')\n                #Load previous results\n                last_run_dict = report.encoder.load_from_file('RESULTS')\n                #Get list of previous services which were not updated during this run\n                previous_services = [prev_service for prev_service in last_run_dict['service_list'] if prev_service not in cloud_provider.service_list]\n                #Add previous services\n                for service in previous_services:\n                    cloud_provider.service_list.append(service)\n                    cloud_provider.services[service] = last_run_dict['services'][service]\n            except Exception as e:\n                print_exception('Failure while updating report: {}'.format(e))\n\n    # Partial run, using pre-pulled data\n    else:\n        try:\n            print_info('Using local data')\n            # Reload to flatten everything into a python dictionary\n            last_run_dict = report.encoder.load_from_file('RESULTS')\n            for key in last_run_dict:\n                setattr(cloud_provider, key, last_run_dict[key])\n        except Exception as e:\n            print_exception('Failure while updating report: {}'.format(e))\n\n    # Pre processing\n    try:\n        print_info('Running pre-processing engine')\n        cloud_provider.preprocessing(ip_ranges, ip_ranges_name_key)\n    except Exception as e:\n        print_exception('Failure while running pre-processing engine: {}'.format(e))\n        return 105\n\n    # Analyze config\n    try:\n        print_info('Running rule engine')\n        finding_rules = Ruleset(cloud_provider=cloud_provider.provider_code,\n                                environment_name=cloud_provider.environment,\n                                filename=ruleset,\n                                ip_ranges=ip_ranges,\n                                account_id=cloud_provider.account_id)\n        processing_engine = ProcessingEngine(finding_rules)\n        processing_engine.run(cloud_provider)\n    except Exception as e:\n        print_exception('Failure while running rule engine: {}'.format(e))\n        return 106\n\n    # Create display filters\n    try:\n        print_info('Applying display filters')\n        filter_rules = Ruleset(cloud_provider=cloud_provider.provider_code,\n                               environment_name=cloud_provider.environment,\n                               filename='filters.json',\n                               rule_type='filters',\n                               account_id=cloud_provider.account_id)\n        processing_engine = ProcessingEngine(filter_rules)\n        processing_engine.run(cloud_provider)\n    except Exception as e:\n        print_exception('Failure while applying display filters: {}'.format(e))\n        return 107\n\n    # Handle exceptions\n    if exceptions:\n        print_info('Applying exceptions')\n        try:\n            exceptions = RuleExceptions(exceptions)\n            exceptions.process(cloud_provider)\n            exceptions = exceptions.exceptions\n        except Exception as e:\n            print_exception(f'Failed to load exceptions: {e}')\n            exceptions = {}\n    else:\n        exceptions = {}\n\n    # Finalize\n    try:\n        print_info('Running post-processing engine')\n        run_parameters = {\n            'services': services,\n            'skipped_services': skipped_services,\n            'regions': regions,\n            'excluded_regions': excluded_regions,\n        }\n        cloud_provider.postprocessing(report.current_time, finding_rules, run_parameters)\n    except Exception as e:\n        print_exception('Failure while running post-processing engine: {}'.format(e))\n        return 108\n\n    # Save config and create HTML report\n    try:\n        html_report_path = report.save(cloud_provider, exceptions, force_write, debug)\n    except Exception as e:\n        print_exception('Failure while generating HTML report: {}'.format(e))\n        return 109\n\n    # Open the report by default\n    if not no_browser:\n        print_info('Opening the HTML report')\n        url = 'file://%s' % os.path.abspath(html_report_path)\n        webbrowser.open(url, new=2)\n\n    if ERRORS_LIST:  # errors were handled during execution\n        return 200\n    else:\n        return 0\n"
  },
  {
    "path": "ScoutSuite/core/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/core/cli_parser.py",
    "content": "import argparse\nfrom ScoutSuite import __version__\n\n\nclass ScoutSuiteArgumentParser:\n\n    def __init__(self):\n        self.parser = argparse.ArgumentParser(epilog='To get addtional help on a specific provider run: scout.py {provider} -h')\n\n        # People will still be able to use the old --provider syntax\n        self.parser.add_argument(\"--provider\",\n                                 action='store_true',\n                                 dest='sinkhole',\n                                 help=argparse.SUPPRESS)\n\n        self.parser.add_argument('-v', '--version',\n                                 action='version',\n                                 version=f'Scout Suite {__version__}')\n\n        self.common_providers_args_parser = argparse.ArgumentParser(add_help=False)\n\n        self.subparsers = self.parser.add_subparsers(title=\"The provider you want to run scout against\",\n                                                     dest=\"provider\")\n\n        self._init_common_args_parser()\n\n        self._init_aws_parser()\n        self._init_gcp_parser()\n        self._init_azure_parser()\n        self._init_aliyun_parser()\n        self._init_oci_parser()\n        self._init_kubernetes_parser()\n        self._init_do_parser()\n\n    def _init_aws_parser(self):\n        parser = self.subparsers.add_parser(\"aws\",\n                                            parents=[self.common_providers_args_parser],\n                                            help=\"Run Scout against an Amazon Web Services account\")\n\n        aws_parser = parser.add_argument_group('Authentication modes')\n        aws_auth_params = parser.add_argument_group('Authentication parameters')\n\n        aws_auth_modes = aws_parser.add_mutually_exclusive_group(required=False)\n\n        aws_auth_modes.add_argument('-p',\n                                    '--profile',\n                                    dest='profile',\n                                    default=None,\n                                    help='Run with a named profile')\n\n        aws_auth_modes.add_argument('--access-keys',\n                                    action='store_true',\n                                    dest='aws_access_keys',\n                                    help='Run with access keys')\n        aws_auth_params.add_argument('--access-key-id',\n                                     action='store',\n                                     default=None,\n                                     dest='aws_access_key_id',\n                                     help='AWS Access Key ID')\n        aws_auth_params.add_argument('--secret-access-key',\n                                     action='store',\n                                     default=None,\n                                     dest='aws_secret_access_key',\n                                     help='AWS Secret Access Key')\n        aws_auth_params.add_argument('--session-token',\n                                     action='store',\n                                     default=None,\n                                     dest='aws_session_token',\n                                     help='AWS Session Token')\n\n        aws_additional_parser = parser.add_argument_group('Additional arguments')\n\n        aws_additional_parser.add_argument('-r',\n                                           '--regions',\n                                           dest='regions',\n                                           default=[],\n                                           nargs='+',\n                                           help='Name of regions to run the tool in, defaults to all')\n        aws_additional_parser.add_argument('-xr',\n                                           '--exclude-regions',\n                                           dest='excluded_regions',\n                                           default=[],\n                                           nargs='+',\n                                           help='Name of regions to excluded from execution')\n        aws_additional_parser.add_argument('--ip-ranges',\n                                           dest='ip_ranges',\n                                           default=[],\n                                           nargs='+',\n                                           help='Config file(s) that contain your known IP ranges')\n        aws_additional_parser.add_argument('--ip-ranges-name-key',\n                                           dest='ip_ranges_name_key',\n                                           default='name',\n                                           help='Name of the key containing the display name of a known CIDR')\n\n    def _init_gcp_parser(self):\n        parser = self.subparsers.add_parser(\"gcp\",\n                                            parents=[self.common_providers_args_parser],\n                                            help=\"Run Scout against a Google Cloud Platform account\")\n\n        gcp_parser = parser.add_argument_group('Authentication modes')\n\n        gcp_auth_modes = gcp_parser.add_mutually_exclusive_group(required=True)\n\n        gcp_auth_modes.add_argument('-u',\n                                    '--user-account',\n                                    action='store_true',\n                                    help='Run Scout with a Google Account')\n\n        gcp_auth_modes.add_argument('-s',\n                                    '--service-account',\n                                    action='store',\n                                    metavar=\"KEY_FILE\",\n                                    help='Run Scout with a Google Service Account with the specified '\n                                         'Google Service Account Application Credentials file')\n\n        gcp_scope = parser.add_argument_group('Additional arguments')\n\n        gcp_scope.add_argument('--project-id',\n                               action='store',\n                               help='ID of the GCP Project to scan')\n\n        gcp_scope.add_argument('--folder-id',\n                               action='store',\n                               help='ID of the GCP Folder to scan')\n\n        gcp_scope.add_argument('--organization-id',\n                               action='store',\n                               help='ID of the GCP Organization to scan')\n\n        gcp_scope.add_argument('--all-projects',\n                               action='store_true',\n                               help='Scan all of the accessible projects')\n\n    def _init_azure_parser(self):\n        parser = self.subparsers.add_parser(\"azure\",\n                                            parents=[self.common_providers_args_parser],\n                                            help=\"Run Scout against a Microsoft Azure account\")\n\n        azure_parser = parser.add_argument_group('Authentication modes')\n        azure_auth_params = parser.add_argument_group('Authentication parameters')\n\n        azure_auth_modes = azure_parser.add_mutually_exclusive_group(required=True)\n\n        # az-cli authentication\n        azure_auth_modes.add_argument('-c',\n                                      '--cli',\n                                      action='store_true',\n                                      help='Run Scout using configured azure-cli credentials')\n\n        # username/password authentication\n        azure_auth_modes.add_argument('--user-account',\n                                      action='store_true',\n                                      help='Run Scout with user credentials')\n        azure_auth_params.add_argument('-u',\n                                       '--username',\n                                       action='store',\n                                       default=None,\n                                       dest='username',\n                                       help='Username of the Azure account')\n        azure_auth_params.add_argument('-p',\n                                       '--password',\n                                       action='store',\n                                       default=None,\n                                       dest='password',\n                                       help='Password of the Azure account')\n\n        # username/password authentication via browser\n        azure_auth_modes.add_argument('--user-account-browser',\n                                      action='store_true',\n                                      help='Run Scout with user credentials, authenticating through a browser (useful when MFA is enforced)')\n\n        # Service Principal authentication\n        azure_auth_modes.add_argument('-s',\n                                      '--service-principal',\n                                      action='store_true',\n                                      help='Run Scout with an Azure Service Principal')\n        azure_auth_params.add_argument('--client-id',\n                                       action='store',\n                                       dest='client_id',\n                                       help='Client ID of the service principal')\n        azure_auth_params.add_argument('--client-secret',\n                                       action='store',\n                                       dest='client_secret',\n                                       help='Client of the service principal')\n        # Service Principal credentials in an auth file\n        azure_auth_modes.add_argument('--file-auth',\n                                      action='store',\n                                      type=argparse.FileType('rb'),\n                                      dest='file_auth',\n                                      metavar=\"FILE\",\n                                      help='Run Scout with the specified credential file')\n\n        # Managed Service Identity (MSI) authentication\n        azure_auth_modes.add_argument('-m',\n                                      '--msi',\n                                      action='store_true',\n                                      help='Run Scout with Managed Service Identity')\n\n        # Additional arguments\n        azure_scope = parser.add_argument_group('Additional arguments')\n\n        azure_scope.add_argument('--tenant',\n                                 action='store',\n                                 dest='tenant_id',\n                                 help='ID of the Tenant (Directory) to scan')\n        azure_scope.add_argument('--subscriptions',\n                                 action='store',\n                                 default=[],\n                                 nargs='+',\n                                 dest='subscription_ids',\n                                 help='IDs (separated by spaces) of the Azure subscription(s) to scan. '\n                                      'By default, only the default subscription will be scanned.')\n        azure_scope.add_argument('--all-subscriptions',\n                                 action='store_true',\n                                 dest='all_subscriptions',\n                                 help='Scan all of the accessible subscriptions')\n\n    def _init_aliyun_parser(self):\n        parser = self.subparsers.add_parser(\"aliyun\",\n                                            parents=[self.common_providers_args_parser],\n                                            help=\"Run Scout against an Alibaba Cloud account\")\n\n        aliyun_parser = parser.add_argument_group('Authentication modes')\n        aliyun_auth_params = parser.add_argument_group('Authentication parameters')\n\n        aliyun_auth_modes = aliyun_parser.add_mutually_exclusive_group(required=True)\n\n        aliyun_auth_modes.add_argument('--access-keys',\n                                       action='store_true',\n                                       help='Run Scout with user credentials')\n\n        aliyun_auth_params.add_argument('-k',\n                                        '--access-key-id',\n                                        action='store',\n                                        default=None,\n                                        dest='access_key_id',\n                                        help='Access Key Id')\n\n        aliyun_auth_params.add_argument('-s',\n                                        '--access-key-secret',\n                                        action='store',\n                                        default=None,\n                                        dest='access_key_secret',\n                                        help='Access Key Secret')\n\n    def _init_oci_parser(self):\n        oci_parser = self.subparsers.add_parser(\"oci\",\n                                                parents=[self.common_providers_args_parser],\n                                                help=\"Run Scout against an Oracle Cloud Infrastructure account\")\n\n        parser = oci_parser.add_argument_group('Authentication parameters')\n\n        parser.add_argument('-p',\n                            '--profile',\n                            dest='profile',\n                            default=None,\n                            help='Name of the profile')\n        \n    def _init_do_parser(self):\n        do_parser = self.subparsers.add_parser(\"do\",\n                                                parents=[self.common_providers_args_parser],\n                                                help=\"Run Scout against an DigitalOcean account\")\n\n        parser = do_parser.add_argument_group('Authentication parameters')\n\n        parser.add_argument('-t',\n                            '--token',\n                            action='store',\n                            default=None,\n                            dest='token',\n                            help='DO Token')\n        \n        parser.add_argument('--access_key',\n                                     action='store',\n                                     default=None,\n                                     dest='access_key',\n                                     help='Spaces Access Key ID')\n        parser.add_argument('--access_secret',\n                                     action='store',\n                                     default=None,\n                                     dest='access_secret',\n                                     help='Spaces Secret Access Key')\n        \n\n    def _init_kubernetes_parser(self):\n        kubernetes_parser = self.subparsers.add_parser(\"kubernetes\",\n                                                       parents=[self.common_providers_args_parser],\n                                                       help=\"Run Scout against a Kubernetes cluster\")\n\n        kubernetes_scope = kubernetes_parser.add_argument_group('Additional arguments')\n\n        kubernetes_scope.add_argument('-c',\n                                      '--cluster-provider',\n                                      dest='kubernetes_cluster_provider',\n                                      default=None,\n                                      choices=['aks', 'eks', 'gke'],\n                                      help='Cluster contexts to scan. If no cloud provider is specified, ScoutSuite will use the default Kubernetes configuration.')\n        kubernetes_scope.add_argument('--config-file',\n                                      dest='kubernetes_config_file',\n                                      default=None,\n                                      help='Name of the kube-config file. By default, it will use Kubernetes\\' default directory.')\n        kubernetes_scope.add_argument('--context',\n                                      dest='kubernetes_context',\n                                      default=None,\n                                      help='Cluster context to scan. By default, current_context from config file will be used.')\n        kubernetes_scope.add_argument('--do-not-persist-config',\n                                      dest='kubernetes_persist_config',\n                                      action='store_false',\n                                      default=True,\n                                      help='If specified, config file will NOT be updated when changed (e.g GCP token refresh).')\n        kubernetes_scope.add_argument('--subscription-id',\n                                      dest='kubernetes_azure_subscription_id',\n                                      action='store',\n                                      default=None,\n                                      help='If unspecified, the default subscription will be used.')\n\n    def _init_common_args_parser(self):\n        parser = self.common_providers_args_parser.add_argument_group('Scout Arguments')\n\n        parser.add_argument('-f',\n                            '--force',\n                            dest='force_write',\n                            default=False,\n                            action='store_true',\n                            help='Overwrite existing files')\n        parser.add_argument('-l', '--local',\n                            dest='fetch_local',\n                            default=False,\n                            action='store_true',\n                            help='Use local data previously fetched and re-run the analysis.')\n        parser.add_argument('--max-rate',\n                            dest='max_rate',\n                            type=int,\n                            default=None,\n                            help='Maximum number of API requests per second')\n        parser.add_argument('--debug',\n                            dest='debug',\n                            default=False,\n                            action='store_true',\n                            help='Print the stack trace when exception occurs')\n        parser.add_argument('--quiet',\n                            dest='quiet',\n                            default=False,\n                            action='store_true',\n                            help='Disables CLI output')\n        parser.add_argument('--logfile',\n                            dest='log_file',\n                            default=None,\n                            action='store',\n                            nargs='?',\n                            help='Additional output to the specified file')\n        # parser.add_argument('--resume',\n        #                     dest='resume',\n        #                     default=False,\n        #                     action='store_true',\n        #                     help='Complete a partial (throttled) run')\n        parser.add_argument('--update',\n                            dest='update',\n                            default=False,\n                            action='store_true',\n                            help='Reload all the existing data and only overwrite data in scope for this run')\n        parser.add_argument('--ruleset',\n                            dest='ruleset',\n                            default='default.json',\n                            nargs='?',\n                            help='Set of rules to be used during the analysis.')\n        parser.add_argument('--no-browser',\n                            dest='no_browser',\n                            default=False,\n                            action='store_true',\n                            help='Do not automatically open the report in the browser.')\n        parser.add_argument('--max-workers',\n                            dest='max_workers',\n                            type=int,\n                            default=10,\n                            help='Maximum number of threads (workers) used by Scout Suite (default is 10)')\n        parser.add_argument('--report-dir',\n                            dest='report_dir',\n                            default=None,\n                            help='Path of the Scout report.')\n        parser.add_argument('--report-name',\n                            dest='report_name',\n                            default=None,\n                            help='Name of the Scout report.')\n        parser.add_argument('--timestamp',\n                            dest='timestamp',\n                            default=False,\n                            nargs='?',\n                            help='Timestamp added to the name of the report (default is current time in UTC).')\n        parser.add_argument('--services',\n                            dest='services',\n                            default=[],\n                            nargs='+',\n                            help='Name of in-scope services, defaults to all.')\n        parser.add_argument('--list-services',\n                            dest='list_services',\n                            default=False,\n                            action='store_true',\n                            help='List available services.')\n        parser.add_argument('--skip',\n                            dest='skipped_services',\n                            default=[],\n                            nargs='+',\n                            help='Name of out-of-scope services.')\n        parser.add_argument('--exceptions',\n                            dest='exceptions',\n                            default=None,\n                            nargs='?',\n                            help='Exception file to use during analysis.')\n        parser.add_argument('--result-format',\n                            dest='result_format',\n                            default='json',\n                            type=str,\n                            choices=['json', 'sqlite'],\n                            help=\"[EXPERIMENTAL FEATURE] The database file format to use. JSON doesn't require a server to view the report, \"\n                                 \"but cannot be viewed if the result file is over 400mb.\")\n        parser.add_argument('--serve',\n                            dest=\"database_name\",\n                            default=None,\n                            const=True,\n                            nargs=\"?\",\n                            help=\"[EXPERIMENTAL FEATURE] Serve the specified result database on the server to show the report. \"\n                                 \"This must be used when the results are exported as an sqlite database.\")\n        parser.add_argument('--host',\n                            dest=\"host_ip\",\n                            default=\"127.0.0.1\",\n                            help=\"[EXPERIMENTAL FEATURE] Address on which you want the server to listen. Defaults to localhost.\")\n        parser.add_argument('--port',\n                            dest=\"host_port\",\n                            type=int,\n                            default=8000,\n                            help=\"[EXPERIMENTAL FEATURE] Port on which you want the server to listen. Defaults to 8000.\")\n\n    def parse_args(self, args=None):\n        args = self.parser.parse_args(args)\n\n        # Cannot simply use required for backward compatibility\n        if not args.provider:\n            self.parser.error('You need to input a provider')\n\n        # If local analysis, overwrite results\n        if args.__dict__.get('fetch_local'):\n            args.force_write = True\n\n        # Test conditions\n        v = vars(args)\n        # AWS\n        if v.get('provider') == 'aws':\n            if v.get('aws_access_keys') and not (v.get('aws_access_key_id') or v.get('aws_secret_access_key')):\n                self.parser.error('When running with --access-keys, you must provide an Access Key ID '\n                                  'and Secret Access Key.')\n        # Azure\n        elif v.get('provider') == 'azure':\n            if v.get('tenant_id') and not (v.get('service_principal') or v.get('user_account_browser') or v.get('user_account')):\n                self.parser.error('--tenant can only be set when using --user-account-browser or --user-account or '\n                                  '--service-principal authentication')\n            if v.get('service_principal') and not v.get('tenant_id'):\n                self.parser.error('You must provide --tenant when using --service-principal authentication')\n            if v.get('user_account_browser') and not v.get('tenant_id'):\n                self.parser.error('You must provide --tenant when using --user-account-browser authentication')\n            if v.get('user_account') and not v.get('tenant_id'):\n                self.parser.error('You must provide --tenant when using --user-account authentication')\n            if v.get('subscription_ids') and v.get('all_subscriptions'):\n                self.parser.error('--subscription-ids and --all-subscriptions are mutually exclusive options')\n\n        # DigitalOcean\n        if v.get('provider') == 'do':\n            if (v.get('access_key') or v.get('access_secret')) and not (v.get('access_key') and v.get('access_secret')):\n                self.parser.error('For DO Spaces service please provide both --access_key and --access_secret')\n\n        # Kubernetes\n        elif v.get('provider') == 'kubernetes':\n            cluster_provider = v.get('kubernetes_cluster_provider')\n            # change ruleset based on cluster provider\n            if cluster_provider:\n                args.ruleset = f'{cluster_provider}.json'\n\n            # only use subscription_id if kubernetes_cluster_provider is 'aks'\n            if cluster_provider != 'aks' and v.get('kubernetes_azure_subscription_id'):\n                self.parser.error('--subscription-id is only used when analyzing AKS clusters')\n\n        return args\n"
  },
  {
    "path": "ScoutSuite/core/conditions.py",
    "content": "import datetime\nimport dateutil.parser\nimport json\nimport netaddr\nimport re\nimport ipaddress\n\nfrom policyuniverse.expander_minimizer import get_actions_from_statement, _expand_wildcard_action\n\nfrom ScoutSuite.core.console import print_error, print_exception\n\nre_get_value_at = re.compile(r'_GET_VALUE_AT_\\((.*?)\\)')\nre_nested_get_value_at = re.compile(r'_GET_VALUE_AT_\\(.*')\n\n\ndef pass_conditions(all_info, current_path, conditions, unknown_as_pass_condition=False):\n    \"\"\"\n    Check that all conditions are passed for the current path.\n\n    :param all_info:        All of the services' data\n    :param current_path:    The value of the `path` variable defined in the finding file\n    :param conditions:      The conditions to check as defined in the finding file\n    :param unknown_as_pass_condition:   Consider an undetermined condition as passed\n    :return:\n    \"\"\"\n\n    # Fixes circular dependency\n    from ScoutSuite.providers.base.configs.browser import get_value_at\n\n    if len(conditions) == 0:\n        return True\n    condition_operator = conditions.pop(0)\n    for condition in conditions:\n        if condition[0] in ['and', 'or']:\n            res = pass_conditions(all_info, current_path, condition, unknown_as_pass_condition)\n        else:\n            # Conditions are formed as \"path to value\", \"type of test\", \"value(s) for test\"\n            path_to_value, test_name, test_values = condition\n            path_to_value = fix_path_string(all_info, current_path, path_to_value)\n            target_obj = get_value_at(all_info, current_path, path_to_value)\n            if type(test_values) != list and type(test_values) != dict:\n                dynamic_value = re_get_value_at.match(test_values)\n                if dynamic_value:\n                    test_values = get_value_at(all_info, current_path, dynamic_value.groups()[0], True)\n            try:\n                res = pass_condition(target_obj, test_name, test_values)\n            except Exception as e:\n                res = True if unknown_as_pass_condition else False\n                print_exception('Unable to process testcase \\'%s\\' on value \\'%s\\', interpreted as %s: %s' %\n                                (test_name, str(target_obj), res, e))\n        # Quick exit and + false\n        if condition_operator == 'and' and not res:\n            return False\n        # Quick exit or + true\n        if condition_operator == 'or' and res:\n            return True\n    return not condition_operator == 'or'\n\n\ndef pass_condition(b, test, a):\n    \"\"\"\n    Generic test function used by Scout\n                                        .\n    :param b:                           Value to be tested against\n    :param test:                        Name of the test case to run\n    :param a:                           Value to be tested\n\n    :return:                            True of condition is met, False otherwise\n    \"\"\"\n\n    # Return false by default\n    result = False\n\n    # Equality tests\n    if test == 'equal':\n        a = str(a)\n        b = str(b)\n        result = (a == b)\n    elif test == 'notEqual':\n        result = (not pass_condition(b, 'equal', a))\n\n    # More/Less tests\n    elif test == 'lessThan':\n        result = (int(b) < int(a))\n    elif test == 'lessOrEqual':\n        result = (int(b) <= int(a))\n    elif test == 'moreThan':\n        result = (int(b) > int(a))\n    elif test == 'moreOrEqual':\n        result = (int(b) >= int(a))\n\n    # Empty tests\n    elif test == 'empty':\n        result = ((type(b) == dict and b == {}) or (type(b) == list and b == []) or (type(b) == list and b == [None]))\n    elif test == 'notEmpty':\n        result = (not pass_condition(b, 'empty', 'a'))\n    elif test == 'null':\n        result = ((b is None) or (type(b) == str and b == 'None'))\n    elif test == 'notNull':\n        result = (not pass_condition(b, 'null', a))\n\n    # Boolean tests\n    elif test == 'true':\n        result = (str(b).lower() == 'true')\n    elif test == 'notTrue' or test == 'false':\n        result = (str(b).lower() == 'false')\n\n    # Object length tests\n    elif test == 'lengthLessThan':\n        result = (len(b) < int(a))\n    elif test == 'lengthMoreThan':\n        result = (len(b) > int(a))\n    elif test == 'lengthEqual':\n        result = (len(b) == int(a))\n\n    # Dictionary keys tests\n    elif test == 'withKey':\n        result = a in b\n    elif test == 'withoutKey':\n        result = a not in b\n    elif test == 'withKeyCaseInsensitive':\n        result = a.lower() in map(str.lower, b)\n    elif test == 'withoutKeyCaseInsensitive':\n        result = a.lower() not in map(str.lower, b)\n\n    # String test\n    elif test == 'containString':\n        if not type(b) == str:\n            b = str(b)\n        if not type(a) == str:\n            a = str(a)\n        result = a in b\n    elif test == 'notContainString':\n        if not type(b) == str:\n            b = str(b)\n        if not type(a) == str:\n            a = str(a)\n        result = a not in b\n\n    # List tests\n    elif test == 'containAtLeastOneOf':\n        result = False\n        if not type(b) == list:\n            b = [b]\n        if not type(a) == list:\n            a = [a]\n        for c in b:\n            if type(c) != dict:\n                c = str(c)\n            if c in a:\n                result = True\n                break\n    elif test == 'containAtLeastOneDifferentFrom':\n        result = False\n        if not type(b) == list:\n            b = [b]\n        if not type(a) == list:\n            a = [a]\n        for c in b:\n            if c and c != '' and c not in a:\n                result = True\n                break\n    elif test == 'containNoneOf':\n        result = True\n        if not type(b) == list:\n            b = [b]\n        if not type(a) == list:\n            a = [a]\n        for c in b:\n            if c in a:\n                result = False\n                break\n    elif test == 'containAtLeastOneMatching':\n        result = False\n        for item in b:\n            if re.match(a, item):\n                result = True\n                break\n\n    # Regex tests\n    elif test == 'match':\n        if type(a) != list:\n            a = [a]\n        b = str(b)\n        for c in a:\n            if re.match(c, b):\n                result = True\n                break\n    elif test == 'matchInList':\n        if type(a) != list:\n            a = [a]\n        if type(b) !=list:\n            b = [b]\n        for c in a:\n            for d in b:\n                if re.match(c, d):\n                    result = True\n                    break\n            if result:\n                break\n    elif test == 'notMatch':\n        result = (not pass_condition(b, 'match', a))\n\n    # Date tests\n    elif test == 'priorToDate':\n        b = dateutil.parser.parse(str(b)).replace(tzinfo=None)\n        a = dateutil.parser.parse(str(a)).replace(tzinfo=None)\n        result = (b < a)\n    elif test == 'olderThan':\n        age, threshold = __prepare_age_test(a, b)\n        result = (age > threshold)\n    elif test == 'newerThan':\n        age, threshold = __prepare_age_test(a, b)\n        result = (age < threshold)\n\n    # CIDR tests\n    elif test == 'inSubnets':\n        result = False\n        grant = netaddr.IPNetwork(b)\n        if type(a) != list:\n            a = [a]\n        for c in a:\n            known_subnet = netaddr.IPNetwork(c)\n            if grant in known_subnet:\n                result = True\n                break\n    elif test == 'notInSubnets':\n        result = (not pass_condition(b, 'inSubnets', a))\n    elif test == 'isSubnetRange':\n        result = not ipaddress.ip_network(b, strict=False).exploded.endswith(\"/32\")\n    elif test == 'isPrivateSubnet':\n        result = ipaddress.ip_network(b, strict=False).is_private\n    elif test == 'isPublicSubnet':\n        result = not ipaddress.ip_network(b, strict=False).is_private\n\n    # Port/port ranges tests\n    elif test == 'portsInPortList':\n        result = False\n        if not type(b) == list:\n            b = [b]\n        if not type(a) == list:\n            a = [a]\n        for port_range in b:\n            if '-' in port_range:\n                bottom_limit_port = int(port_range.split('-')[0])\n                upper_limit_port = int(port_range.split('-')[1])\n                for port in a:\n                    if type(port) != int:\n                        port = int(port)\n                    if bottom_limit_port <= port <= upper_limit_port:\n                        result = True\n                        break\n            else: #A single port\n                for port in a:\n                    if port == port_range:\n                        result = True\n                        break\n\n    # Policy statement tests\n    elif test == 'containAction':\n        result = False\n        if type(b) != dict:\n            b = json.loads(b)\n        statement_actions = get_actions_from_statement(b)\n        rule_actions = _expand_wildcard_action(a)\n        for action in rule_actions:\n            if action.lower() in statement_actions:\n                result = True\n                break\n    elif test == 'notContainAction':\n        result = (not pass_condition(b, 'containAction', a))\n    elif test == 'containAtLeastOneAction':\n        result = False\n        if type(b) != dict:\n            b = json.loads(b)\n        if type(a) != list:\n            a = [a]\n        actions = get_actions_from_statement(b)\n        for c in a:\n            if c.lower() in actions:\n                result = True\n                break\n\n    # Policy principal tests\n    elif test == 'isCrossAccount':\n        result = False\n        if type(b) != list:\n            b = [b]\n        for c in b:\n            if type(c) == dict and 'AWS' in c:\n                c = c['AWS']\n            if c != a and not re.match(r'arn:aws:iam:.*?:%s:.*' % a, c):\n                result = True\n                break\n    elif test == 'isSameAccount':\n        result = False\n        if type(b) != list:\n            b = [b]\n        for c in b:\n            if c == a or re.match(r'arn:aws:iam:.*?:%s:.*' % a, c):\n                result = True\n                break\n    elif test == 'isAccountRoot':\n        result = False\n        if type(b) != list:\n            b = [b]\n        for c in b:\n            if type(c) == dict and 'AWS' in c:\n                c = c['AWS']\n                if type(c) != list:\n                    c = [c]\n                for i in c:\n                    if i == a or re.match(r'arn:aws:iam:.*?:%s:root' % a, i):\n                        result = True\n                        break\n\n    # Unknown test case\n    else:\n        print_error('Error: unknown test case %s' % test)\n        raise Exception\n\n    return result\n\n\ndef fix_path_string(all_info, current_path, path_to_value):\n    # Fixes circular dependency\n    from ScoutSuite.providers.base.configs.browser import get_value_at\n    # handle nested _GET_VALUE_AT_...\n    while True:\n        dynamic_path = re_get_value_at.findall(path_to_value)\n        if len(dynamic_path) == 0:\n            break\n        for dp in dynamic_path:\n            tmp = dp\n            while True:\n                nested = re_nested_get_value_at.findall(tmp)\n                if len(nested) == 0:\n                    break\n                tmp = nested[0].replace('_GET_VALUE_AT_(', '', 1)\n            dv = get_value_at(all_info, current_path, tmp)\n            path_to_value = path_to_value.replace('_GET_VALUE_AT_(%s)' % tmp, dv)\n    return path_to_value\n\n\ndef __prepare_age_test(a, b):\n    if type(a) != list:\n        print_error('Error: olderThan requires a list such as [ N , \\'days\\' ] or [ M, \\'hours\\'].')\n        raise Exception\n    number = int(a[0])\n    unit = a[1]\n    if unit not in ['days', 'hours', 'minutes', 'seconds']:\n        print_error('Error: only days, hours, minutes, and seconds are supported.')\n        raise Exception\n    if unit == 'hours':\n        number *= 3600\n        unit = 'seconds'\n    elif unit == 'minutes':\n        number *= 60\n        unit = 'seconds'\n    age = getattr((datetime.datetime.today() - dateutil.parser.parse(str(b)).replace(tzinfo=None)), unit)\n    return age, number\n"
  },
  {
    "path": "ScoutSuite/core/console.py",
    "content": "import logging\nimport platform\nimport os\nimport sys\nimport traceback\n\nimport coloredlogs\n\nfrom ScoutSuite import ERRORS_LIST\n\n########################################\n# Output configuration\n########################################\n\nverbose_exceptions = False\nlogger = logging.getLogger('scout')\n\n\ndef set_logger_configuration(is_debug=False, quiet=False, output_file_path=None):\n    \"\"\"\n    Configure whether full stacktraces should be dumped in the console output\n    \"\"\"\n\n    # set debug level\n    global verbose_exceptions\n    verbose_exceptions = is_debug\n\n    # if \"quiet\" is set, don't output anything\n    if quiet:\n        coloredlogs.install(level='ERROR', logger=logger)\n    else:\n        coloredlogs.install(level='DEBUG' if is_debug else 'INFO', logger=logger)\n\n    if output_file_path:\n        # For some reason, hostname information is not passed to the FileHandler\n        # Add it using a filter\n        class HostnameFilter(logging.Filter):\n            hostname = platform.node()\n\n            def filter(self, record):\n                record.hostname = HostnameFilter.hostname\n                return True\n\n        # create file handler which logs messages\n        fh = logging.FileHandler(output_file_path, 'w+')\n        # Add filter to add hostname information\n        fh.addFilter(HostnameFilter())\n        # create formatter and add it to the handlers\n        formatter = logging.Formatter(fmt='%(asctime)s %(hostname)s %(name)s[%(process)d] %(levelname)s %(message)s',\n                                      datefmt='%Y-%m-%d %H:%M:%S')\n        fh.setFormatter(formatter)\n        # add the handlers to the logger\n        logger.addHandler(fh)\n\n\n########################################\n# Output functions\n########################################\n\ndef print_generic(msg):\n    logger.info(msg)\n\n\ndef print_info(msg):\n    print_generic(msg)\n\n\ndef print_debug(msg):\n    logger.debug(msg)\n\n\ndef print_error(msg):\n    logger.error(msg)\n\n\ndef print_warning(msg):\n    logger.warning(msg)\n\n\ndef print_exception(exception, additional_details=None):\n    try:\n        exc = True\n        exc_type, exc_obj, exc_tb = sys.exc_info()\n        if exc_tb and traceback:\n            file_name = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]\n            line_number = exc_tb.tb_lineno\n            traceback_exc = traceback.format_exc()\n            str = f'{file_name} L{line_number}: {exception}'\n        else:\n            file_name = None\n            line_number = None\n            traceback_exc = None\n            str = f'{exception}'\n            exc = False  # if there isn't an actual exception then it's pointless\n    except Exception as e:\n        file_name = None\n        line_number = None\n        traceback_exc = None\n        str = f'{exception}'\n\n    if verbose_exceptions and exc:\n        logger.exception(str)\n    else:\n        logger.error(str)\n\n    ERRORS_LIST.append({'file': file_name,\n                        'line': line_number,\n                        'exception': f'{exception}',\n                        'traceback': f'{traceback_exc}',\n                        'additional_details': additional_details})\n\n\n########################################\n# Prompt functions\n########################################\n\ndef prompt(test_input=None):\n    \"\"\"\n    Prompt function that works for Python2 and Python3\n\n    :param test_input:                  Value to be returned when testing\n\n    :return:                            Value typed by user (or passed in argument when testing)\n    \"\"\"\n    if test_input is not None:\n        if type(test_input) == list and len(test_input):\n            choice = test_input.pop(0)\n        elif type(test_input) == list:\n            choice = ''\n        else:\n            choice = test_input\n    else:\n        choice = input()\n    return choice\n\n\ndef prompt_overwrite(filename, force_write, test_input=None):\n    \"\"\"\n    Prompt whether the file should be overwritten\n\n    :param filename:                    Name of the file about to be written\n    :param force_write:                 Skip confirmation prompt if this flag is set\n    :param test_input:                       Used for unit testing\n\n    :return:                            Boolean whether file write operation is allowed\n    \"\"\"\n    if not os.path.exists(filename) or force_write:\n        return True\n    return prompt_yes_no(f'File \\'{filename}\\' already exists. Do you want to overwrite it',\n                         test_input=test_input)\n\n\ndef prompt_value(question, choices=None, default=None, display_choices=True, display_indices=False,\n                 authorize_list=False, is_question=False, no_confirm=False, required=True,\n                 regex=None,\n                 regex_format='', max_laps=5, test_input=None, return_index=False):\n    \"\"\"\n    Prompt for a value\n                                        .                    .\n    :param return_index:\n    :param question:                    Question to be asked\n    :param choices:                     List of authorized answers\n    :param default:                     Value suggested by default\n    :param display_choices:             Display accepted choices\n    :param display_indices:             Display the indice in the list next to the choice\n    :param authorize_list:              Set to true if a list of answers may be accepted\n    :param is_question:                 Set to true to append a question mark\n    :param no_confirm:                  Set to true to not prompt for a confirmation of the value\n    :param required:                    Set to false if an empty answer is authorized\n    :param regex:                       TODO\n    :param regex_format                 TODO\n    :param max_laps:                    Exit after N laps\n    :param test_input:                  Used for unit testing\n    :param return_index                 TODO\n\n    :return:\n    \"\"\"\n    int_choice = 0\n\n    if choices and display_choices and not display_indices:\n        question = question + ' (' + '/'.join(choices) + ')'\n    lap_n = 0\n    while True:\n        if lap_n >= max_laps:\n            print_error('Automatically aborting prompt loop after 5 failures')\n            return None\n        lap_n += 1\n        can_return = False\n        # Display the question, choices, and prompt for the answer\n        if is_question:\n            question = question + '? '\n        print_error(question)\n        if choices and display_indices:\n            for c in choices:\n                print_error('%3d. %s' % (choices.index(c), c))\n            print_error('Enter the number corresponding to your choice: ')\n        choice = prompt(test_input)\n        # Set the default value if empty choice\n        if not choice or choice == '':\n            if default:\n                if no_confirm or prompt_yes_no('Use the default value (' + default + ')'):\n                    # return default\n                    choice = default\n                    can_return = True\n            elif not required:\n                can_return = True\n            else:\n                print_error('Error: you cannot leave this parameter empty.')\n        # Validate the value against a whitelist of choices\n        elif choices:\n            user_choices = [item.strip() for item in choice.split(',')]\n            if not authorize_list and len(user_choices) > 1:\n                print_error(\n                    'Error: multiple values are not supported; please enter a single value.')\n            else:\n                choice_valid = True\n                if display_indices and int(choice) < len(choices):\n                    int_choice = choice\n                    choice = choices[int(choice)]\n                else:\n                    for c in user_choices:\n                        if c not in choices:\n                            print_error('Invalid value (%s).' % c)\n                            choice_valid = False\n                            break\n                if choice_valid:\n                    can_return = True\n        # Validate against a regex\n        elif regex:\n            if regex.match(choice):\n                # return choice\n                can_return = True\n            else:\n                print_error('Error: expected format is: %s' % regex_format)\n        else:\n            # No automated validation, can attempt to return\n            can_return = True\n        if can_return:\n            # Manually confirm that the entered value is correct if needed\n            if no_confirm or prompt_yes_no('You entered \"' + choice + '\". Is that correct',\n                                           test_input=test_input):\n                return int(int_choice) if return_index else choice\n\n\ndef prompt_yes_no(question, test_input=None):\n    \"\"\"\n    Prompt for a yes/no or y/n answer\n                                        .\n    :param question:                    Question to be asked\n    :param test_input:                  Used for unit testing\n\n    :return:                            True for yes/y, False for no/n\n    \"\"\"\n    count = 0\n    while True:\n        print_error(question + ' (y/n)? ')\n        choice = prompt(test_input).lower()\n        if choice == 'yes' or choice == 'y':\n            return True\n        elif choice == 'no' or choice == 'n':\n            return False\n        else:\n            count += 1\n            print_error('\\'%s\\' is not a valid answer. Enter \\'yes\\'(y) or \\'no\\'(n).' % choice)\n            if count > 3:\n                return None\n"
  },
  {
    "path": "ScoutSuite/core/exceptions.py",
    "content": "from ScoutSuite.core.console import print_debug\n\nfrom ScoutSuite.output.result_encoder import JavaScriptEncoder\n\n\nclass RuleExceptions:\n    \"\"\"\n    Exceptions handling\n    \"\"\"\n\n    def __init__(self, file_path=None):\n        self.jsrw = JavaScriptEncoder()\n        self.exceptions = self.jsrw.load_from_file(file_type='EXCEPTIONS',\n                                                   file_path=file_path,\n                                                   first_line=True)\n\n    def process(self, cloud_provider):\n        for service in self.exceptions:\n            for rule in self.exceptions[service]:\n                filtered_items = []\n                if rule not in cloud_provider.services[service]['findings']:\n                    print_debug('Warning:: key error should not be happening')\n                    continue\n                for item in cloud_provider.services[service]['findings'][rule]['items']:\n                    if item not in self.exceptions[service][rule]:\n                        filtered_items.append(item)\n                cloud_provider.services[service]['findings'][rule]['items'] = filtered_items\n                cloud_provider.services[service]['findings'][rule]['flagged_items'] = \\\n                    len(cloud_provider.services[service]['findings'][rule]['items'])\n"
  },
  {
    "path": "ScoutSuite/core/fs.py",
    "content": "import datetime\nimport json\nimport os\n\nfrom ScoutSuite.core.console import print_exception, prompt_overwrite, print_info\nfrom ScoutSuite.core.conditions import pass_condition\n\n\nclass CustomJSONEncoder(json.JSONEncoder):\n    \"\"\"\n    JSON encoder class\n    \"\"\"\n\n    def default(self, o):\n        if type(o) == datetime.datetime:\n            return str(o)\n        else:\n            return o.__dict__\n\n\ndef load_data(data_file, key_name=None, local_file=False):\n    \"\"\"\n    Load a JSON data file\n\n    :param data_file:\n    :param key_name:\n    :param local_file:\n    :return:\n    \"\"\"\n    if local_file:\n        if data_file.startswith('/'):\n            src_file = data_file\n        else:\n            src_dir = os.getcwd()\n            src_file = os.path.join(src_dir, data_file)\n    else:\n        src_dir = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../data')\n        src_file = os.path.join(src_dir, data_file)\n    with open(src_file) as f:\n        data = json.load(f)\n    if key_name:\n        data = data[key_name]\n    return data\n\n\ndef read_ip_ranges(filename, local_file=True, ip_only=False, conditions=None):\n    \"\"\"\n    Returns the list of IP prefixes from an ip-ranges file\n\n    :param filename:\n    :param local_file:\n    :param conditions:\n    :param ip_only:\n    :return:\n    \"\"\"\n    if not conditions:\n        conditions = []\n\n    targets = []\n    data = load_data(filename, local_file=local_file)\n    if 'source' in data:\n        # Filtered IP ranges\n        conditions = data['conditions']\n        local_file = data['local_file'] if 'local_file' in data else False\n        data = load_data(data['source'], local_file=local_file, key_name='prefixes')\n    else:\n        # Plain IP ranges\n        data = data['prefixes']\n    for d in data:\n        condition_passed = True\n        for condition in conditions:\n            if type(condition) != list or len(condition) < 3:\n                continue\n            condition_passed = pass_condition(d[condition[0]], condition[1], condition[2])\n            if not condition_passed:\n                break\n        if condition_passed:\n            targets.append(d)\n    if ip_only:\n        ips = []\n        for t in targets:\n            ips.append(t['ip_prefix'])\n        return ips\n    else:\n        return targets\n\n\ndef save_blob_as_json(filename, blob, force_write):\n    \"\"\"\n    Creates/Modifies file and saves python object as JSON\n\n    :param filename:\n    :param blob:\n    :param force_write:\n\n    :return:\n    \"\"\"\n    try:\n        if prompt_overwrite(filename, force_write):\n            with open(filename, 'wt') as f:\n                print_info('%s' % json.dumps(blob, indent=4, separators=(',', ': '), sort_keys=True,\n                                             cls=CustomJSONEncoder))\n    except Exception as e:\n        print_exception(e)\n"
  },
  {
    "path": "ScoutSuite/core/processingengine.py",
    "content": "from ScoutSuite.core.console import print_debug, print_exception\nfrom ScoutSuite.utils import manage_dictionary\n\nfrom ScoutSuite.core.utils import recurse\n\n\nclass ProcessingEngine:\n    \"\"\"\n\n    \"\"\"\n\n    def __init__(self, ruleset):\n        # Organize rules by path\n        self.ruleset = ruleset\n        self.rules = {}\n        for filename in self.ruleset.rules:\n            for rule in self.ruleset.rules[filename]:\n                if not rule.enabled:\n                    continue\n                try:\n                    manage_dictionary(self.rules, rule.path, [])\n                    self.rules[rule.path].append(rule)\n                except Exception as e:\n                    print_exception(f'Failed to create rule {rule.filename}: {e}')\n\n    def run(self, cloud_provider, skip_dashboard=False):\n        # Clean up existing findings\n        for service in cloud_provider.services:\n            cloud_provider.services[service][self.ruleset.rule_type] = {}\n\n        # Process each rule\n        for finding_path in self._filter_rules(self.rules, cloud_provider.service_list):\n            for rule in self.rules[finding_path]:\n\n                if not rule.enabled:  # or rule.service not in []: # TODO: handle this...\n                    continue\n\n                print_debug(f'Processing {rule.service} rule \"{rule.description}\" ({rule.filename})')\n                finding_path = rule.path\n                path = finding_path.split('.')\n                service = path[0]\n                manage_dictionary(cloud_provider.services[service], self.ruleset.rule_type, {})\n                cloud_provider.services[service][self.ruleset.rule_type][rule.key] = {}\n                cloud_provider.services[service][self.ruleset.rule_type][rule.key]['description'] = rule.description\n                cloud_provider.services[service][self.ruleset.rule_type][rule.key]['path'] = rule.path\n                for attr in ['level', 'id_suffix', 'class_suffix', 'display_path']:\n                    if hasattr(rule, attr):\n                        cloud_provider.services[service][self.ruleset.rule_type][rule.key][attr] = getattr(rule, attr)\n                try:\n                    setattr(rule, 'checked_items', 0)\n                    cloud_provider.services[service][self.ruleset.rule_type][rule.key]['items'] = recurse(\n                        cloud_provider.services, cloud_provider.services, path, [], rule, True)\n                    if skip_dashboard:\n                        continue\n                    cloud_provider.services[service][self.ruleset.rule_type][rule.key]['dashboard_name'] = \\\n                        rule.dashboard_name\n                    cloud_provider.services[service][self.ruleset.rule_type][rule.key]['checked_items'] = \\\n                        rule.checked_items\n                    cloud_provider.services[service][self.ruleset.rule_type][rule.key]['flagged_items'] = \\\n                        len(cloud_provider.services[service][self.ruleset.rule_type][rule.key]['items'])\n                    cloud_provider.services[service][self.ruleset.rule_type][rule.key]['service'] = rule.service\n                    cloud_provider.services[service][self.ruleset.rule_type][rule.key]['rationale'] = \\\n                        rule.rationale if hasattr(rule, 'rationale') else None\n                    cloud_provider.services[service][self.ruleset.rule_type][rule.key]['remediation'] = \\\n                        rule.remediation if hasattr(rule, 'remediation') else None\n                    cloud_provider.services[service][self.ruleset.rule_type][rule.key]['compliance'] = \\\n                        rule.compliance if hasattr(rule, 'compliance') else None\n                    cloud_provider.services[service][self.ruleset.rule_type][rule.key]['references'] = \\\n                        rule.references if hasattr(rule, 'references') else None\n                except Exception as e:\n                    print_exception(f'Failed to process rule defined in {rule.filename}: {e}')\n                    # Fallback if process rule failed to ensure report creation and data dump still happen\n                    cloud_provider.services[service][self.ruleset.rule_type][rule.key]['checked_items'] = 0\n                    cloud_provider.services[service][self.ruleset.rule_type][rule.key]['flagged_items'] = 0\n\n    @staticmethod\n    def _filter_rules(rules, services):\n        return {rule_name: rule for rule_name, rule in rules.items() if rule_name.split('.')[0] in services}\n"
  },
  {
    "path": "ScoutSuite/core/rule.py",
    "content": "import json\nimport re\n\nfrom ScoutSuite.core.fs import read_ip_ranges\nfrom ScoutSuite.core.console import print_exception\n\nfrom ScoutSuite.utils import format_service_name\n\nip_ranges_from_args = 'ip-ranges-from-args'\n\nre_account_id = re.compile(r'_ACCOUNT_ID_')\nre_ip_ranges_from_file = re.compile(r'_IP_RANGES_FROM_FILE_\\((.*?)(,.*?)\\)')\nre_ip_ranges_from_local_file = re.compile(r'_IP_RANGES_FROM_LOCAL_FILE_\\((.*?)(,.*?)\\)')\nre_strip_dots = re.compile(r'(_STRIPDOTS_\\((.*?)\\))')\n\ntestcases = [\n    {\n        'name': 'account_id',\n        'regex': re_account_id\n    },\n    {\n        'name': 'ip_ranges_from_file',\n        'regex': re_ip_ranges_from_file\n    },\n    {\n        'name': 'ip_ranges_from_local_file',\n        'regex': re_ip_ranges_from_local_file\n    }\n]\n\n\nclass Rule:\n\n    def to_string(self):\n        return str(vars(self))\n\n    def __init__(self, data_path, filename, rule_type, rule):\n        self.data_path = data_path\n        self.filename = filename\n        self.rule_type = rule_type\n        self.enabled = bool(self.get_attribute('enabled', rule, False))\n        self.level = self.get_attribute('level', rule, '')\n        self.args = self.get_attribute('args', rule, [])\n        self.conditions = self.get_attribute('conditions', rule, [])\n        self.key_suffix = self.get_attribute('key_suffix', rule, None)\n\n    @staticmethod\n    def get_attribute(name, rule, default_value):\n        return rule[name] if name in list(rule.keys()) else default_value\n\n    def set_definition(self, rule_definitions, attributes=None, ip_ranges=None, params=None):\n        \"\"\"\n        Update every attribute of the rule by setting the argument values as necessary\n\n        :param rule_definitions:            TODO\n        :param attributes:                  TODO\n        :param ip_ranges:                   TODO\n        :param params:                      TODO\n        :return:\n        \"\"\"\n        attributes = [] if attributes is None else attributes\n        ip_ranges = [] if ip_ranges is None else ip_ranges\n        params = {} if params is None else params\n        try:\n            string_definition = rule_definitions[self.filename].string_definition\n            # Load condition dependencies\n            definition = json.loads(string_definition)\n            definition['conditions'] += self.conditions\n            loaded_conditions = []\n            for condition in definition['conditions']:\n                if condition[0].startswith('_INCLUDE_('):\n                    include = re.findall(r'_INCLUDE_\\((.*?)\\)', condition[0])[0]\n                    # new_conditions = load_data(include, key_name = 'conditions')\n                    rules_path = f'{self.data_path}/{include}'\n                    with open(rules_path) as f:\n                        new_conditions = f.read()\n                        for (i, value) in enumerate(condition[1]):\n                            new_conditions = re.sub(condition[1][i], condition[2][i], new_conditions)\n                        new_conditions = json.loads(new_conditions)['conditions']\n                    loaded_conditions.append(new_conditions)\n                else:\n                    loaded_conditions.append(condition)\n            definition['conditions'] = loaded_conditions\n            string_definition = json.dumps(definition)\n            # Set parameters\n            parameters = re.findall(r'(_ARG_([a-zA-Z0-9]+)_)', string_definition)\n            for param in parameters:\n                index = int(param[1])\n                if len(self.args) <= index:\n                    string_definition = string_definition.replace(param[0], '')\n                elif type(self.args[index]) == list:\n                    value = '[ %s ]' % ', '.join('\"%s\"' % v for v in self.args[index])\n                    string_definition = string_definition.replace('\"%s\"' % param[0], value)\n                else:\n                    string_definition = string_definition.replace(param[0], self.args[index])\n            # Strip dots if necessary\n            stripdots = re_strip_dots.findall(string_definition)\n            for value in stripdots:\n                string_definition = string_definition.replace(value[0], value[1].replace('.', ''))\n            definition = json.loads(string_definition)\n            # Set special values (IP ranges, AWS account ID, ...)\n            for condition in definition['conditions']:\n                if type(condition) != list \\\n                        or len(condition) == 1 \\\n                        or type(condition[2]) == list \\\n                        or type(condition[2]) == dict:\n                    continue\n                for testcase in testcases:\n                    result = testcase['regex'].match(condition[2])\n                    if result and (testcase['name'] == 'ip_ranges_from_file'\n                                   or testcase['name'] == 'ip_ranges_from_local_file'):\n                        filename = result.groups()[0]\n                        conditions = result.groups()[1] if len(result.groups()) > 1 else []\n                        # TODO :: handle comma here...\n                        if filename == ip_ranges_from_args:\n                            prefixes = []\n                            for filename in ip_ranges:\n                                prefixes += read_ip_ranges(filename, local_file=True, ip_only=True,\n                                                           conditions=conditions)\n                            condition[2] = prefixes\n                            break\n                        else:\n                            local_file = True if testcase['name'] == 'ip_ranges_from_local_file' else False\n                            condition[2] = read_ip_ranges(filename, local_file=local_file, ip_only=True,\n                                                          conditions=conditions)\n                            break\n                    elif result:\n                        condition[2] = params[testcase['name']]\n                        break\n\n            if len(attributes) == 0:\n                attributes = [attr for attr in definition]\n            for attr in attributes:\n                if attr in definition:\n                    setattr(self, attr, definition[attr])\n            if hasattr(self, 'path'):\n                self.service = format_service_name(self.path.split('.')[0])\n            if not hasattr(self, 'key'):\n                setattr(self, 'key', self.filename)\n            setattr(self, 'key', self.key.replace('.json', ''))\n            if self.key_suffix:\n                setattr(self, 'key', f'{self.key}-{self.key_suffix}')\n        except Exception as e:\n            print_exception(f'Failed to set definition {self.filename}: {e}')\n"
  },
  {
    "path": "ScoutSuite/core/rule_definition.py",
    "content": "import json\nimport os\n\nfrom ScoutSuite.core.console import print_error, print_exception\n\n\nclass RuleDefinition:\n\n    def __init__(self, data_path, file_name=None, rule_dirs=None, string_definition=None):\n        rule_dirs = [] if rule_dirs is None else rule_dirs\n        self.rules_data_path = data_path\n        self.file_name = file_name\n        self.rule_dirs = rule_dirs\n        self.rule_types = ['findings', 'filters']\n\n        if self.file_name:\n            self.load()\n        elif string_definition:\n            self.string_definition = string_definition\n            self.load_from_string_definition()\n        else:\n            print_error('Error')\n\n    def __str__(self):\n        desription = getattr(self, 'description')\n        dlen = len(desription)\n        padding = (80 - dlen) // 2 if dlen < 80 else 0\n        value = '-' * 80 + '\\n' + ' ' * padding + ' %s' % getattr(self, 'description') + '\\n' + '-' * 80 + '\\n'\n        quiet_list = ['descriptions', 'rule_dirs', 'rule_types', 'rules_data_path', 'string_definition']\n        value += '\\n'.join(\n            '{}: {}'.format(attr, str(getattr(self, attr))) for attr in vars(self) if attr not in quiet_list)\n        value += '\\n'\n        return value\n\n    def load(self):\n        \"\"\"\n        Load the definition of the rule, searching in the specified rule dirs first, then in the built-in definitions\n\n        :return:                        None\n        \"\"\"\n        file_name_valid = False\n        rule_type_valid = False\n        file_path = None\n        # Look for a locally-defined rule\n        for rule_dir in self.rule_dirs:\n            try:\n                file_path = os.path.join(rule_dir, self.file_name) if rule_dir else self.file_name\n            except Exception as e:\n                print_exception('Failed to load file {}: {}'.format(self.file_name, str(e)))\n            if os.path.isfile(file_path):\n                self.file_path = file_path\n                file_name_valid = True\n                break\n        # Look for a built-in rule\n        if not file_name_valid:\n            for rule_type in self.rule_types:\n                if self.file_name.startswith(rule_type):\n                    self.file_path = os.path.join(self.rules_data_path, self.file_name)\n                    rule_type_valid = True\n                    file_name_valid = True\n                    break\n            if not rule_type_valid:\n                for rule_type in self.rule_types:\n                    self.file_path = os.path.join(self.rules_data_path, rule_type, self.file_name)\n                    if os.path.isfile(self.file_path):\n                        file_name_valid = True\n                        break\n            else:\n                if os.path.isfile(self.file_path):\n                    file_name_valid = True\n        if not file_name_valid:\n            print_error('Error: could not find %s' % self.file_name)\n        else:\n            try:\n                with open(self.file_path) as f:\n                    self.string_definition = f.read()\n                    self.load_from_string_definition()\n            except Exception as e:\n                print_exception('Failed to load rule defined in {}: {}'.format(self.file_name, str(e)))\n\n    def load_from_string_definition(self):\n        try:\n            definition = json.loads(self.string_definition)\n            for attr in definition:\n                setattr(self, attr, definition[attr])\n        except Exception as e:\n            print_exception('Failed to load string definition {}: {}'.format(self.string_definition, str(e)))\n"
  },
  {
    "path": "ScoutSuite/core/ruleset.py",
    "content": "import json\nimport os\nimport tempfile\n\nfrom ScoutSuite.core.console import print_debug, print_error, prompt_yes_no, print_exception\n\nfrom ScoutSuite.core.rule import Rule\nfrom ScoutSuite.core.rule_definition import RuleDefinition\n\naws_ip_ranges_filename = 'ip-ranges.json'\nip_ranges_from_args = 'ip-ranges-from-args'\n\n\nclass Ruleset:\n    \"\"\"\n    TODO\n\n    :ivar rules:                        List of rules defined in the ruleset\n    :ivar rule_definitions:             Definition of all rules found\n    :ivar ??\n    \"\"\"\n\n    def __init__(self,\n                 cloud_provider,\n                 environment_name='default',\n                 filename=None,\n                 name=None,\n                 rules_dir=None,\n                 rule_type='findings',\n                 ip_ranges=None,\n                 account_id=None,\n                 ruleset_generator=False):\n        rules_dir = [] if rules_dir is None else rules_dir\n        ip_ranges = [] if ip_ranges is None else ip_ranges\n\n        self.rules_data_path = os.path.dirname(\n            os.path.dirname(os.path.abspath(__file__))) + '/providers/%s/rules' % cloud_provider\n\n        self.environment_name = environment_name\n        self.rule_type = rule_type\n        # Ruleset filename\n        self.filename = self.find_file(filename)\n        if not self.filename:\n            self.search_ruleset(environment_name)\n        print_debug('Loading ruleset %s' % self.filename)\n        self.name = os.path.basename(self.filename).replace('.json', '') if not name else name\n        self.load(self.rule_type)\n        self.shared_init(ruleset_generator, rules_dir, account_id, ip_ranges)\n\n    def to_string(self):\n        return str(vars(self))\n\n    def shared_init(self, ruleset_generator, rule_dirs, account_id, ip_ranges):\n\n        # Load rule definitions\n        if not hasattr(self, 'rule_definitions'):\n            self.load_rule_definitions(ruleset_generator, rule_dirs)\n\n        # Prepare the rules\n        params = {'account_id': account_id}\n        if ruleset_generator:\n            self.prepare_rules(attributes=['description', 'key', 'rationale'], params=params)\n        else:\n            self.prepare_rules(ip_ranges=ip_ranges, params=params)\n\n    def load(self, rule_type, quiet=False):\n        \"\"\"\n        Open a JSON file defining a ruleset and load it into a Ruleset object\n\n        :param rule_type:           TODO\n        :param quiet:               TODO\n        :return:\n        \"\"\"\n        if self.filename and os.path.exists(self.filename):\n            try:\n                with open(self.filename) as f:\n                    ruleset = json.load(f)\n                    self.about = ruleset['about'] if 'about' in ruleset else ''\n                    self.rules = {}\n                    for filename in ruleset['rules']:\n                        self.rules[filename] = []\n                        for rule in ruleset['rules'][filename]:\n                            self.handle_rule_versions(filename, rule_type, rule)\n            except Exception as e:\n                print_exception(f'Ruleset file {self.filename} contains malformed JSON: {e}')\n                self.rules = []\n                self.about = ''\n        else:\n            self.rules = []\n            if not quiet:\n                print_error('Error: the file %s does not exist.' % self.filename)\n\n    def load_rules(self, file, rule_type):\n        file.seek(0)\n        ruleset = json.load(file)\n        self.about = ruleset['about']\n        self.rules = {}\n        for filename in ruleset['rules']:\n            self.rules[filename] = []\n            for rule in ruleset['rules'][filename]:\n                self.handle_rule_versions(filename, rule_type, rule)\n\n    def handle_rule_versions(self, filename, rule_type, rule):\n        \"\"\"\n        For each version of a rule found in the ruleset, append a new Rule object\n        \"\"\"\n        if 'versions' in rule:\n            versions = rule.pop('versions')\n            for version_key_suffix in versions:\n                version = versions[version_key_suffix]\n                version['key_suffix'] = version_key_suffix\n                tmp_rule = dict(rule, **version)\n                self.rules[filename].append(Rule(self.rules_data_path, filename, rule_type, tmp_rule))\n        else:\n            self.rules[filename].append(Rule(self.rules_data_path, filename, rule_type, rule))\n\n    def prepare_rules(self, attributes=None, ip_ranges=None, params=None):\n        \"\"\"\n        Update the ruleset's rules by duplicating fields as required by the HTML ruleset generator\n\n        :return:\n        \"\"\"\n        attributes = [] if attributes is None else attributes\n        ip_ranges = [] if ip_ranges is None else ip_ranges\n        params = {} if params is None else params\n        for filename in self.rule_definitions:\n            if filename in self.rules:\n                for rule in self.rules[filename]:\n                    rule.set_definition(self.rule_definitions, attributes, ip_ranges, params)\n            else:\n                self.rules[filename] = []\n                new_rule = Rule(self.rules_data_path, filename, self.rule_type, {'enabled': False, 'level': 'danger'})\n                new_rule.set_definition(self.rule_definitions, attributes, ip_ranges, params)\n                self.rules[filename].append(new_rule)\n\n    def load_rule_definitions(self, ruleset_generator=False, rule_dirs=None):\n        \"\"\"\n        Load definition of rules declared in the ruleset\n\n        :param ruleset_generator:\n        :param rule_dirs:\n        :return:\n        \"\"\"\n        rule_dirs = [] if rule_dirs is None else rule_dirs\n\n        # Load rules from JSON files\n        self.rule_definitions = {}\n        for rule_filename in self.rules:\n            for rule in self.rules[rule_filename]:\n                if not rule.enabled and not ruleset_generator:\n                    continue\n            self.rule_definitions[os.path.basename(rule_filename)] = RuleDefinition(self.rules_data_path,\n                                                                                    rule_filename,\n                                                                                    rule_dirs=rule_dirs)\n        # In case of the ruleset generator, list all available built-in rules\n        if ruleset_generator:\n            rule_dirs.append(self.rules_data_path + '/findings')\n            rule_filenames = []\n            for rule_dir in rule_dirs:\n                rule_filenames += [f for f in os.listdir(rule_dir) if os.path.isfile(os.path.join(rule_dir, f))]\n            for rule_filename in rule_filenames:\n                if rule_filename not in self.rule_definitions:\n                    self.rule_definitions[os.path.basename(rule_filename)] = RuleDefinition(self.rules_data_path,\n                                                                                            rule_filename)\n\n    def search_ruleset(self, environment_name, no_prompt=False):\n        \"\"\"\n\n        :param environment_name:\n        :param no_prompt:\n        :return:\n        \"\"\"\n        ruleset_found = False\n        if environment_name != 'default':\n            ruleset_file_name = 'ruleset-%s.json' % environment_name\n            ruleset_file_path = os.path.join(self.rules_data_path, 'rulesets/%s' % ruleset_file_name)\n            if os.path.exists(ruleset_file_path):\n                if no_prompt or prompt_yes_no(\n                        \"A ruleset whose name matches your environment name was found in %s. \"\n                        \"Would you like to use it instead of the default one\" % ruleset_file_name):\n                    ruleset_found = True\n                    self.filename = ruleset_file_path\n        if not ruleset_found:\n            self.filename = os.path.join(self.rules_data_path, 'rulesets/default.json')\n\n    def find_file(self, filename, filetype='rulesets'):\n        \"\"\"\n\n        :param filename:\n        :param filetype:\n        :return:\n        \"\"\"\n        if filename and not os.path.isfile(filename):\n            # Not a valid relative / absolute path, check Scout's data under findings/ or filters/\n            if not filename.startswith('findings/') and not filename.startswith('filters/'):\n                filename = f'{filetype}/{filename}'\n            if not os.path.isfile(filename):\n                filename = os.path.join(self.rules_data_path, filename)\n            if not os.path.isfile(filename) and not filename.endswith('.json'):\n                filename = self.find_file('%s.json' % filename, filetype)\n        return filename\n\n\nclass TmpRuleset(Ruleset):\n\n    def __init__(self, cloud_provider, rule_dirs=None, rule_filename=None, rule_args=None, rule_level='danger'):\n        super().__init__(cloud_provider)\n        rule_dirs = [] if rule_dirs is None else rule_dirs\n        rule_args = [] if rule_args is None else rule_args\n        self.rule_type = 'findings'\n        tmp_ruleset = {'rules': {}, 'about': 'Temporary, single-rule ruleset.'}\n        tmp_ruleset['rules'][rule_filename] = []\n        rule = {'enabled': True, 'level': rule_level}\n        if len(rule_args):\n            rule['args'] = rule_args\n        tmp_ruleset['rules'][rule_filename].append(rule)\n        tmp_ruleset_file = tempfile.TemporaryFile('w+t')\n        tmp_ruleset_file.write(json.dumps(tmp_ruleset))\n\n        self.rules_data_path = os.path.dirname(\n            os.path.dirname(os.path.abspath(__file__))) + '/providers/%s/rules' % cloud_provider\n\n        self.load_rules(file=tmp_ruleset_file, rule_type='findings')\n\n        self.shared_init(False, rule_dirs, '', [])\n"
  },
  {
    "path": "ScoutSuite/core/server.py",
    "content": "from sqlitedict import SqliteDict\nimport cherrypy\nimport cherrypy_cors\n\nimport re\n\ncount_re = re.compile(r\".*_count$\")\n\n\nclass Server:\n    \"\"\"\n    Boots a server that serves the result of the report for the user. This is still a proof of concept,\n    but will eventually be used to serve data when it exceeds 400mb.\n    \"\"\"\n    def __init__(self, filename):\n        \"\"\"\n        Constructor of the server object. Should not be called directly outside the class.\n\n        :param filename:                Name of the file to write data to.\n        :return:                        The server object.\n        \"\"\"\n        self.results = SqliteDict(filename)\n\n    @cherrypy.expose()\n    @cherrypy.tools.json_out()\n    def summary(self):\n        \"\"\"\n        Returns the stripped down data of the results that doesn't scale up when using a lot of resources,\n        used to render the summary.\n        Should be the first call from the server.\n        Can be found at GET /api/summary\n\n        :return:                        The summary data of the report.\n        \"\"\"\n        data = dict(self.results)\n        services = data.get('services')\n        stripped_services = {}\n        for k1, v1 in services.items():\n            service = {}\n            for k2, v2 in v1.items():\n                if k2 == 'findings' or k2 == 'filters' or count_re.match(k2):\n                    service[k2] = v2\n            stripped_services[k1] = service\n        data['services'] = stripped_services\n        return {'data': data}\n\n    @cherrypy.expose()\n    @cherrypy.tools.json_out()\n    def data(self, key=None):\n        \"\"\"\n        Return the data at the requested key. Doesn't returns nested dictionaries and lists.\n        If one of the value is a dictionary, it will return {'type': 'dict', 'keys': <Array of all the keys>}\n        If one of the value is a list, it will return {'type': 'list', 'count': <number of elements in the list>}\n\n        Can be found at GET /api/data?key=<KEY>\n        :param key:                     Key of the requested information, separated by the character '¤'.\n        :return:                        The data at the requested location stripped of its nested data.\n        \"\"\"\n        result = self.get_item(self.results, key)\n        # Returns only indexes or length if it's a complex type\n        if isinstance(result, dict) or isinstance(result, SqliteDict):\n            result = {'type': 'dict', 'keys': list(result.keys())}\n        elif isinstance(result, list):\n            result = {'type': 'list', 'length': len(result)}\n        return {'data': result}\n\n    @cherrypy.expose()\n    @cherrypy.tools.json_out()\n    def full(self, key=None):\n        \"\"\"\n        Return the data at the requested key. Returns all the nested data.\n        Be sure not to use it on a key that may contains a lot of data, as the request won't be answered\n        if it's too large(generally 3mb).\n\n        Can be found at GET /api/full?key=<KEY>\n        :param key:                     Key of the requested information, separated by the character '¤'.\n        :return:                        The data at the requested location.\n        \"\"\"\n        result = self.get_item(self.results, key)\n        if isinstance(result, str) or isinstance(result, int):\n            return {'data': result}\n        return {'data': dict(result)}\n\n    @cherrypy.expose()\n    @cherrypy.tools.json_out()\n    def page(self, key=None, page=None, pagesize=None):\n        \"\"\"\n        Return a page of the data at the requested key. Doesn't returns nested dictionaries and lists.\n        For example, if you set pagesize=10 and page=2, it should return element 10-19\n        If one of the value is a dictionary, it will return {'type': 'dict', 'keys': <Array of all the keys>}\n        If one of the value is a list, it will return {'type': 'list', 'count': <number of elements in the list>}\n\n        Can be found at GET /api/page?key=<KEY>&page=<PAGE>&pagesize=<PAGESIZE>\n        :param key:                     Key of the requested information, separated by the character '¤'.\n        :param page:                    The number of the page you request.\n        :param pagesize:                The size of the page you request.\n        :return:                        A subset of the data at the requested location.\n        \"\"\"\n        result = self.get_item(self.results, key)\n\n        page = int(page)\n        pagesize = int(pagesize)\n\n        start = page * pagesize\n        end = min((page + 1) * pagesize, len(result))\n\n        if isinstance(result, dict) or isinstance(result, SqliteDict):\n            page = {k: result.get(k) for k in sorted(list(result))[start:end]}\n        if isinstance(result, list):\n            page = result[start:end]\n\n        return {'data': self.strip_nested_data(page)}\n\n    @staticmethod\n    def init(database_filename, host, port):\n        \"\"\"\n        Configure and starts the server.\n\n        :param database_filename:       Location of the database file.\n        :param host:                    Address on which to listen.\n        :param port:                    Port on which to listen.\n        \"\"\"\n        cherrypy_cors.install()\n        config = {\n            '/': {\n                'cors.expose.on': True,\n                'tools.sessions.on': True,\n                'tools.response_headers.on': True,\n                'tools.response_headers.headers': [('Content-Type', 'text/plain')],\n            },\n        }\n        cherrypy.config.update({\n                'server.socket_host': host,\n                'server.socket_port': port,\n        })\n        cherrypy.quickstart(Server(database_filename), \"/api\", config=config)\n\n    @staticmethod\n    def get_item(data, key):\n        \"\"\"\n        Get a specific information from its key.\n\n        :param data:                    The dictionary in which the information is stored.\n        :param host:                    The key where the information is located.\n        :return:                        The nested data at the requested location.\n        \"\"\"\n        if not key:\n            return data\n\n        keyparts = key.split('¤')\n        for k in keyparts:\n            if isinstance(data, dict) or isinstance(data, SqliteDict):\n                data = data.get(k)\n            elif isinstance(data, list):\n                data = data[int(k)]\n        return data\n\n    @staticmethod\n    def strip_nested_data(data):\n        \"\"\"\n        Strip nested lists and dictionaries from the provided object to reduce its size.\n\n        :param data:                    The object to strip.\n        :return:                        The input data stripped of its nested lists and dictionaries.\n        \"\"\"\n        if not isinstance(data, dict):\n            return data\n\n        result = {}\n        for k, v in data.items():\n            if isinstance(v, dict):\n                result[k] = {'type': 'dict', 'keys': list(v.keys())}\n            elif isinstance(v, list):\n                result[k] = {'type': 'list', 'length': len(v)}\n        return result\n\n"
  },
  {
    "path": "ScoutSuite/core/utils.py",
    "content": "\"\"\"\nSingle-service rule processing functions\n\"\"\"\n\nimport copy\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.core.conditions import pass_conditions, fix_path_string\n\n\ndef recurse(all_info, current_info, target_path, current_path, config, add_suffix=False):\n    \"\"\"\n    Recursively test conditions for a path.\n    In order to do this, needs to evaluate all the `id` possibilities.\n\n    When the value in the path is `id`, this represents either a key for a dict or an index for a list.\n\n    When the is `id`:\n    - For a dict return value at key\n    - For a list, return the list\n    When the value ends in `id.`:\n    - For a dict, return a list of keys\n    - For a list, return value at the index indicated by id\n    `\n    :param all_info:        All of the services' data\n    :param current_info:    ?\n    :param target_path:     The path that is being tested\n    :param current_path:\n    :param config:          The Rule object that is being tested\n    :param add_suffix:      ?\n    :return:\n    \"\"\"\n    results = []\n    if len(target_path) == 0:\n        # Dashboard: count the number of processed resources here\n        setattr(config, 'checked_items', getattr(config, 'checked_items') + 1)\n        # Test for conditions...\n        if pass_conditions(all_info, current_path, copy.deepcopy(config.conditions)):\n            # id_suffix\n            if add_suffix and hasattr(config, 'id_suffix'):\n                suffix = fix_path_string(all_info, current_path, config.id_suffix)\n                current_path.append(suffix)\n            # class_suffix\n            if add_suffix and hasattr(config, 'class_suffix'):\n                suffix = fix_path_string(all_info, current_path, config.class_suffix)\n                current_path.append(suffix)\n            results.append('.'.join(current_path))\n        # Return the flagged items...\n        return results\n    target_path = copy.deepcopy(target_path)\n    dbg_target_path = copy.deepcopy(target_path)\n    current_path = copy.deepcopy(current_path)\n    attribute = target_path.pop(0)\n    if type(current_info) == dict:\n        if attribute in current_info:\n            split_path = copy.deepcopy(current_path)\n            split_path.append(attribute)\n            results = results + recurse(all_info, current_info[attribute], target_path, split_path, config, add_suffix)\n        elif attribute == 'id':\n            for key in current_info:\n                split_target_path = copy.deepcopy(target_path)\n                split_current_path = copy.deepcopy(current_path)\n                split_current_path.append(key)\n                split_current_info = current_info[key]\n                results = results + recurse(all_info, split_current_info, split_target_path, split_current_path,\n                                            config, add_suffix)\n    # To handle lists properly, I would have to make sure the list is properly ordered and I can use the index to\n    # consistently access an object... Investigate (or do not use lists)\n    elif type(current_info) == list:\n        for index, split_current_info in enumerate(current_info):\n            split_current_path = copy.deepcopy(current_path)\n            split_current_path.append(str(index))\n            results = results + recurse(all_info, split_current_info, copy.deepcopy(target_path), split_current_path,\n                                        config, add_suffix)\n    # Python 2-3 compatible way to check for string type\n    elif isinstance(current_info, str):\n        split_current_path = copy.deepcopy(current_path)\n        results = results + recurse(all_info, current_info, [], split_current_path,\n                                    config, add_suffix)\n    else:\n        print_exception('Unable to recursively test condition for path {}: '\n                        'unhandled case for \\\"{}\\\" type'.format(current_path,\n                                                                type(current_info)),\n                        additional_details={'current_path': current_path,\n                                            'current_info': current_info,\n                                            'dbg_target_path': dbg_target_path})\n    return results\n"
  },
  {
    "path": "ScoutSuite/data/aws/ip-ranges/aws-in-ec2.json",
    "content": "{\n    \"source\": \"aws/ip-ranges/aws.json\",\n    \"conditions\": [ \"and\",\n        [ \"service\", \"equal\", \"EC2\" ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/data/aws/ip-ranges/aws-in-us.json",
    "content": "{\n    \"source\": \"aws/ip-ranges/aws.json\",\n    \"conditions\": [ \"and\",\n        [ \"region\", \"match\", [ \"us-.*\" ] ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/data/aws/ip-ranges/aws.json",
    "content": "{\n  \"syncToken\": \"1662013390\",\n  \"createDate\": \"2022-09-01-06-23-10\",\n  \"prefixes\": [\n    {\n      \"ip_prefix\": \"3.2.34.0/26\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.140.0/22\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.37.64/27\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"13.34.65.64/27\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.66.0/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.78.160/27\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.221.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.180.0.0/16\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.154/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.174/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.153.170/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.234/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.76.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.36.0/22\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.170.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"99.87.32.0/22\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"120.52.22.96/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.11.86/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.81.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.54/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.35.64/26\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.11.32/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.24.160/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.50.32/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.52.96/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.69.64/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.60/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.48/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.212/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.68/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.248/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.9/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.168.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.78.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.108.0.0/14\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.43.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.52.0/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.64.32/27\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.181.232.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-iah-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.208/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.17.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.163/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.164/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.150.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.60.0/23\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.136/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-msp-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.102/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.0.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-iah-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.43.96/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.48.0/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.62.160/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.64.96/27\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.248.56.0/22\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.117.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.221.34.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.137.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.135/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.219/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.186/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.24.0/23\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.187/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.199.0/25\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.252.248/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.154.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-chi-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.71.0/27\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.44/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"43.249.45.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.4.0.0/14\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.174/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.92.68/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.27/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.227.192/26\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.229.64/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.88.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.81.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.80/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-chi-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.70.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.70.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.73.192/26\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.28/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"50.16.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.108/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.116.148/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.133/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.198.0/25\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.95.208.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.224.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.104/32\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.114/32\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"150.222.84.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.244/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.208.82/31\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.50/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"205.251.249.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.32.128/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.49.0/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.73.96/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.193.3.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.220.196.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-mia-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.216.0/22\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1-del-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.115.0/24\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.152/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.169/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.153.148/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.244.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.208.0/23\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.117.0.0/16\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.26/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.190/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.228.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.34.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.197.34.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.205.0.0/16\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.10/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"16.12.6.0/23\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.68/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.82.169.16/28\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.34.56/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.198.16/28\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.225.128/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.69.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"71.131.192.0/18\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.122.104/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.17.64/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.236.0.0/14\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.197.36.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.230.158.0/23\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"16.57.0.0/16\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"43.206.0.0/15\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.192/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.220.0/22\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.128/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.140/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.56.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.152/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.41.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.100.0/22\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.226.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.204.0/22\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"99.78.152.0/22\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.56/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-las-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.135.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.202.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.125.244/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.4.0.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-pilot-6\"\n    },\n    {\n      \"ip_prefix\": \"13.34.53.192/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.60.128/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.83.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.185.0.0/16\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.252.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-las-1\"\n    },\n    {\n      \"ip_prefix\": \"15.221.35.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.28/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.248.28.0/22\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"16.30.0.0/16\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"16.49.0.0/16\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"40.167.0.0/16\",\n      \"region\": \"ap-southeast-6\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-6\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.0/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.35.212/32\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.118/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.205/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.26.0/23\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.44/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.182.0/23\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.54/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.247.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.248.0.0/15\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.40.0/25\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.41.192/27\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.72.0/24\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.196/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.9/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"16.155.0.0/16\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"18.34.248.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.99.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.76/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.70/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.200/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.192/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.119.252.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.148.0.0/15\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"69.107.7.16/29\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.130.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.185/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.11.78/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.27.12/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.52/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.68/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"180.163.57.128/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.50.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.68.192/26\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"18.200.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.144/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.102/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.141.212/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.21.0.0/16\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.206.0.0/16\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.69/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.56.0/21\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"108.175.56.0/22\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.96.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.15.32/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.29.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.68.160/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.69.224/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.70.64/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.124.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.193.2.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.222.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-mci-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.67.64/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.212.0/23\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"16.22.0.0/16\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"16.24.0.0/15\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.32/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.94/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.222/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.136/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.192.0/23\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.132.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.82/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.120.242/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.146.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-atl-1\"\n    },\n    {\n      \"ip_prefix\": \"13.204.0.0/14\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.247.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-atl-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.200.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.232.0.0/14\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.0/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.82.169.0/28\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.112.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.138/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.0.224/28\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"54.239.48.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"64.252.118.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.144/29\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1-tpe-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.54.224/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.79.192/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.119.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.120.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-bue-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.254/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.179.16/29\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.81.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.170/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.74.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.15.124/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.114.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.242.214/31\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.27.32/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.39.32/27\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"15.220.207.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-sea-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.206/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.244/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.102.0.0/16\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.144/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.98/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.0.0/16\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.14.18/32\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.6.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.197.192/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"64.252.122.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.7.56/29\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.2.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.234/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.27.18/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.164.220/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.23.0/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.67.0/24\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"15.230.138.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.169.6/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.254/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.32/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.47.0.0/16\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.93.16.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.144/28\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.136.0/23\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.64/28\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.199.128/26\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.225.64/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.143.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.22/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"204.246.168.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.25.248/29\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.38.64/27\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.72.160/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.208.0.0/16\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.193.7.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.108/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.70.0/26\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.74.128/26\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.76.0/26\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.253.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.96/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.64/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.136/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.166/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.96.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.122.203/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.194/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.156.0.0/14\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.90.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.236.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.8.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.18/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.98/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.40.0/22\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"3.5.136.0/22\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.3.160/27\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"15.181.160.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-nyc-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.29.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.14/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"16.56.0.0/16\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"18.191.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.56/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.210.0/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"98.131.0.0/16\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.159.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.83.97.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.88/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.21.128/27\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.55.0/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.82.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.80.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-atl-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.241.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"16.55.0.0/16\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"47.128.0.0/14\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.60/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.156/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.112/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.134/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.160/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.211.196/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.72.0/22\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.153.128.0/17\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.222.58.0/28\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"122.248.192.0/18\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.119.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.19.64/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.22.160/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.39.64/27\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"13.247.0.0/16\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.34/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.218.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.192.0.0/15\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.114.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.68/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.234/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.132/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.126/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.133.177/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.183/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.215.192/31\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.68.0/22\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.229.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.1.96/28\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.102.234/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.103/32\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.136/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.34.128/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.59.96/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.67.224/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.74.64/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.100.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.130.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.183.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.160.0.0/15\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.204/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.5.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.146/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.156/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.55.146/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.71.30/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.120.178/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.124/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.193.128/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.20.0.0/16\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.250.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.89.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.7.136/29\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"76.223.168.0/24\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"107.20.0.0/14\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.130/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.140/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.62/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.160.0/22\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.7.0/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.13.0/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.221.36.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.40.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"46.51.192.0/20\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.174/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.115.0/24\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.161/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.193.200/32\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.174.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.149.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.78.156.0/22\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.120.20/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.220.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.132.0.0/14\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.3.224/27\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.46/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.39.192/27\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"15.221.7.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.4.164/31\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.230.132.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.202.0/30\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.27/32\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.194/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.208.0/21\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.51.28/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.12.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.187.0/24\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"63.32.0.0/14\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.85.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.240/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.134/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.45.160/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.71.224/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.36.0.0/14\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.230.36.0/23\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.54/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.101/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.188/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"70.232.80.0/21\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"99.82.184.0/22\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.108/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.121.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.34/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"172.96.98.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.20.0/27\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.35.160/27\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.94.0/24\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.188/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.136/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.140/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.252.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.198/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.67/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.16/28\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.141.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.38/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.198/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.55.64/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.71.32/27\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.0.12/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.87.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.236.0.0/15\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"51.20.0.0/14\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.72/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.244/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.230/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.142/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.104/32\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.192/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.80/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.139.0/24\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"54.240.198.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.74.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.183.0/24\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.227.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.130/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.29.128/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.52.64/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.32.0/20\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.199.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.128.0/21\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.119.206.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.79.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.106/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.148.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-phx-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.125.230/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"205.251.252.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.11.128/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.20.64/27\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.23.224/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.67.64/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.113.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.188.0.0/16\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.220/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.251.4/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.116.0.0/14\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.16/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.235/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.218/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.239/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.133.153/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.231/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.178.0/23\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"54.200.0.0/15\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.239.1.16/28\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"185.143.16.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"205.251.244.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.36.0/22\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.38.160/27\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.65.0/27\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.68.0/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.251.0/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"16.20.0.0/16\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"18.34.32.0/20\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.28/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.92.0/22\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.104/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.158/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.178/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.188/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.236.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.98.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.125.228/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.30.128/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.152/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.84/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.32/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.156/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.100/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.187/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.176.0/21\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.144.0.0/14\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.169.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.74/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"63.246.113.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.136.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.104/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.158.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-nyc-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.26.96/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.74.192/26\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.78.192/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.118.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.184/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.69/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.193.199/32\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.148/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.104.0/22\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.249.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.91.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.72.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.85.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.245.122/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.35.224/27\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.69.0/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.178.0/24\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.230.192.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.58/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.120/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.121/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.194/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.168.0/24\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"52.144.224.128/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.192.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.239.0.16/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.0.96/28\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.148.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.37.0/27\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"13.248.110.0/24\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.197.32.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.40/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.7/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.104/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.212/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.40/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.228/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.71.38/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.240.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.16.0/22\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"75.101.128.0/17\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.242/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.122/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.125.234/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"204.246.173.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"3.4.3.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-pilot-1\"\n    },\n    {\n      \"ip_prefix\": \"15.222.0.0/15\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"16.180.0.0/16\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.198/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.62.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.127/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.176.0/20\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"69.235.128.0/18\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.149/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.142/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.41.0/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.6.224/27\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.24.96/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.43.128/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.61.224/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.73.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.221.50.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"35.96.0.0/12\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.20.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.96/32\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.192.0/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.112.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"204.236.128.0/18\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.208.0/22\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.30.160/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.34.64/27\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.45.64/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.46.0/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.76.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.135.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.96/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.180/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.52/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.30.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.76/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.80/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.71.27/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.8.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.64/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.92.0.0/17\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.154.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.76.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"67.202.0.0/18\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"103.246.148.0/23\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.120.230/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.92/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.123/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.56/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.156.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-las-1\"\n    },\n    {\n      \"ip_prefix\": \"3.3.24.0/22\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.30.0.0/15\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.23.64/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.32.0/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.253.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-sea-1\"\n    },\n    {\n      \"ip_prefix\": \"15.197.0.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"18.34.0.0/19\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.119.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"43.249.47.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.48/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.55.156/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.226.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.230.200.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"162.250.237.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.112.0.0/14\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.144.0.0/13\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.14/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.49.224/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.77.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.24/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.166/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.128.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.244.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.187.128.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-mia-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.111.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.188.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"136.9.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"172.96.110.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.2.37.128/26\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.56.224/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.71.96/27\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.79.128/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.18.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.149.11/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"18.231.0.0/16\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.136/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.8/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.201/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.141.234/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.182/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.252.0.0/16\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"120.253.240.192/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.182/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.142/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.79.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.224.0.0/12\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.40.160/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.68.0/24\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.2/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"16.157.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.104.0/24\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.117.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.208/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.162/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.184/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.229.149/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.178/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.216.0/21\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.192.192/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.196.192/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"54.221.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.202.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.255.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.106/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.45.224/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.230.72.0/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.40/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.62/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.34.126/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.159/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.141.220/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.248.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.205.0/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.0.144/28\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.56.0/21\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.40/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-iah-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.120.248/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.132/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.25.96/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.228.0.0/15\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.14.18/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.128/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.192/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.57.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.93/32\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.254/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.63.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.7.40/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.83.102.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.8/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-bos-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.212/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"157.241.0.0/16\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.32.32/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.40.192/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.57.64/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.112.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-bos-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.16.20/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.189.128/25\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"16.12.15.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.50/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.108/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.216/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.34.40/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.215/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.177/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.196/32\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.217/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.180/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.208/28\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"54.233.0.0/18\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"68.66.112.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-bos-1\"\n    },\n    {\n      \"ip_prefix\": \"69.231.128.0/18\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.172.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.151.120.0/21\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"108.136.0.0/15\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"116.129.226.128/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.82.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.28.160/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.35.0/27\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.38.0/27\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.51.192/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.72.0/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.74.224/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"18.34.72.0/21\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"35.176.0.0/15\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.234/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.193.195/32\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.112.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"70.224.192.0/18\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-lax-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.153.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.105.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.136.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-phl-1\"\n    },\n    {\n      \"ip_prefix\": \"3.4.7.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.80/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.43.160/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.53.32/27\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.56.32/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.61.32/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.221.6.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.19.248/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.79.64/26\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"16.12.10.0/23\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.148.0/23\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"69.107.7.88/29\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"99.77.155.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.176/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.252.250/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.40.96/27\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.46.32/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.53.160/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.57.0/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.75.96/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.80.0/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.67.0/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.16/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.82/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.220/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.179/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.206/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.230/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.32/28\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.229.0/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"69.230.192.0/18\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"130.176.0.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.11.84/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.176/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.112/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.128/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"160.1.0.0/16\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.128.0/22\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.79.96/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.181.241.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-dfw-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.21.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.67.128/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.216.0.0/14\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"34.192.0.0/12\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.108/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.76/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.214/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.76/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.37.222/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.220/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.64.0/22\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"99.83.100.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.78/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.104.0.0/14\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.62.192/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.76.160/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.99.0/24\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.193.5.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.197.16.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.220.32.0/21\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-phx-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.24/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.162/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.184.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.106/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.176/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.80.0.0/16\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.71.46/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.250.16/28\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"52.95.216.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.232.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.201.128/26\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.121.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.32.0/21\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"108.156.0.0/14\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.99.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.218.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.104/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"175.41.128.0/18\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.125.250/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.59.128/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.194/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.152.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.68/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.167/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.215/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.108.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.68.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.133.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.130.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-mia-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.37.96/27\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"13.34.76.96/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.193.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.229.0.0/16\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.72/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.148/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.174/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.238/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.182/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.68.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.192.0/20\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.230.204/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.195.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.219.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.122/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.122/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.32.0.0/16\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.0.6/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.182.0.0/15\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.24/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.44/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.178/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.122.255/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.230.192.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"70.232.124.0/22\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.191.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.72.0/23\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.26.0/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.62.32/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.250.0.0/15\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.104/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.80/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"44.192.0.0/11\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.132/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.168/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.17/32\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.99/32\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.166.0/23\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"52.144.216.2/31\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.148/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.208.66/31\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.26.64/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.58.32/27\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.70.0/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.136/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.226/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.10/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.215.0/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.215.196/31\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.78/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.102.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.108.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"69.107.6.200/29\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"87.238.80.0/21\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.156.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"161.188.140.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-dfw-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.2.0/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.12.64/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.46.192/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.60.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.78.64/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.243.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.2/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.129/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.147/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.169.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.0.0/19\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.0.112/28\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.239.8.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.204.0/22\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"99.86.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.203.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"207.171.176.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.13.160/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.21.96/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.168.0.0/16\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.230.14.252/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.32.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.192/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.79.0/26\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.184/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.160/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.179/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.18/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.138.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.5.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.120.62/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"162.250.238.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"178.236.0.0/20\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.152.0/21\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.37.160/27\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.72/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.224.0.0/14\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.180/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.74/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.56.0.0/16\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.55.162/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.92.74/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.248/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.153.149/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.170/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.223/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.233.70/31\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"54.240.212.0/22\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.245.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.0/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-atl-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.100.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.21.160/27\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.24.64/27\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.27.0/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.33.64/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.48.192/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.72.64/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.105.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"16.12.16.0/23\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.230.0.0/16\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.88/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.188/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.58.0.0/15\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.130/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.121.195/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.25/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.218.0.0/17\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.176.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.30.96/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.40.128/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.62.224/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.74.32/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.0.0/20\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.174/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.240/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.219/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.153.177/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.63/32\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.29.0/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.228.0/31\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.142.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.152.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.217.248/31\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.131.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.29.96/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.53.224/27\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.59.64/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.63.0/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.74.96/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.80.0/20\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1-tpe-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.158/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.73.128/26\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.88/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.236/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.122.202/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.18/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.195/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.0.0/20\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.248.0/21\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"69.107.6.120/29\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.208.74/31\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.1/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.125.252/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.7.32/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.133.26/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.100/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.124/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.130/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.0.0/20\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"98.80.0.0/12\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.5/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"157.152.0.0/16\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"205.251.246.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.96.0.0/15\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.10.128/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.78.224/27\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.48.0/21\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1-waw-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.197.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.190/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.176/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.108/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.157/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.168/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.32.0/20\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.216.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.3.184/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.232/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.122.106/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.126/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.6/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.252.0/22\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.18.192/27\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"15.220.232.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1-ccu-2\"\n    },\n    {\n      \"ip_prefix\": \"23.20.0.0/14\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.168.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.228/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.115/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.151.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.80/28\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.64.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.143.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.133/32\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"3.4.1.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-pilot-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.42.192/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.62.64/27\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"13.56.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.16.196/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.4/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.30/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.28/32\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.184.0.0/15\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.212/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.125.43/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.131/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.185/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.154/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.45/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"72.21.192.0/19\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.128.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-iah-1\"\n    },\n    {\n      \"ip_prefix\": \"205.251.200.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.13.32/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.79.0/27\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.12/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.242/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.141.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.162.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.168.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.251.6/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.160.0.0/13\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.194.0.0/16\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.148/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.48.0.0/14\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.124.97/32\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.11/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.198.80/28\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.137.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.116/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"223.71.71.128/25\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"3.2.38.128/26\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"13.32.0.0/15\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.75.0/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.77.64/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.112.0.0/14\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.144.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-phl-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.66/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.89.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.96.0/24\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"43.200.0.0/14\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.92/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.96/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.68.0.0/15\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.231.64/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.67.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.173.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.59.224/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.254.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-mia-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.72.192/26\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"16.156.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.60.0.0/15\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"52.57.0.0/16\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.123/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.124.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.211.192/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.151.80.0/21\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"120.253.245.128/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.180/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.98.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.101.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.120.234/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.36.0.0/14\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.1.0/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.110/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.224.0.0/14\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.88/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.32.184/32\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.176/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.121.197/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.24/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.209/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.240.0/21\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.0.80/28\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.216.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.128.0/20\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.166.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.110/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.142.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-mci-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.51.32/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.73.160/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.97.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.190.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.82.168.0/24\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.55.152/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.143/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.58.48/28\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.119/32\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.252/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.213.40/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.242.84/31\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"162.213.232.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.63.32/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.18/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.204.2/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.30/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.250/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.92/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.236/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.218/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.96/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.134/32\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"150.222.11.92/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.224/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.22.96/27\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.31.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.39.96/27\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.56.160/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.62.0/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.197.8.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.154/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.70.192/26\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"35.71.72.0/22\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.176/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.72/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.152/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.73.0/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.105/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.92.72/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.137/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.198.144/28\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.208.0/21\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.227.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.7.0.0/16\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.68.0.0/14\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.93.0.0/16\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"70.132.0.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.11.90/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.124/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.26/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.56.0/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.58.0/27\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.66.128/27\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.68.32/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.50.0.0/16\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.12/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"16.21.0.0/16\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.44.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.76.128.0/17\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.55.144/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.32.0/21\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.95.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.212.0.0/15\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.87.4.0/22\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.177/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.69.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.84/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.252.246/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"184.32.0.0/12\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.5.228.0/22\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.3.128/27\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.30.64/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.63.128/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.65.160/27\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.158.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.181.176.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-chi-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.202.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-pdx-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.19.12/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.133.16/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.149.8/31\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.196/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.8.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.111/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.123.255/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.124.213/32\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.65/32\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.128/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-mia-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.236/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.124.0.0/14\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.47.0/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.48.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-msp-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.4.19/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.136/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.116/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.82.176.0/22\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.150/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.194.192/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.183.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.33/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.49/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.83.120.0/22\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.64/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-las-1b\"\n    },\n    {\n      \"ip_prefix\": \"3.24.0.0/14\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.58.64/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.68.96/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.197.18.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.230.219.0/24\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.202/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.210/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.133.133/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.34.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.225.0/26\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.10/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.130/32\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"150.222.13.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.120.252/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"205.251.247.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.39.0/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.77.96/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.249.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.193.6.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.212/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.65.0/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.113.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.38/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.182/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.177/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"64.252.103.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.24/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-dfw-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.126/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.122.102/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.132/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.116.0.0/14\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.56.96/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.86.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.221.8.0/21\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.221.49.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.76.128/26\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.91.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.208.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"16.52.0.0/16\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.144.0.0/15\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.238.0.0/15\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"18.244.0.0/15\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.36/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.90.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.114/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.123.6/32\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.105/32\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.138.253/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.213/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.144.0/23\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.157.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.144.208.192/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"108.175.52.0/22\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"136.18.18.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.226/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.208.88/31\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.224/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.30.0/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.34.0/27\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.76.0/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.64.0/20\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1-waw-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.4.166/31\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.230.173.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.190.128/25\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.0/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.0.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.88/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.82.184.0/23\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.193.198/32\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.250.0/23\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.176.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.253.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.239.120.0/21\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"140.179.0.0/16\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.120/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-mci-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.200/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"205.251.208.0/20\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"208.110.48.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.37.0/26\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.33.35.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.45.128/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.96/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.184/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.12.12/32\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.128/28\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.208.0.0/13\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.0.208/28\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.0.0/20\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"103.246.150.0/23\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.10.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.14/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.126/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.3.28.0/22\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.22.192/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.48.224/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.120.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.170/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.76.64/26\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"16.62.0.0/15\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.108/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.226/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.136/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.54.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.3.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.55.158/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.153.179/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.230.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-lax-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.80.0/21\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.225.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.85/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.78.212.0/22\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.138/32\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.208/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.106.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.118/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.108/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.48.0/22\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.152.0/21\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1-ham-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.77.64/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.165.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.177.0/31\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.5/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.128/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.74.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.182/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.168.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.54.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.154/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.217.250/31\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.11.192/27\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.31.160/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.54.96/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.64.64/27\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.177.89.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.4.156/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.14.17/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.156.0.0/14\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.92/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.214/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.10/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.144/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.82.170.0/24\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.244/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.133.129/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.24.0/22\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.140.0/23\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"52.119.196.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.218.64/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.113.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"79.125.0.0/17\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.134.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.78.144.0/21\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.41.128/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.22.88/29\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.35.192/27\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.214.0.0/15\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.77.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.177.90.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"16.26.0.0/16\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.34/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.84/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.224.0/20\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.100/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.146/32\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.156.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"54.180.0.0/15\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.253.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.71.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.120.228/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.4.6.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-pilot-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.16.128/27\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.60.160/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.79.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.208.128/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-las-1b\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.122/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.133.18/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.210.0/23\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"16.12.2.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.24/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.112/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.118/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.190/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.160.0/23\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.64.0.0/15\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"56.156.0.0/16\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"103.8.172.0/22\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.122.92/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.98/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"176.34.0.0/19\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.25.64/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.36.224/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.44.0/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.152/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.184/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.215.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.120.0/24\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"35.80.0.0/12\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.80/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.194/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.210/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.62.0/23\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.6.216/29\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.147.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.208.76/31\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.28.224/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.29.160/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.36.160/27\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.45.0/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.66.160/27\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.71.160/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.73.0/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.79.160/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.220.144.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1-ham-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.118/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.65.64/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"16.54.0.0/16\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.186.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.42/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.64/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.144/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.176/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.148/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.184/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.182/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.223.0.0/16\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.0.48/28\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.1.224/28\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"54.239.64.0/21\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"65.9.128.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.77.129.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"108.175.60.0/22\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.186/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.122.94/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.108/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.64.192/27\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.200.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-las-1b\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.46/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.68/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.133.22/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.128.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"43.204.0.0/15\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.162/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"46.51.224.0/19\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.76/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.71.40/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.124.96/32\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.93.124.212/32\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.95.111.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.179.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.203.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"67.220.240.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"130.176.128.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.134.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.2.38.192/26\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.3.8.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.16.96/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.50.0/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.53.0/27\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.248.127.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.200/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.66/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.224.64/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.170.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.171.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.164.0/22\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.220.96.0/20\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1-han-1\"\n    },\n    {\n      \"ip_prefix\": \"15.221.33.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.92/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.51.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.64.0/26\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.230.75.192/26\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.230.81.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.98.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.128/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.159/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.189/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.166/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.151.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.200.64/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.211.128/26\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.233.192/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"70.232.88.0/22\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"99.77.131.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.122/32\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.178/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.112/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.240.0/22\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.31.64/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.134/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.49.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.112.0/24\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"35.153.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.148/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.78/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.61.0.0/16\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.79.0.0/16\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.71.44/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.113/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.137.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.231.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.48.0/21\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.89.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.164.222/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.45.96/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.248.96.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.221.32.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.126/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.65.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.185.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.188.128/25\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.104/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.182/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.250/32\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.155/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.158.0/23\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.144.192.128/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.233.128/31\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.216.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.34/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.144.0/21\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.169.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.80.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.100/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.228.0/22\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1-ccu-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.64.192/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"16.158.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.208/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.12.0.0/15\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.71.45/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.245/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.133.175/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.202/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.220.0.0/15\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.1.128/28\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"162.250.236.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.4.8.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.50.128/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.67.160/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.75.64/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.78.64/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.140/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.2/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.163.0.0/16\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.168/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.192/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.176/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.182/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.250.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.34.122/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.168/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.5.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.228.128/26\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.230.206/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.210.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.199.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.141.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.205.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.16.160/27\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.50/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.146/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.69.64/26\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"18.142.0.0/15\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"46.137.192.0/19\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.24/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.112/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.181/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.200.0.0/13\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.96.0/20\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.223.0.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.222.32.0/22\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.123.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.151.112.0/21\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.164.208/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"205.251.232.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.51.224/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.65.128/27\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.77.32/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.32/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.214.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.34.64.0/21\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"34.224.0.0/12\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.75.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.82.160.0/22\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.215.194/31\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"99.78.128.0/20\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.164.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.238/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.132/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.31.96/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.72.64/26\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.136/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.138/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.141.228/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.153.80/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.182.128/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.148.0/23\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"58.254.138.0/25\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.33.0/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.66.0/23\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.133.20/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.124/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.221/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.224/28\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.162.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.48/28\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.218.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.215.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.5.76.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.40.0/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.41.64/27\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.54.128/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.197.4.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"16.168.0.0/15\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"16.176.0.0/16\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.238/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.133.155/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.141.213/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.16.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.144.195.0/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.78.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.37.128/27\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"15.181.0.0/20\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-sea-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.164.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.242/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.250.192.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.124.211/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.133/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.102.232/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.113.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.117.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.151.104.0/21\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.151.128.0/21\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.112.0/21\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.63.224/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.66.96/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.153.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.102.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.40/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.164/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.120.179/32\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.196/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.209.192/26\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.218.0/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.5/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.80.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.44.0/22\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.41.224/27\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.42.64/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.44.224/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.47.64/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.124/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.200/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"40.172.0.0/14\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.64.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.80.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.70/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.69.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.120.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.133.32/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.239.40.152/29\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.1/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.188.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.18/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.21.64/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.29.64/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.47.224/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.79.64/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.121.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.166/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.212/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.192/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.10.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.82.170.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.19.96/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.35.32/27\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.61.64/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.122.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"15.248.36.0/22\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.180/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.244/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.55.148/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.71.29/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.139/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.195/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.222/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.249.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.230.208.0/20\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.244.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"64.252.87.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.174.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.123/32\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.244/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.250/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.152/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.217.228/30\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.74/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.11.224/27\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.54.64/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.59.160/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"46.137.224.0/19\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.42.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.180.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"65.0.0.0/14\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.156.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.150.80.0/21\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.126/32\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.45/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.32.64/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.63.96/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.84/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.96/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.124/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.128/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.116/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.133/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.224/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"63.246.112.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"63.246.119.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.122.96/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.140/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.111/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.44.64/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.55.32/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.77.160/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.16.12/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.179.8/29\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.40/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"50.19.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.107/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.152/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.198/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.3/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.79.0.0/16\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"116.129.226.0/25\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.73.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.164.211/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.36.192/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.66.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.3/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"44.224.0.0/11\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.60/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.124/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.130/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.81.0.0/16\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.120.177/32\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.93.135.195/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.222.128.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.104.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.19/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.33.96/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.38.128/27\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.61.0/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.221.4.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.110/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.70.64/26\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.223.4/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.156/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.161/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.172/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.211.64/26\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.109.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.208.68/31\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.3.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-bos-1\"\n    },\n    {\n      \"ip_prefix\": \"3.48.0.0/12\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.192/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.29.0/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.197.12.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"16.181.0.0/16\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"18.164.0.0/15\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.137/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.153.176/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.200/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.214/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.38.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.88/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.133.0/28\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.103.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.158/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.139/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.68/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.172.0/23\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.73.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.151.72.0/21\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"174.129.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.43.0/26\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.28.96/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.32.96/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.174.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.20/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.110.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.168/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.72/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.34.120/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.198/32\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.134.181/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.141.238/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.211/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.80/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.101.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.87.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.140/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.4/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.80/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.42.64/26\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.0.160/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.19.192/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.38.96/27\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.31.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.71.31/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.153.169/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.169/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.22.0/24\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.112/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.2/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.83.84.0/22\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.248/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.36/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.42/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.32.128/26\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.28.64/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.32.160/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.118.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.224.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-dfw-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.227.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1-del-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.4.162/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.208.0.0/13\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.216/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.142/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.131/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.204/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.245.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.17.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.142.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.187.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.78.232.0/21\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.177.73.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.221.51.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.189.0/25\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.250.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"46.51.216.0/21\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.97/32\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.253/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.60/32\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.223.128/26\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.120.226/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.116/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.86/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.252.244/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.125.254/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.64.0/21\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.113/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.0/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.134.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.140.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"43.249.44.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.8/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.75.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.123.98/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.101/32\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.114/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.180/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.32/28\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.233.68/31\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.219.40.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.136.0/22\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.220.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.78.240.0/20\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"100.20.0.0/14\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.74.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.125/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.125.236/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.24.128/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.192/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.108/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.199/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.106/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.122/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.160/28\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"54.151.0.0/17\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.43.0/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.52.32/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.54.32/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.58.128/27\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.161.0.0/16\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.60/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.126/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.230/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.129.95/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.141.214/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.193.196/32\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.132.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.52.0/22\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.110.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.158.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.35.64/27\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.188.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.252.0.0/16\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.64/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.110/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"46.51.128.0/18\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.44/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.204/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.141.232/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.165/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.107.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"64.252.128.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.82.152.0/22\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.167.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.14.72/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.108.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.120.246/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.208.72/31\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.125.128/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"205.251.254.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.49/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.42.96/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.232.0.0/14\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.0.0/20\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-pdx-1\"\n    },\n    {\n      \"ip_prefix\": \"15.248.16.0/22\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"16.29.0.0/16\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.254/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.124/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.180/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.142/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.229.148/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.243.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.116/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.208.84/31\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.132.0/23\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.53.0.0/16\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.114.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.88.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.184.0.0/16\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.56.0/21\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1-tpe-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.133.28/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.246/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.148/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.71.42/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.156/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.180/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.48.0/20\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.230.224.0/19\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.61/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.78.188.0/22\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.254/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.15.130/31\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.156/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.62/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"184.72.128.0/17\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"205.251.248.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.31.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.16.0/20\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-las-1\"\n    },\n    {\n      \"ip_prefix\": \"16.154.0.0/16\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.115/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.7.72/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.246/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.134.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-den-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.41.64/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.0.128/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.1.32/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.13/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.41.160/27\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.51.128/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.57.128/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.51.0.0/16\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.38/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.168/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.204/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.197/32\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.207/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.80.0/20\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.198.112/28\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.240.197.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"71.152.0.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.83.76.0/22\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.83.80.0/22\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.101/32\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"108.166.232.0/21\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.122.100/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"216.137.32.0/19\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.14.160/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.34.96/27\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"35.181.0.0/16\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.240/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.220/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.138.252/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.153.171/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.190.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.80.0.0/13\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.214.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.254.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.78.176.0/21\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.124/32\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.139.124/30\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.98.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.16/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.78/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.77.128/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.142.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.201.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.20.0.0/14\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.201.0/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.208/28\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.24.0/21\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.6.168/29\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.161.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"150.222.120.250/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"204.246.172.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"3.152.0.0/13\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.76.64/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.80.32/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.244.0.0/15\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.32/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.68/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.196/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.197/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.48/28\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.242.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.151.88.0/21\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.24/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"177.72.240.0/21\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"216.182.238.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.168.0/23\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.6.192/27\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.48.32/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.49.128/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.75.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.0.4/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.16.17/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.167.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.168.0.0/14\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.208.0.0/12\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.15.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.237/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.226/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.209.128/26\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"99.83.101.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.224.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.31.32/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.63.160/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.70.96/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.221.16.0/22\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.4.160/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.94/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.64.64/26\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.231.0.0/16\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.100/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.176/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.100/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.92/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.232/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.252/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.232/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.22/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.141.218/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.96.0/20\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.192.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.118/32\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"108.175.48.0/22\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.144.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-msp-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.8.64/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.23.96/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.47.32/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.80.64/27\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.16.0/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.36/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.148.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.172.0.0/15\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"18.189.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.64.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.140/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.40/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.121.189/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.122.218/32\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.204/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.174/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.52.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.177.0/24\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"69.107.7.128/29\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.184.0/24\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.208.94/31\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.93/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.96/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.64.0.0/12\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.2.32/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.12.96/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.170.0/23\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"16.27.0.0/16\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"18.88.0.0/18\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-dfw-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.178/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.254.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.175.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.164.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"70.232.64.0/20\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"99.82.175.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.83.88.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.87.16.0/20\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"120.52.39.128/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.120/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.160/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"162.213.234.0/23\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.55.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.57.96/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.136.0/21\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1-del-1\"\n    },\n    {\n      \"ip_prefix\": \"16.159.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.34.244.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.201.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.206/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.238/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.244/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.190/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.153.168/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.191/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.186.0/24\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"52.119.214.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.215.202/31\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.151.128.0/17\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.73/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.87.0.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"118.193.97.64/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.252/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.76/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"208.86.88.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.20.96/27\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.14.248/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.74/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.186/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.90.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.175.0.0/16\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.120/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.208/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.216.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.203/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.208.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.228.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.13/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.48/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-nyc-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.208.90/31\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.213.41/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.65.192/27\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.146.0/23\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.140/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.248/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.205/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.147/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.133.181/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.246.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.215.2/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.1.80/28\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.83.64.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.64/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.48.0.0/15\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.56/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.182/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.230/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.20/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.142/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.228/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.36/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.76/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.60/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.64.0.0/17\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.71.41/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.239.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.119.210.0/23\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.132/32\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.69/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"195.17.0.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.128/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.33.160/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.221.24.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.188/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.236/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.54.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"18.220.0.0/14\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.36.0.0/14\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.141/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.112.0/22\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.94.0.0/16\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.6.160/29\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.78.184.0/22\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.64/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.207.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.237.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.65.96/27\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.72.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.152.0.0/16\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.220.226.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-las-1b\"\n    },\n    {\n      \"ip_prefix\": \"15.230.76.192/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.77.0/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.169.4/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.104/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.180/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.193.197/32\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.248.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.198.48/28\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.228.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.128.0/17\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"96.127.0.0/17\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"136.18.20.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.132.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-bos-1\"\n    },\n    {\n      \"ip_prefix\": \"3.4.16.0/21\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.25.192/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.37.192/27\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"15.221.53.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.85.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.144/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.246/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.141.240/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.227/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.224.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.1.240/28\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"68.79.0.0/18\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.7.80/29\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"69.107.7.104/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.128.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.88.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.138/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"223.71.71.96/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"3.5.248.0/22\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.128/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.96/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.126/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.18.179/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.147/32\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.62/32\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.196.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.215.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.226.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.112/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.71.64/27\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.240.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.182.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"43.218.0.0/16\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.112/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.175/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.230.208/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.152.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.125.240/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.8.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.16.192/27\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.26.192/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"16.53.0.0/16\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"16.179.0.0/16\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"18.178.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.54/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.71.37/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.234/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.131/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.217/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.164.0/23\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.208.128/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.213.64/26\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.202.0.0/15\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.240.208.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.120.0/21\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.204.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.192/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.20/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.14.224/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.18.128/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.28.32/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.45.32/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.248.71.0/24\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.181.128.0/20\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-phx-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.138/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.224/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.69.0/26\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.217.0/24\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"16.12.8.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"16.170.0.0/15\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"18.132.0.0/14\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.224/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.28/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.70.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.116.250/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.214/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.0/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.212.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.216.10/31\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.99.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"108.166.224.0/21\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.118/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.48/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.48.128/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.60.32/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.74.0/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.204.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-den-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.66.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.186/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.240/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.210/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.71.28/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.123.11/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.232/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.110.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.62/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.115.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.51/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.130/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.14.192/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.70.0/23\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.98/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.248/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.78.128/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.236.0.0/15\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"18.154.0.0/15\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.248/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.64/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.36/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.168/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.19/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.216/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.247/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.135/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.211.198/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.160.0/23\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.71.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.84.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.254.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"184.72.0.0/18\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.78.96/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.80.224/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.125.0.0/16\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.24.0/22\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.248.103.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.197.28.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.52/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.160/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.69.128/26\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.100.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"43.195.0.0/16\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.56/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.54/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.200/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.55.160/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.208.0/31\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.193.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.59.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"70.232.92.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.247.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.140.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.32/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.32.64/26\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.9.0/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.218/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.251.2/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.112/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.236/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.226/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.71.39/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.153.174/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.61.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.124.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.82/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.241.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.88.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.48/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.122/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.235.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.125.232/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.15/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.16.0/21\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.181.245.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-den-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.82/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.210/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.20/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.222/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.156/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.208.2/31\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.46.0.0/16\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.128.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.6/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.151.96.0/21\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.88/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.12.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.116.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"205.251.250.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.47/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.97.0/24\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.216/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.133.24/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.149.10/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.247.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.68.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.8.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.48/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.92.64/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.121.196/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.145/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.204/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.68/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.192/28\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.95.152.0/23\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.247.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.172.0/22\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.83.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.136/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.15.0/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.58.160/27\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.64.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.193.9.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.20/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.25/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.132/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.130/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"46.51.208.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.86.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.244/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.188/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.201/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.1.160/28\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"54.239.1.208/28\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"57.180.0.0/14\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.80.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.88/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-phl-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.218/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.180.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"180.163.57.0/25\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.37.32/27\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"18.136.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.164/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"50.112.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.113/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.97.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.206/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.139.250/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"76.162.0.0/15\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.10/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.33.64/26\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"3.2.35.192/26\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"3.2.43.64/26\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"3.3.16.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.40.64/27\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"13.212.0.0/15\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.197.128.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.220.233.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-atl-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.114/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.150/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.71.64/26\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"18.179.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.8/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.46/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.100/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.240/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.8/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.162/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.156.0/22\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.136.0/21\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.138.0/24\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.200.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.100.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.120.232/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.94/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"205.251.224.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.216.0/22\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"3.130.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.56.192/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.57.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.126.0.0/15\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.202.0.0/15\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.64.0/20\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-las-1b\"\n    },\n    {\n      \"ip_prefix\": \"15.230.67.192/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.13/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.29/32\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.153.175/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.172/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.202.0/23\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.239.4.0/22\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"70.232.96.0/20\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.140.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.127/32\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.183/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.128/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.39.128/26\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.78/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.222/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"16.16.0.0/16\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"40.180.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.80/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.96/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.56/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.14.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.198.64/28\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.119.216.0/21\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.89.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.242/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.114/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.11.0/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.64.128/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.69.96/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.75.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.78.32/27\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.206.0.0/15\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.204.3/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"16.177.0.0/16\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"50.18.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.14.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.0.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.46.88.0/22\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.28/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.134/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.202/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.226/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.120/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"223.71.11.0/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"3.3.6.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.16.224/27\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.64.224/27\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.16.18/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.68.0/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.204.0/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.216/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.186/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.63.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.120.176/32\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.167/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.172.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"71.137.0.0/22\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"136.18.21.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.11.88/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.239.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"176.34.64.0/18\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.146.0/23\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.37.224/27\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"13.34.73.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.128.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.230.160.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.109.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.188/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.82.128.0/19\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.93.121.187/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.94/32\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.200/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.183/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.96/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.83.98.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.88.0/21\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.16/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-den-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.83.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.208.70/31\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.60.0/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.70.128/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.156.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.14/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.204.0.0/14\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.178.0.0/15\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.210/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.60/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.44/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.92/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.110/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.129/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.196/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.9.0/24\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.204.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.180.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.88.0.0/14\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"75.2.0.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.78.192.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.206/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.41.96/27\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.74.128/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.252/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.116.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.215.200/31\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.119.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.212.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"208.86.90.0/23\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.68.64/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.72.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.77.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.248.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-las-1b\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.22/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.252/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.188.0/25\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.21/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.34.252.0/22\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.29.0.0/16\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.72/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.52/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.92/32\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.175/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.15.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.35.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.62.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.144.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.194.64/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.209.0/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.57/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.131/32\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.100/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.114/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.43.64/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.52.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.59.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"16.12.9.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"18.180.0.0/15\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.52/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"46.137.128.0/18\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.192/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.2.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.134/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.183/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.139.248/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.128/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.176/28\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.184.0/23\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"54.230.0.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.230.128.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.104/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.110/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.118/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.2.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-mia-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.32.192/26\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.4.64/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.26.32/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.28.128/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.39.128/27\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.48.160/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.246.0.0/16\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.221.2.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.4.154/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.79.128/26\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.149.4/31\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.36/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.240/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.99.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.71/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.141.244/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.240/28\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.40.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.254.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.144.228.192/26\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"64.252.104.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.6.208/29\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.96/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.226/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.64.0/19\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.23.128/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.41.128/27\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.47.192/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.54.0.0/15\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.200.0.0/15\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.48.0/21\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.246.0/24\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"15.248.24.0/22\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.252/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.164/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.18/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.131/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.193.202/32\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.142.0/23\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.235.0/24\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.95.241.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.233.64/31\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"54.239.128.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"64.252.66.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.82.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.144.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"99.78.160.0/21\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"130.176.224.0/20\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.11.74/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.128/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.72.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.120.224/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.114/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.12.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.124.0.0/16\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.144.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.157.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.181.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"16.28.0.0/16\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"35.71.111.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"36.103.232.128/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.84.0.0/15\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.93.122.131/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.255/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.133.131/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.18.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.144/28\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.192.0.0/15\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.194.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.116.0.0/16\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"99.150.72.0/21\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"150.222.110.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.12/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.3.5.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-pilot-4\"\n    },\n    {\n      \"ip_prefix\": \"13.34.46.160/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.14.20/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.34.57/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.162/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.13.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.233.66/31\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"54.78.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"56.157.0.0/16\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"99.77.139.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.160.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.15.128/31\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.158/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.250/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.217.17/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"204.246.160.0/22\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.43.32/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.63.64/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.72.32/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.193.4.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.71.0/26\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.230.203.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.116.0/24\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.36/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.222/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.92.70/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.158/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.239.106.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"71.132.0.0/18\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.40.0/21\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.120.240/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.118/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.33.128/26\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"3.5.212.0/23\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.220.0/22\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.81/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.160/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.51.160/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.67.192/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.72.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.64/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.42.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.55.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"16.31.0.0/16\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.66/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.2.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.168/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.71.32/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.125/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.66/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.214.128/26\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.76.0/22\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.106.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"103.4.8.0/21\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.105/32\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.228/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.17/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.96.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"184.72.64.0/18\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.41.192/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.34.160/27\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.46.224/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.108.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.15/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.124.14/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.206/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.146/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.108.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.193.0/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.78.168.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"108.166.248.0/21\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"143.204.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.91.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.17.0/27\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.19.224/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.42.224/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.67.0/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.192.0/19\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-dfw-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.55.166/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.123.136/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.144/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.154/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.162/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.23.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.48.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.120.0/22\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.66.0/23\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.232.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.7.48/29\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.190.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.78.228.0/22\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.189/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.143.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.28/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.35.128/26\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.56.64/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.106.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.133.17/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.204.1/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.220.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.253.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-lax-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.120/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.111/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.224.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.64.0/22\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.238.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.16.0/21\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.110/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.117.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"216.182.232.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.120.0.0/14\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.57.160/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.252.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-sea-1\"\n    },\n    {\n      \"ip_prefix\": \"18.198.0.0/15\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.8/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.9.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.160/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.188/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.238/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.38.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.69/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.216.4/31\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.128.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.7.0/29\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.141.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.196.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.33.44.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.36.0/27\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.42.160/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.248.20.0/22\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.8/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"27.0.0.0/22\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.180.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.80/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.180/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.98.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.146.5/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.146/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.12/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.233.130/31\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.41/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.7.112/29\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.136.0.0/13\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.99.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.14.12/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.83.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.192.0.0/16\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.212/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.228/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.164/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.37.223/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.121.188/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.178/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.192/28\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.94/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.223.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.44.32/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.112.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.26/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.145.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.115.0/25\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.120.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.179/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.192/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.138/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.144.0/23\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.35.96/27\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.14.22/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.131.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.182.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.222.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.138/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.92.66/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.95/32\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.148/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.112/28\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"144.220.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.16/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.30/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.60.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.61.96/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.70.160/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.242.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-phl-1\"\n    },\n    {\n      \"ip_prefix\": \"15.197.2.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.221.20.0/22\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.70.128/26\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.92.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.245.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.248.8.0/22\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.152/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.141.226/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.176/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.198.32/28\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.232.0.0/16\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"120.52.153.192/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.126/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"199.127.232.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.42.0/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.60.96/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.65.224/27\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.69.160/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.78.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.193.0.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.0.14/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.19.18/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.76/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.71.192/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.66.0.0/16\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.250/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.184/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.239.0.64/28\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.176.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.96/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"204.236.192.0/18\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.44.192/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.71.192/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.80.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.168.0.0/13\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.124/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.234/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.64.128.0/17\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.120/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.136/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.3/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.10.160/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.46.128/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.55.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.209.0.0/16\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.181.40.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-nyc-1\"\n    },\n    {\n      \"ip_prefix\": \"18.34.48.0/20\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.34.232.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.140.0.0/15\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.28/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.248/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.224/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.60.0.0/16\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.78.0.0/16\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.116.149/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.129/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.145/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.193.192/32\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.3.176/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"72.44.32.0/19\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.105/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"205.251.236.0/22\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.100.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.52.192/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.181.16.0/20\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-den-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.96.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-mci-1\"\n    },\n    {\n      \"ip_prefix\": \"15.221.3.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.248.32.0/22\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.92.0.0/17\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.202/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.46/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.112.0/21\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.58.0.0/15\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.200/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.84/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.204/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.51.29/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.199/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.152.0/22\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.194.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.244.0/22\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.7.96/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.102.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.44/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.21.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.67.96/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.1.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.160/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.55.154/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.131.217/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.30.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.53/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.77/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.93/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.98.0.0/15\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.17.32/27\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.70.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.132/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.40/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.188/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.6/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.132/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.66.0.0/16\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.160/29\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1-del-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.15.126/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.255/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.116/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.236.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"162.222.148.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-lax-1\"\n    },\n    {\n      \"ip_prefix\": \"3.4.2.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-pilot-5\"\n    },\n    {\n      \"ip_prefix\": \"13.34.4.96/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.31.0/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.75.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.24.0/22\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.130/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.24.0.0/14\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.170.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.56.0/22\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.160.0/20\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.222.0.0/17\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.65.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"119.147.182.0/25\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.9.32/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.62.96/27\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.65.0/24\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.23/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.164/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.218/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.224/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.140/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.42/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.69.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.141.242/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.151/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.210.192/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.233.134/31\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"54.239.1.144/28\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"120.232.236.0/25\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.40/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.13.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.248.0.0/13\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.180/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.172/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.92.128.0/17\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.0.0/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.133.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.56.11/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.83/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.233.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.58/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.49.64/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.67.32/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.72.128/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.210.0.0/15\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"16.48.0.0/16\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.144/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.55.164/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.251/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.140/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.174/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.17.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.154.0/23\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.95.212.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.156.0/22\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.0.240/28\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.241.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.151.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.91/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.115/32\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"150.222.164.210/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"184.169.128.0/17\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"216.182.224.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.41.0/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.61.128/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.6.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.248.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.72.0.0/13\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.84/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.202/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.98/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.178/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.65/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.6.224/29\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.24.0/21\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.85/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.128/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.124/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.8.0.0/14\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.60.0/22\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.246.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.216/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.160/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.133.127/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.139.252/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.141.230/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.232/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.198.0/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.176.0/22\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"54.204.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.7.8/29\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.67.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.120.255/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.110/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.112/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.75.128/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.202/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.180.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"16.12.12.0/23\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.150/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.204/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.132/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.194.0.0/15\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.155.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.196.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.78.170.0/23\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"176.32.125.226/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.80.0/21\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.42.32/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.190.16.0/20\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.4.158/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.42/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.250/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.169.0/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.34.240.0/22\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.97.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"35.152.0.0/16\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.52/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.64/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.194/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.119/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.153/32\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.252.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.215.198/31\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.156.0/22\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.57.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"99.83.128.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.150.0.0/21\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.146/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.38.0/26\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.53.128/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.55.128/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.57.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.66.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.123.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.35.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.168/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.12/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.26/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.100/32\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.249.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.126/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.22/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.72/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"207.171.160.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.51.96/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.58.192/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.8/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.148/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.226/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.7.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.60.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"136.18.23.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.25.128/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.29.32/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.68.128/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.78.128/27\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.220.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-mia-1\"\n    },\n    {\n      \"ip_prefix\": \"15.221.48.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.156.0.0/14\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.18.178/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.177/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.209.64/26\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.239.102.162/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"136.18.19.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.92.0/22\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.138.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-sea-1\"\n    },\n    {\n      \"ip_prefix\": \"3.16.0.0/14\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.30.32/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.40.32/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.191.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.0.8/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.164/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.6/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"16.79.0.0/16\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"18.130.0.0/16\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.224/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.72.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.82.180.0/22\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.35.213/32\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.141.222/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.182.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.222.70.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"58.254.138.128/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.77.24.0/22\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"99.151.64.0/21\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"120.253.245.192/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.208.80/31\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.144/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.79/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.54.192/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.58.96/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.232/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.112/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.202/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.62.0.0/15\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.0.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.19.237/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.212/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.141.236/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.224/28\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.44.0/22\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.92.0/22\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.192.0/19\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"98.130.0.0/16\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"99.82.162.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.118/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.70.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.122.116/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.125.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.125.238/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.60.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"16.12.14.0/24\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"16.50.0.0/15\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.104/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.90/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.224/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.133.179/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.176/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.211.200/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.56.0/22\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.160.0.0/13\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.118.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.51/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.38/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"157.175.0.0/16\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"176.34.32.0/19\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.22.128/27\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.36.32/27\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.66.32/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.125.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.234/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.66.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"16.23.0.0/16\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"40.164.0.0/16\",\n      \"region\": \"ap-southeast-6\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-6\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.12/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.2/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.182/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.130/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.164/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.245.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.179/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.16.0/21\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"54.234.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.33.128/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.76.32/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.248.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-phl-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.116/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.58.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.68.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.44/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.67.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.64.0/20\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.225.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.219.169.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.66/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.32.0/20\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.154.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.11.0/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.11.80/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"172.96.97.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.14.0.0/15\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.81.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"16.12.0.0/23\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.64.0.0/14\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"18.228.0.0/16\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.160/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.16.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.240/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.122/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.199/32\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.28.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.146.0/23\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.242.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.212.192/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.184.0/21\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"120.52.12.64/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.27.234/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.208.86/31\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"161.189.0.0/16\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.50.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.80.128/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.84.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.250.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-msp-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.62/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.192/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.108/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.32.180/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.87.96/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.102/32\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.176/28\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.254.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.153.0.0/17\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"71.136.64.0/18\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.38.32/27\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.42.128/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.47.128/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.79.32/27\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.98.0/24\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"15.200.0.0/16\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.236.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-mci-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.128/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"35.154.0.0/16\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.132/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.120/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.82.0.0/17\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.185/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.153.172/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.32/28\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"54.239.0.160/28\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.227.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.102/32\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.130/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.36.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.17/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.26.128/27\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.69.128/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.176/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.82.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.230.252.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.22/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.107.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.108/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.4/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.108/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.120/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.149.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.150/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.164/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.198/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.203/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.250.32/28\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.228.64/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.218.128.0/17\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"76.223.0.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.84.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.139.116/30\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.59.192/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.198/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.52.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.72.128/26\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.86.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.180/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.46/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.228/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.124.210/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.157/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.160.0/20\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.228.2/31\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.199.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.115.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.161.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.103/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.39.64/26\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.8.96/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.23.160/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.49.96/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.136.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.144/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.130/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.247.0/25\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"99.83.112.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.87/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.139/32\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"150.222.208.92/31\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.24.192/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.33.32/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.52.224/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.181.249.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-msp-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.205.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-den-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.80/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.68.64/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.223.0/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"16.164.0.0/16\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.196/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.236/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.172/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.12/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.88.0.0/15\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.32.176/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.193.194/32\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.7.64/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.244.0/22\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.12/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.192.0.0/13\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.221.40.0/21\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.144/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.149.0/31\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.206.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.253.0.0/16\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.244/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.192.0/20\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.82.187.0/24\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.76/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.139.253/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.139/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.112/28\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.140.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.21/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"198.99.2.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.18.224/27\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"13.34.47.160/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.152/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.121.198/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.150.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.112.0/20\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.188.0/23\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"63.246.120.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.78.196.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.106/32\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"130.176.192.0/19\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.3.192/27\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.28.0/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.16.22/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.143.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"18.153.0.0/16\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.202.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.184/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.44/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.132/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.229/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.1.48/28\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.25/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.231.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.104.0/21\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.54.0/27\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.106/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.198.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.180/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.207/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.249/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.158/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.163.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.50/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.98.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.78.220.0/22\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.124/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"216.182.236.0/23\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.32.0/22\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"3.208.0.0/12\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.64.0/24\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"15.221.0.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.0.5/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.48/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.238/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.166.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.120/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.178/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.222.64.0/23\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.58/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.157.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"99.83.99.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"130.176.254.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.72/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.152/29\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1-waw-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.188/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"185.48.120.0/22\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.77.0/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"40.165.0.0/16\",\n      \"region\": \"ap-southeast-6\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-6\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.56/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.232/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.106/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.138/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.153.173/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.173/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.206.0/23\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.233.128.0/17\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.104/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-sea-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.122.110/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.20/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.240/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.139.120/30\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.208/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"203.83.220.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"204.45.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.80.96/27\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.220.206.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-sea-1\"\n    },\n    {\n      \"ip_prefix\": \"15.221.52.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.156/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.77.192/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.0/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.122/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.103/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.146/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.80.0/20\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.132.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.150/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.208.65/32\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.217.234/31\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.152.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-las-1b\"\n    },\n    {\n      \"ip_prefix\": \"176.32.124.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"184.73.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.73.128/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.109.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.160.0.0/16\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.80.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.129.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"43.196.0.0/16\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.34/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.34.42/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.26/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.224.192/26\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.80.0/20\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"54.174.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.90/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.46/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.12.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.35.128/27\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.230.0.0/15\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.111.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.5.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.196.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.208/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.249.46.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.4.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.59.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.109/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.198.96/28\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.160/28\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.194.128/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.201.64/26\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.210.128/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.211.202/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.112.0/21\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.224.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.32.0/21\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.120.244/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.49.32/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.28.0/22\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.220.234.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-mia-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.74.0/26\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.176.0.0/15\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.154/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.144.0/22\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.239.56.0/21\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.17/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.86.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.165.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.194/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.204/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.6.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.134/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.20.0.0/14\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.44.160/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.156.0.0/15\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.16.252/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.246/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.254.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-lax-1\"\n    },\n    {\n      \"ip_prefix\": \"18.196.0.0/15\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.90/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.138/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.164/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.48/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.170/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.194/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.66.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.76.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.210/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.124/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"205.251.192.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"3.80.0.0/12\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.47.96/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.228/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.93.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.76/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.40.0.0/14\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.180/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.154/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.124.15/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.213/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.64/32\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.170.0/23\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.124.128.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.29/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.224/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.77.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.90.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.75.32/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.90/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"43.198.0.0/15\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.204/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.0/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.136/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.11.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.200.128/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.196.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"71.137.4.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.104.0/21\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.66.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.246/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"204.246.164.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.43.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.64.0/27\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.80.192/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.28.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"16.178.0.0/16\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.101.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.32/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.165/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.198.128/28\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.248.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.0.176/28\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.70.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"64.252.116.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.44/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.82/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.16/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.26.160/27\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.35.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.178/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.75.64/26\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.230.194.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.207.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"16.12.4.0/23\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.88.128.0/18\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-phx-2\"\n    },\n    {\n      \"ip_prefix\": \"34.240.0.0/13\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.122/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.14.19/32\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.218/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.193.193/32\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.16/28\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.96/28\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.144.216.8/31\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.200.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.253.0.0/16\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.15.127/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.66/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.17.96/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.29.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.73.0/26\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.162.0.0/16\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.70/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.141.224/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.146.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.30.0/23\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.96.0/22\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.145.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.223.64/26\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.47.0.0/16\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.219.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.125.246/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.34.192/26\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.35.0/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.3.0.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.7.64/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.58.224/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.76.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.32.0.0/14\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.144/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.155/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.252.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.119.192.0/22\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.36.0/22\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.136/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.142.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.222.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.240.0.0/13\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.27.64/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.24/32\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.156/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.56/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.0/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.94/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.121.190/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.110/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.181/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.245/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.64/28\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.229.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.72.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.184/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.191/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.128/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.70/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.42.0/26\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.12.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.39.0/27\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.16.198/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.186.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.116/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.214/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.173/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.202/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.250.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.211.0/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.67.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"130.176.255.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.230/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.113.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.148.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.74.192/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.163.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.177.2/31\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.102/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.172/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.117/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.156/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.198.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.77.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.122.108/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.30.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.34.32/27\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"15.164.0.0/15\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.150.0/23\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.1/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.98/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.96.0/19\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.128.0/19\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.214/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.82.171.0/24\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.166/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.228/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.0.128/28\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.1.32/28\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.125.242/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"176.34.128.0/17\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.33.224/27\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"16.165.0.0/16\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.72/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.172/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.128/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.205/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.216/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.181/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.6.0.0/16\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.0.192/28\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"99.83.96.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.32.0/26\",\n      \"region\": \"ap-southeast-6\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-6\"\n    },\n    {\n      \"ip_prefix\": \"13.34.18.160/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.40.224/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.52.128/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.64.160/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.221.1.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.214/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.68.128/26\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.4/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.71.43/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.109/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.123/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.210.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.60/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.33.192/27\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.59.0/27\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.69.192/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.184.0.0/13\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.0.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.181.244.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-phl-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.53.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.74.64/26\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.194.0.0/15\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.140/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.230/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.64.0/20\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.152/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.186/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.136/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.212/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.197.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.128/28\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.193.64/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.184.0.0/13\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.239.16.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.163.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.96/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-phx-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.0.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.11.96/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.93/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.6.0.0/15\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.44.128/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.45.192/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.181.120.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-atl-1\"\n    },\n    {\n      \"ip_prefix\": \"15.193.1.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.96/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.11/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.108.0/24\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.68/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.168/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.80.0/21\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.46.184.0/22\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.64/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.104/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.86/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.67.0.0/16\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.43.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.78.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.239.116.0/22\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.112/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.217.232/31\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.75.160/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.4.176/28\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.22.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.62.0/24\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.69.192/26\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"18.138.0.0/15\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"40.181.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.236/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.251/32\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.93.193.201/32\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.48/28\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.144/28\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.1.176/28\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.1.192/28\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"63.246.114.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"204.246.174.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"3.2.33.192/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.16.64/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.22.224/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.30.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.76.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.78.0/27\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.248.115.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.154.0/23\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.78/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.4/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.52.0.0/15\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.32.179/32\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.197.128/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.152.0/22\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.233.64.0/18\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"70.232.120.0/22\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.144/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.224/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.150.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-pilot-5\"\n    },\n    {\n      \"ip_prefix\": \"3.34.0.0/15\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.50.160/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.53.64/27\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.57.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.67.128/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.74.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.197.3.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.230.56.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.75.128/26\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"35.71.121.0/24\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.36/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.172.0/22\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.12/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.65.0.0/16\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.19.236/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.200.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.188.0/22\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.194.0/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.150.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.7.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.208.78/31\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.120/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.65.32/27\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.70.32/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.71.128/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.40.0.0/14\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.104.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.96.0/24\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"15.181.251.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-den-1\"\n    },\n    {\n      \"ip_prefix\": \"34.248.0.0/13\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.204/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.216/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.92/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.237.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.148.0/22\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.233.132/31\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"64.252.109.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"69.234.192.0/18\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.32/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-pdx-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.112/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-pilot-5\"\n    },\n    {\n      \"ip_prefix\": \"161.188.160.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-pdx-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.0.0/19\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.221.128.0/22\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.73.64/26\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.78.0/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"36.103.232.0/25\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.244/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.164.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.178.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"67.220.224.0/20\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.168.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.137/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"108.128.0.0/13\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.216/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.15.132/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.221.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.124/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.74.160/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.126.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.120/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.26/32\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.100.0.0/15\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.106/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.205.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.227.64/26\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.239.1.64/28\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.14/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.30/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"119.147.182.128/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.8/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.134/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.41.32/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.55.160/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.61.160/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.76.128/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.66.0/24\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.87.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.50.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.249.0/24\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.80/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.4.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.72.0/22\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.250.0/28\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"54.222.48.0/22\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.228.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.71.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"64.252.114.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.56.12/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.106/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.120.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.31.128/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.85.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.246.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-mci-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.75.0/26\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.189.52/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.170/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.192/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.233/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.152.61/32\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.251.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"54.239.102.236/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"72.41.0.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-iah-1\"\n    },\n    {\n      \"ip_prefix\": \"118.193.97.128/25\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"136.18.22.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.66/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.25.160/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.48.96/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.50.96/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.55.96/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.73.64/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.91.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.102/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.41.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.223.2/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.242.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.155.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.100/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.141.216/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.181.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.144.230.0/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.210.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.2.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.70/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.75.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"99.151.136.0/21\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.181/32\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.248/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.76.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.13.128/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.36.64/27\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.46.64/27\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.66.64/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.116.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.240.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-dfw-1\"\n    },\n    {\n      \"ip_prefix\": \"16.78.0.0/16\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.76.0.0/17\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.48.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.125.42/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.193.203/32\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.200/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.216.6/31\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.208.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.220.0/22\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.28.0/22\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"120.232.236.128/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.28.114/31\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.23.32/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.23.192/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.27.96/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.27.128/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.34.128/27\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.69.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.44/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.18.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.21.14/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.76.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.99/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.98/32\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.171/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.19.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"54.222.68.0/23\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.1.112/28\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.52.0/23\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"107.176.0.0/15\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"108.166.240.0/21\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"175.41.192.0/18\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"205.251.228.0/22\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.2.160/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.36.128/27\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.220.44.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1-han-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.195.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.248.48.0/21\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.48/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.206/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.0.32/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.151.144.0/21\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.81/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.196/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.122.114/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.9.76/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.49.192/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.172/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.205.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.156/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.10.0.0/15\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.132/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.172/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.82.164.0/22\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.184/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.149/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.230.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"75.79.0.0/16\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"100.24.0.0/13\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.125/32\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.39.224/27\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.63.192/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.6/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.176.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.248.40.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.52/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.84/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.149/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.208.64/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.78.172.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.138/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.136.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.4.4.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-pilot-2\"\n    },\n    {\n      \"ip_prefix\": \"3.33.128.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.251.0.4/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.114/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.232/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.249.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.220/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.190/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.216.0/31\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.1.0/28\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.64.0/21\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.114/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.217.226/31\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"162.213.233.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.72.96/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.101.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.84/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.190/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.161.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.190/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.97/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.107/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.0/28\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.176.0.0/15\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.246.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.112.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.83.72.0/22\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.222/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.120/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.4.152/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.169.2/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"16.162.0.0/15\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.148.0.0/14\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.168/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.184.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.211.194/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.239.104.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.86/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.16.0/21\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"204.246.176.0/20\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.34.2.128/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.62.128/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.44.0.0/14\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.181.32.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-chi-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.116.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-phx-1\"\n    },\n    {\n      \"ip_prefix\": \"15.197.24.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.230.43.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.106.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.116/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.152/32\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.208/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.196.0/22\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.96.0/22\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"65.8.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.122.112/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.116/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.11.160/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.48.64/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.93.0/24\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.243.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-phl-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.23.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.142/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.216/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.172/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.225/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.20.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.37/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.189.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.122.98/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.232.0/22\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.28.0.0/15\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.44.96/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.52.160/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.78.192/27\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.61.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.88.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.77.88/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"51.16.0.0/15\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.166/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.58.32/28\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.190/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.230.210/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.79.0.0/16\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.42/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.251.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.86/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.11.94/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.206.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"209.54.176.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.128.0.0/15\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.39.160/27\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.56.128/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.107.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.70/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.232/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.57.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.254.0.0/16\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.220/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.240/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.172/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.240.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.210.64/26\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"64.252.105.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.11.76/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.15.125/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.138.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.2/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.4.24.0/21\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.61.192/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.220.224.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-pdx-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.30.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.64.128/26\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.230.84.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.224/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.208/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.126.134/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.144.212.64/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.207.0.0/16\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"65.9.0.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"69.107.6.112/29\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.145.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.96.0/21\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"108.138.0.0/15\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"120.253.241.160/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.120/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.69.32/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.197.20.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"35.71.105.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.220/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.28.0.0/16\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.166.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.176.0/22\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.32.183/32\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.235/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.87.8.0/21\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.46.96/27\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.49.160/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.54.160/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.73.32/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"40.166.0.0/16\",\n      \"region\": \"ap-southeast-6\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-6\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.60/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.44/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.188/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.103/32\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.163/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.193/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.0.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.48.0/21\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.151/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"205.251.240.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.0.0.0/15\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.33.34.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.14.128/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.53.96/27\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.57.32/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.79.224/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.102.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.220.112.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-bue-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.19.252/31\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.199.0/28\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.26/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.250.193.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.190.242/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.77.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.21.15/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.160/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.207/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.99.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.7.32/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.129.142/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.236.0/22\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.7.96/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.250.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-den-1\"\n    },\n    {\n      \"ip_prefix\": \"15.190.0.0/22\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.193.10.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.94.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.133.30/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.110/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.116.251/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.153.178/32\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.144.192.64/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.192.0/22\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.9/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.151.152.0/21\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.97.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.232.94/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.0/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.50.64/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.58/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.100/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.112/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.244.0/24\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"18.166.0.0/15\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.184/31\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.168/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.102/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.140/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.240.0/22\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.92.128.0/17\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.71.47/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.148/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.240.176/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.28.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.128/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.100.0/23\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.160.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.250.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.214.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"176.32.125.248/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.20.32/27\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.36.96/27\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.51.64/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.77.128/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.220.128.0/21\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1-del-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.62/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.179.0/29\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.183.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"46.137.0.0/17\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.34.124/31\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.60.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.132/32\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.158/32\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"70.232.112.0/21\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.135.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"104.255.59.135/32\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"13.34.5.112/32\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.59.32/27\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.92.0/24\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.193.8.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.197.30.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.220.160.0/21\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.177.4/32\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.82.192.0/18\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.12.13/32\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.150/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.91.104/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.123.99/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.186/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.239.96.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.226.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.81/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.78.216.0/22\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"136.8.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.75.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.229.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.125.224/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.3.2.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.134.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.34.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.228.0.0/15\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.40.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-den-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.86/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.160/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.36/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.176/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.221/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.96/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.119.128.0/20\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.144.0/21\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.196.0.0/14\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.236.89/32\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.150.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"99.78.208.0/22\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.3.220/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.230.122/31\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"209.54.184.0/21\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.52.0/22\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"3.5.224.0/22\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.34.51.0/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.39.148/31\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.156/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.191.82/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.82.188.0/22\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.178.153/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.58.32/28\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"69.107.7.120/29\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.186.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"150.222.208.96/31\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.234.102/32\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.125.0/25\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.28.192/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.34.60.64/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.34.80.160/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.68.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.230.71.128/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.230.190.0/25\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.4/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"43.224.76.228/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.224.79.166/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.46.188.92/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.93.50.158/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.93.127.252/32\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"150.222.208.64/32\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"177.71.128.0/17\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.253.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"CHIME_VOICECONNECTOR\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.254.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"CHIME_VOICECONNECTOR\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.247.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"CHIME_VOICECONNECTOR\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.250.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"CHIME_VOICECONNECTOR\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.0.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"3.5.140.0/22\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.170.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.168.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.150.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.60.0/23\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"16.12.6.0/23\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.204.0/22\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"76.223.102.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.95.182.0/23\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"18.34.248.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"76.223.96.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"108.175.56.0/22\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.192.0/23\",\n      \"region\": \"us-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.136.0/23\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.143.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.5.40.0/22\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"3.5.136.0/22\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.72.0/22\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.68.0/22\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.160.0/22\",\n      \"region\": \"us-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.230.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.95.174.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.187.0/24\",\n      \"region\": \"me-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.141.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.139.0/24\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.128.0/21\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.178.0/23\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"3.5.36.0/22\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"18.34.32.0/20\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.168.0/24\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"52.219.16.0/22\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.208.0/22\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"18.34.0.0/19\",\n      \"region\": \"us-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"16.12.15.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.34.72.0/21\",\n      \"region\": \"us-east-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"16.12.10.0/23\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.148.0/23\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.5.128.0/22\",\n      \"region\": \"us-east-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.195.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.72.0/23\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.166.0/23\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"52.95.169.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.152.0/21\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"16.12.16.0/23\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.218.0.0/17\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.142.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.0.0/20\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.252.0/22\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.231.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"76.223.104.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.219.32.0/21\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.228.0/22\",\n      \"region\": \"af-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.157.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"108.175.52.0/22\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.176.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"76.223.99.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"3.5.48.0/22\",\n      \"region\": \"me-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.140.0/23\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.156.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"16.12.2.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.160.0/23\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.62.0/23\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"108.175.60.0/22\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.225.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"3.5.164.0/22\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.151.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.240.0/22\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.248.229.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.231.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.158.0/23\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.216.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.210.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.96.0/20\",\n      \"region\": \"us-east-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.34.64.0/21\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.148.0/23\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.162.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"76.223.97.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"3.5.76.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.5.44.0/22\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.228.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.219.180.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.172.0/23\",\n      \"region\": \"me-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.64.0/21\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.40.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.136.0/22\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.52.0/22\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.132.0/23\",\n      \"region\": \"us-east-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.190.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.24.0/21\",\n      \"region\": \"us-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.168.0/23\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"108.175.48.0/22\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.177.0/24\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.248.224.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.95.175.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.164.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.34.244.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.186.0/24\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"76.223.95.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.248.227.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"3.5.248.0/22\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.164.0/23\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"16.12.8.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"76.223.101.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.219.160.0/23\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.124.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.152.0/23\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.172.0/22\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.138.0/24\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.200.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.216.0/22\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.202.0/23\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.5.146.0/23\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.180.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"18.34.252.0/22\",\n      \"region\": \"us-east-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.144.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"16.12.9.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.184.0/23\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"76.223.100.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.95.142.0/23\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.194.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.212.0/23\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.220.0/22\",\n      \"region\": \"me-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.120.0/22\",\n      \"region\": \"us-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.64.0/22\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.128.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.144.0/23\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"18.34.48.0/20\",\n      \"region\": \"us-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.34.232.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.92.0.0/17\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.154.0/23\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.219.176.0/22\",\n      \"region\": \"us-east-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"16.12.12.0/23\",\n      \"region\": \"il-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"76.223.103.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"3.5.80.0/21\",\n      \"region\": \"us-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.34.240.0/22\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.156.0/22\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"76.223.98.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.219.44.0/22\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"16.12.14.0/24\",\n      \"region\": \"il-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.56.0/22\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.169.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"16.12.0.0/23\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.146.0/23\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.184.0/21\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.218.128.0/17\",\n      \"region\": \"us-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.5.244.0/22\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.140.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.188.0/23\",\n      \"region\": \"me-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.232.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.95.163.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.32.0/22\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.132.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.80.0/20\",\n      \"region\": \"us-east-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.219.112.0/21\",\n      \"region\": \"us-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.144.0/22\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.170.0/23\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"16.12.4.0/23\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.145.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.148.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.152.0/22\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.0.0/19\",\n      \"region\": \"us-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.48.0/22\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.181.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.248.226.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.219.208.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.82.164.0/22\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.219.196.0/22\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.96.0/22\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.232.0/22\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.236.0/22\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.92.128.0/17\",\n      \"region\": \"us-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.233.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"3.5.134.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.52.0/22\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"3.5.224.0/22\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.82.188.0/22\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.24.0/23\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.70.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.115.0/24\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.26.0/23\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.72.0/24\",\n      \"region\": \"il-central-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.99.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.252.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.6.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.67.0/24\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"3.218.180.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.114.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.12.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.118.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.249.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.8.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.119.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.68.0/24\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.104.0/24\",\n      \"region\": \"me-central-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.117.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.248.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.232.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.96.0/24\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.119.240.0/21\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.72.0/22\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.113.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.120.0/24\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.98.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.112.0/24\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"52.94.5.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.16.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"35.71.102.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.10.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.103.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.110.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.94.22.0/24\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.64.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.71.0/24\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"35.71.100.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.68.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.14.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.109.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.9.0/24\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.15.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.111.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.18.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.13.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.116.0/24\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.23.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.119.224.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.30.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.65.0/24\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.17.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.97.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.222.57.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.7.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.107.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.82.187.0/24\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.64.0/24\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.11.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.101.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"35.71.108.0/24\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.121.0/24\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.66.0/24\",\n      \"region\": \"me-central-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.4.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.69.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.19.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"35.71.106.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.20.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.105.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.0.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.28.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.2.34.0/26\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.140.0/22\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"35.180.0.0/16\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"3.2.35.64/26\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.108.0.0/14\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.232.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-iah-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.136/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-msp-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.0.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-iah-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.154.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-chi-1\"\n    },\n    {\n      \"ip_prefix\": \"52.4.0.0/14\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.88.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.81.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.80/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-chi-1\"\n    },\n    {\n      \"ip_prefix\": \"50.16.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.224.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.193.3.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.220.196.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-mia-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.216.0/22\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1-del-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.115.0/24\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.205.0.0/16\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.69.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"71.131.192.0/18\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.236.0.0/14\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"43.206.0.0/15\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.226.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.56/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-las-1\"\n    },\n    {\n      \"ip_prefix\": \"3.4.0.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-pilot-6\"\n    },\n    {\n      \"ip_prefix\": \"15.177.83.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.185.0.0/16\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.252.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-las-1\"\n    },\n    {\n      \"ip_prefix\": \"54.247.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.248.0.0/15\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.40.0/25\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.34.248.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.99.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.148.0.0/15\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.130.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.200.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.206.0.0/16\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"99.150.56.0/21\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"108.175.56.0/22\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.193.2.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.222.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-mci-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.132.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.146.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-atl-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.247.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-atl-1\"\n    },\n    {\n      \"ip_prefix\": \"18.232.0.0/14\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.82.169.0/28\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.118.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.144/29\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1-tpe-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.120.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-bue-1\"\n    },\n    {\n      \"ip_prefix\": \"54.74.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.207.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-sea-1\"\n    },\n    {\n      \"ip_prefix\": \"18.102.0.0/16\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.0.0/16\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.122.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.47.0.0/16\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.144/28\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.64/28\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.208.0.0/16\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.193.7.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.156.0.0/14\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.236.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.8.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.40.0/22\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"3.5.136.0/22\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.160.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-nyc-1\"\n    },\n    {\n      \"ip_prefix\": \"18.191.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.159.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.82.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.80.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-atl-1\"\n    },\n    {\n      \"ip_prefix\": \"47.128.0.0/14\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.153.128.0/17\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"122.248.192.0/18\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.247.0.0/16\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"18.192.0.0/15\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.114.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.229.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.34.128/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.250.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.89.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"107.20.0.0/14\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.160.0/22\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"46.51.192.0/20\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.149.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.132.0.0/14\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"63.32.0.0/14\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.85.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.36.0.0/14\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.177.94.0/24\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.16/28\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"18.236.0.0/15\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.80/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.74.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.183.0/24\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.79.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.148.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-phx-1\"\n    },\n    {\n      \"ip_prefix\": \"15.188.0.0/16\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"18.116.0.0/14\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"54.200.0.0/15\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.5.36.0/22\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"18.34.32.0/20\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.144.0.0/14\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.169.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"63.246.113.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.136.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.158.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-nyc-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.118.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.72.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.148.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.240.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"75.101.128.0/17\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.55.3/32\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"3.4.3.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-pilot-1\"\n    },\n    {\n      \"ip_prefix\": \"15.222.0.0/15\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"69.235.128.0/18\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.41.0/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"204.236.128.0/18\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.208.0/22\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.76.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.30.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.64/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.92.0.0/17\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.154.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.76.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"67.202.0.0/18\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.156.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-las-1\"\n    },\n    {\n      \"ip_prefix\": \"3.30.0.0/15\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.253.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-sea-1\"\n    },\n    {\n      \"ip_prefix\": \"18.34.0.0/19\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.119.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.226.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"162.250.237.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.112.0.0/14\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.144.0.0/13\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.244.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.187.128.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-mia-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.111.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.37.128/26\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"18.231.0.0/16\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.252.0.0/16\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.224.0.0/12\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.104.0/24\",\n      \"region\": \"me-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.117.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.221.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.255.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.40/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-iah-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.0.0/15\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.8/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-bos-1\"\n    },\n    {\n      \"ip_prefix\": \"157.241.0.0/16\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.112.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-bos-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.208/28\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"54.233.0.0/18\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"68.66.112.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-bos-1\"\n    },\n    {\n      \"ip_prefix\": \"69.231.128.0/18\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"99.151.120.0/21\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"108.136.0.0/15\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"18.34.72.0/21\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"35.176.0.0/15\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"70.224.192.0/18\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-lax-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.153.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"161.188.136.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-phl-1\"\n    },\n    {\n      \"ip_prefix\": \"3.4.7.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.155.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.32/28\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"69.230.192.0/18\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"160.1.0.0/16\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.128.0/22\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.181.241.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-dfw-1\"\n    },\n    {\n      \"ip_prefix\": \"18.216.0.0/14\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"34.192.0.0/12\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.104.0.0/14\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.99.0/24\",\n      \"region\": \"il-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.193.5.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.220.32.0/21\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-phx-1\"\n    },\n    {\n      \"ip_prefix\": \"52.80.0.0/16\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.250.16/28\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"64.252.121.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.32.0/21\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"175.41.128.0/18\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.68.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.130.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-mia-1\"\n    },\n    {\n      \"ip_prefix\": \"18.229.0.0/16\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.219.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.32.0.0/16\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"35.182.0.0/15\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"70.232.124.0/22\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.191.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.72.0/23\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.250.0.0/15\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"44.192.0.0/11\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.102.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.108.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.156.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"161.188.140.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-dfw-1\"\n    },\n    {\n      \"ip_prefix\": \"15.168.0.0/16\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"99.77.55.24/32\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.138.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"162.250.238.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.152.0/21\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.224.0.0/14\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.56.0.0/16\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.245.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.0/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-atl-1\"\n    },\n    {\n      \"ip_prefix\": \"18.230.0.0/16\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.58.0.0/15\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"70.232.86.125/32\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"99.77.152.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.131.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.220.80.0/20\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1-tpe-1\"\n    },\n    {\n      \"ip_prefix\": \"3.96.0.0/15\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.48.0/21\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1-waw-1\"\n    },\n    {\n      \"ip_prefix\": \"54.216.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.252.0/22\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.232.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1-ccu-2\"\n    },\n    {\n      \"ip_prefix\": \"23.20.0.0/14\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.80/28\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.64.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.55.26/32\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.143.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.4.1.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-pilot-3\"\n    },\n    {\n      \"ip_prefix\": \"13.56.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.184.0.0/15\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.128.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-iah-1\"\n    },\n    {\n      \"ip_prefix\": \"35.160.0.0/13\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.48.0.0/14\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.137.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.38.128/26\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"13.112.0.0/14\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.144.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-phl-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.96.0/24\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"43.200.0.0/14\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.68.0.0/15\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.67.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.254.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-mia-1\"\n    },\n    {\n      \"ip_prefix\": \"18.60.0.0/15\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"52.57.0.0/16\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"99.151.80.0/21\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"3.36.0.0/14\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"161.188.142.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-mci-1\"\n    },\n    {\n      \"ip_prefix\": \"18.190.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.82.168.0/24\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"162.213.232.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.72.0/22\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.227.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.68.0.0/14\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.93.0.0/16\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.50.0.0/16\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.44.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.76.128.0/17\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.95.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.212.0.0/15\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.5.228.0/22\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.176.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-chi-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.202.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-pdx-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.128/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-mia-1\"\n    },\n    {\n      \"ip_prefix\": \"3.124.0.0/14\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.48.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-msp-1\"\n    },\n    {\n      \"ip_prefix\": \"52.82.176.0/22\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"54.183.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.64/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-las-1b\"\n    },\n    {\n      \"ip_prefix\": \"3.24.0.0/14\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.2.39.0/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.193.6.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.113.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.103.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.24/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-dfw-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.86.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.144.0.0/15\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.90.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.144.0/23\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.64.0/20\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1-waw-1\"\n    },\n    {\n      \"ip_prefix\": \"52.0.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.82.184.0/23\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.253.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"140.179.0.0/16\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.120/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-mci-1\"\n    },\n    {\n      \"ip_prefix\": \"208.110.48.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.37.0/26\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.33.35.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.128/28\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.208.0.0/13\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"16.62.0.0/15\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"52.54.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.230.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-lax-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.48.0/22\",\n      \"region\": \"me-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.152.0/21\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1-ham-1\"\n    },\n    {\n      \"ip_prefix\": \"52.74.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.168.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.89.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.156.0.0/14\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.82.170.0/24\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.113.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"79.125.0.0/17\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.134.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.2.41.128/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.214.0.0/15\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.77.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.177.90.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.180.0.0/15\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.253.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.78.238.255/32\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"3.4.6.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-pilot-3\"\n    },\n    {\n      \"ip_prefix\": \"15.177.79.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.208.128/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-las-1b\"\n    },\n    {\n      \"ip_prefix\": \"54.64.0.0/15\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"176.34.0.0/19\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.120.0/24\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"35.80.0.0/12\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.147.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.144.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1-ham-1\"\n    },\n    {\n      \"ip_prefix\": \"54.223.0.0/16\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.129.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"108.175.60.0/22\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.200.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-las-1b\"\n    },\n    {\n      \"ip_prefix\": \"43.204.0.0/15\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"46.51.224.0/19\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.179.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.55.254/32\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"3.2.38.192/26\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.170.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.164.0/22\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.220.96.0/20\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1-han-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.98.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.131.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.5.240.0/22\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"35.71.112.0/24\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"35.153.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.61.0.0/16\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.79.0.0/16\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"99.150.48.0/21\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.228.0/22\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1-ccu-2\"\n    },\n    {\n      \"ip_prefix\": \"52.12.0.0/15\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.220.0.0/15\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.78.238.253/32\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"162.250.236.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.4.8.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"18.163.0.0/16\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.199.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.142.0.0/15\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"46.137.192.0/19\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.200.0.0/13\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.32.0/22\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.123.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.55.25/32\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"99.151.112.0/21\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.34.64.0/21\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"34.224.0.0/12\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.75.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.66.0/23\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.224/28\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.48/28\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.218.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.5.76.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"16.168.0.0/15\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.78.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.78.238.251/32\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.181.0.0/20\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-sea-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.117.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.151.104.0/21\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.151.128.0/21\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.102.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"99.80.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.44.0/22\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.249.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.244.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"64.252.87.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"46.137.224.0/19\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"65.0.0.0/14\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.80.0/21\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"63.246.112.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"63.246.119.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"50.19.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.79.0.0/16\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"44.224.0.0/11\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.81.0.0/16\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.3.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-bos-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.103.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.73.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.151.72.0/21\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"174.129.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.43.0/26\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.110.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.80/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.101.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.42.64/26\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.112/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.2.32.128/26\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.224.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-dfw-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.227.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1-del-2\"\n    },\n    {\n      \"ip_prefix\": \"18.208.0.0/13\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.245.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.240.17.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.142.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.187.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.73.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"46.51.216.0/21\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.64.0/21\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.32/28\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.220.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"100.20.0.0/14\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.160/28\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"54.151.0.0/17\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.161.0.0/16\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.52.0/22\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.110.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.158.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.188.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.252.0.0/16\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"46.51.128.0/18\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.107.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.232.0.0/14\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.0.0/20\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-pdx-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.243.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.132.0/23\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.53.0.0/16\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.88.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.184.0.0/16\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.56.0/21\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1-tpe-1\"\n    },\n    {\n      \"ip_prefix\": \"184.72.128.0/17\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.16.0/20\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-las-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.134.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-den-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.41.64/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.51.0.0/16\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"35.181.0.0/16\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"54.80.0.0/13\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.214.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.254.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.20.0.0/14\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.201.0/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.208/28\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.244.0.0/15\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.48/28\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.242.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.151.88.0/21\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"216.182.238.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.168.0/23\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"18.168.0.0/14\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.208.0.0/12\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.15.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"161.188.144.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-msp-1\"\n    },\n    {\n      \"ip_prefix\": \"18.189.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.64.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.184.0/24\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.64.0.0/12\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.88.0.0/18\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-dfw-2\"\n    },\n    {\n      \"ip_prefix\": \"162.213.234.0/23\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.136.0/21\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1-del-1\"\n    },\n    {\n      \"ip_prefix\": \"18.34.244.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.201.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.151.128.0/17\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"208.86.88.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.175.0.0/16\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.208.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.228.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.48/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-nyc-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.146.0/23\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.246.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.48.0.0/15\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.64.0.0/17\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.239.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"195.17.0.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.220.0.0/14\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.36.0.0/14\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.94.0.0/16\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.152.0.0/16\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.220.226.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-las-1b\"\n    },\n    {\n      \"ip_prefix\": \"52.95.228.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.128.0/17\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"96.127.0.0/17\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.132.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-bos-1\"\n    },\n    {\n      \"ip_prefix\": \"3.4.16.0/21\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"68.79.0.0/18\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.128.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.248.0/22\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.215.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.182.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"43.218.0.0/16\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"54.152.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.55.14/32\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"18.178.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.202.0.0/15\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.150.120.0/21\",\n      \"region\": \"me-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.128.0/20\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-phx-1\"\n    },\n    {\n      \"ip_prefix\": \"16.170.0.0/15\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"18.132.0.0/14\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.70.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.0/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.204.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-den-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.70.0/23\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.236.0.0/15\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"64.252.84.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.254.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"184.72.0.0/18\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.125.0.0/16\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.100.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.193.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.59.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"70.232.92.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.55.0/32\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.247.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.32.64/26\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.88.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.55.2/32\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"15.181.245.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-den-1\"\n    },\n    {\n      \"ip_prefix\": \"99.151.96.0/21\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.97.0/24\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.68.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.8.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.192/28\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.95.247.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"64.252.83.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.55.253/32\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.64.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.193.9.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"46.51.208.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.86.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.80.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.88/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-phl-1\"\n    },\n    {\n      \"ip_prefix\": \"18.136.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"50.112.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.2.33.64/26\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"3.2.35.192/26\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"3.2.43.64/26\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"13.212.0.0/15\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.233.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-atl-1\"\n    },\n    {\n      \"ip_prefix\": \"18.179.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.100.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.216.0/22\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"3.130.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.57.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.126.0.0/15\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.64.0/20\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-las-1b\"\n    },\n    {\n      \"ip_prefix\": \"99.77.140.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"3.2.39.128/26\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"16.16.0.0/16\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.89.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"15.206.0.0/15\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"50.18.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.14.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"54.172.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"176.34.64.0/18\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.146.0/23\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.109.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.96/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.88.0/21\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.16/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-den-1\"\n    },\n    {\n      \"ip_prefix\": \"18.204.0.0/14\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.178.0.0/15\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.88.0.0/14\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.116.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"64.252.119.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"208.86.90.0/23\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.248.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-las-1b\"\n    },\n    {\n      \"ip_prefix\": \"18.34.252.0/22\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.29.0.0/16\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.52.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.180.0.0/15\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"46.137.128.0/18\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.176/28\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.2.2.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-mia-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.32.192/26\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.246.0.0/16\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.240/28\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.254.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"64.252.104.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"176.32.64.0/19\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.54.0.0/15\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.200.0.0/15\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.235.0/24\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"52.95.241.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"64.252.66.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.82.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.144.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.12.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.124.0.0/16\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.111.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.144/28\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.192.0.0/15\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.72.0/21\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"3.3.5.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-pilot-4\"\n    },\n    {\n      \"ip_prefix\": \"54.78.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.139.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.193.4.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.116.0/24\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"71.132.0.0/18\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.40.0/21\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.2.33.128/26\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"3.5.212.0/23\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.220.0/22\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.72.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.2.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.106.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"103.4.8.0/21\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"184.72.64.0/18\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.41.192/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.55.1/32\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"15.181.192.0/19\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-dfw-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.35.128/26\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.253.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-lax-1\"\n    },\n    {\n      \"ip_prefix\": \"54.238.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.16.0/21\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"216.182.232.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.120.0.0/14\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.252.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-sea-1\"\n    },\n    {\n      \"ip_prefix\": \"18.198.0.0/15\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.9.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.141.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.180.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.136.0.0/13\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"43.192.0.0/16\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.192/28\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"64.252.120.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.144.0/23\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.112/28\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.242.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-phl-1\"\n    },\n    {\n      \"ip_prefix\": \"54.232.0.0/16\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.78.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.193.0.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.66.0.0/16\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"204.236.192.0/18\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.168.0.0/13\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.64.128.0/17\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.209.0.0/16\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.181.40.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-nyc-1\"\n    },\n    {\n      \"ip_prefix\": \"18.34.48.0/20\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.34.232.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.140.0.0/15\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.60.0.0/16\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.78.0.0/16\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"72.44.32.0/19\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.16.0/20\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-den-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.96.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-mci-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.112.0/21\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"13.58.0.0/15\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"54.194.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.98.0.0/15\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.66.0.0/16\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.160/29\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1-del-1\"\n    },\n    {\n      \"ip_prefix\": \"162.222.148.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-lax-1\"\n    },\n    {\n      \"ip_prefix\": \"3.4.2.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-pilot-5\"\n    },\n    {\n      \"ip_prefix\": \"15.177.75.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.24.0.0/14\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.222.0.0/17\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.65.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.13.0.0/16\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.248.0.0/13\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.92.128.0/17\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.133.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.210.0.0/15\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.241.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.151.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"184.169.128.0/17\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"216.182.224.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.72.0.0/13\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.24.0/21\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.8.0.0/14\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.246.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.204.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.194.0.0/15\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.155.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.196.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.80.0/21\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.34.240.0/22\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.97.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"35.152.0.0/16\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.0.0/21\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.2.38.0/26\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.220.220.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-mia-1\"\n    },\n    {\n      \"ip_prefix\": \"35.156.0.0/14\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.138.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-sea-1\"\n    },\n    {\n      \"ip_prefix\": \"3.16.0.0/14\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.191.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.130.0.0/16\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.72.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.82.180.0/22\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"99.151.64.0/21\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"52.62.0.0/15\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.224/28\",\n      \"region\": \"me-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"16.50.0.0/15\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"54.160.0.0/13\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"157.175.0.0/16\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"176.34.32.0/19\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.234.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"70.232.86.126/32\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"15.220.248.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-phl-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.225.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"99.77.154.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.14.0.0/15\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.81.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.228.0.0/16\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.16.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.242.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"161.189.0.0/16\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.84.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.250.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-msp-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.176/28\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.153.0.0/17\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"71.136.64.0/18\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.98.0/24\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"15.200.0.0/16\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.236.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-mci-1\"\n    },\n    {\n      \"ip_prefix\": \"35.154.0.0/16\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.82.0.0/17\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.32/28\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"3.2.36.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.107.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.250.32/28\",\n      \"region\": \"il-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.115.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.161.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.39.64/26\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.249.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-msp-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.205.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-den-1\"\n    },\n    {\n      \"ip_prefix\": \"52.88.0.0/15\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.5.244.0/22\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.253.0.0/16\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.112/28\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"198.99.2.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.153.0.0/16\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.202.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.98.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"216.182.236.0/23\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.32.0/22\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"3.208.0.0/12\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.222.64.0/23\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"70.232.86.124/32\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"99.77.157.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.72/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.152/29\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1-waw-1\"\n    },\n    {\n      \"ip_prefix\": \"185.48.120.0/22\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.233.128.0/17\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.104/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-sea-1\"\n    },\n    {\n      \"ip_prefix\": \"204.45.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.206.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-sea-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.152.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-las-1b\"\n    },\n    {\n      \"ip_prefix\": \"184.73.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.160.0.0/16\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.80.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.196.0.0/16\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.174.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.230.0.0/15\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.160/28\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.224.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.234.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-mia-1\"\n    },\n    {\n      \"ip_prefix\": \"18.176.0.0/15\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.86.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.20.0.0/14\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.156.0.0/15\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.254.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-lax-1\"\n    },\n    {\n      \"ip_prefix\": \"18.196.0.0/15\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.76.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.80.0.0/12\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.0.0/16\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.40.0.0/14\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"43.198.0.0/15\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"71.137.4.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.104.0/21\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.101.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.95.248.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.70.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"64.252.116.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.88.128.0/18\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-phx-2\"\n    },\n    {\n      \"ip_prefix\": \"34.240.0.0/13\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.16/28\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.96/28\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"54.253.0.0/16\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"18.162.0.0/16\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.146.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.34.192/26\",\n      \"region\": \"me-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.35.0/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.32.0.0/14\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.252.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.222.36.0/22\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.64/28\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.95.229.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"54.72.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.42.0/26\",\n      \"region\": \"il-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.250.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.67.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.148.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.198.0.0/16\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.77.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.164.0.0/15\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.55.15/32\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"176.34.128.0/17\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.32.0/26\",\n      \"region\": \"ap-southeast-6\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-6\"\n    },\n    {\n      \"ip_prefix\": \"15.177.0.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.181.244.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-phl-1\"\n    },\n    {\n      \"ip_prefix\": \"18.194.0.0/15\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.128/28\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"54.184.0.0/13\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.96/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-phx-1\"\n    },\n    {\n      \"ip_prefix\": \"3.6.0.0/15\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.120.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-atl-1\"\n    },\n    {\n      \"ip_prefix\": \"15.193.1.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.108.0/24\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"52.46.184.0/22\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.67.0.0/16\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.138.0.0/15\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.249.48/28\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.144/28\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.33.192/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.52.0.0/15\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.233.64.0/18\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"161.188.150.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-pilot-5\"\n    },\n    {\n      \"ip_prefix\": \"3.34.0.0/15\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.74.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"35.71.121.0/24\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"52.65.0.0/16\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.150.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.40.0.0/14\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.96.0/24\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"15.181.251.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-den-1\"\n    },\n    {\n      \"ip_prefix\": \"34.248.0.0/13\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.109.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"69.234.192.0/18\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.32/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-pdx-1\"\n    },\n    {\n      \"ip_prefix\": \"142.4.160.112/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-pilot-5\"\n    },\n    {\n      \"ip_prefix\": \"161.188.160.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-pdx-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.0.0/19\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.178.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.55.12/32\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.55.27/32\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"108.128.0.0/13\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.100.0.0/15\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"52.119.205.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.87.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.250.0/28\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"64.252.71.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"64.252.114.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.85.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.246.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-mci-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.251.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"72.41.0.0/20\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-iah-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.91.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"35.155.0.0/16\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.210.0.0/15\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.75.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"99.151.136.0/21\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.240.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-dfw-1\"\n    },\n    {\n      \"ip_prefix\": \"52.76.0.0/17\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.18.0.0/15\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"107.176.0.0/15\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"175.41.192.0/18\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.44.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1-han-1\"\n    },\n    {\n      \"ip_prefix\": \"99.151.144.0/21\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.10.0.0/15\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.82.164.0/22\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"100.24.0.0/13\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.4.4.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-pilot-2\"\n    },\n    {\n      \"ip_prefix\": \"99.150.64.0/21\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"162.213.233.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.255.0/28\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.176.0.0/15\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.246.0.0/16\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.112.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"16.162.0.0/15\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.32.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-chi-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.116.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-phx-1\"\n    },\n    {\n      \"ip_prefix\": \"35.71.106.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.93.0/24\",\n      \"region\": \"me-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.243.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-phl-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.232.0/22\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.28.0.0/15\",\n      \"region\": \"me-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"51.16.0.0/15\",\n      \"region\": \"il-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"54.79.0.0/16\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.251.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.128.0.0/15\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.254.0.0/16\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.105.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.4.24.0/21\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.224.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-pdx-1\"\n    },\n    {\n      \"ip_prefix\": \"54.207.0.0/16\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.145.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.150.96.0/21\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"35.71.105.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.28.0.0/16\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.0.0.0/15\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.33.34.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.112.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-bue-1\"\n    },\n    {\n      \"ip_prefix\": \"52.77.0.0/16\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.99.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.55.255/32\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"3.5.236.0/22\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.181.250.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-den-1\"\n    },\n    {\n      \"ip_prefix\": \"15.193.10.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.151.152.0/21\",\n      \"region\": \"il-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.166.0.0/15\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.128/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.55.13/32\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"99.77.160.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.250.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.128.0/21\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1-del-1\"\n    },\n    {\n      \"ip_prefix\": \"18.183.0.0/16\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"46.137.0.0/17\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.135.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.177.92.0/24\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.193.8.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.160.0/21\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.3.2.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.134.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.228.0.0/15\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.220.40.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-den-1\"\n    },\n    {\n      \"ip_prefix\": \"52.94.248.96/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.196.0.0/14\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.150.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.5.52.0/22\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"3.5.224.0/22\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"54.222.58.32/28\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.186.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.68.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"177.71.128.0/17\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.95.110.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"ROUTE53\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"205.251.192.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"ROUTE53\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"63.246.114.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"ROUTE53\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"120.52.22.96/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"205.251.249.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"180.163.57.128/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"204.246.168.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"18.160.0.0/15\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"205.251.252.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.192.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"204.246.173.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.230.200.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"120.253.240.192/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"116.129.226.128/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"130.176.0.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"108.156.0.0/14\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.86.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"205.251.200.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"223.71.71.128/25\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.32.0.0/15\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"120.253.245.128/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.224.0.0/14\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"70.132.0.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.158.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.249.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"18.238.0.0/15\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"18.244.0.0/15\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"205.251.208.0/20\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"65.9.128.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"130.176.128.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"58.254.138.0/25\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.230.208.0/20\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"116.129.226.0/25\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.222.128.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"18.164.0.0/15\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"64.252.128.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"205.251.254.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.230.224.0/19\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"71.152.0.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"216.137.32.0/19\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"204.246.172.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"18.172.0.0/15\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"120.52.39.128/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"118.193.97.64/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"223.71.71.96/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"18.154.0.0/15\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.240.128.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"205.251.250.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"180.163.57.0/25\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.46.0.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"223.71.11.0/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.82.128.0/19\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.230.0.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.230.128.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.239.128.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"130.176.224.0/20\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"36.103.232.128/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.84.0.0/15\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"143.204.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"144.220.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"120.52.153.192/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"119.147.182.0/25\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"120.232.236.0/25\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.182.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"58.254.138.128/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"120.253.245.192/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.239.192.0/19\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"18.68.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"18.64.0.0/14\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"120.52.12.64/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.84.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"130.176.192.0/19\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.124.128.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"204.246.164.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.35.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"204.246.174.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"36.103.232.0/25\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"119.147.182.128/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"118.193.97.128/25\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"120.232.236.128/26\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"204.246.176.0/20\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"65.8.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"65.9.0.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"108.138.0.0/15\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"120.253.241.160/27\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.248.117.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.197.34.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.197.36.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.248.124.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.119.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.100.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.113.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.110.0/24\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.197.32.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.197.0.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.83.102.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.172.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.83.100.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.197.16.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.230.192.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.248.105.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.173.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.166.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.97.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.197.8.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.197.18.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.248.120.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.71.128.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"3.3.8.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.248.127.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.171.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.96.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.169.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.223.0.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.82.164.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.197.4.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.77.188.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.248.121.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.170.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.122.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.174.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.156.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.197.12.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.248.118.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.167.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.114.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.98.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.161.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"99.83.101.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.175.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.2.8.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.248.103.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.197.28.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.197.128.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"3.3.6.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.248.128.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.83.98.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"75.2.0.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.82.160.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.108.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.77.190.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.248.106.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.99.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.112.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.197.2.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.83.128.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.248.123.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.162.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.125.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"76.223.0.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"63.246.120.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.83.99.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.109.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.111.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"99.82.165.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.3.0.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.83.96.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.163.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.115.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.197.3.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.248.104.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"99.82.168.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.248.126.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.248.116.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.33.128.0/17\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.248.101.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.197.24.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.77.189.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.248.107.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.197.20.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"13.248.102.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.197.30.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.193.0.0/19\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.193.0.0/19\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON_CONNECT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.177.83.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.82.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.94.0/24\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.76.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.99.0/24\",\n      \"region\": \"il-central-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.86.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.89.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.77.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.177.90.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.79.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.66.0/23\",\n      \"region\": \"us-east-2\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.73.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.88.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.70.0/23\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.97.0/24\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.64.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.72.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.78.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.75.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.81.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.84.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.98.0/24\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.80.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"15.177.74.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.177.96.0/24\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ip_prefix\": \"15.177.87.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.85.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.91.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.93.0/24\",\n      \"region\": \"me-central-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.177.92.0/24\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.177.68.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS_PUBLISHING\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"64.252.64.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"64.252.64.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.77.128.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"99.77.128.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CHIME_MEETINGS\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"130.176.88.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.239.134.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.82.134.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"130.176.86.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"130.176.140.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"130.176.0.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.239.204.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"130.176.160.0/19\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"70.132.0.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"15.158.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"130.176.136.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.239.170.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.46.0.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"130.176.96.0/19\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.182.184.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"204.246.166.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"130.176.64.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.182.172.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"205.251.218.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.46.4.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"130.176.144.0/20\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.182.176.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"130.176.78.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.182.248.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"64.252.128.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.182.154.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"64.252.64.0/18\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.182.144.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.182.224.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"130.176.128.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.46.32.0/19\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.82.128.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"18.68.0.0/16\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.182.156.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.182.160.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.182.240.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"130.176.192.0/19\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"130.176.76.0/24\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"52.46.16.0/20\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.239.208.0/21\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.182.188.0/23\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"130.176.80.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"54.182.128.0/20\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"130.176.72.0/22\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ip_prefix\": \"140.179.1.64/27\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"140.179.1.96/27\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"140.179.113.248/29\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"140.179.144.128/25\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"140.179.15.0/26\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"140.179.15.64/26\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"140.179.176.0/23\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"140.179.36.16/29\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"140.179.36.32/27\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"140.179.36.64/27\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"140.179.57.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"140.179.58.0/26\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"140.179.58.88/29\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"140.179.59.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"140.179.79.160/27\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"140.179.79.192/27\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"140.179.79.244/30\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"140.179.79.64/26\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.80.197.0/25\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.80.197.128/25\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.80.198.0/25\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.80.198.136/29\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.80.51.200/29\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.80.51.208/29\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.80.51.216/29\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.80.51.224/29\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.80.51.240/29\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.80.51.248/29\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.81.113.32/27\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.81.113.64/27\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.81.113.96/27\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.81.124.0/23\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.81.135.128/25\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.81.137.0/24\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.81.151.0/27\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.81.167.128/27\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.81.167.192/26\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.81.216.0/23\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"52.81.232.0/26\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"71.131.196.128/26\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ip_prefix\": \"161.189.148.0/23\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"161.189.23.0/27\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"161.189.23.32/27\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"161.189.66.128/26\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"161.189.66.192/26\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.82.1.0/29\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.82.127.0/24\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.82.92.0/23\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.25.128/27\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.25.160/27\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.26.0/26\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.26.192/27\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.26.224/27\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.26.64/26\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.33.104/29\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.33.112/29\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.33.72/29\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.33.80/29\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.33.88/29\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.33.96/29\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.34.128/25\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.34.72/29\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.34.80/29\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.34.88/29\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.34.96/27\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.35.0/25\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.35.128/25\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.5.0/26\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"52.83.58.0/24\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"68.79.2.244/30\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"68.79.2.248/29\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"68.79.2.64/27\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"69.230.219.0/24\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"69.230.226.0/24\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"69.230.227.0/24\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"69.230.228.0/24\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"69.234.197.192/26\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"69.234.197.72/29\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"69.235.162.0/24\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"69.235.170.0/23\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ip_prefix\": \"18.252.4.0/30\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.200.28.80/30\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.252.126.0/25\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.252.145.156/30\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.252.145.160/29\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.252.145.168/29\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.252.145.192/28\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.252.145.208/28\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.252.165.0/26\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.252.165.140/30\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.252.4.16/29\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.252.56.0/23\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.252.58.0/23\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.253.186.0/24\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.254.23.64/26\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.254.61.128/26\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.254.68.0/23\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.200.141.0/25\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.200.150.0/23\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.200.176.128/28\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.200.176.192/26\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.200.28.240/28\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.200.28.88/29\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.205.82.0/23\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"15.205.84.0/23\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"160.1.128.0/24\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.30.129.0/24\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.30.130.0/23\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.30.40.84/30\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.30.98.128/26\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.30.98.64/26\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.32.139.0/24\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.32.190.0/25\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.32.190.244/30\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.32.190.248/29\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.61.193.0/24\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.61.40.104/29\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.112.23.0/29\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.202.216.48/29\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.206.107.24/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.237.140.160/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.52.6.112/29\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.0.5.32/29\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.233.177.0/29\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.120.181.40/29\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.228.70.32/29\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.209.1.56/29\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.239.158.0/29\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.48.4.200/30\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"35.180.112.80/29\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"3.16.146.0/29\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.8.37.24/29\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.183.92.176/29\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.244.121.0/26\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.244.121.196/30\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.244.122.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.244.132.0/23\",\n      \"region\": \"af-south-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.244.165.192/26\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.244.176.128/26\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.244.176.64/26\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.244.202.40/29\",\n      \"region\": \"af-south-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.244.244.192/27\",\n      \"region\": \"af-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.244.244.224/27\",\n      \"region\": \"af-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.244.33.0/26\",\n      \"region\": \"af-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.244.33.128/26\",\n      \"region\": \"af-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.244.33.64/26\",\n      \"region\": \"af-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.244.35.128/26\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.244.35.192/26\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.245.1.32/27\",\n      \"region\": \"af-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.245.112.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.245.113.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.245.114.0/24\",\n      \"region\": \"af-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.245.127.232/30\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.245.155.128/27\",\n      \"region\": \"af-south-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.245.155.224/27\",\n      \"region\": \"af-south-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.245.166.128/30\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.245.166.132/30\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.245.166.176/29\",\n      \"region\": \"af-south-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.245.241.64/26\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.245.93.140/30\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.245.93.160/29\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.245.93.176/28\",\n      \"region\": \"af-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.245.93.192/28\",\n      \"region\": \"af-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.246.108.0/22\",\n      \"region\": \"af-south-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.246.70.0/23\",\n      \"region\": \"af-south-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ip_prefix\": \"16.162.162.96/29\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"16.162.52.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"16.163.196.0/22\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"16.163.206.0/23\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"16.163.63.64/26\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.162.127.0/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.162.127.32/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.162.127.64/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.162.189.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.162.221.128/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.162.221.160/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.162.221.192/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.163.139.32/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.163.201.0/26\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.163.201.96/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.163.204.0/23\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.163.66.0/23\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.163.68.0/26\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.166.20.128/26\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.166.20.192/26\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.166.20.64/26\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.166.237.128/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.166.237.64/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.166.237.96/27\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.167.111.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.167.112.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.167.113.0/24\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.167.88.112/28\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.167.88.72/29\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.167.88.80/30\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.167.88.96/28\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.112.191.184/29\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.113.196.64/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.113.203.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.230.21.128/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.230.21.224/28\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.230.21.240/28\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.231.6.104/29\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.231.6.112/28\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.231.6.192/28\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.231.6.208/29\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.231.6.64/29\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.231.6.72/29\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.231.6.80/29\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.231.6.88/29\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.176.203.120/30\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.177.156.192/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.179.48.128/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.179.48.96/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.180.178.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.180.180.0/23\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.180.88.0/23\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.181.204.128/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.181.204.192/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.181.242.0/23\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.182.96.64/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON_CONNECT\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.183.37.0/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.112.162.0/23\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.112.64.0/23\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.112.85.96/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.112.96.0/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.112.96.128/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.112.96.160/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.112.96.64/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.113.218.0/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.113.218.112/28\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.113.218.128/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.113.218.68/30\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.113.218.72/30\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.113.218.76/30\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.114.164.0/22\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.72.164.212/30\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.72.164.232/29\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.72.164.240/28\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.72.255.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.72.36.140/31\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.72.36.142/31\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.72.36.144/30\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.72.36.148/30\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.72.36.192/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.72.36.224/27\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.72.37.0/25\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.72.37.128/25\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.73.115.0/28\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.73.115.128/25\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.73.4.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.74.77.240/30\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.75.130.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.75.131.0/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.75.131.80/29\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.76.252.0/23\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.77.0.128/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.77.112.0/22\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"35.77.124.0/23\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.199.127.192/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.248.220.0/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.250.251.0/24\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.250.253.192/26\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.124.145.104/29\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.124.145.112/29\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.124.145.120/29\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.124.145.16/29\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.124.145.24/29\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.124.145.64/29\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.124.145.72/29\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.124.145.80/29\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.124.145.88/29\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.124.145.96/29\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.124.199.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.124.199.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"CLOUDFRONT_ORIGIN_FACING\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.124.247.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.209.1.0/29\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.209.1.8/29\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.209.1.96/27\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.209.71.128/27\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.209.71.224/27\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.164.156.0/23\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.164.243.0/28\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.164.243.192/27\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.164.243.224/27\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.164.243.32/27\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.165.193.128/26\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.165.193.64/26\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"15.165.224.0/23\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.34.101.192/26\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.34.228.0/26\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.34.228.64/26\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.34.37.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.34.38.0/23\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.34.89.192/30\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.34.89.196/30\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.34.89.64/26\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.35.130.128/25\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.35.160.0/22\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.36.167.128/25\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.36.167.28/30\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.36.167.48/29\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.36.167.64/28\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.36.167.80/28\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.36.190.0/23\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.36.192.0/23\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.36.194.0/23\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.36.202.0/25\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.36.245.204/30\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.36.245.232/30\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.36.3.160/28\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.36.3.192/27\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.36.3.224/27\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.36.3.96/27\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.38.131.192/26\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.38.229.0/25\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.38.248.0/23\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.38.90.8/29\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.39.113.0/24\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.39.114.0/23\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.39.116.0/26\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.39.82.128/25\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"52.78.247.128/26\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.180.184.0/23\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.208.131.0/29\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.131.128/27\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.131.16/29\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.131.160/27\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.131.192/27\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.131.224/30\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.131.228/30\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.131.232/30\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.131.24/29\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.131.32/29\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.131.40/29\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.131.8/29\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.170.0/23\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.177.224/27\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.180.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.194.0/23\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.217.64/27\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.217.96/27\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.227.0/25\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.227.128/25\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.228.0/25\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.228.128/29\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.228.136/30\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.33.16/29\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.33.24/29\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.208.33.8/29\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.152.10.0/24\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.152.133.112/28\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.152.133.128/28\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.152.174.0/23\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.152.176.0/22\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.152.24.0/27\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.152.24.128/29\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.152.24.192/26\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.152.24.32/27\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.152.24.64/26\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.152.8.192/26\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ip_prefix\": \"13.126.23.136/29\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.126.23.144/29\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.126.23.152/29\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.126.23.160/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.126.23.192/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.126.243.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.127.70.128/29\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.127.70.136/29\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.127.70.144/29\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.127.70.152/29\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.127.70.160/29\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.232.67.128/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.232.67.160/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.233.177.192/26\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.233.177.32/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.234.221.136/29\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.234.221.192/26\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.234.8.0/23\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.235.197.96/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.235.228.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.235.6.0/23\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.206.137.128/26\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.206.137.192/26\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.207.13.0/26\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.207.13.128/25\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.207.213.128/25\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.108.13.124/30\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.109.72.0/25\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.109.72.152/29\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.110.57.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.110.71.0/26\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.111.110.0/23\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.111.251.0/24\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.111.90.0/23\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.6.70.128/26\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.6.70.76/30\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.7.10.0/23\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"3.7.25.48/30\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"52.66.194.128/26\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"65.0.192.176/28\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"65.0.192.224/27\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"65.0.234.0/26\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"65.1.103.192/29\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"65.1.103.200/30\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"65.1.103.208/28\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"65.1.103.224/28\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"65.1.156.0/22\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"65.1.170.0/23\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"65.1.172.0/23\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"65.1.174.0/23\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"65.2.14.0/23\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"65.2.16.0/23\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ip_prefix\": \"13.212.132.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.212.209.128/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.212.209.94/31\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.212.209.96/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.212.3.128/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.212.3.64/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.213.20.132/30\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.213.20.136/29\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.213.20.144/28\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.213.20.160/28\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.213.21.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.213.22.0/23\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.213.24.0/23\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.213.75.224/29\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.214.118.0/23\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.214.124.128/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.214.224.0/23\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.214.228.0/22\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.215.92.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.215.93.0/25\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.215.93.128/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.228.69.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.229.187.192/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.229.187.232/29\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.250.186.0/29\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.250.186.128/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.250.186.16/29\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.250.186.160/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.250.186.192/29\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.250.186.200/29\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.250.186.208/29\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.250.186.8/29\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.251.113.64/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.251.116.0/23\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.136.1.192/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.136.1.224/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.138.134.128/25\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.138.244.0/23\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.139.204.176/28\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.139.204.192/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.140.177.0/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.140.177.64/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.141.148.0/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.141.148.128/25\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.141.150.0/23\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.141.152.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.141.154.0/23\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.141.226.0/23\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.141.238.0/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.141.238.68/30\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.141.66.248/30\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"18.141.66.252/30\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"3.0.5.224/27\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.220.191.0/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.221.221.128/29\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"52.76.127.0/24\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.251.31.128/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"54.255.254.192/26\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ip_prefix\": \"13.210.2.192/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON_CONNECT\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.210.67.128/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.211.12.160/27\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.211.12.192/29\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.211.12.200/29\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.211.12.208/29\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.211.12.216/29\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.211.12.248/29\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.211.166.192/29\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.211.166.200/29\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.236.8.0/25\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON_CONNECT\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.236.82.128/27\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.236.82.96/27\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.54.63.128/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"13.55.255.216/29\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.104.82.0/23\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.105.172.0/22\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.105.5.0/27\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.105.5.32/27\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.24.1.208/28\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.24.227.192/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.25.138.0/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.25.138.64/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.25.178.128/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.25.248.0/22\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.25.37.128/25\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.25.37.64/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.25.38.0/23\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.25.40.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.25.43.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.25.44.0/23\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.25.47.28/30\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.25.47.32/30\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.26.109.216/30\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.26.127.24/29\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.26.137.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.26.138.0/23\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.26.140.64/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.26.246.0/23\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.26.248.0/22\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.26.58.224/27\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.26.81.0/27\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.26.81.32/27\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.26.82.236/30\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.26.82.240/29\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.26.83.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.26.84.0/23\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.26.86.0/23\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.26.88.0/28\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"3.26.88.16/28\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.153.254.0/24\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.252.254.192/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"54.252.79.128/26\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ip_prefix\": \"108.136.151.0/24\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"108.136.154.16/28\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"108.136.154.32/28\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"108.136.154.48/28\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"108.136.221.0/26\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"108.137.114.0/28\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"108.137.58.0/26\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"108.137.58.128/26\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"108.137.58.192/26\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"108.137.58.64/26\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ip_prefix\": \"15.222.16.32/27\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.222.16.8/29\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.222.16.96/27\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.222.43.0/27\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.222.43.128/26\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.222.43.32/27\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.222.43.64/26\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.223.100.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.223.102.0/23\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.223.52.0/23\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.96.143.128/26\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.96.143.192/26\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.96.2.68/30\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.96.2.72/30\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.96.84.0/26\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.97.192.112/29\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.97.192.128/25\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.97.20.0/22\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.97.217.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.97.218.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.97.219.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.97.230.0/25\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.97.49.128/25\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.97.99.128/27\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.97.99.160/27\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.97.99.64/28\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.97.99.96/27\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.98.171.196/30\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.98.171.224/29\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.98.171.92/30\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.98.24.0/28\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.98.24.16/28\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.98.86.0/23\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.99.124.0/26\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.99.194.0/23\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.99.196.0/22\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.182.14.208/29\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.182.14.216/29\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.182.14.48/29\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.183.255.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.183.38.0/27\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.183.38.32/29\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.183.38.40/29\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.183.38.48/29\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.183.38.56/29\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.183.38.64/29\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"99.79.126.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"99.79.169.0/24\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"99.79.20.192/27\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"99.79.20.224/27\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"99.79.34.0/23\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.156.52.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.156.54.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.157.237.128/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.157.237.192/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.157.71.192/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.184.138.224/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.184.2.128/25\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON_CONNECT\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.184.203.128/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.192.142.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.192.216.0/22\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.196.161.0/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.196.161.184/29\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.196.161.192/29\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.196.161.200/29\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.196.161.32/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.196.161.80/29\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"18.196.161.88/29\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.120.181.224/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.122.128.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.123.12.192/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.123.14.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.123.15.0/25\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.123.44.0/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.123.44.128/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.123.44.160/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.123.44.80/28\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.123.44.96/27\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.127.48.128/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.127.48.244/30\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.127.48.248/30\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.127.74.0/23\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.64.1.0/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.64.1.128/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.64.1.192/29\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.64.1.200/29\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.64.1.64/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.64.226.232/29\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.64.226.240/30\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.65.246.0/28\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.65.246.16/28\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.66.172.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.68.251.176/30\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.68.251.232/29\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.70.195.128/25\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.70.195.64/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.70.211.0/25\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.70.212.128/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.71.104.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.71.120.0/22\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.72.168.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.72.33.128/25\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.74.148.128/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.157.127.248/29\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.158.127.64/26\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON_CONNECT\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"35.158.136.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.57.254.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"52.59.127.0/24\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ip_prefix\": \"13.48.186.128/27\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.48.186.160/27\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.48.186.192/27\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.48.32.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.48.4.128/28\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.48.4.144/28\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.48.4.160/28\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.48.4.192/29\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.48.4.208/29\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.48.4.216/29\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.48.4.224/29\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.48.74.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.49.126.128/26\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.49.143.0/26\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.49.143.64/26\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.49.253.224/27\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.49.40.64/26\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.49.42.0/23\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.50.12.192/26\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.51.120.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.51.253.80/29\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.51.29.0/27\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.51.29.32/27\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.51.71.152/29\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.51.71.160/30\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.51.71.176/28\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.51.71.192/28\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.51.95.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.51.96.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.51.97.0/24\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.53.180.0/23\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.53.63.128/27\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.53.63.160/27\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"13.53.63.192/27\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"16.16.2.0/23\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"16.170.199.0/26\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"16.171.48.0/22\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ip_prefix\": \"15.160.55.112/29\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.160.90.64/26\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.161.135.0/26\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.161.135.164/30\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2_INSTANCE_CONNECT\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.161.135.64/27\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.161.135.96/27\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.161.136.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.161.140.0/23\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.161.164.128/26\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.161.192.0/26\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.161.192.240/28\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.161.192.64/26\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.161.247.128/27\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.161.247.64/27\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.161.247.96/27\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.161.66.0/26\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.161.66.128/26\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.161.66.64/26\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.161.68.128/26\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.161.68.192/26\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"18.102.2.0/23\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"35.152.74.128/29\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"35.152.74.136/30\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"35.152.74.144/28\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"35.152.74.160/28\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"35.152.86.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"35.152.87.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"35.152.88.0/24\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ip_prefix\": \"18.100.74.0/23\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ip_prefix\": \"108.128.160.0/23\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"108.128.162.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"176.34.159.192/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.200.212.0/23\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.248.176.0/22\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.248.180.128/25\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.248.180.40/29\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.248.180.64/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.248.186.0/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.248.186.128/25\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.248.186.32/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.248.186.64/29\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.248.186.92/30\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.248.216.32/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.248.244.0/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.248.244.240/30\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.248.245.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.248.246.0/23\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.249.28.0/23\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.250.209.192/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.250.210.0/23\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.250.243.64/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.250.244.0/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.251.104.0/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.251.104.128/25\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.251.105.0/25\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.251.105.128/25\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.251.106.128/25\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.251.109.92/30\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.251.110.208/28\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.251.110.224/28\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.251.144.0/29\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.251.148.120/29\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.251.152.44/30\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.251.215.192/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.251.216.0/23\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.251.56.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.251.62.128/25\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.251.94.0/24\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.251.95.128/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.251.95.96/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"34.242.153.128/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"34.242.153.224/28\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"34.242.153.240/28\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"34.245.205.0/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"34.245.205.128/28\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"34.245.205.160/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"34.245.205.64/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"34.245.205.96/27\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"34.245.82.0/28\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"34.245.82.16/28\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"34.245.82.32/28\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"34.245.82.48/28\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"34.250.63.248/29\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.19.124.0/23\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.212.248.0/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.215.218.112/28\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.215.218.64/28\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.228.16.0/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"63.34.60.0/22\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.80.34.128/25\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.80.34.48/28\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.80.34.64/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.80.88.0/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"99.80.88.64/26\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.40.1.192/26\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.40.202.0/23\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.40.204.0/22\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.41.1.160/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.130.91.144/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.130.91.148/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.132.146.192/26\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.132.21.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.132.22.0/23\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.133.45.0/26\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.133.45.64/26\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.134.255.160/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.134.255.192/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.134.255.224/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.134.68.0/22\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.135.226.192/26\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.168.133.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.168.33.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.168.34.0/23\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.168.36.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.168.37.0/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.168.37.136/29\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.168.37.144/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.168.37.160/28\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.168.37.176/28\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.168.37.32/28\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.168.37.48/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.168.37.64/26\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.169.230.136/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"18.169.230.200/29\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.10.127.32/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.10.17.0/25\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.10.17.128/25\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.10.201.128/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.10.201.192/26\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.10.201.64/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.11.53.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.8.168.0/23\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.8.37.96/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.9.159.64/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.9.159.68/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.9.159.72/30\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.9.41.0/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.9.41.32/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.9.41.64/27\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"3.9.94.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.176.32.0/24\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.176.92.32/29\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.177.154.128/28\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.177.154.144/28\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.177.154.160/28\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.177.154.176/29\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.177.154.184/29\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.177.154.192/29\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.179.42.0/23\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.56.127.0/25\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ip_prefix\": \"13.36.155.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.36.18.0/28\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.36.18.32/27\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.36.18.64/27\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.36.76.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.36.77.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.36.78.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.36.84.112/29\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.36.84.24/29\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.36.84.32/30\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.36.84.44/30\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.36.84.48/28\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.36.84.64/28\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.37.1.64/26\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.38.132.0/22\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.38.140.0/23\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"13.38.202.64/26\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.188.102.0/27\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.188.184.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.188.210.0/27\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.188.210.128/26\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.188.210.196/30\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.188.210.200/30\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.188.210.32/27\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.188.210.64/27\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.236.155.192/26\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.236.231.0/26\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.236.231.64/26\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"15.236.80.0/23\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"35.180.1.16/29\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"35.180.1.24/29\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"35.180.1.32/29\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"35.180.1.40/29\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"35.180.1.48/29\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"35.180.1.56/29\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"35.180.1.8/29\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"35.180.112.128/27\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"35.180.112.160/27\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"35.180.244.0/23\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"35.181.128.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.47.139.0/24\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.47.73.160/27\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"52.47.73.72/29\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ip_prefix\": \"3.28.70.112/28\",\n      \"region\": \"me-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.28.70.48/28\",\n      \"region\": \"me-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.28.70.96/28\",\n      \"region\": \"me-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"3.28.72.0/23\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ip_prefix\": \"15.184.1.128/26\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.184.1.64/26\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.184.125.0/26\",\n      \"region\": \"me-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.184.125.128/26\",\n      \"region\": \"me-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.184.125.224/29\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.184.125.232/30\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.184.125.240/28\",\n      \"region\": \"me-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.184.125.64/26\",\n      \"region\": \"me-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.184.153.0/28\",\n      \"region\": \"me-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.184.184.96/29\",\n      \"region\": \"me-south-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.184.70.200/29\",\n      \"region\": \"me-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.184.70.224/29\",\n      \"region\": \"me-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.185.141.160/27\",\n      \"region\": \"me-south-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.185.141.192/26\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.185.144.0/23\",\n      \"region\": \"me-south-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.185.245.0/26\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.185.251.0/26\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.185.33.192/26\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.185.33.32/27\",\n      \"region\": \"me-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.185.33.64/27\",\n      \"region\": \"me-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.185.33.96/27\",\n      \"region\": \"me-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.185.86.0/23\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.185.91.32/27\",\n      \"region\": \"me-south-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"157.175.102.128/27\",\n      \"region\": \"me-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"157.175.102.160/27\",\n      \"region\": \"me-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"157.175.102.96/27\",\n      \"region\": \"me-south-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"157.175.140.0/23\",\n      \"region\": \"me-south-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"157.175.255.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"157.241.2.0/23\",\n      \"region\": \"me-south-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"157.241.25.0/24\",\n      \"region\": \"me-south-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.1.128/26\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.1.192/26\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.1.64/26\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.103.240/29\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.104.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.105.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.106.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.107.0/28\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.107.16/28\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.126.200/29\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.126.48/30\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.126.72/30\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.129.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.144.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.150.128/26\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.151.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.64.0/22\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.72.64/26\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.92.192/28\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.92.208/28\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.92.224/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.228.97.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.229.36.0/23\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"15.229.40.0/23\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"177.71.207.128/26\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.228.1.0/29\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.228.1.16/29\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.228.1.8/29\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.228.246.0/23\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.229.100.0/26\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.229.100.112/30\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.229.100.116/30\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.229.100.128/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.229.100.160/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.229.100.192/26\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.229.220.128/26\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.229.220.192/26\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.229.37.0/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.229.37.32/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.229.70.96/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.229.99.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.230.103.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.230.104.0/23\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.230.46.0/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.230.46.128/26\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.230.46.32/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.230.54.0/23\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.231.105.0/28\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.231.105.128/27\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.231.105.160/29\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.231.105.168/29\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.231.105.176/29\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.231.105.184/29\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.231.194.8/29\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.232.40.64/26\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.233.204.0/24\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.233.255.128/26\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ip_prefix\": \"107.23.255.0/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.206.107.160/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.209.113.240/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.209.113.64/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.213.156.96/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.232.1.128/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.232.1.192/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.232.1.32/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.232.1.36/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.232.1.40/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.232.1.44/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.232.1.48/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"18.232.1.64/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.208.72.176/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.209.202.48/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.209.83.0/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.209.83.144/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.209.83.160/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.209.83.192/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.209.83.32/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.209.83.64/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.209.83.96/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.209.84.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.209.84.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.209.85.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.209.85.128/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.209.85.160/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.209.85.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.209.87.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.209.87.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.216.135.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.216.136.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.216.144.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.216.148.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.216.99.160/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.217.228.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.218.180.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.218.180.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.218.181.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.218.181.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.218.182.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.218.182.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.218.183.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.218.183.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"DYNAMODB\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.227.250.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.227.4.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.170.0/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.170.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.170.64/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.171.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.171.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.172.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.172.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.173.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.173.128/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.173.192/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.181.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.182.0/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.182.10/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.182.100/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.182.46/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.182.48/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.182.5/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.182.6/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.182.64/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.182.8/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.228.182.96/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.231.2.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.234.232.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.234.248.192/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.235.112.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.235.189.100/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.235.189.96/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.235.202.128/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.235.26.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.235.32.0/21\",\n      \"region\": \"us-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.236.169.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.236.169.192/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.236.32.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.236.48.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.236.94.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.237.107.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.166.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.167.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.178.100/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.178.104/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.178.112/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.178.120/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.178.128/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.178.160/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.178.168/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.178.197/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.178.198/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.178.200/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.178.208/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.178.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.207.0/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.207.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.208.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.208.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.209.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.209.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.210.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.212.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.238.216.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.152.0/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.152.12/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.152.128/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.152.136/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.152.46/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.152.48/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.152.5/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.152.6/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.152.64/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.152.8/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.153.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.154.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.155.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.156.0/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.156.10/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.156.100/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.156.104/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.156.112/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.157.188/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.157.19/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.157.192/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.157.2/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.157.20/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.157.24/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.157.32/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.157.4/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.157.64/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.157.8/31\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.157.96/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.239.232.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.83.168.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"3.91.171.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"34.195.252.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"34.226.106.180/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"34.226.14.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"34.228.4.208/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"34.231.114.205/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"34.231.213.21/32\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"34.236.241.44/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"34.238.188.0/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.168.231.216/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.170.83.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.170.83.144/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.170.83.160/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.170.83.176/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.170.83.192/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.171.100.0/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.171.100.128/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.171.100.208/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.171.100.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.171.100.64/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.172.155.192/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"35.172.155.96/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"44.192.134.240/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"44.192.135.0/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"44.192.135.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"44.192.140.112/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"44.192.140.128/29\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"44.192.140.64/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"44.192.245.160/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"44.192.255.128/28\",\n      \"region\": \"us-east-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"44.194.111.224/30\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"44.199.180.0/23\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"44.199.222.128/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"44.202.79.128/25\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"44.206.4.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"44.209.84.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"44.210.64.0/22\",\n      \"region\": \"us-east-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.23.61.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.23.62.0/24\",\n      \"region\": \"us-east-1\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"52.55.191.224/27\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON_CONNECT\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"54.243.31.192/26\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ip_prefix\": \"13.59.250.0/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.117.239.68/30\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.188.9.0/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.188.9.32/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.188.9.64/29\",\n      \"region\": \"us-east-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.188.9.80/29\",\n      \"region\": \"us-east-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.188.9.88/29\",\n      \"region\": \"us-east-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.216.170.128/25\",\n      \"region\": \"us-east-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.217.41.192/29\",\n      \"region\": \"us-east-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.217.41.200/29\",\n      \"region\": \"us-east-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.217.41.208/29\",\n      \"region\": \"us-east-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.217.41.216/29\",\n      \"region\": \"us-east-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"18.217.41.64/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.12.216.0/22\",\n      \"region\": \"us-east-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.12.23.128/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.12.23.88/30\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.12.23.92/30\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.128.56.128/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.128.56.192/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.128.56.64/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.128.93.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.134.215.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.139.136.128/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.139.136.184/30\",\n      \"region\": \"us-east-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.139.136.192/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.140.136.128/27\",\n      \"region\": \"us-east-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.141.102.184/29\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.141.102.192/30\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.141.102.208/28\",\n      \"region\": \"us-east-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.141.102.224/28\",\n      \"region\": \"us-east-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.143.206.104/29\",\n      \"region\": \"us-east-2\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.144.141.192/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.145.220.0/22\",\n      \"region\": \"us-east-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.145.230.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.145.232.192/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.145.31.0/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.145.31.128/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.15.35.0/24\",\n      \"region\": \"us-east-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.15.36.0/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.15.36.64/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.17.136.0/23\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.18.132.0/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.18.132.64/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.19.147.0/25\",\n      \"region\": \"us-east-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.19.147.128/25\",\n      \"region\": \"us-east-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"3.21.86.0/23\",\n      \"region\": \"us-east-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.15.127.128/26\",\n      \"region\": \"us-east-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"52.15.247.208/29\",\n      \"region\": \"us-east-2\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ip_prefix\": \"13.52.1.0/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.52.1.16/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.52.1.32/29\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.52.110.192/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.52.118.0/23\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.52.146.128/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.52.146.192/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.52.200.160/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.52.201.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.52.202.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.52.232.224/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.52.32.96/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.56.112.168/29\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.56.32.200/29\",\n      \"region\": \"us-west-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.57.180.176/29\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.57.180.184/29\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.57.180.208/29\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.57.180.216/29\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"13.57.180.64/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.144.158.0/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.144.158.64/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.144.184.0/23\",\n      \"region\": \"us-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.144.76.128/25\",\n      \"region\": \"us-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.144.76.32/29\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.100.128/25\",\n      \"region\": \"us-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.114.0/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.114.64/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.145.192/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.145.224/27\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.156.0/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.157.128/25\",\n      \"region\": \"us-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.158.0/23\",\n      \"region\": \"us-west-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.160.240/29\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.160.44/30\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.160.48/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.161.0/25\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.161.128/25\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.162.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.163.0/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.163.64/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.163.80/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.163.96/28\",\n      \"region\": \"us-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.164.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.176.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.177.20/30\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.177.48/29\",\n      \"region\": \"us-west-1\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.194.128/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.200.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.201.128/25\",\n      \"region\": \"us-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.202.0/23\",\n      \"region\": \"us-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.208.0/24\",\n      \"region\": \"us-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.209.0/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.52.208/30\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.52.212/30\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"3.101.87.0/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"52.52.191.128/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.183.255.128/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"54.241.32.64/26\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ip_prefix\": \"18.236.61.0/25\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON_CONNECT\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.216.226.136/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.216.226.144/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.216.226.192/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.216.226.208/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.216.226.224/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.216.226.232/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.216.226.240/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.216.51.0/25\",\n      \"region\": \"us-west-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.217.141.0/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.217.141.16/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.217.141.224/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.217.141.32/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.218.119.112/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.218.119.128/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.218.119.144/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.218.119.32/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"CLOUD9\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.218.119.80/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.218.119.96/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.218.216.160/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.218.216.176/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.218.216.208/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.218.216.240/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.221.183.224/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.221.183.32/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.222.66.64/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.112.0/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.112.128/25\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.112.64/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.12.224/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.21.192/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.22.176/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.24.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.37.224/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.45.0/25\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.45.128/25\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.46.0/25\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.46.128/25\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.47.0/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.47.128/25\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.49.128/25\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.51.0/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.64.224/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.68.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.72.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.74.0/25\",\n      \"region\": \"us-west-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.80.192/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.92.0/25\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.95.176/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"34.223.96.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.162.63.192/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.167.191.128/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.80.35.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.80.36.192/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EBS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.80.36.208/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.80.36.224/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.80.88.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.80.92.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.82.136.192/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.83.248.40/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.84.36.0/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.86.187.128/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.86.66.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.89.72.0/25\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.90.103.192/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.90.132.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.92.124.192/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"35.92.26.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.227.178.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.233.54.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.234.106.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.234.108.128/25\",\n      \"region\": \"us-west-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.234.113.64/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.234.123.128/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.234.123.64/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.234.22.128/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.234.28.0/22\",\n      \"region\": \"us-west-2\",\n      \"service\": \"API_GATEWAY\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.234.54.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.234.73.116/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.234.73.120/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON_APPFLOW\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.234.90.252/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.143.180/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.143.224/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.143.242/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.143.244/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.143.248/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.143.250/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.143.252/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.161.0/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.161.10/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.161.12/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.161.16/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.161.20/30\",\n      \"region\": \"us-west-2\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.161.4/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.161.6/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.161.8/31\",\n      \"region\": \"us-west-2\",\n      \"service\": \"KINESIS_VIDEO_STREAMS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.176.192/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.177.0/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.177.128/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.177.64/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.178.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.179.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.180.0/24\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.181.0/27\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.181.32/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_RESOLVER\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"44.242.184.128/25\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"52.43.76.88/29\",\n      \"region\": \"us-west-2\",\n      \"service\": \"CODEBUILD\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.190.198.32/28\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON_CONNECT\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.244.46.0/23\",\n      \"region\": \"us-west-2\",\n      \"service\": \"WORKSPACES_GATEWAYS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.244.52.192/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ip_prefix\": \"54.245.168.0/26\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"us-west-2\"\n    }\n  ],\n  \"ipv6_prefixes\": [\n    {\n      \"ipv6_prefix\": \"2600:1ff2:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07a:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f68:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80ff:4000::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4822::/56\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da1b::/36\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80f8:4000::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:3000::/36\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f600::/39\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6500:0:9::2/128\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4874::/47\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f19:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-pilot-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fff:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07a:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f11:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-pilot-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07c:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fa0:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1d:8000::/36\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-pilot-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:a940::/58\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f15::/36\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:80a7::/48\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff9:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f60:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da15::/36\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2-wl1-cjj-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80f9:4000::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:a080::/58\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fa0:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f540::/42\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f60:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:80c8::/48\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:2::92/128\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f68:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f000::/38\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f500::/43\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4802::/47\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:108:7000::/44\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4860::/47\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff1:8000::/39\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a800::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d01e::/36\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f00:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:7100::/56\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:2e80::/48\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff8:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:ddd::/48\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:2::96/128\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafe:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fff:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4002::/48\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafe:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f18::/33\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff1:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da1c::/36\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6500:0:7600::/56\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da1a::/36\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a700::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07a:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4880::/47\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6500:0:7900::/56\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:2f00::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6500:ff00::/64\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a01:578:0:7000::/56\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d071:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07e:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafc:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07a:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07a:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafc:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff1:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:ae00::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07e:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafa:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:7000::/56\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafc:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a01:578:0:7100::/56\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafc:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff9:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:807f::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4810::/47\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:82be::/48\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a500::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:4000::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff1:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:80e1::/48\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:40::/64\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:2600::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f800::/37\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6500:0:9::3/128\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6500:0:9::1/128\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:200::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafe:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafc:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f00:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6500:0:7a00::/56\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffc:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6500:0:9::4/128\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff9:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafe:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8492::/48\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1a:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-wl1-mia-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da19::/36\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:108:d000::/44\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:2a00::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffa:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f400::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d071:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffc:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f60:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f61:8000::/39\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:ac00::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:f0f0:4000::/44\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:7400::/56\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fff:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:a880::/58\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff8:5000::/36\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:af00::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2606:f40:6800::/48\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8149::/48\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4008::/45\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6500:0:7200::/56\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff9:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffb:8080::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffe:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:aa00::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:3001::/48\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:2200::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:2f00::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80fa:8000::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffe:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f538::/45\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:f00f::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2606:f40:3001::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f12::/36\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d011::/36\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80fe:8000::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:2100::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f12:4000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1c::/36\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:f0f0:1000::/44\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:2::90/128\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da1e::/32\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:2800::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:807b::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:8014::/36\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80a0:4000::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffb:8021::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da18::/36\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafa:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:8000::/36\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffb:60c0::/48\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6500:0:7800::/56\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07c:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:48e2::/47\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f60:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d016::/36\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafc:ffa0::/46\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:5380::/41\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da17::/36\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffc:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:a900::/58\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2606:f40::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffe:8000::/40\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07e:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6500:0:7400::/56\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:2a00::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f14::/34\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:1000::/36\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f530::/46\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f60:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d071:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:812f::/48\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d071:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f61:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8285::/48\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d014::/35\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:8000::/39\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8422::/48\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff2:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffe:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80fa:4000::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a01:578:3::/64\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f14:8000::/36\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-wl1-den-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:4000::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff2:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:80f0::/48\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6500:0:7700::/56\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f00:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:84af::/48\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:2000::/36\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:85e8::/48\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2606:f40:1::/48\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:2e80::/48\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da1f::/36\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a300::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a01:578:0:7400::/56\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:f00c::/39\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07c:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f60:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff1:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:500::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8188::/48\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f10:4000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafc:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:8000::/40\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fa0:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fff:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:4000::/36\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d012::/36\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f00:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:2800::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafa:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:2::93/128\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:838e::/48\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff8:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4850::/47\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:48a0::/47\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1f:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-wl1-atl-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:fff::/48\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a400::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1e::/36\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f61:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:200::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80a0:8000::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fff:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a01:578:0:7700::/56\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f61:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6700:ff00::/64\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2403:b300:ff00::/64\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f16::/36\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffc:8000::/40\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:300f::/64\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07c:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:80d0::/48\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d01a::/36\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da1d::/36\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1-wl1-kix-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:a8c0::/58\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:500::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f68:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:816c::/48\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffe:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80ff:8000::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:48c0::/47\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:5308::/45\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f534::/46\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d01c::/36\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff8:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:83ad::/48\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f13::/36\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff9:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a900::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07a:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4890::/47\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f68:8000::/39\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:2c00::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80f8:8000::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:83d2::/48\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a200::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:7800::/56\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a01:578:0:7200::/56\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f13:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-pilot-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da11::/36\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:8000:8000::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1c:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-wl1-dfw-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:ad00::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:f00c:8000::/39\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d018::/36\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafc:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff9:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:85c0::/48\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:f000::/39\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffb:80a1::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafe:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4820::/47\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07e:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80f9:8000::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:2::94/128\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:48d2::/47\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:818f::/48\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:81c2::/48\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f14:4000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-dfw-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:84bd::/48\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4800::/47\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07a:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07e:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafc:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f12:8000::/36\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-wl1-las-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:803f::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07e:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafc:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafe:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:48e0::/47\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:2::95/128\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f68:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff8:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:5300::/45\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2804:800:ff00::/64\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d071:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:2400::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffa:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07c:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafe:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f15:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-pilot-5\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d015::/36\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff8:8000::/40\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1f::/36\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-lax-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8165::/48\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:8000:4000::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07e:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:8000::/36\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff2:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:819f::/48\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6500:0:7500::/56\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:48b0::/47\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff1:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff1:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07e:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff1:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:2::97/128\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f17:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-wl1-nyc-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffa:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:7a00::/56\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:2600::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f00:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1e:8000::/36\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-wl1-sea-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d071:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafc:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafe:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f520::/44\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da14::/36\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff9:8000::/40\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fff:8000::/40\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a100::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:2::91/128\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4804::/47\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:2100::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2804:800:0:7000::/56\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f10:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-wl1-bos-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:f000:8000::/39\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafc:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fa0:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4840::/47\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f68:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2606:f40:4000::/48\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07c:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:ff00::/64\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4830::/47\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fa0:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffc:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafa:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f61:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8508::/48\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1c:4000::/36\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-phx-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d018:1000::/36\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6500:0:7b00::/56\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80fc:4000::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f11::/36\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f61:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:a840::/58\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:2c00::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f60:8000::/39\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2606:f40:1801::/48\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:833b::/48\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fff:3000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-lax-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4004::/48\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07e:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d071:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f00:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8066::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6500:0:7000::/56\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafa:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff2:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d071:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6500:100:7200::/56\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafa:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:2400::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffa:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffc:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafc:ff80::/46\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff2:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffa:8000::/40\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffb:60c1::/48\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f00:8000::/40\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a01:578:0:7900::/56\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da13::/36\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1-wl1-nrt-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:85b2::/48\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:5320::/43\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f18:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1-wl1-was-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:7700::/56\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80fc:8000::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:48d0::/47\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffe:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:5310::/44\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d019::/36\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafe:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f580::/41\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8190::/48\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f00:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:81a7::/48\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafa:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f68:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff2:8000::/39\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffb:40c0::/46\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fff:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fa0:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffc:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff2:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4870::/47\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a01:578:0:7800::/56\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fa0:8000::/39\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafe:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4844::/47\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fa0:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f68:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff9:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffc:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffe:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4007::/64\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07c:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da12::/36\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafc:ff60::/46\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d071:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:5340::/42\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2606:f40:1001::/48\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:831b::/48\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da16::/36\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffb:80a0::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:7200::/56\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffa:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffa:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:2200::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4000:5::/64\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:eee::/48\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafe:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:80cb::/48\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07c:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4005::/48\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4814::/47\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:481a::/47\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a600::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4003::/48\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07c:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f16:8000::/36\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2-pilot-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8143::/48\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07c:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07e:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafc:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff8:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80fe:4000::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:ab00::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:8018::/36\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffa:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a01:578:13::/64\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafe:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f60:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f61:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f61:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fff:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:48f0::/47\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1b:8000::/36\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2-wl1-sfo-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffe:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6500:0:7100::/56\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6500:0:7300::/56\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff8:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07a:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f68:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80f8:4000::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a310::/48\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07a:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fa0:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff9:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80f9:4000::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fa0:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f68:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a211::/48\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff8:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07a:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07a:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07a:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafa:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff9:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:200::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff9:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffa:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff8:5000::/36\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff9:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80fa:8000::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:2800::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80a0:4000::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafa:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a104::/48\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a311::/48\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f60:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:8000::/39\",\n      \"region\": \"us-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80fa:4000::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fa0:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:2800::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafa:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff8:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:200::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80a0:8000::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f68:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff8:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff9:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07a:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f68:8000::/39\",\n      \"region\": \"us-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:2c00::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80f8:8000::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff9:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80f9:8000::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07a:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f68:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff8:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:2400::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffa:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff8:8000::/40\",\n      \"region\": \"us-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffa:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff9:8000::/40\",\n      \"region\": \"us-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fa0:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f68:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fa0:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafa:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:2c00::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a210::/48\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafa:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafa:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:2400::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffa:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffa:8000::/40\",\n      \"region\": \"us-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:dafa:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f68:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fa0:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fa0:8000::/39\",\n      \"region\": \"us-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fa0:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf9:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f68:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff9:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d079:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a105::/48\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffa:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffa:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d034:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf8:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff8:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d050:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffa:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daa0:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da68:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d078:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff8:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"S3\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff2:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80ff:4000::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da1b::/36\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f19:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-pilot-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fff:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f11:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-pilot-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1d:8000::/36\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-pilot-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f15::/36\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:80a7::/48\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f60:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da15::/36\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2-wl1-cjj-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f60:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:80c8::/48\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff1:8000::/39\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d01e::/36\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f00:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fff:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4002::/48\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f18::/33\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff1:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da1c::/36\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da1a::/36\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:2f00::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6500:ff00::/64\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d071:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff1:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:807f::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:82be::/48\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:4000::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff1:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:80e1::/48\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f00:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8492::/48\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1a:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-wl1-mia-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da19::/36\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d071:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f60:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f61:8000::/39\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:f0f0:4000::/44\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:108:700f::/64\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fff:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2606:f40:6800::/48\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8149::/48\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffb:8080::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:2200::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:2f00::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:f00f::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2606:f40:3001::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f12::/36\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d011::/36\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:2100::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f12:4000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1c::/36\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:f0f0:1000::/44\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da1e::/32\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:807b::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:8014::/36\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffb:8021::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da18::/36\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:8000::/36\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffb:60c0::/48\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f60:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d016::/36\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da17::/36\",\n      \"region\": \"me-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2606:f40::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f14::/34\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f60:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d071:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:812f::/48\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d071:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f61:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8285::/48\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d014::/35\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:8000::/39\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8422::/48\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff2:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a01:578:3::/64\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f14:8000::/36\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-wl1-den-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:4000::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff2:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:80f0::/48\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f00:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:84af::/48\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:85e8::/48\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2606:f40:1::/48\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da1f::/36\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:f00c::/39\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f60:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff1:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8188::/48\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f10:4000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:8000::/40\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fff:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d012::/36\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f00:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:838e::/48\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1f:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-wl1-atl-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1e::/36\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f61:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fff:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f61:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:6700:ff00::/64\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2403:b300:ff00::/64\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f16::/36\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:300f::/64\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:80d0::/48\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d01a::/36\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da1d::/36\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1-wl1-kix-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:816c::/48\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:80ff:8000::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d01c::/36\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:83ad::/48\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f13::/36\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:83d2::/48\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f13:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-pilot-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da11::/36\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:8000:8000::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1c:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-wl1-dfw-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:f00c:8000::/39\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d018::/36\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:85c0::/48\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:f000::/39\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffb:80a1::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:818f::/48\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:81c2::/48\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da61:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f14:4000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-dfw-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:84bd::/48\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f12:8000::/36\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-wl1-las-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:803f::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:8000::/40\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2804:800:ff00::/64\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:108:d00f::/64\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d071:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f15:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-pilot-5\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d015::/36\",\n      \"region\": \"il-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1f::/36\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-lax-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8165::/48\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:8000:4000::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:8000::/36\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff2:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:819f::/48\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff1:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff1:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff1:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f17:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-wl1-nyc-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f00:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1e:8000::/36\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-wl1-sea-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d071:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:f000::/40\",\n      \"region\": \"ap-southeast-4\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-4\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da14::/36\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fff:8000::/40\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:2100::/40\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f10:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-wl1-bos-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:f000:8000::/39\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2606:f40:4000::/48\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:ff00::/64\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f61:4000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8508::/48\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1c:4000::/36\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-phx-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d018:1000::/36\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f11::/36\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f61:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f60:8000::/39\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2606:f40:1801::/48\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:833b::/48\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fff:3000::/40\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-lax-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4004::/48\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d071:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:1000::/40\",\n      \"region\": \"af-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f00:1000::/40\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8066::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff2:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d071:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff2:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffb:60c1::/48\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f00:8000::/40\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da13::/36\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1-wl1-nrt-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:85b2::/48\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f18:8000::/36\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1-wl1-was-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:e000::/40\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d019::/36\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:2000::/40\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8190::/48\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f00:e000::/40\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:81a7::/48\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff2:8000::/39\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffb:40c0::/46\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fff:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff2:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d070:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf1:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:9000::/40\",\n      \"region\": \"eu-central-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4007::/64\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da12::/36\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:9000::/40\",\n      \"region\": \"ap-southeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d071:a000::/40\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2606:f40:1001::/48\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daff:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:831b::/48\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d07f:4000::/40\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da16::/36\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffb:80a0::/48\",\n      \"region\": \"us-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:c000::/40\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ff0:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:2200::/40\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:7000::/40\",\n      \"region\": \"me-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:80cb::/48\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4005::/48\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:6000::/40\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da00:6000::/40\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da60:4000::/40\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2620:107:4003::/48\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f16:8000::/36\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2-pilot-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1ffd:8143::/48\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:c000::/40\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"240f:8018::/36\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a01:578:13::/64\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f60:c000::/40\",\n      \"region\": \"us-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f61:2000::/40\",\n      \"region\": \"us-gov-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f61:6000::/40\",\n      \"region\": \"us-east-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1fff:5000::/40\",\n      \"region\": \"us-gov-east-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-gov-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf0:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1b:8000::/36\",\n      \"region\": \"us-west-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"us-west-2-wl1-sfo-wlz-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d000:1000::/40\",\n      \"region\": \"eu-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d030:e000::/40\",\n      \"region\": \"me-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:daf2:b000::/40\",\n      \"region\": \"ap-south-2\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:a000::/40\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d031:5000::/40\",\n      \"region\": \"il-central-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"il-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:2000::/40\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d072:8000::/40\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"EC2\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:3000::/36\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f600::/39\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f540::/42\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f000::/38\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f500::/43\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:ddd::/48\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f800::/37\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f400::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f538::/45\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:5380::/41\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:1000::/36\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:2000::/36\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:500::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:4000::/36\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:fff::/48\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:500::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:5308::/45\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f534::/46\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f520::/44\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:5320::/43\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:5310::/44\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:f580::/41\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:5340::/42\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:eee::/48\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"CLOUDFRONT\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4874::/47\",\n      \"region\": \"us-west-2\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4802::/47\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4860::/47\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a800::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a700::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4880::/47\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:ae00::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4810::/47\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a500::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:ac00::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:af00::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:aa00::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a300::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4850::/47\",\n      \"region\": \"us-east-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:48a0::/47\",\n      \"region\": \"us-west-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a400::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:48c0::/47\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a900::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4890::/47\",\n      \"region\": \"us-east-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a200::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:ad00::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4820::/47\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:48d2::/47\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4800::/47\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:48e0::/47\",\n      \"region\": \"me-south-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:48b0::/47\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a100::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4804::/47\",\n      \"region\": \"us-east-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4840::/47\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4830::/47\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:48d0::/47\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4870::/47\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4844::/47\",\n      \"region\": \"us-east-2\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f01:4814::/47\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:a600::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:9000:ab00::/40\",\n      \"region\": \"GLOBAL\",\n      \"service\": \"GLOBALACCELERATOR\",\n      \"network_border_group\": \"GLOBAL\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:4000:100::/56\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:4000:200::/56\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:4000:300::/56\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:4000:400::/56\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:4000::/56\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:83cc:cc00::/56\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:83cc:cd00::/56\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2400:7fc0:83cc:ce00::/56\",\n      \"region\": \"cn-north-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"cn-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:4000:100::/56\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:4000:200::/56\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:4000:300::/56\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:4000:400::/56\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:4000::/56\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:83cc:cc00::/56\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:83cc:cd00::/56\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2404:c2c0:83cc:ce00::/56\",\n      \"region\": \"cn-northwest-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"cn-northwest-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:1000:100::/56\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:1000:200::/56\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:1000:400::/56\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:1000::/56\",\n      \"region\": \"af-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"af-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:e000:100::/56\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:e000:200::/56\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:e000:400::/56\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:e000::/56\",\n      \"region\": \"ap-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da14:7ff:f800::/56\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da14:fff:f800::/56\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:4000:100::/56\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:4000:200::/56\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:4000:300::/56\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:4000:400::/56\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:4000::/56\",\n      \"region\": \"ap-northeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:2000:100::/56\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:2000:200::/56\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:2000:300::/56\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:2000:400::/56\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:2000::/56\",\n      \"region\": \"ap-northeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:6000::/56\",\n      \"region\": \"ap-northeast-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-northeast-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:a000:100::/56\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:a000:200::/56\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:a000:300::/56\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:a000:400::/56\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:a000::/56\",\n      \"region\": \"ap-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da18:7ff:f800::/56\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da18:fff:f800::/56\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:8000:100::/56\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:8000:200::/56\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:8000:300::/56\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:8000:400::/56\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:8000::/56\",\n      \"region\": \"ap-southeast-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da1c:7ff:f800::/56\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da1c:fff:f800::/56\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:c000:100::/56\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:c000:200::/56\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:c000:300::/56\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:c000:400::/56\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2406:da70:c000::/56\",\n      \"region\": \"ap-southeast-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ap-southeast-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:1000:100::/56\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:1000:200::/56\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:1000:300::/56\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:1000:400::/56\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:1000::/56\",\n      \"region\": \"ca-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"ca-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:4000:100::/56\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:4000:200::/56\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:4000:300::/56\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:4000:400::/56\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:4000::/56\",\n      \"region\": \"eu-central-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-central-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:6000:100::/56\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:6000:200::/56\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:6000:400::/56\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:6000::/56\",\n      \"region\": \"eu-north-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-north-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:a000:100::/56\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:a000:200::/56\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:a000:400::/56\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:a000::/56\",\n      \"region\": \"eu-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d018:7ff:f800::/56\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d018:fff:f800::/56\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:8000:100::/56\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:8000:200::/56\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:8000:300::/56\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:8000:400::/56\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:8000::/56\",\n      \"region\": \"eu-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:c000:100::/56\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:c000:200::/56\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:c000:300::/56\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:c000:400::/56\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:c000::/56\",\n      \"region\": \"eu-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:2000:100::/56\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:2000:200::/56\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:2000:300::/56\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:2000:400::/56\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:2000::/56\",\n      \"region\": \"eu-west-3\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"eu-west-3\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:e000:100::/56\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:e000:200::/56\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:e000:400::/56\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2a05:d03a:e000::/56\",\n      \"region\": \"me-south-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"me-south-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1e:7ff:f800::/56\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1e:fff:f800::/56\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:e000:100::/56\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:e000:200::/56\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:e000:400::/56\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:e000::/56\",\n      \"region\": \"sa-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"sa-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f18:3fff:f800::/56\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f18:7fff:f800::/56\",\n      \"region\": \"us-east-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:8000::/56\",\n      \"region\": \"us-east-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:6000:100::/56\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:6000:200::/56\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:6000:300::/56\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:6000:400::/56\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:6000::/56\",\n      \"region\": \"us-east-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-east-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1c:7ff:f800::/56\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f1c:fff:f800::/56\",\n      \"region\": \"us-west-1\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:c000:100::/56\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:c000:200::/56\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:c000:300::/56\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:c000:400::/56\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:c000::/56\",\n      \"region\": \"us-west-1\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-1\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f14:7ff:f800::/56\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f14:fff:f800::/56\",\n      \"region\": \"us-west-2\",\n      \"service\": \"ROUTE53_HEALTHCHECKS\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:4000:100::/56\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:4000:200::/56\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:4000:300::/56\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:4000:400::/56\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    },\n    {\n      \"ipv6_prefix\": \"2600:1f70:4000::/56\",\n      \"region\": \"us-west-2\",\n      \"service\": \"AMAZON\",\n      \"network_border_group\": \"us-west-2\"\n    }\n  ]\n}"
  },
  {
    "path": "ScoutSuite/data/icmp_message_types.json",
    "content": "{\n    \"metadata\": {\n        \"generated_on\": \"September 14, 2015\",\n        \"source\": \"https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml\"\n    },\n    \"icmp_message_types\": {\n        \"-1\": \"ALL\",\n        \"0\": \"Echo Reply\",\n        \"1\": \"Unassigned\",\n        \"2\": \"Unassigned\",\n        \"3\": \"Destination Unreachable\",\n        \"4\": \"Source Quench (Deprecated)\",\n        \"5\": \"Redirect\",\n        \"6\": \"Alternate Host Address (Deprecated)\",\n        \"7\": \"Unassigned\",\n        \"8\": \"Echo\",\n        \"9\": \"Router Advertisement\",\n        \"10\": \"Router Selection\",\n        \"11\": \"Time Exceeded\",\n        \"12\": \"Parameter Problem\",\n        \"13\": \"Timestamp\",\n        \"14\": \"Timestamp Reply\",\n        \"15\": \"Information Request (Deprecated)\",\n        \"16\": \"Information Reply (Deprecated)\",\n        \"17\": \"Address Mask Request (Deprecated)\",\n        \"18\": \"Address Mask Reply (Deprecated)\",\n        \"19\": \"Reserved (for Security)\",\n        \"20\": \"Reserved (for Robustness Experiment)\",\n        \"21\": \"Reserved (for Robustness Experiment)\",\n        \"22\": \"Reserved (for Robustness Experiment)\",\n        \"23\": \"Reserved (for Robustness Experiment)\",\n        \"24\": \"Reserved (for Robustness Experiment)\",\n        \"25\": \"Reserved (for Robustness Experiment)\",\n        \"26\": \"Reserved (for Robustness Experiment)\",\n        \"27\": \"Reserved (for Robustness Experiment)\",\n        \"28\": \"Reserved (for Robustness Experiment)\",\n        \"29\": \"Reserved (for Robustness Experiment)\",\n        \"30\": \"Traceroute (Deprecated)\",\n        \"31\": \"Datagram Conversion Error (Deprecated)\",\n        \"32\": \"Mobile Host Redirect (Deprecated)\",\n        \"33\": \"IPv6 Where-Are-You (Deprecated)\",\n        \"34\": \"IPv6 I-Am-Here (Deprecated)\",\n        \"35\": \"Mobile Registration Request (Deprecated)\",\n        \"36\": \"Mobile Registration Reply (Deprecated)\",\n        \"37\": \"Domain Name Request (Deprecated)\",\n        \"38\": \"Domain Name Reply (Deprecated)\",\n        \"39\": \"SKIP (Deprecated)\",\n        \"40\": \"Photuris\",\n        \"41\": \"ICMP messages utilized by experimental mobility protocols such as Seamoby\",\n        \"42\": \"Extended Echo Request\",\n        \"43\": \"Extended Echo Reply\",\n        \"44\": \"Unassigned\",\n        \"45\": \"Unassigned\",\n        \"46\": \"Unassigned\",\n        \"47\": \"Unassigned\",\n        \"48\": \"Unassigned\",\n        \"49\": \"Unassigned\",\n        \"50\": \"Unassigned\",\n        \"51\": \"Unassigned\",\n        \"52\": \"Unassigned\",\n        \"53\": \"Unassigned\",\n        \"54\": \"Unassigned\",\n        \"55\": \"Unassigned\",\n        \"56\": \"Unassigned\",\n        \"57\": \"Unassigned\",\n        \"58\": \"Unassigned\",\n        \"59\": \"Unassigned\",\n        \"60\": \"Unassigned\",\n        \"61\": \"Unassigned\",\n        \"62\": \"Unassigned\",\n        \"63\": \"Unassigned\",\n        \"64\": \"Unassigned\",\n        \"65\": \"Unassigned\",\n        \"66\": \"Unassigned\",\n        \"67\": \"Unassigned\",\n        \"68\": \"Unassigned\",\n        \"69\": \"Unassigned\",\n        \"70\": \"Unassigned\",\n        \"71\": \"Unassigned\",\n        \"72\": \"Unassigned\",\n        \"73\": \"Unassigned\",\n        \"74\": \"Unassigned\",\n        \"75\": \"Unassigned\",\n        \"76\": \"Unassigned\",\n        \"77\": \"Unassigned\",\n        \"78\": \"Unassigned\",\n        \"79\": \"Unassigned\",\n        \"80\": \"Unassigned\",\n        \"81\": \"Unassigned\",\n        \"82\": \"Unassigned\",\n        \"83\": \"Unassigned\",\n        \"84\": \"Unassigned\",\n        \"85\": \"Unassigned\",\n        \"86\": \"Unassigned\",\n        \"87\": \"Unassigned\",\n        \"88\": \"Unassigned\",\n        \"89\": \"Unassigned\",\n        \"90\": \"Unassigned\",\n        \"91\": \"Unassigned\",\n        \"92\": \"Unassigned\",\n        \"93\": \"Unassigned\",\n        \"94\": \"Unassigned\",\n        \"95\": \"Unassigned\",\n        \"96\": \"Unassigned\",\n        \"97\": \"Unassigned\",\n        \"98\": \"Unassigned\",\n        \"99\": \"Unassigned\",\n        \"100\": \"Unassigned\",\n        \"101\": \"Unassigned\",\n        \"102\": \"Unassigned\",\n        \"103\": \"Unassigned\",\n        \"104\": \"Unassigned\",\n        \"105\": \"Unassigned\",\n        \"106\": \"Unassigned\",\n        \"107\": \"Unassigned\",\n        \"108\": \"Unassigned\",\n        \"109\": \"Unassigned\",\n        \"110\": \"Unassigned\",\n        \"111\": \"Unassigned\",\n        \"112\": \"Unassigned\",\n        \"113\": \"Unassigned\",\n        \"114\": \"Unassigned\",\n        \"115\": \"Unassigned\",\n        \"116\": \"Unassigned\",\n        \"117\": \"Unassigned\",\n        \"118\": \"Unassigned\",\n        \"119\": \"Unassigned\",\n        \"120\": \"Unassigned\",\n        \"121\": \"Unassigned\",\n        \"122\": \"Unassigned\",\n        \"123\": \"Unassigned\",\n        \"124\": \"Unassigned\",\n        \"125\": \"Unassigned\",\n        \"126\": \"Unassigned\",\n        \"127\": \"Unassigned\",\n        \"128\": \"Unassigned\",\n        \"129\": \"Unassigned\",\n        \"130\": \"Unassigned\",\n        \"131\": \"Unassigned\",\n        \"132\": \"Unassigned\",\n        \"133\": \"Unassigned\",\n        \"134\": \"Unassigned\",\n        \"135\": \"Unassigned\",\n        \"136\": \"Unassigned\",\n        \"137\": \"Unassigned\",\n        \"138\": \"Unassigned\",\n        \"139\": \"Unassigned\",\n        \"140\": \"Unassigned\",\n        \"141\": \"Unassigned\",\n        \"142\": \"Unassigned\",\n        \"143\": \"Unassigned\",\n        \"144\": \"Unassigned\",\n        \"145\": \"Unassigned\",\n        \"146\": \"Unassigned\",\n        \"147\": \"Unassigned\",\n        \"148\": \"Unassigned\",\n        \"149\": \"Unassigned\",\n        \"150\": \"Unassigned\",\n        \"151\": \"Unassigned\",\n        \"152\": \"Unassigned\",\n        \"153\": \"Unassigned\",\n        \"154\": \"Unassigned\",\n        \"155\": \"Unassigned\",\n        \"156\": \"Unassigned\",\n        \"157\": \"Unassigned\",\n        \"158\": \"Unassigned\",\n        \"159\": \"Unassigned\",\n        \"160\": \"Unassigned\",\n        \"161\": \"Unassigned\",\n        \"162\": \"Unassigned\",\n        \"163\": \"Unassigned\",\n        \"164\": \"Unassigned\",\n        \"165\": \"Unassigned\",\n        \"166\": \"Unassigned\",\n        \"167\": \"Unassigned\",\n        \"168\": \"Unassigned\",\n        \"169\": \"Unassigned\",\n        \"170\": \"Unassigned\",\n        \"171\": \"Unassigned\",\n        \"172\": \"Unassigned\",\n        \"173\": \"Unassigned\",\n        \"174\": \"Unassigned\",\n        \"175\": \"Unassigned\",\n        \"176\": \"Unassigned\",\n        \"177\": \"Unassigned\",\n        \"178\": \"Unassigned\",\n        \"179\": \"Unassigned\",\n        \"180\": \"Unassigned\",\n        \"181\": \"Unassigned\",\n        \"182\": \"Unassigned\",\n        \"183\": \"Unassigned\",\n        \"184\": \"Unassigned\",\n        \"185\": \"Unassigned\",\n        \"186\": \"Unassigned\",\n        \"187\": \"Unassigned\",\n        \"188\": \"Unassigned\",\n        \"189\": \"Unassigned\",\n        \"190\": \"Unassigned\",\n        \"191\": \"Unassigned\",\n        \"192\": \"Unassigned\",\n        \"193\": \"Unassigned\",\n        \"194\": \"Unassigned\",\n        \"195\": \"Unassigned\",\n        \"196\": \"Unassigned\",\n        \"197\": \"Unassigned\",\n        \"198\": \"Unassigned\",\n        \"199\": \"Unassigned\",\n        \"200\": \"Unassigned\",\n        \"201\": \"Unassigned\",\n        \"202\": \"Unassigned\",\n        \"203\": \"Unassigned\",\n        \"204\": \"Unassigned\",\n        \"205\": \"Unassigned\",\n        \"206\": \"Unassigned\",\n        \"207\": \"Unassigned\",\n        \"208\": \"Unassigned\",\n        \"209\": \"Unassigned\",\n        \"210\": \"Unassigned\",\n        \"211\": \"Unassigned\",\n        \"212\": \"Unassigned\",\n        \"213\": \"Unassigned\",\n        \"214\": \"Unassigned\",\n        \"215\": \"Unassigned\",\n        \"216\": \"Unassigned\",\n        \"217\": \"Unassigned\",\n        \"218\": \"Unassigned\",\n        \"219\": \"Unassigned\",\n        \"220\": \"Unassigned\",\n        \"221\": \"Unassigned\",\n        \"222\": \"Unassigned\",\n        \"223\": \"Unassigned\",\n        \"224\": \"Unassigned\",\n        \"225\": \"Unassigned\",\n        \"226\": \"Unassigned\",\n        \"227\": \"Unassigned\",\n        \"228\": \"Unassigned\",\n        \"229\": \"Unassigned\",\n        \"230\": \"Unassigned\",\n        \"231\": \"Unassigned\",\n        \"232\": \"Unassigned\",\n        \"233\": \"Unassigned\",\n        \"234\": \"Unassigned\",\n        \"235\": \"Unassigned\",\n        \"236\": \"Unassigned\",\n        \"237\": \"Unassigned\",\n        \"238\": \"Unassigned\",\n        \"239\": \"Unassigned\",\n        \"240\": \"Unassigned\",\n        \"241\": \"Unassigned\",\n        \"242\": \"Unassigned\",\n        \"243\": \"Unassigned\",\n        \"244\": \"Unassigned\",\n        \"245\": \"Unassigned\",\n        \"246\": \"Unassigned\",\n        \"247\": \"Unassigned\",\n        \"248\": \"Unassigned\",\n        \"249\": \"Unassigned\",\n        \"250\": \"Unassigned\",\n        \"251\": \"Unassigned\",\n        \"252\": \"Unassigned\",\n        \"253\": \"RFC3692-style Experiment 1\",\n        \"254\": \"RFC3692-style Experiment 2\"\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/data/protocols.json",
    "content": "{\n    \"metadata\": {\n        \"generated_on\": \"February 12, 2014\",\n        \"source\": \"http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml\"\n    },\n    \"protocols\": {\n        \"-1\": \"ALL\",\n        \"0\": \"HOPOPT\",\n        \"1\": \"ICMP\",\n        \"2\": \"IGMP\",\n        \"3\": \"GGP\",\n        \"4\": \"IPv4\",\n        \"5\": \"ST\",\n        \"6\": \"TCP\",\n        \"7\": \"CBT\",\n        \"8\": \"EGP\",\n        \"9\": \"IGP\",\n        \"10\": \"BBN-RCC-MON\",\n        \"11\": \"NVP-II\",\n        \"12\": \"PUP\",\n        \"13\": \"ARGUS\",\n        \"14\": \"EMCON\",\n        \"15\": \"XNET\",\n        \"16\": \"CHAOS\",\n        \"17\": \"UDP\",\n        \"18\": \"MUX\",\n        \"19\": \"DCN-MEAS\",\n        \"20\": \"HMP\",\n        \"21\": \"PRM\",\n        \"22\": \"XNS-IDP\",\n        \"23\": \"TRUNK-1\",\n        \"24\": \"TRUNK-2\",\n        \"25\": \"LEAF-1\",\n        \"26\": \"LEAF-2\",\n        \"27\": \"RDP\",\n        \"28\": \"IRTP\",\n        \"29\": \"ISO-TP4\",\n        \"30\": \"NETBLT\",\n        \"31\": \"MFE-NSP\",\n        \"32\": \"MERIT-INP\",\n        \"33\": \"DCCP\",\n        \"34\": \"3PC\",\n        \"35\": \"IDPR\",\n        \"36\": \"XTP\",\n        \"37\": \"DDP\",\n        \"38\": \"IDPR-CMTP\",\n        \"39\": \"TP++\",\n        \"40\": \"IL\",\n        \"41\": \"IPv6\",\n        \"42\": \"SDRP\",\n        \"43\": \"IPv6-Route\",\n        \"44\": \"IPv6-Frag\",\n        \"45\": \"IDRP\",\n        \"46\": \"RSVP\",\n        \"47\": \"GRE\",\n        \"48\": \"DSR\",\n        \"49\": \"BNA\",\n        \"50\": \"ESP\",\n        \"51\": \"AH\",\n        \"52\": \"I-NLSP\",\n        \"53\": \"SWIPE\",\n        \"54\": \"NARP\",\n        \"55\": \"MOBILE\",\n        \"56\": \"TLSP\",\n        \"57\": \"SKIP\",\n        \"58\": \"IPv6-ICMP\",\n        \"59\": \"IPv6-NoNxt\",\n        \"60\": \"IPv6-Opts\",\n        \"62\": \"CFTP\",\n        \"64\": \"SAT-EXPAK\",\n        \"65\": \"KRYPTOLAN\",\n        \"66\": \"RVD\",\n        \"67\": \"IPPC\",\n        \"69\": \"SAT-MON\",\n        \"70\": \"VISA\",\n        \"71\": \"IPCV\",\n        \"72\": \"CPNX\",\n        \"73\": \"CPHB\",\n        \"74\": \"WSN\",\n        \"75\": \"PVP\",\n        \"76\": \"BR-SAT-MON\",\n        \"77\": \"SUN-ND\",\n        \"78\": \"WB-MON\",\n        \"79\": \"WB-EXPAK\",\n        \"80\": \"ISO-IP\",\n        \"81\": \"VMTP\",\n        \"82\": \"SECURE-VMTP\",\n        \"83\": \"VINES\",\n        \"84\": \"TTP\",\n        \"84\": \"IPTM\",\n        \"85\": \"NSFNET-IGP\",\n        \"86\": \"DGP\",\n        \"87\": \"TCF\",\n        \"88\": \"EIGRP\",\n        \"89\": \"OSPFIGP\",\n        \"90\": \"Sprite-RPC\",\n        \"91\": \"LARP\",\n        \"92\": \"MTP\",\n        \"93\": \"AX.25\",\n        \"94\": \"IPIP\",\n        \"95\": \"MICP\",\n        \"96\": \"SCC-SP\",\n        \"97\": \"ETHERIP\",\n        \"98\": \"ENCAP\",\n        \"100\": \"GMTP\",\n        \"101\": \"IFMP\",\n        \"102\": \"PNNI\",\n        \"103\": \"PIM\",\n        \"104\": \"ARIS\",\n        \"105\": \"SCPS\",\n        \"106\": \"QNX\",\n        \"107\": \"A/N\",\n        \"108\": \"IPComp\",\n        \"109\": \"SNP\",\n        \"110\": \"Compaq-Peer\",\n        \"111\": \"IPX-in-IP\",\n        \"112\": \"VRRP\",\n        \"113\": \"PGM\",\n        \"115\": \"L2TP\",\n        \"116\": \"DDX\",\n        \"117\": \"IATP\",\n        \"118\": \"STP\",\n        \"119\": \"SRP\",\n        \"120\": \"UTI\",\n        \"121\": \"SMP\",\n        \"122\": \"SM\",\n        \"123\": \"PTP\",\n        \"124\": \"ISIS over IPv4\",\n        \"125\": \"FIRE\",\n        \"126\": \"CRTP\",\n        \"127\": \"CRUDP\",\n        \"128\": \"SSCOPMCE\",\n        \"129\": \"IPLT\",\n        \"130\": \"SPS\",\n        \"131\": \"PIPE\",\n        \"132\": \"SCTP\",\n        \"133\": \"FC\",\n        \"134\": \"RSVP-E2E-IGNORE\",\n        \"135\": \"Mobility Header\",\n        \"136\": \"UDPLite\",\n        \"137\": \"MPLS-in-IP\",\n        \"138\": \"manet\",\n        \"139\": \"HIP\",\n        \"140\": \"Shim6\",\n        \"141\": \"WESP\",\n        \"142\": \"ROHC\"\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/output/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/output/data/html/conditionals/json_format.html",
    "content": "<!-- Element to notify that we are reading a report in json format -->\n<script id=\"json_format\" type=\"text/x-handlebars-template\"></script>\n<script>\n    Handlebars.registerPartial(\"json_format\", document.getElementById(\"json_format\").innerHTML);\n</script>\n\n<!-- Results that need to be read from js files -->\n<script src=\"<!-- RESULTS PLACEHOLDER -->\"></script>\n<script src=\"<!-- EXCEPTIONS PLACEHOLDER -->\"></script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/conditionals/sqlite_format.html",
    "content": "<!-- Element to notify that we are reading a report in sqlite format -->\n<script id=\"sqlite_format\" type=\"text/x-handlebars-template\"></script>\n<script>\n    Handlebars.registerPartial(\"sqlite_format\", document.getElementById(\"sqlite_format\").innerHTML);\n</script>\n\n<!-- Import sqlite related functions -->\n<script src=\"<!-- SQLITE JS PLACEHOLDER -->\"></script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/about_scoutsuite.html",
    "content": "<script id=\"about_scoutsuite-template\" type=\"text/x-handlebars-template\">\n    <div class=\"modal-dialog modal-lg modal-dialog-centered\" role=\"document\">\n        <div class=\"modal-content\">\n            <div class=\"modal-header\">\n                <h5 class=\"modal-title\">About Scout Suite</h5>\n                <button type=\"button\" class=\"close\" data-dismiss=\"modal\" aria-label=\"Close\">\n                    <span aria-hidden=\"true\">&times;</span>\n                </button>\n            </div>\n            <div class=\"modal-body m-3\">\n                <div>\n                    <p>Scout Suite is an open-source tool released by <a href=\"https://www.nccgroup.trust\" rel=\"author\" target=\"_blank\">NCC Group</a>.</p>\n                    <p>Use the top navigation bar to review the configuration of the supported cloud provider services.</p>\n                    <p>\n                        For more information about Scout Suite, please check out the project's page on\n                        <a href=\"https://github.com/nccgroup/ScoutSuite\" target=\"_blank\">GitHub</a>.\n                    </p>\n                </div>\n            </div>\n        </div>\n    </div>\n</script>\n\n<script>\n    var about_scoutsuite_template = Handlebars.compile($(\"#about_scoutsuite-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/accordion.html",
    "content": "<!-- Accordion partial -->\n<script id=\"accordion.partial\" type=\"text/x-handlebars-template\">\n        <div class=\"accordion\">\n            <h4 class=\"list-group-item-heading accordion-heading\">\n                {{#if title_partial}}\n                    {{> (lookup . 'title_partial') item = this}}\n                {{else}}\n                    {{#if title}}\n                        {{title}}\n                    {{/if}}\n                {{/if}}\n                {{> count_badge count=items.length target=(concat '#' (escape_dots accordion_id))}}\n            </h4>\n            <div id=\"{{accordion_id}}\" class=\"accordion-body\">\n                <div class=\"accordion-inner\">\n                    <ul class=\"no-bullet\">\n                        {{#each items}}\n                            <li>\n                                {{#if ../item_partial}}\n                                    {{> (lookup ../.. 'item_partial') region = ../../region vpc = ../../vpc item = this}}\n                                {{else}}\n                                    {{this}}\n                                {{/if}}\n                            </li>\n                        {{/each}}\n                    </ul>\n                </div>\n            </div>\n        </div>\n</script>\n<script>\n    Handlebars.registerPartial(\"accordion\", $(\"#accordion\\\\.partial\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/accordion_policy.html",
    "content": "    <!-- Policy partial -->\n    <script id=\"accordion_policy.partial\" type=\"text/x-handlebars-template\">\n      <div class=\"accordion\">\n          <{{#if heading}}{{heading}}{{else}}h5{{/if}} class=\"list-group-item-heading accordion-heading\">{{#samp}}<samp>{{/samp}}{{name}}{{#samp}}</samp>{{/samp}}\n              <a class=\"accordion-toggle collapsed\" data-toggle=\"collapse\" href=\"#{{escape_dots policy_path}}\">\n                  <span class=\"badge float-right btn-info\">Details</span>\n              </a>\n          </{{#if heading}}{{heading}}{{else}}h5{{/if}}>\n        <div id=\"{{policy_path}}\" class=\"accordion-body item-margin collapse\">\n          <div class=\"accordion-inner\">\n              <code>\n                  {{> policy}}\n              </code>\n          </div>\n        </div>\n      </div>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"accordion_policy\", $(\"#accordion_policy\\\\.partial\").html());\n    </script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aliyun/left_menu_for_aliyun_region.html",
    "content": "<!-- Generic left-menu link partial for region-then-resource -->\n<script id=\"left_menu_for_region.partial\" type=\"text/x-handlebars-template\">\n  <div id=\"services.{{service_name}}.regions.id.{{resource_type}}.list\">\n    <div class=\"list-group\" >\n      <div class=\"list-group-item\">\n        <a href=\"javascript:updateHash('services.{{service_name}}.regions.id.{{resource_type}}')\">\n          Show all <span class=\"badge float-right btn-info\">{{getValueAt 'metadata' service_group service_name 'resources' resource_type 'count'}}</span>\n        </a>\n      </div>\n    </div>\n    {{#each items}}\n    <div class=\"list-group\" id=\"services.{{../service_name}}.regions.{{@key}}.{{../resource_type}}.list\">\n      <div class=\"list-group-item active\">\n        <a href=\"#services.{{../service_name}}.regions.{{@key}}.{{../resource_type}}\">{{@key}}</a>\n        <span class=\"float-right\"><a href=\"javascript:hideList('services.{{../service_name}}.regions.{{@key}}.{{../resource_type}}.list')\"><i class=\"fa fa-times-circle\"></i></a></span>\n      </div>\n      <div class=\"list-group-item list-sub-element\">\n        {{#each (lookup . ../resource_type)}}\n        <div class=\"list-group-item-text\" id=\"services.{{../../service_name}}.regions.{{@../key}}.{{../../resource_type}}.{{@key}}.link\">\n          {{#if scout_link}}\n          <a href=\"#{{scout_link}}.view\">{{name}}</a>\n          {{else}}\n          <a href=\"#services.{{../../../service_name}}.regions.{{@../key}}.{{../../../resource_type}}.{{@key}}.view\">{{name}}</a>\n          {{/if}}\n        </div>\n        {{/each}}\n      </div>\n    </div>\n    {{/each}}\n  </div>\n</script>\n<script>\n  Handlebars.registerPartial(\"left_menu_for_region\", $(\"#left_menu_for_region\\\\.partial\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aliyun/services.actiontrail.trails.html",
    "content": "<!-- ActionTrail trails -->\n<script id=\"services.actiontrail.trails.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">name: <span id=\"actiontrail.trails.{{@key}}.name\"><samp>{{name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Region: <span id=\"actiontrail.trails.{{@key}}.region\"><samp>{{region}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Status: <span id=\"actiontrail.trails.{{@key}}.status\"><samp>{{status}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Role Name: <span id=\"actiontrail.trails.{{@key}}.role_name\"><samp>{{role_name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">OSS Bucket Name: <span id=\"actiontrail.trails.{{@key}}.oss_bucket_name\"><samp>{{oss_bucket_name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">OSS Key Prefix: <span id=\"actiontrail.trails.{{@key}}.oss_key_prefix\"><samp>{{oss_key_prefix}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Include Global Service Events: <span id=\"actiontrail.trails.{{@key}}.include_global_service_event\"><samp>{{include_global_service_event}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Event Types: <span id=\"actiontrail.trails.{{@key}}.event_rw\"><samp>{{event_rw}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Type: <span id=\"actiontrail.trails.{{@key}}.type\"><samp>{{type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">SLS Write Role ARN: <span id=\"actiontrail.trails.{{@key}}.sls_write_role_arn\"><samp>{{value_or_none sls_write_role_arn}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">SLS Project ARN: <span id=\"actiontrail.trails.{{@key}}.sls_project_arn\"><samp>{{value_or_none sls_project_arn}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.actiontrail.trails\", $(\"#services\\\\.actiontrail\\\\.trails\\\\.partial\").html());\n</script>\n\n<!-- Single trail template -->\n<script id=\"single_actiontrail_trail-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.actiontrail.trails'}}\n</script>\n<script>\n    var single_actiontrail_trail_template = Handlebars.compile($(\"#single_actiontrail_trail-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aliyun/services.ecs.regions.id.instances.html",
    "content": "\n<!-- ECS instances -->\n<script id=\"services.ecs.regions.id.instances.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.id\"><samp>{{id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Status: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.status\"><samp>{{status}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.description\"><samp>{{description}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Region: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.region_id\"><samp>{{region_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Zone: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.zone_id\"><samp>{{zone_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Creation Date: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.creation_time\">{{format_date creation_time}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Start Date: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.start_time\">{{format_date start_time}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Expiration Date: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.expired_time\">{{format_date expired_time}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Auto Release Date: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.auto_release_time\">{{format_date auto_release_time}}</span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">System Configuration</h4>\n        <div class=\"list-group-item-text item-margin\">Serial Number: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.serial_number\"><samp>{{serial_number}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">OS Name: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.os_name\"><samp>{{os_name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">OS Name (english): <span id=\"ecs.regions.{{region}}.instances.{{@key}}.os_name_en\"><samp>{{os_name_en}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">OS Type: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.os_type\"><samp>{{os_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Image ID: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.image_id\"><samp>{{image_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Memory: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.memory\"><samp>{{memory}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Instance Type: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.instance_type\"><samp>{{instance_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Instance Type Family: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.instance_type_family\"><samp>{{instance_type_family}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Instance Charge Type: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.instance_charge_type\"><samp>{{instance_charge_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Dedicated Instance Affinity: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.dedicated_instance_attribute_affinity\"><samp>{{dedicated_instance_attribute.Affinity}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Dedicated Instance Tenancy: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.dedicated_instance_attribute_tenancy\"><samp>{{dedicated_instance_attribute.Tenancy}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Resource Group ID: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.resource_group_id\"><samp>{{resource_group_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Credit Specification: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.credit_specification\"><samp>{{credit_specification}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">CPU: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.cpu\"><samp>{{cpu}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">GPU Amount: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.gpu_amount\"><samp>{{gpu_amount}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">GPU Spec: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.gpu_spec\"><samp>{{gpu_spec}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">IO Optimized: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.io_optimized\"><samp>{{io_optimized}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Operation Locks: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.operation_locks\"><samp>{{operation_locks.OperationLocks}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Sale Cycle: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.sale_cycle\"><samp>{{sale_cycle}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Spot Strategy: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.spot_strategy\"><samp>{{spot_strategy}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Spot Price Limit: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.spot_price_limit\"><samp>{{spot_price_limit}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Capacity Reservation: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.ecs_capacity_reservation_attr\"><samp>{{ecs_capacity_reservation_attr.CapacityReservationPreference}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Deletion Protection: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.deletion_protection\"><samp>{{deletion_protection}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Stopped Mode: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.stopped_mode\"><samp>{{stopped_mode}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Deployment Set ID: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.deployment_set_id\"><samp>{{deployment_set_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Recyclable: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.recyclable\"><samp>{{recyclable}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Device Available: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.device_available\"><samp>{{device_available}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Network Configuration</h4>\n        <div class=\"list-group-item-text item-margin\">Host Name: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.host_name\"><samp>{{host_name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Dedicated Host Name: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.dedicated_host_attribute\"><samp>{{dedicated_host_attribute.DedicatedHostName}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Instance Network Type: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.instance_network_type\"><samp>{{instance_network_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">EIP Address: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.eip_address\"><samp>{{eip_address.IpAddress}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Public Ip Address: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.public_ip_address\"><samp>{{public_ip_address.IpAddress}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Inner IP Address: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.inner_ip_address\"><samp>{{inner_ip_address.IpAddress}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Internet Charge Type: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.internet_charge_type\"><samp>{{internet_charge_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Internet Max Bandwidth Out: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.internet_max_bandwidth_out\"><samp>{{internet_max_bandwidth_out}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Internet Max Bandwidth In: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.internet_max_bandwidth_in\"><samp>{{internet_max_bandwidth_in}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Cluster ID: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.cluster_id\"><samp>{{cluster_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">VLAN ID: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.vlan_id\"><samp>{{vlan_id}}</samp></span></div>\n\n        <h5 class=\"list-group-item-heading\">VPC</h5>\n        <div class=\"list-group-item-text item-margin\">VPC ID: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.vpc_attributes_id\"><samp>{{vpc_attributes.VpcId}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Switch ID: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.vpc_attributes_switch\"><samp>{{vpc_attributes.VSwitchId}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Private IP Address: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.vpc_attributes_ip\"><samp>{{vpc_attributes.PrivateIpAddress.IpAddress}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">NAT IP Address: <span id=\"ecs.regions.{{region}}.instances.{{@key}}.vpc_attributes_nat\"><samp>{{vpc_attributes.NatIpAddress}}</samp></span></div>\n\n        <h5 class=\"list-group-item-heading\">Network Interfaces</h5>\n        <ul>\n            {{#each network_interfaces.NetworkInterface}}\n            <li class=\"list-group-item-text\"><span id=\"ecs.regions.{{@../../key}}.instances.{{@../key}}.network_interfaces.{{@key}}.network_interface_id\"><samp>{{NetworkInterfaceId}}</samp></span>\n                <ul>\n                    <li class=\"list-group-item-text\">IP Address: <span id=\"ecs.regions.{{@../../key}}.instances.{{@../key}}.network_interfaces.{{@key}}.primary_address\"><samp>{{PrimaryIpAddress}}</samp></span></li>\n                    <li class=\"list-group-item-text\">MAC Address: <span id=\"ecs.regions.{{@../../key}}.instances.{{@../key}}.network_interfaces.{{@key}}.mac_address\"><samp>{{MacAddress}}</samp></span></li>\n                </ul>\n            </li>\n            {{/each}}\n        </ul>\n\n        <h5 class=\"list-group-item-heading\">Security Groups</h5>\n        <ul>\n            {{#each security_group_ids}}\n            <li class=\"list-group-item-text\"><span id=\"ecs.regions.{{@../../key}}.instances.{{@../key}}.security_group_ids.{{this}}\"><samp>{{this}}</samp></span></li>\n            {{/each}}\n        </ul>\n    </div>\n\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.ecs.regions.id.instances\", $(\"#services\\\\.ecs\\\\.regions\\\\.id\\\\.instances\\\\.partial\").html());\n</script>\n\n<!-- Single ECS instance template -->\n<script id=\"single_ecs_instance-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.ecs.regions.id.instance'}}\n</script>\n<script>\n    var single_ecs_instance_template = Handlebars.compile($(\"#single_ecs_instance-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aliyun/services.kms.regions.id.keys.html",
    "content": "\n<!-- KMS keys -->\n<script id=\"services.kms.regions.id.keys.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"kms.regions.{{region}}.keys.{{@key}}.id\"><samp>{{id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">ARN: <span id=\"kms.regions.{{region}}.keys.{{@key}}.arn\"><samp>{{arn}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Account ID: <span id=\"kms.regions.{{region}}.keys.{{@key}}.creator\"><samp>{{creator}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"kms.regions.{{region}}.keys.{{@key}}.description\"><samp>{{description}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Creation Date: <span id=\"kms.regions.{{region}}.keys.{{@key}}.creation_date\">{{format_date creation_date}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Deletion Date: <span id=\"kms.regions.{{region}}.keys.{{@key}}.delete_date\">{{format_date delete_date}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Material Expiration Time: <span id=\"kms.regions.{{region}}.keys.{{@key}}.material_expire_time\">{{format_date material_expire_time}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Origin: <span id=\"kms.regions.{{region}}.keys.{{@key}}.origin\"><samp>{{origin}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Usage: <span id=\"kms.regions.{{region}}.keys.{{@key}}.usage\"><samp>{{usage}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">State: <span id=\"kms.regions.{{region}}.keys.{{@key}}.state\"><samp>{{state}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.kms.regions.id.keys\", $(\"#services\\\\.kms\\\\.regions\\\\.id\\\\.keys\\\\.partial\").html());\n</script>\n\n<!-- Single KMS key template -->\n<script id=\"single_kms_key-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.kms.regions.id.keys'}}\n</script>\n<script>\n    var single_kms_key_template = Handlebars.compile($(\"#single_kms_key-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aliyun/services.oss.buckets.html",
    "content": "<!-- oss buckets -->\n<script id=\"services.oss.buckets.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Location: <span id=\"oss.buckets.{{@key}}.location\"><samp>{{value_or_none location}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Storage Class: <span id=\"oss.buckets.{{@key}}.storage_class\"><samp>{{value_or_none storage_class}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Creation Date: <span id=\"oss.buckets.{{@key}}.creation_date\"><samp>{{format_date creation_date}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.oss.buckets\", $(\"#services\\\\.oss\\\\.buckets\\\\.partial\").html());\n</script>\n\n<!-- Single oss bucket template -->\n<script id=\"single_oss_bucket-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.oss.buckets'}}\n</script>\n<script>\n    var single_oss_bucket_template = Handlebars.compile($(\"#single_oss_bucket-template\").html());\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aliyun/services.ram.groups.html",
    "content": "\n<!-- RAM groups -->\n<script id=\"services.ram.groups.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"ram.groups.{{@key}}.name\"><samp>{{name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Comments: <span id=\"ram.groups.{{@key}}.comments\"><samp>{{comments}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Create Date: <span id=\"ram.groups.{{@key}}.create_date\">{{format_date create_date}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Update Date: <span id=\"ram.groups.{{@key}}.update_date\">{{format_date update_date}}</span></div>\n    </div>\n    <div class=\"list-group-item\" style=\"padding-bottom: 0 !important;\">\n        <h4 class=\"list-group-item-heading\">Members\n            {{> count_badge count=users.length target=(concat '#ram.groups' id 'users')}}\n        </h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each this.users}}\n                <li><a href=\"javascript:showObject('services.ram.users.{{this.name}}')\">{{getValueAt 'services.ram.users' this.name 'name'}}</a></li>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Policies\n            {{> count_badge count=policies.length}}\n        </h4>\n        <ul>\n            {{#each policies}}\n            <li class=\"list-group-item-text\"><a href=\"javascript:showObject('services.ram.policies', 'name', '{{this}}')\">{{this}}</a></li>\n            {{/each}}\n        </ul>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.ram.groups\", $(\"#services\\\\.ram\\\\.groups\\\\.partial\").html());\n</script>\n\n<!-- Single ram group template -->\n<script id=\"single_ram_group-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.ram.groups'}}\n</script>\n<script>\n    var single_ram_group_template = Handlebars.compile($(\"#single_ram_group-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aliyun/services.ram.policies.html",
    "content": "\n<!-- RAM policies -->\n<script id=\"services.ram.policies.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"ram.policies.{{@key}}.name\"><samp>{{name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"ram.policies.{{@key}}.description\"><samp>{{description}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Create Date: <span id=\"ram.policies.{{@key}}.create_date\">{{format_date create_date}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Update Date: <span id=\"ram.policies.{{@key}}.update_date\">{{format_date update_date}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Attachment Count: <span id=\"ram.policies.{{@key}}.attachment_count\"><samp>{{attachment_count}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Type: <span id=\"ram.policies.{{@key}}.type\"><samp>{{type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Default Version: <span id=\"ram.policies.{{@key}}.default_version\"><samp>{{default_version}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        {{> accordion_policy name = 'Policy Document' document = policy_document.PolicyDocument policy_path = (concat 'ram.policies' @key 'policy_document.PolicyDocument') heading = \"h5\" }}\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Attached Entities</h4>\n        <ul>\n            {{#each entities}}\n            <li>{{makeTitle @key}}</li>\n            <ul>\n                {{#each this}}\n                <li><a href=\"javascript:showObject('services.ram.{{@../key}}.{{this}}')\">{{this}}</a></li>\n                {{/each}}\n            </ul>\n            {{/each}}\n        </ul>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.ram.policies\", $(\"#services\\\\.ram\\\\.policies\\\\.partial\").html());\n</script>\n\n<!-- Single ram policy template -->\n<script id=\"single_ram_policy-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.ram.policies'}}\n</script>\n<script>\n    var single_ram_policy_template = Handlebars.compile($(\"#single_ram_policy-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aliyun/services.ram.roles.html",
    "content": "\n<!-- RAM roles -->\n<script id=\"services.ram.roles.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"ram.roles.{{@key}}.id\"><samp>{{identifier}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"ram.roles.{{@key}}.name\"><samp>{{name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Create Date: <span id=\"ram.roles.{{@key}}.create_date\">{{format_date create_date}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"ram.roles.{{@key}}.description\"><samp>{{description}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Arn: <span id=\"ram.roles.{{@key}}.arn\"><samp>{{arn}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Policies\n            {{> count_badge count=policies.length}}\n        </h4>\n        <ul>\n            {{#each policies}}\n            <li class=\"list-group-item-text\"><a href=\"javascript:showObject('services.ram.policies', 'name', '{{this}}')\">{{this}}</a></li>\n            {{/each}}\n        </ul>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.ram.roles\", $(\"#services\\\\.ram\\\\.roles\\\\.partial\").html());\n</script>\n\n<!-- Single ram role template -->\n<script id=\"single_ram_role-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.ram.roles'}}\n</script>\n<script>\n    var single_ram_role_template = Handlebars.compile($(\"#single_ram_role-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aliyun/services.ram.users.html",
    "content": "\n<!-- RAM users -->\n<script id=\"services.ram.users.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"ram.users.{{@key}}.id\"><samp>{{identifier}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Display Name: <span id=\"ram.users.{{@key}}.display_name\"><samp>{{display_name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Creation Date: <span id=\"ram.users.{{@key}}.creation_datetime\">{{format_date creation_date}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Update Date: <span id=\"ram.users.{{@key}}.update_datetime\">{{format_date update_date}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Last Login Date: <span id=\"ram.users.{{@key}}.last_login_datetime\">{{format_date last_login_datetime}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Email: <span id=\"ram.users.{{@key}}.email\"><samp>{{value_or_none email}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Mobile Phone: <span id=\"ram.users.{{@key}}.mobile_phone\"><samp>{{value_or_none mobile_phone}}</samp></span></div>\n        <div id=\"ram.users.{{@key}}.mfa_secure\">\n            <div class=\"list-group-item-text item-margin\">Console Access: <span id=\"ram.users.{{@key}}.console_access\">{{convert_bool_to_enabled console_access}}</span></div>\n            <div class=\"list-group-item-text item-margin\">MFA Configured: <span id=\"ram.users.{{@key}}.mfa_status\"><samp>{{mfa_status}}</samp></span></div>\n        </div>\n    </div>\n    {{#if api_keys_count }}\n    <div class=\"list-group-item\">\n        <h5 class=\"list-group-item-heading\" id=\"ram.users.{{@key}}.multiple_api_keys\">API Keys</h5>\n        <ul>\n            {{#each api_keys}}\n            <li>ID: <code>{{id}}</code></li>\n            <ul>\n                <li>Status: <samp>{{status}}</samp></li>\n                <li>Creation Date: {{format_date creation_datetime}}</li>\n                <li>Last Used: {{format_date last_usage_datetime}}</li>\n            </ul>\n            {{/each}}\n        </ul>\n    </div>\n    {{/if}}\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Policies\n            {{> count_badge count=policies.length}}\n        </h4>\n        <ul>\n            {{#each policies}}\n            <li class=\"list-group-item-text\"><a href=\"javascript:showObject('services.ram.policies', 'name', '{{this}}')\">{{this}}</a></li>\n            {{/each}}\n        </ul>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Groups\n            {{> count_badge count=groups.length}}\n        </h4>\n        <ul>\n            {{#each groups}}\n            <li class=\"list-group-item-text\"><a href=\"javascript:showObject('services.ram.groups', 'name', '{{this}}')\">{{this}}</a></li>\n            {{/each}}\n        </ul>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.ram.users\", $(\"#services\\\\.ram\\\\.users\\\\.partial\").html());\n</script>\n\n<!-- Single ram user template -->\n<script id=\"single_ram_user-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.ram.users'}}\n</script>\n<script>\n    var single_ram_user_template = Handlebars.compile($(\"#single_ram_user-template\").html());\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aliyun/services.rds.regions.id.instances.html",
    "content": "\n<!-- RDS instances -->\n<script id=\"services.rds.regions.id.instances.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"rds.regions.{{region}}.instances.{{@key}}.name\"><samp>{{name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"rds.regions.{{region}}.instances.{{@key}}.id\"><samp>{{id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">State: <span id=\"rds.regions.{{region}}.instances.{{@key}}.db_instance_status\"><samp>{{db_instance_status}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Create Time: <span id=\"rds.regions.{{region}}.instances.{{@key}}.create_time\">{{format_date create_time}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Expire Time: <span id=\"rds.regions.{{region}}.instances.{{@key}}.expire_time\">{{format_date expire_time}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Region: <span id=\"rds.regions.{{region}}.instances.{{@key}}.region_id\"><samp>{{region_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Zone: <span id=\"rds.regions.{{region}}.instances.{{@key}}.zone_id\"><samp>{{zone_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Type: <span id=\"rds.regions.{{region}}.instances.{{@key}}.db_instance_type\"><samp>{{db_instance_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Read Only DB Instance IDs: <span id=\"rds.regions.{{region}}.instances.{{@key}}.read_only_db_instance_ids\"><samp>{{read_only_db_instance_ids.ReadOnlyDBInstanceId}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Multi-Region: <span id=\"rds.regions.{{region}}.instances.{{@key}}.mutri_o_rsignle\"><samp>{{mutri_o_rsignle}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">System Configuration</h4>\n        <div class=\"list-group-item-text item-margin\">Engine: <span id=\"rds.regions.{{region}}.instances.{{@key}}.engine\"><samp>{{engine}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Engine Version: <span id=\"rds.regions.{{region}}.instances.{{@key}}.engine_version\"><samp>{{engine_version}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Class: <span id=\"rds.regions.{{region}}.instances.{{@key}}.db_instance_class\"><samp>{{db_instance_class}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Pay Type: <span id=\"rds.regions.{{region}}.instances.{{@key}}.pay_type\"><samp>{{pay_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Lock Mode: <span id=\"rds.regions.{{region}}.instances.{{@key}}.lock_mode\"><samp>{{lock_mode}}</samp></span></div>\n        {{#if lock_reason}}\n        <div class=\"list-group-item-text item-margin\">Lock Reason: <span id=\"rds.regions.{{region}}.instances.{{@key}}.lock_reason\"><samp>{{lock_reason}}</samp></span></div>\n        {{/if}}\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Network Configuration</h4>\n        <div class=\"list-group-item-text item-margin\">Network Type: <span id=\"rds.regions.{{region}}.instances.{{@key}}.instance_network_type\"><samp>{{instance_network_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Connection Mode: <span id=\"rds.regions.{{region}}.instances.{{@key}}.connection_mode\"><samp>{{connection_mode}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Net Type: <span id=\"rds.regions.{{region}}.instances.{{@key}}.db_instance_net_type\"><samp>{{db_instance_net_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">VPC ID: <span id=\"rds.regions.{{region}}.instances.{{@key}}.vpc_id\"><samp>{{vpc_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">VPC Cloud Instance ID: <span id=\"rds.regions.{{region}}.instances.{{@key}}.vpc_cloud_instance_id\"><samp>{{vpc_cloud_instance_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Resource Group ID: <span id=\"rds.regions.{{region}}.instances.{{@key}}.resource_group_id\"><samp>{{resource_group_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">VSwitch ID: <span id=\"rds.regions.{{region}}.instances.{{@key}}.v_switch_id\"><samp>{{vswitch_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Ins ID: <span id=\"rds.regions.{{region}}.instances.{{@key}}.ins_id\"><samp>{{ins_id}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.rds.regions.id.instances\", $(\"#services\\\\.rds\\\\.regions\\\\.id\\\\.instances\\\\.partial\").html());\n</script>\n\n<!-- Single RDS instance template -->\n<script id=\"single_rds_instance-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.rds.regions.id.instance'}}\n</script>\n<script>\n    var single_rds_instance_template = Handlebars.compile($(\"#single_rds_instance-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aliyun/services.vpc.regions.id.vpcs.html",
    "content": "<!-- VPC VPCs -->\n<script id=\"services.vpc.regions.id.vpcs.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"vpc.regions.{{region}}.vpcs.{{@key}}.id\"><samp>{{id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"vpc.regions.{{region}}.vpcs.{{@key}}.name\"><samp>{{name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"vpc.regions.{{region}}.vpcs.{{@key}}.description\"><samp>{{description}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Creation Time: <span id=\"vpc.regions.{{region}}.vpcs.{{@key}}.creation_time\">{{format_date creation_time}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Status: <span id=\"vpc.regions.{{region}}.vpcs.{{@key}}.status\"><samp>{{status}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Region: <span id=\"vpc.regions.{{region}}.vpcs.{{@key}}.region_id\"><samp>{{region_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Default: <span id=\"vpc.regions.{{region}}.vpcs.{{@key}}.is_default\"><samp>{{is_default}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Cidr Block: <span id=\"vpc.regions.{{region}}.vpcs.{{@key}}.cidr_block\"><samp>{{cidr_block}}</samp></span></div>\n\n        <div class=\"list-group-item-text item-margin\">Router Table IDs: <span id=\"vpc.regions.{{region}}.vpcs.{{@key}}.router_table_ids\"><samp>{{router_table_ids.RouterTableIds}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">VRouter ID: <span id=\"vpc.regions.{{region}}.vpcs.{{@key}}.v_router_id\"><samp>{{vrouter_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">VSwitch IDs: <span id=\"vpc.regions.{{region}}.vpcs.{{@key}}.v_switch_ids\"><samp>{{vswitch_ids.VSwitchId}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Nat Gateway IDs: <span id=\"vpc.regions.{{region}}.vpcs.{{@key}}.nat_gateway_ids\"><samp>{{nat_gateway_ids.NatGatewayIds}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Resource Group ID: <span id=\"vpc.regions.{{region}}.vpcs.{{@key}}.resource_group_id\"><samp>{{resource_group_id}}</samp></span></div>\n\n        <div class=\"list-group-item-text item-margin\">User CIDRs: <span id=\"vpc.regions.{{region}}.vpcs.{{@key}}.user_cidrs\"><samp>{{user_cidrs.UserCidr}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">IPv6 CIDR Block: <span id=\"vpc.regions.{{region}}.vpcs.{{@key}}.ipv6_cidr_block\"><samp>{{ipv6_cidr_block}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Network Acl Num: <span id=\"vpc.regions.{{region}}.vpcs.{{@key}}.network_acl_num\"><samp>{{network_acl_num}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Cen Status: <span id=\"vpc.regions.{{region}}.vpcs.{{@key}}.cen_status\"><samp>{{cen_status}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.vpc.regions.id.vpcs\", $(\"#services\\\\.vpc\\\\.regions\\\\.id\\\\.vpcs\\\\.partial\").html());\n</script>\n\n<!-- Single VPC vpc template -->\n<script id=\"single_vpc_vpc-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.vpc.regions.id.vpcs'}}\n</script>\n<script>\n    var single_vpc_vpc_template = Handlebars.compile($(\"#single_vpc_vpc-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/left_menu_for_region.html",
    "content": "<!-- Generic left-menu link partial for region-then-resource -->\n<script id=\"left_menu_for_region.partial\" type=\"text/x-handlebars-template\">\n  <div id=\"services.{{service_name}}.regions.id.{{resource_type}}.list\">\n    <div class=\"list-group\" >\n      <div class=\"list-group-item\">\n        <a href=\"javascript:updateHash('services.{{service_name}}.regions.id.{{resource_type}}')\">\n            Show all <span class=\"badge float-right btn-info\">{{getValueAt 'metadata' service_group service_name 'resources' resource_type 'count'}}</span>\n        </a>\n      </div>\n    </div>\n    {{#each items}}\n    <div class=\"list-group\" id=\"services.{{../service_name}}.regions.{{@key}}.{{../resource_type}}.list\">\n      <div class=\"list-group-item active\">\n        <a href=\"#services.{{../service_name}}.regions.{{@key}}.{{../resource_type}}\">{{@key}}</a>\n        <span class=\"float-right\"><a href=\"javascript:hideList('services.{{../service_name}}.regions.{{@key}}.{{../resource_type}}.list')\"><i class=\"fa fa-times-circle\"></i></a></span>\n      </div>\n      <div class=\"list-group-item list-sub-element\">\n        {{#each (lookup . ../resource_type)}}\n        <div class=\"list-group-item-text\" id=\"services.{{../../service_name}}.regions.{{@../key}}.{{../../resource_type}}.{{@key}}.link\">\n          {{#if scout_link}}\n          <a href=\"#{{scout_link}}.view\">{{name}}</a>\n          {{else}}\n          <a href=\"#services.{{../../../service_name}}.regions.{{@../key}}.{{../../../resource_type}}.{{@key}}.view\">{{name}}</a>\n          {{/if}}\n        </div>\n        {{/each}}\n      </div>\n    </div>\n    {{/each}}\n  </div>\n</script>\n<script>\n    Handlebars.registerPartial(\"left_menu_for_region\", $(\"#left_menu_for_region\\\\.partial\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/left_menu_for_vpc.html",
    "content": "<!-- Generic left-menu link partial for region-then-vpc-then-resource -->\n<script id=\"left_menu_for_vpc.partial\" type=\"text/x-handlebars-template\">\n  <div id=\"services.{{service_name}}.regions.id.vpcs.id.{{resource_type}}.list\">\n    <div class=\"list-group\" >\n      <div class=\"list-group-item\">\n        <a href=\"javascript:updateHash('services.{{service_name}}.regions.id.vpcs.id.{{resource_type}}')\">\n            Show all <span class=\"badge float-right btn-info\">{{getValueAt 'metadata' service_group service_name 'resources' resource_type 'count'}}</span>\n        </a>\n      </div>\n    </div>\n    {{#each items}}\n    <div class=\"list-group\" id=\"services.{{../service_name}}.regions.{{@key}}.vpcs.id.{{../resource_type}}.list\">\n      <div class=\"list-group-item active\">\n        <a href=\"#services.{{../service_name}}.regions.{{@key}}.vpcs.id.{{../resource_type}}\">{{@key}}</a>\n        <span class=\"float-right\"><a href=\"javascript:hideList('services.{{../service_name}}.regions.{{@key}}.vpcs.id.{{../resource_type}}.list')\"><i class=\"fa fa-times-circle\"></i></a></span>\n      </div>\n      {{#each vpcs}}\n      <div class=\"list-group-item list-sub-element\" id=\"services.{{../../service_name}}.regions.{{@../key}}.vpcs.{{@key}}.{{../../resource_type}}.list\">\n        <a href=\"#services.{{../../service_name}}.regions.{{@../key}}.vpcs.{{@key}}.{{../../resource_type}}\">\n          {{#if (getValueAt 'services.vpc.regions' @../key 'vpcs' @key 'name')}}\n            {{getValueAt 'services.vpc.regions' @../key 'vpcs' @key 'name'}}\n          {{else}}\n            {{@key}}\n          {{/if}}\n        </a>\n        {{#each (lookup . ../../resource_type)}}\n        <div class=\"list-group-item-text list-sub-element\" id=\"services.{{../../../service_name}}.regions.{{@../../key}}.vpcs.{{@../key}}.{{../../../resource_type}}.{{@key}}.link\">\n          <a href=\"#services.{{../../../service_name}}.regions.{{@../../key}}.vpcs.{{@../key}}.{{../../../resource_type}}.{{@key}}.view\">{{name}}</a>\n        </div>\n        {{/each}}\n      </div>\n      {{/each}}\n    </div>\n    {{/each}}\n  </div>\n</script>\n<script>\n    Handlebars.registerPartial(\"left_menu_for_vpc\", $(\"#left_menu_for_vpc\\\\.partial\").html());\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.acm.regions.id.certificates.html",
    "content": "\n<!-- acm certificates -->\n<script id=\"services.acm.regions.id.certificates.partial\" type=\"text/x-handlebars-template\">\n\t<div id=\"resource-name\" class=\"list-group-item active\">\n\t\t<h4 class=\"list-group-item-heading\">{{name}}</h4>\n\t</div>\n\t<div class=\"list-group-item\">\n\t\t<h4 class=\"list-group-item-heading\">Information</h4>\n\t\t<div class=\"list-group-item-text item-margin\">ARN: <span id=\"acm.regions.{{region}}.certificates.{{@key}}.arn\"><samp>{{value_or_none arn}}</samp></span></div>\n\t\t<div class=\"list-group-item-text item-margin\">Domain Name: <span id=\"acm.regions.{{region}}.certificates.{{@key}}.DomainName\"><samp>{{value_or_none DomainName}}</samp></span></div>\n\t\t<div class=\"list-group-item-text item-margin\">Subject: <span id=\"acm.regions.{{region}}.certificates.{{@key}}.Subject\"><samp>{{value_or_none Subject}}</samp></span></div>\n\t\t<div class=\"list-group-item-text item-margin\">\n\t\t\tSubject Alternative Names:\n\t\t\t<span id=\"acm.regions.{{region}}.certificates.{{@key}}.SubjectAlternativeNames\">\n\t\t\t\t<ul>\n\t\t\t\t\t{{#each SubjectAlternativeNames}}\n\t\t\t\t\t<li class=\"list-group-item-text\"><samp>{{this}}</samp></li>\n\t\t\t\t\t{{/each}}\n\t\t\t\t</ul>\n\t\t\t</span>\n\t\t</div>\n\t\t<div class=\"list-group-item-text item-margin\">Status: <span id=\"acm.regions.{{region}}.certificates.{{@key}}.Status\"><samp>{{value_or_none Status}}</samp></span></div>\n\t\t<div class=\"list-group-item-text item-margin\">Issuer: <span id=\"acm.regions.{{region}}.certificates.{{@key}}.Issuer\"><samp>{{value_or_none Issuer}}</samp></span></div>\n\t\t<div class=\"list-group-item-text item-margin\">Type: <span id=\"acm.regions.{{region}}.certificates.{{@key}}.Type\"><samp>{{value_or_none Type}}</samp></span></div>\n\t\t<div class=\"list-group-item-text item-margin\">Created: <span id=\"acm.regions.{{region}}.certificates.{{@key}}.CreatedAt\">{{format_date CreatedAt}}</span></div>\n\t\t<div class=\"list-group-item-text item-margin\">Expiration: <span id=\"acm.regions.{{region}}.certificates.{{@key}}.NotAfter\">{{format_date NotAfter}}</span></div>\n\t\t<div class=\"list-group-item-text item-margin\">Renewal Eligibility: <span id=\"acm.regions.{{region}}.certificates.{{@key}}.RenewalEligibility\"><samp>{{value_or_none RenewalEligibility}}</samp></span></div>\n\t\t<div class=\"list-group-item-text item-margin\">Transparency Logging Preference: <span id=\"acm.regions.{{region}}.certificates.{{@key}}.CertificateTransparencyLoggingPreference\"><samp>{{value_or_none Options.CertificateTransparencyLoggingPreference}}</samp></span></div>\n\n\t\t<h4 class=\"list-group-item-heading\">Validation</h4>\n\t\t<div class=\"list-group-item-text item-margin\">Domain Validation Options:\n\t\t\t<span id=\"acm.regions.{{region}}.certificates.{{@key}}.DomainValidationOptions\">\n\t\t\t\t<ul>\n\t\t\t\t\t{{#each DomainValidationOptions}}\n\t\t\t\t\t<li class=\"list-group-item-text\"><samp>{{DomainName}} - {{ValidationDomain}} - {{ValidationMethod}} - {{ValidationStatus}}</samp></li>\n\t\t\t\t\t{{/each}}\n\t\t\t\t</ul>\n\t\t\t</span>\n\t\t</div>\n\n\t\t<h4 class=\"list-group-item-heading\">Keys</h4>\n\t\t<div class=\"list-group-item-text item-margin\">Key Algorithm: <span id=\"acm.regions.{{region}}.certificates.{{@key}}.KeyAlgorithm\"><samp>{{value_or_none KeyAlgorithm}}</samp></span></div>\n\t\t<div class=\"list-group-item-text item-margin\">Signature Algorithm: <span id=\"acm.regions.{{region}}.certificates.{{@key}}.SignatureAlgorithm\"><samp>{{value_or_none SignatureAlgorithm}}</samp></span></div>\n\t\t<div class=\"list-group-item-text item-margin\">\n\t\t\tKey Usages:\n\t\t\t<span id=\"acm.regions.{{region}}.certificates.{{@key}}.KeyUsages\">\n\t\t\t\t<ul>\n\t\t\t\t{{#each KeyUsages}}\n\t\t\t\t\t\t<li class=\"list-group-item-text\"><samp>{{Name}}</samp></li>\n\t\t\t\t{{else}}\n\t\t\t\t\t\t<li class=\"list-group-item-text\"><samp>None</samp></li>\n\t\t\t\t{{/each}}\n\t\t\t\t</ul>\n\t\t\t</span>\n\t\t</div>\n\t\t<div class=\"list-group-item-text item-margin\">Extended Key Usages:\n\t\t\t<span id=\"acm.regions.{{region}}.certificates.{{@key}}.ExtendedKeyUsages\">\n\t\t\t\t<ul>\n\t\t\t\t{{#each KeyUsages}}\n\t\t\t\t\t\t<li class=\"list-group-item-text\"><samp>{{Name}} - {{OID}}</samp></li>\n\t\t\t\t{{else}}\n\t\t\t\t\t\t<li class=\"list-group-item-text\"><samp>None</samp></li>\n\t\t\t\t{{/each}}\n\t\t\t\t</ul>\n\t\t\t</span>\n\t\t</div>\n\t\t<div class=\"list-group-item-text item-margin\">In Use By:\n\t\t\t<span id=\"acm.regions.{{region}}.certificates.{{@key}}.InUseBy\">\n\t\t\t\t<ul>\n\t\t\t\t{{#each InUseBys}}\n\t\t\t\t\t<li class=\"list-group-item-text\"><samp>{{this}}</samp></li>\n\t\t\t\t{{else}}\n\t\t\t\t\t<li class=\"list-group-item-text\"><samp>None</samp></li>\n\t\t\t\t{{/each}}\n\t\t\t\t</ul>\n\t\t\t</span>\n\t\t</div>\n\n\t</div>\n</script>\n\n<script>\n\tHandlebars.registerPartial(\"services.acm.regions.id.certificates\", $(\"#services\\\\.acm\\\\.regions\\\\.id\\\\.certificates\\\\.partial\").html());\n</script>\n\n<!-- Single acm certificate template -->\n<script id=\"single_acm_certificate-template\" type=\"text/x-handlebars-template\">\n\t{{> modal-template template='services.acm.regions.id.certificates'}}\n</script>\n<script>\n\tvar single_acm_certificate_template = Handlebars.compile($(\"#single_acm_certificate-template\").html());\n</script>\n\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.awslambda.regions.id.functions.html",
    "content": "<!-- Lambda function partial -->\n<script id=\"services.awslambda.regions.id.functions.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ARN: <span id=\"awslambda.regions{{region}}.functions.{{@key}}.arn\"><samp>{{value_or_none arn}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"awslambda.regions.{{region}}.functions.{{@key}}.description\"><samp>{{value_or_none description}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Last Modified: <span id=\"awslambda.regions.{{region}}.functions.{{@key}}.last_modified\"><samp>{{format_date last_modified}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Runtime: <span id=\"awslambda.regions.{{region}}.functions.{{@key}}.runtime\"><samp>{{value_or_none runtime}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Version: <span id=\"awslambda.regions.{{region}}.functions.{{@key}}.version\"><samp>{{value_or_none version}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Revision ID: <span id=\"awslambda.regions.{{region}}.functions.{{@key}}.revision_id\"><samp>{{value_or_none revision_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Execution Role: <a href=\"javascript:showObject('services.iam.roles.{{value_or_none execution_role.RoleId}}')\">{{value_or_none execution_role.RoleName}}</a></div>\n        <div class=\"list-group-item-text item-margin\">Handler: <span id=\"awslambda.regions.{{region}}.functions.{{@key}}.handler\"><samp>{{value_or_none handler}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Code Size: <span id=\"awslambda.regions.{{region}}.functions.{{@key}}.code_size\"><samp>{{value_or_none code_size}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Memory Size: <span id=\"awslambda.regions.{{region}}.functions.{{@key}}.memory_size\"><samp>{{value_or_none memory_size}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Timeout: <span id=\"awslambda.regions.{{region}}.functions.{{@key}}.timeout\"><samp>{{value_or_none timeout}}</samp></span></div>\n    </div>\n    {{#if access_policy}}\n    <div class=\"list-group-item\">\n        {{> accordion_policy name = 'Resource-Based Policy' policy_path = (concat 'awslambda.regions' region 'functions' @key 'access_policy') document = access_policy}}\n    </div>\n    {{/if}}\n    {{#if env_variables}}\n    <div class=\"list-group-item\">\n        {{> accordion_policy name = 'Environment Variables' policy_path = (concat 'awslambda.regions' region 'functions' @key 'env_variables') document = env_variables}}\n    </div>\n    {{/if}}\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.awslambda.regions.id.functions\", $(\"#services\\\\.awslambda\\\\.regions\\\\.id\\\\.functions\\\\.partial\").html());\n</script>\n\n<!-- Single awslambda function template -->\n<script id=\"single_awslambda_function-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.awslambda.regions.id.functions'}}\n</script>\n<script>\n    var single_awslambda_function_template = Handlebars.compile($(\"#single_awslambda_function-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.cloudformation.regions.id.stacks.html",
    "content": "<!-- CloudFormation stack partial -->\n<script id=\"services.cloudformation.regions.id.stacks.partial\" type=\"text/x-handlebars-template\">\n  <div id=\"resource-name\" class=\"list-group-item active\">\n    <h4 class=\"list-group-item-heading\">{{name}}</h4>\n  </div>\n  <div class=\"list-group-item\">\n    <h4 class=\"list-group-item-heading\">Description</h4>\n    <div class=\"list-group-item-text item-margin\">{{Description}}</div>\n  </div>\n  <div class=\"list-group-item\">\n    <h4 class=\"list-group-item-heading\">Information</h4>\n    <div class=\"list-group-item-text item-margin\">ARN: <span id=\"cloudformation.regions.{{region}}.stacks.{{@key}}.arn\"><samp>{{arn}}</samp></span></div>\n    <div class=\"list-group-item-text item-margin\">Region: {{region}}</div>\n    <div class=\"list-group-item-text item-margin\">Created on: {{CreationTime}}</div>\n    <div class=\"list-group-item-text item-margin\" id=\"\">Role:\n      {{#if iam_role}}\n        <a href=\"javascript:showObject('services.iam.roles.{{iam_role.id}}')\">{{iam_role.name}}</a>\n        <span id=\"cloudformation.regions.{{region}}.stacks.{{name}}\"><i class=\"fa fa-exclamation-triangle\"></i></span>\n      {{else}}\n        None\n      {{/if}}\n    </div>\n    <div class=\"list-group-item-text item-margin\">Termination protection enabled: <span id=\"cloudformation.regions.{{region}}.stacks.{{@key}}.cloudformation_stack_no_termination_protection\">{{EnableTerminationProtection}}</span></div>\n    <div class=\"list-group-item-text item-margin\">Configuration has drifted: <span id=\"cloudformation.regions.{{region}}.stacks.{{@key}}.cloudformation_stack_drifted\">{{drifted}}</span></div>\n    <div class=\"list-group-item-text item-margin\">Deletion policy: <span id=\"cloudformation.regions.{{region}}.stacks.{{@key}}.cloudformation_stack_no_deletion_policy\">{{deletion_policy}}</span></div>\n    <div class=\"list-group-item-text item-margin\">Notification ARNs:\n      <span id=\"cloudformation.regions.{{region}}.stacks.{{@key}}.cloudformation_stack_lacks_notifications\">\n        <ul>\n        {{#each notificationARNs}}\n            <li class=\"list-group-item-text\"><samp>{{this}}</samp></li>\n        {{else}}\n            <li class=\"list-group-item-text\"><samp>None</samp></li>\n        {{/each}}\n        </ul>\n      </span>\n    </div>\n  </div>\n  <div class=\"list-group-item\">\n    <h4 class=\"list-group-item-heading\">Capabilities {{> count_badge count=Capabilities.length}}</h4>\n    <ul>\n      {{#each Capabilities}}\n        <li class=\"list-group-item-text\">\n          {{this}}\n        </li>\n      {{/each}}\n    </ul>\n  </div>\n  {{#if policy}}\n    <div class=\"list-group-item\">\n      {{> accordion_policy name = 'Stack Policy' policy_path = (concat 'cloudformation.regions' region 'stacks' @key 'policy') document = policy}}\n    </div>\n  {{/if}}\n</script>\n\n<script>\n  Handlebars.registerPartial(\"services.cloudformation.regions.id.stacks\", $(\"#services\\\\.cloudformation\\\\.regions\\\\.id\\\\.stacks\\\\.partial\").html());\n</script>\n\n<!-- Single CloudFormation stack template -->\n<script id=\"single_cloudformation_stack-template\" type=\"text/x-handlebars-template\">\n  {{> modal-template template='services.cloudformation.regions.id.stacks' }}\n</script>\n\n<script>\n  var single_cloudformation_stack_template = Handlebars.compile($(\"#single_cloudformation_stack-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.cloudfront.distributions.html",
    "content": "<!-- cloudfront distributions -->\n<script id=\"services.cloudfront.distributions.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"cloudfront.distributions.{{@key}}.id\"><samp>{{value_or_none id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">ARN: <span id=\"cloudfront.distributions.{{@key}}.arn\"><samp>{{value_or_none arn}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Status: <span id=\"cloudfront.distributions.{{@key}}.enabled\"><samp>{{convert_bool_to_enabled enabled}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Enabled: <span id=\"cloudfront.distributions.{{@key}}.status\"><samp>{{value_or_none status}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Last Modified Time: <span id=\"cloudfront.distributions.{{@key}}.last_modified_time\"><samp>{{value_or_none last_modified_time}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Comment: <span id=\"cloudfront.distributions.{{@key}}.comment\"><samp>{{value_or_none comment}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Price Class: <span id=\"cloudfront.distributions.{{@key}}.price_class\"><samp>{{value_or_none price_class}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Domain Name: <span id=\"cloudfront.distributions.{{@key}}.domain_name\"><samp>{{value_or_none domain_name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Web ACL ID: <span id=\"cloudfront.distributions.{{@key}}.web_acl_id\"><samp>{{value_or_none web_acl_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">IPv6 Enabled: <span id=\"cloudfront.distributions.{{@key}}.is_ipv6_enabled\"><samp>{{value_or_none is_ipv6_enabled}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">HTTP Version: <span id=\"cloudfront.distributions.{{@key}}.http_version\"><samp>{{value_or_none http_version}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Certificate: <span id=\"cloudfront.distributions.{{@key}}.viewer_certificate\"><samp>{{value_or_none viewer_certificate.Certificate}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Minimum TLS Version: <span id=\"cloudfront.distributions.{{@key}}.minimum_ssl_version\"><samp>{{value_or_none viewer_certificate.MinimumProtocolVersion}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Origins</h4>\n        <ul>\n            <ul>\n                {{#each origins.Items}}\n                <li><samp>{{Id}}</samp></li>\n                <ul>\n                    <li>Domain: <samp>{{value_or_none DomainName}}</samp></li>\n                    <li>Origin Path: <samp>{{value_or_none OriginPath}}</samp></li>\n                    {{#if S3OriginConfig}}\n                    <li>S3 Origin Access Identity: <samp>{{value_or_none S3OriginConfig.OriginAccessIdentity}}</samp></li>\n                    {{/if}}\n                    {{#if CustomOriginConfig}}\n                    <li>Custom Origin Config:</li>\n                    <ul>\n                        <li>Protocol Policy: <span class=\"cloudfront.distributions.{{@../key}}.config_policy\"><samp>{{value_or_none CustomOriginConfig.OriginProtocolPolicy}}</samp></span></li>\n                        <li><span class=\"cloudfront.distributions.{{@../key}}.config_protocols\">SSL/TLS Protocols</span>:\n                            <ul>\n                                {{#each CustomOriginConfig.OriginSslProtocols.Items}}\n                                <li>{{this}}</li>\n                                {{/each}}\n                            </ul>\n                    </ul>\n                    {{/if}}\n                </ul>\n                {{/each}}\n            </ul>\n        </ul>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.cloudfront.distributions\", $(\"#services\\\\.cloudfront\\\\.distributions\\\\.partial\").html());\n</script>\n\n<!-- Single cloudfront distribution template -->\n<script id=\"single_cloudfront_distribution-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.cloudfront.distributions'}}\n</script>\n<script>\n    var single_cloudfront_distribution_template = Handlebars.compile($(\"#single_cloudfront_distribution-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.html",
    "content": "<!-- Region partial -->\n<script id=\"services.cloudtrail.regions.partial\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group-item active\">\n      <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n    <h4>Information</h4>\n      <ul>\n        <li class=\"list-group-item-text\">Configured:\n          <span id=\"cloudtrail.regions.{{name}}.NotConfigured\">\n              <samp>{{#ifPositive trails_count}}True{{else}}False{{/ifPositive}}</samp>\n          </span>\n        </li>\n      </ul>\n    </div>\n    <div class=\"list-group-item\">\n      <div class=\"accordion\">\n        <h4 class=\"list-group-item-heading accordion-heading\">Trails\n            {{> count_badge target=(concat '#cloudtrail.regions' name 'trails') count=trails_count}}\n        </h4>\n        <div id=\"cloudtrail.regions.{{name}}.trails\" class=\"accordion-body\">\n          <div class=\"accordion-inner\">\n            <ul class=\"no-bullet\">\n              {{#each this.trails}}\n                <li><a href=\"javascript:showObject('services.cloudtrail.regions.{{../name}}.trails.{{@key}}')\">{{name}}</a></li>\n              {{/each}}\n            </ul>\n          </div>\n        </div>\n      </div>\n    </div>\n</script>\n<script>\n  Handlebars.registerPartial(\"services.cloudtrail.regions\", $(\"#services\\\\.cloudtrail\\\\.regions\\\\.partial\").html());\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.id.trails.html",
    "content": "\n<!-- Trail partial -->\n<script id=\"services.cloudtrail.regions.id.trails.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n      <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n    <h4>Information</h4>\n      <ul>\n        <li class=\"list-group-item-text\">ARN: <samp>{{arn}}</samp></li>\n        <li class=\"list-group-item-text\">Region: <samp>{{region}}</samp>\n        {{#if scout_link}}\n        <i class=\"fa fa-exclamation-triangle\"></i> multi-region trail\n        {{/if}}\n        </li>\n        {{#unless scout_link}}\n        <li class=\"list-group-item-text\">Organization Trail: {{is_organization_trail}}</li>\n        <li class=\"list-group-item-text\">Logging: <span class=\"cloudtrail.regions.{{region}}.trails.{{@key}}.IsLogging\">{{convert_bool_to_enabled IsLogging}}</span></li>\n        <li class=\"list-group-item-text\">Start Logging Time: {{format_date StartLoggingTime}}</li>\n        <li class=\"list-group-item-text\">Stop Logging Time: {{format_date StopLoggingTime}}</li>\n        <li class=\"list-group-item-text\">Multi Region: <span class=\"cloudtrail.regions.{{region}}.trails.{{@key}}.IsLogging\">{{convert_bool_to_enabled IsMultiRegionTrail}}</span></li>\n        <li class=\"list-group-item-text\">Management Events: <span id=\"cloudtrail.regions.{{region}}.trails.{{@key}}.cloudtrail-management-events-disabled\">{{convert_bool_to_enabled ManagementEventsEnabled}}</span></li>\n        <li class=\"list-group-item-text\">Data Events: <span id=\"cloudtrail.regions.{{region}}.trails.{{@key}}.cloudtrail-data-events-disabled\">{{convert_bool_to_enabled DataEventsEnabled}}</span></li>\n        <li class=\"list-group-item-text\">Include Global Services:\n          <span id=\"cloudtrail.regions.{{region}}.trails.{{@key}}.GlobalServicesDuplicated\">\n            <span id=\"cloudtrail.regions.{{region}}.trails.{{@key}}.IncludeGlobalServiceEvents\">\n              <samp>{{#if IncludeGlobalServiceEvents}}Enabled {{#unless IsLogging}}(Trail disabled){{/unless}} {{else}}Disabled {{/if}}</samp>\n            </span>\n          </span>\n        </li>\n        <li class=\"list-group-item-text\">Destination S3 Bucket Name: <samp><a href=\"javascript:showObject('services.s3.buckets.{{bucket_id}}')\">{{getValueAt 'services.s3.buckets' bucket_id 'name'}}</a>/{{S3KeyPrefix}}</samp></li>\n        <li class=\"list-group-item-text\">Log File Validation Enabled: <span id=\"cloudtrail.regions.{{region}}.trails.{{@key}}.LogFileValidationDisabled\">{{convert_bool_to_enabled LogFileValidationEnabled}}</span></li>\n        <li class=\"list-group-item-text\">KMS Key: <span id=\"cloudtrail.regions.{{region}}.trails.{{@key}}.cloudtrail-kms-key-unused\"><samp>{{value_or_none KmsKeyId}}</samp></span></li>\n        <li class=\"list-group-item-text\">Latest CloudWatch Logs Delivery Time: <span id=\"cloudtrail.regions.{{region}}.trails.{{@key}}.TrailCloudwatchNoIntegration\">{{format_date LatestCloudWatchLogsDeliveryTime}}</span></li>\n        {{/unless}}\n      </ul>\n    </div>\n</script>\n<script>\n  Handlebars.registerPartial(\"services.cloudtrail.regions.id.trails\", $(\"#services\\\\.cloudtrail\\\\.regions\\\\.id\\\\.trails\\\\.partial\").html());\n</script>\n\n<!-- Single EC2 instance template -->\n<script id=\"single_cloudtrail_trail-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.cloudtrail.regions.id.trails' }}\n</script>\n<script>\n    var single_cloudtrail_trail_template = Handlebars.compile($(\"#single_cloudtrail_trail-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.cloudwatch.regions.id.alarms.html",
    "content": "\n<!-- Alarm partial -->\n<script id=\"services.cloudwatch.regions.id.alarms.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4>Information</h4>\n        <ul>\n            <li class=\"list-group-item-text\">Name: {{name}}</li>\n            <li class=\"list-group-item-text\">Region: {{region}}</li>\n            <li class=\"list-group-item-text\">Actions enabled: <span id=\"cloudwatch.regions.{{region}}.alarms.{{@key}}.ActionsEnabled\">{{ActionsEnabled}}</span></li>\n            <li class=\"list-group-item-text\">State: {{StateValue}}</li>\n            <li class=\"list-group-item-text\">Metric: {{Namespace}}::{{MetricName}}</li>\n        </ul>\n    </div>\n    <div class=\"list-group-item\">\n        <h4>Alarm Actions {{> count_badge count=resources.AlarmActions.length}} </h4>\n        <ul>\n        {{#each AlarmActions}}\n            <li class=\"'list-group-item-text\">{{this}}</li>\n        {{/each}}\n        {{#unless AlarmActions}}\n            <span id=\"cloudwatch.regions.{{region}}.alarms.{{@key}}.NoActions\"><i class=\"fa fa-exclamation-triangle\"></i> No actions have been configured for this alarm.</span>\n        {{/unless}}\n        </ul>\n    </div>\n    <div class=\"list-group-item\">\n        <h4>Insufficient Data Actions {{> count_badge count=InsufficientDataActions.length}}</h4>\n        <ul>\n        {{#each InsufficientDataActions}}\n            <li class=\"list-group-item-text\">{{this}}</li>\n        {{/each}}\n        </ul>\n    </div>\n</script>\n<script>\n    Handlebars.registerPartial(\"services.cloudwatch.regions.id.alarms\", $(\"#services\\\\.cloudwatch\\\\.regions\\\\.id\\\\.alarms\\\\.partial\").html());\n</script>\n\n<!-- Single CloudWatch alarm template -->\n<script id=\"single_cloudwatch_alarm-template\" type=\"text/x-handlebars-template\">\n  {{> modal-template template='services.cloudwatch.regions.id.alarms' }}\n</script>\n<script>\n    var single_cloudwatch_alarm_template = Handlebars.compile($(\"#single_cloudwatch_alarm-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.cloudwatch.regions.id.metric_filters.html",
    "content": "<!-- cloudwatch metric_filters -->\n<script id=\"services.cloudwatch.regions.id.metric_filters.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"cloudwatch.regions.{{region}}.metric_filters.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">ARN: <span id=\"cloudwatch.regions.{{region}}.metric_filters.{{@key}}.arn\"><code>{{value_or_none arn}}</code></span></div>\n        <div class=\"list-group-item-text item-margin\">Creation Time: <span id=\"cloudwatch.regions.{{region}}.metric_filters.{{@key}}.creation_time\">{{format_date creation_time}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Log Group Name: <span id=\"cloudwatch.regions.{{region}}.metric_filters.{{@key}}.log_group_name\"><samp>{{value_or_none log_group_name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Pattern: <span id=\"cloudwatch.regions.{{region}}.metric_filters.{{@key}}.pattern\"><code>{{value_or_none pattern}}</code></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.cloudwatch.regions.id.metric_filters\", $(\"#services\\\\.cloudwatch\\\\.regions\\\\.id\\\\.metric_filters\\\\.partial\").html());\n</script>\n\n<!-- Single cloudwatch metric_filter template -->\n<script id=\"single_cloudwatch_metric_filter-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.cloudwatch.regions.id.metric_filters'}}\n</script>\n<script>\n    var single_cloudwatch_metric_filter_template = Handlebars.compile($(\"#single_cloudwatch_metric_filter-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.config.regions.html",
    "content": "\n<!-- Recorder partial -->\n<script id=\"services.config.regions.partial\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group-item active\">\n      <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n    <h4>Information</h4>\n      <ul>\n        <li class=\"list-group-item-text\">AWS Config Recorder enabled:\n          <span id=\"config.regions.{{name}}.NotConfigured\">\n            {{#ifPositive recorders_count}}true{{else}}false{{/ifPositive}}\n          </span>\n        </li>\n      </ul>\n    </div>\n    <div class=\"list-group-item\">\n      <div class=\"accordion\">\n        <h4 class=\"list-group-item-heading accordion-heading\">Recorders\n            {{> count_badge target=(concat '#config.regions' name 'recorders') count=recorders_count}}\n        </h4>\n        <div id=\"config.regions.{{name}}.recorders\" class=\"accordion-body\">\n          <div class=\"accordion-inner\">\n            <ul class=\"no-bullet\">\n              {{#each this.recorders}}\n                <li><a href=\"javascript:showObject('services.config.regions.{{../name}}.recorders.{{@key}}')\">{{name}}</a></li>\n              {{/each}}\n            </ul>\n          </div>\n        </div>\n      </div>\n      <div class=\"accordion\">\n        <h4 class=\"list-group-item-heading accordion-heading\">Rules\n            {{> count_badge target=(concat '#config.regions' name 'rules') count=rules_count}}\n        </h4>\n        <div id=\"config.regions.{{name}}.rules\" class=\"accordion-body\">\n          <div class=\"accordion-inner\">\n            <ul class=\"no-bullet\">\n              {{#each this.rules}}\n                <li><a href=\"javascript:showObject('services.config.regions.{{../name}}.rules.{{@key}}')\">{{name}}</a></li>\n              {{/each}}\n            </ul>\n          </div>\n        </div>\n      </div>\n    </div>\n</script>\n<script>\n  Handlebars.registerPartial(\"services.config.regions\", $(\"#services\\\\.config\\\\.regions\\\\.partial\").html());\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.config.regions.id.recorders.html",
    "content": "<!-- Recorder partial -->\n<script id=\"services.config.regions.id.recorders.partial\" type=\"text/x-handlebars-template\">\n  <div id=\"resource-name\" class=\"list-group-item active\">\n    <h4 class=\"list-group-item-heading\">{{name}}</h4>\n  </div>\n  <div class=\"list-group-item\">\n    <h4>Information</h4>\n    <ul>\n      <li class=\"list-group-item-text\">Enabled: {{enabled}}</li>\n      <li class=\"list-group-item-text\">Region: {{region}}</li>\n      <li class=\"list-group-item-text\">Role ARN: <samp>{{role_ARN}}</samp></li>\n      <li class=\"list-group-item-text\">Last Status: {{last_status}}</li>\n      <li class=\"list-group-item-text\">Last Start Time: {{last_start_time}}</li>\n      <li class=\"list-group-item-text\">Last Status Change Time: {{last_status_change_time}}</li>\n    </ul>\n  </div>\n</script>\n<script>\n  Handlebars.registerPartial(\"services.config.regions.id.recorders\", $(\"#services\\\\.config\\\\.regions\\\\.id\\\\.recorders\\\\.partial\").html());\n</script>\n\n<!-- Single Config instance template -->\n<script id=\"single_config_recorder-template\" type=\"text/x-handlebars-template\">\n  {{> modal-template template='services.config.regions.id.recorders' }}\n</script>\n<script>\n  var single_config_recorder_template = Handlebars.compile($(\"#single_config_recorder-template\").html());\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.config.regions.id.rules.html",
    "content": "\n<!-- Rule partial -->\n<script id=\"services.config.regions.id.rules.partial\" type=\"text/x-handlebars-template\">\n  {{#unless scout_link}}\n    <div id=\"resource-name\" class=\"list-group-item active\">\n      <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n    <h4>Information</h4>\n      <ul>\n        <li class=\"list-group-item-text\">ID: {{id}}</li>\n        <li class=\"list-group-item-text\">ARN: <samp>{{arn}}</samp></li>\n        <li class=\"list-group-item-text\">Region: {{region}}</li>\n        <li class=\"list-group-item-text\">Description: <i>{{description}}</i></li>\n        <li class=\"list-group-item-text\">State: {{state}}</li>\n      </ul>\n    </div>\n  {{/unless}}\n</script>\n<script>\n  Handlebars.registerPartial(\"services.config.regions.id.rules\", $(\"#services\\\\.config\\\\.regions\\\\.id\\\\.rules\\\\.partial\").html());\n</script>\n\n<!-- Single Config rule template -->\n<script id=\"single_config_rule-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.config.regions.id.rules' }}\n</script>\n<script>\n    var single_config_rule_template = Handlebars.compile($(\"#single_config_rule-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.dynamodb.regions.id.tables.html",
    "content": "\n<!-- dynamodb tables -->\n<script id=\"services.dynamodb.regions.id.tables.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"dynamodb.regions.{{region}}.tables.{{@key}}.id\"><samp>{{value_or_none id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">ARN: <span id=\"dynamodb.regions.{{region}}.tables.{{@key}}.arn\"><samp>{{value_or_none arn}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Status: <span id=\"dynamodb.regions.{{region}}.tables.{{@key}}.table_status\"><samp>{{value_or_none table_status}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Creation Date: <span id=\"dynamodb.regions.{{region}}.tables.{{@key}}.creation_date_time\"><samp>{{format_date creation_date_time}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Automatic Backups: <span id=\"dynamodb.regions.{{region}}.tables.{{@key}}.automatic_backups_enabled\">{{convert_bool_to_enabled automatic_backups_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Item Count: <span id=\"dynamodb.regions.{{region}}.tables.{{@key}}.item_count\"><samp>{{value_or_none item_count}}</samp></span></div>\n    </div>\n    {{#if tags}}\n    <div class=\"list-group-item\">\n        <h4>Tags</h4>\n        <ul>\n            {{#each tags}}\n            <li class=\"list-group-item-text\"><samp>{{Key}}</samp>: <samp>{{Value}}</samp></li>\n            {{/each}}\n        </ul>\n    </div>\n    {{/if}}\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.dynamodb.regions.id.tables\", $(\"#services\\\\.dynamodb\\\\.regions\\\\.id\\\\.tables\\\\.partial\").html());\n</script>\n\n<!-- Single dynamodb table template -->\n<script id=\"single_dynamodb_table-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.dynamodb.regions.id.tables'}}\n</script>\n<script>\n    var single_dynamodb_table_template = Handlebars.compile($(\"#single_dynamodb_table-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.regional_settings.html",
    "content": "<!-- EC2 regional settings partial -->\n<script id=\"services.ec2.regions.id.regional_settings.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{region}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Regional settings</h4>\n        <ul>\n            <li class=\"list-group-item-text\">Encryption enabled for EBS Volumes by default: <span id=\"ec2.regions.{{region}}.regional_settings.{{@key}}.NoDefaultEBSEncryption\"><samp>{{ebs_encryption_default}}</samp></span></li>\n            <li class=\"list-group-item-text\">Default encryption key: <span id=\"ec2.regions.{{region}}.regional_settings.{{@key}}.ebs_default_encryption_key\"><samp>{{ebs_default_encryption_key_id}}</samp></span></li>\n        </ul>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.ec2.regions.id.regional_settings\", $(\"#services\\\\.ec2\\\\.regions\\\\.id\\\\.regional_settings\\\\.partial\").html());\n</script>\n\n<!-- Single region template -->\n<!-- **UNTESTED**  Intended for details popups.  Not used at this time. -->\n<script id=\"single_ec2_region-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.ec2.regions.id.regional_settings'}}\n</script>\n<script>\n    var single_ec2_region_template = Handlebars.compile($(\"#single_ec2_region-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.snapshots.html",
    "content": "\n\n<!-- ec2 snapshots -->\n<script id=\"services.ec2.regions.id.snapshots.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"ec2.regions.{{region}}.snapshots.{{@key}}.id\"><samp>{{value_or_none id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">ARN: <span id=\"ec2.regions.{{region}}.snapshots.{{@key}}.arn\"><samp>{{value_or_none arn}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"ec2.regions.{{region}}.snapshots.{{@key}}.description\"><samp>{{value_or_none description}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">State: <span id=\"ec2.regions.{{region}}.snapshots.{{@key}}.state\"><samp>{{value_or_none state}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Progress: <span id=\"ec2.regions.{{region}}.snapshots.{{@key}}.progress\"><samp>{{value_or_none progress}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Start Time: <span id=\"ec2.regions.{{region}}.snapshots.{{@key}}.start_time\"><samp>{{value_or_none start_time}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Volume: <span id=\"ec2.regions.{{region}}.snapshots.{{@key}}.volume\"><samp>{{> resource_link resource_path = (concat 'services.ec2.regions' region 'volumes' volume_id )}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Owner ID: <span id=\"ec2.regions.{{region}}.snapshots.{{@key}}.owner_id\"><samp>{{value_or_none owner_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Encryption: <span id=\"ec2.regions.{{region}}.snapshots.{{@key}}.encrypted\">{{convert_bool_to_enabled encrypted}}</span></div>\n        <div class=\"list-group-item-text item-margin\">KMS Key ID: <span id=\"ec2.regions.{{region}}.snapshots.{{@key}}.kms_key_id\"><samp>{{value_or_none kms_key_id}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.ec2.regions.id.snapshots\", $(\"#services\\\\.ec2\\\\.regions\\\\.id\\\\.snapshots\\\\.partial\").html());\n</script>\n\n<!-- Single ec2 snapshot template -->\n<script id=\"single_ec2_snapshot-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.ec2.regions.id.snapshots'}}\n</script>\n<script>\n    var single_ec2_snapshot_template = Handlebars.compile($(\"#single_ec2_snapshot-template\").html());\n</script>\n\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.volumes.html",
    "content": "<!-- EBS volume partial -->\n<script id=\"services.ec2.regions.id.volumes.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"ec2.regions.{{region}}.volumes.{{@key}}.id\"><samp>{{value_or_none id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">ARN: <span id=\"ec2.regions.{{region}}.volumes.{{@key}}.arn\"><samp>{{value_or_none arn}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"ec2.regions.{{region}}.volumes.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">State: <span id=\"ec2.regions.{{region}}.volumes.{{@key}}.state\"><samp>{{value_or_none State}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Size: <span id=\"ec2.regions.{{region}}.volumes.{{@key}}.size\"><samp>{{value_or_none Size}} GiB</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Volume Type: <span id=\"ec2.regions.{{region}}.volumes.{{@key}}.volume_type\"><samp>{{value_or_none VolumeType}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Create Time: <span id=\"ec2.regions.{{region}}.volumes.{{@key}}.create_time\"><samp>{{value_or_none CreateTime}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Encryption: <span id=\"ec2.regions.{{region}}.volumes.{{@key}}.encrypted\">{{convert_bool_to_enabled Encrypted}}</span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.ec2.regions.id.volumes\", $(\"#services\\\\.ec2\\\\.regions\\\\.id\\\\.volumes\\\\.partial\").html());\n</script>\n\n<!-- Single EBS volume template -->\n<script id=\"single_ebs_volume-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.ec2.regions.id.volumes' }}\n</script>\n\n<script>\n    var single_ec2_volume_template = Handlebars.compile($(\"#single_ebs_volume-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.images.html",
    "content": "\n<!-- AMIs partial -->\n<script id=\"services.ec2.regions.id.images.partial\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <ul>\n            <li class=\"list-group-item-text\">ARN: <samp>{{arn}}</samp></li>\n            <li class=\"list-group-item-text\">ID: <samp>{{id}}</samp></li>\n            <li class=\"list-group-item-text\">Architecture: {{getValueAt 'services.ec2.regions' region 'images' id 'Architecture'}}</li>\n            <li class=\"list-group-item-text\">Public: <span id=\"ec2.regions.{{region}}.images.{{id}}.image_is_public\">{{getValueAt 'services.ec2.regions' region 'images' id 'Public'}}</span></li>\n        </ul>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.ec2.regions.id.images\", $(\"#services\\\\.ec2\\\\.regions\\\\.id\\\\.images\\\\.partial\").html());\n</script>\n\n<!-- Single AMI template -->\n<script id=\"single_ec2_image-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.ec2.regions.id.images' }}\n</script>\n<script>\n    var single_ec2__template = Handlebars.compile($(\"#single_ec2_image-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.instances.html",
    "content": "    <!-- EC2 instance partial -->\n    <script id=\"services.ec2.regions.id.vpcs.id.instances.partial\" type=\"text/x-handlebars-template\">\n        <div id=\"resource-name\" class=\"list-group-item active\">\n            <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n            <h4>Information</h4>\n            <ul>\n                <li class=\"list-group-item-text\">ARN: <samp>{{arn}}</samp></li>\n                <li class=\"list-group-item-text\">ID: <samp>{{id}}</samp></li>\n                <li class=\"list-group-item-text\">Region: <samp>{{region}}</samp></li>\n                <li class=\"list-group-item-text\">Availability Zone: <samp>{{availability_zone}}</samp></li>\n                <li class=\"list-group-item-text\">VPC: <samp>{{getValueAt 'services.ec2.regions' region 'vpcs' vpc 'name'}} ({{vpc}})</samp></li>\n                <li class=\"list-group-item-text\">Reservation ID: <samp>{{reservation_id}}</samp></li>\n                <li class=\"list-group-item-text\">IAM role: <samp>{{value_or_none iam_role}}</samp></li>\n                <li class=\"list-group-item-text\">Monitoring: <span id=\"ec2.regions.{{region}}.vpcs.{{vpc}}.instances.{{@key}}.monitoring_disabled\">{{convert_bool_to_enabled monitoring_enabled}}</span></li>\n                <li class=\"list-group-item-text\">Access Key Name: <samp>{{KeyName}}</samp></li>\n                <li class=\"list-group-item-text\">State: <samp>{{makeTitle State.Name}}</samp></li>\n                <li class=\"list-group-item-text\">Instance Type:\n                    <span id=\"services.ec2.regions.vpcs.instances-unscannable-instance-types-{{id}}\"> <samp>{{InstanceType}}</samp></span>\n                </li>\n                <li class=\"list-group-item-text\">Up Since: {{format_date LaunchTime}}</li>\n            </ul>\n        </div>\n        <div class=\"list-group-item\" style=\"padding-bottom: 0 !important;\">\n            <h4>Network interfaces</h4>\n            {{#each network_interfaces}}\n                {{> network_interface region = ../region vpc = ../vpc network_interface = @../key}}\n            {{/each}}\n        </div>\n        {{#if metadata_options}}\n        <div class=\"list-group-item\">\n            <h4>Metadata Options</h4>\n            <ul id=\"ec2.regions.{{region}}.vpcs.{{vpc}}.instances.{{@key}}.metadata_options\">\n                <li>Endpoint: <samp>{{metadata_options.HttpEndpoint}}</samp></li>\n                <li>HTTP Tokens: <samp>{{metadata_options.HttpTokens}}</samp></li>\n            </ul>\n        </div>\n        {{/if}}\n        {{#if user_data}}\n        <div class=\"list-group-item\" style=\"padding-bottom: 0 !important;\">\n            <h4>User data</h4>\n            <div>\n                <code>{{#each (split_lines user_data)}}   {{this}}<br>{{/each}}</code>\n            </div>\n            {{#if user_data_secrets}}\n            <br>\n            <h5 id=\"ec2.regions.{{region}}.vpcs.{{vpc}}.instances.{{@key}}.potential_secrets\">Potential Secrets</h5>\n            <ul>\n                {{#each user_data_secrets}}\n                <li>\n                    {{@key}}\n                    <ul>\n                        {{#each this}}\n                        <li><code>{{this}}</code></li>\n                        {{/each}}\n                    </ul>\n                </li>\n                {{/each}}\n            </ul>\n            {{/if}}\n        </div>\n        {{/if}}\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.ec2.regions.id.vpcs.id.instances\", $(\"#services\\\\.ec2\\\\.regions\\\\.id\\\\.vpcs\\\\.id\\\\.instances\\\\.partial\").html());\n    </script>\n\n    <!-- Single EC2 instance template -->\n    <script id=\"single_ec2_instance-template\" type=\"text/x-handlebars-template\">\n        {{> modal-template template='services.ec2.regions.id.vpcs.id.instances' }}\n    </script>\n    <script>\n        var single_ec2_instance_template = Handlebars.compile($(\"#single_ec2_instance-template\").html());\n    </script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html",
    "content": "<!-- EC2 security group partial -->\n<script id=\"services.ec2.regions.id.vpcs.id.security_groups.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n      <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text\">ID: <samp>{{id}}</samp></div>\n        <div class=\"list-group-item-text\">ARN: <samp>{{arn}}</samp></div>\n        <div class=\"list-group-item-text\">Region: <samp>{{region}}</samp></div>\n        <div class=\"list-group-item-text\">VPC: {{getValueAt 'services.vpc.regions' region 'vpcs' vpc 'name'}} ({{vpc}})</div>\n        <div class=\"list-group-item-text\">Description: <samp>{{description}}</samp></div>\n    </div>\n\n    {{#each rules}}\n      {{> services.ec2.regions.vpcs.security_groups.rule_list this sg_name = ../name sg_id = ../id direction = @key vpc = ../vpc region = ../region }}\n    {{/each}}\n\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Usage</h4>\n        {{#if used_by}}\n        <ul>\n            {{#each used_by}}\n                {{#each resource_type}}\n                    {{> services.ec2.regions.vpcs.security_groups.resource_list service=@../key resources=this resource_type=@key status=this region=../../region vpc=../../vpc group=../../../id}}\n                {{/each}}\n            {{/each}}\n        </ul>\n        {{else}}\n        <span id=\"services.ec2.regions.vpcs.security_groups-unused-{{id}}\" class=\"finding-hidden item-margin\">\n            <i class=\"fa fa-check-circle\"></i> This security group is not in use.\n        </span>\n        {{/if}}\n    </div>\n</script>\n\n<script>\n  Handlebars.registerPartial(\"services.ec2.regions.id.vpcs.id.security_groups\", $(\"#services\\\\.ec2\\\\.regions\\\\.id\\\\.vpcs\\\\.id\\\\.security_groups\\\\.partial\").html());\n</script>\n\n<!-- Single EC2 security group template -->\n<script id=\"single_ec2_security_group-template\" type=\"text/x-handlebars-template\">\n  {{> modal-template template='services.ec2.regions.id.vpcs.id.security_groups'}}\n</script>\n\n<script>\n  var single_ec2_security_group_template = Handlebars.compile($(\"#single_ec2_security_group-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.ec2.regions.vpcs.security_groups.resource_list.html",
    "content": "    <!-- EC2 security group associated resources list partial -->\n    <script id=\"services.ec2.regions.vpcs.security_groups.resource_list.partial\" type=\"text/x-handlebars-template\">\n      {{#if resources}}\n        <div class=\"accordion\">\n          <li>\n            <h5 class=\"list-group-item-heading accordion-heading\">{{ makeTitle service }} {{ makeTitle resource_type }}\n                <!--{{> count_badge count=resources.length}}-->\n            </h5>\n          </li>\n          <div id=\"ec2_security_group-{{group}}-{{service}}_{{resource_type}}_list-{{status}}\" class=\"accordion-body in\">\n            <div class=\"accordion-inner\">\n              <ul>\n                {{#if active}}\n                  {{#each active}}\n                    <li class=\"list-group-item-text\">\n                      <a\n                        href=\"javascript:showObject('services.{{../service}}.regions.{{../region}}.vpcs.{{../vpc}}.{{../resource_type}}.{{this.id}}')\">\n                        {{this.name}}\n                      </a>\n                    </li>\n                  {{/each}}\n                {{else}}\n                  {{#each resources}}\n                  <li class=\"list-group-item-text\">\n                    <a\n                      href=\"javascript:showObject('services.{{../service}}.regions.{{../region}}.vpcs.{{../vpc}}.{{../resource_type}}.{{this.id}}')\">\n                      {{this.name}}\n                    </a>\n                  </li>\n                  {{/each}}\n                {{/if}}\n              </ul>\n            </div>\n          </div>\n        </div>\n      {{else}}\n        <h5 class=\"list-group-item-heading item-margin accordion-heading\">{{status}}\n            {{> count_badge count=resources.length}}\n        </h5>\n      {{/if}}\n    </script>\n\n    <script>\n      Handlebars.registerPartial(\"services.ec2.regions.vpcs.security_groups.resource_list\", $(\"#services\\\\.ec2\\\\.regions\\\\.vpcs\\\\.security_groups\\\\.resource_list\\\\.partial\").html());\n    </script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.ec2.regions.vpcs.security_groups.rule_list.html",
    "content": "\n    <!-- EC2 security group rules partial -->\n    <script id=\"services.ec2.regions.vpcs.security_groups.rule_list.partial\" type=\"text/x-handlebars-template\">\n      <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">\n          {{makeTitle direction}} Rules\n          {{> count_badge count=count}}\n        </h4>\n        <ul>\n        {{#each protocols}}\n          <li class=\"list-group-item-text\">{{@key}}</li>\n          <ul>\n            <li class=\"list-group-item-text\">{{#ifEqual @key \"ICMP\"}}Message types{{else}}Ports{{/ifEqual}}:\n            <ul>\n            {{#each ports}}\n              <li><span id=\"ec2.regions.{{../../region}}.vpcs.{{../../vpc}}.security_groups.{{../../sg_id}}.rules.{{../../direction}}.protocols.{{@../key}}.ports.{{@key}}\">{{@key}}</span></li>\n              <ul>\n              {{#if cidrs}}\n                <li class=\"list-group-item-text\">IP addresses:</li>\n                {{> ip_grants items = cidrs span_id_prefix = (concat 'ec2.regions' ../../../region 'vpcs' ../../../vpc 'security_groups' ../../../sg_id 'rules' ../../../direction 'protocols' @../key 'ports' @key 'cidrs')}}\n              {{/if}}\n              {{#if Ipv6Ranges}}\n                <li class=\"list-group-item-text\">IPv6 addresses:</li>\n                {{> ip_grants items = Ipv6Ranges span_id_prefix = (concat 'ec2.regions' ../../../region 'vpcs' ../../../vpc 'security_groups' ../../../sg_id 'rules' ../../../direction 'protocols' @../key 'ports' @key 'Ipv6Ranges')}}\n              {{/if}}\n              {{#if security_groups}}\n                <li class=\"list-group-item-text\">EC2 security groups:</li>\n                {{> ec2_grants region = ../../../region vpc = ../../../vpc sg_id = ../../../sg_id direction = ../../../direction protocol = @../key ports = @key items = security_groups}}\n              {{/if}}\n              </ul>\n            {{/each}}\n            </ul>\n          </ul>\n        {{/each}}\n        </ul>\n        {{#ifEqual sg_name 'default'}}\n          <span id=\"ec2.regions.{{region}}.vpcs.{{vpc}}.security_groups.{{sg_id}}.rules.{{direction}}.default_with_rules\" class=\"finding-hidden item-margin\">\n            <i class=\"fa fa-exclamation-triangle\"></i> Default security groups should have no rules.\n          </span>\n        {{/ifEqual}}\n      </div>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.ec2.regions.vpcs.security_groups.rule_list\", $(\"#services\\\\.ec2\\\\.regions\\\\.vpcs\\\\.security_groups\\\\.rule_list\\\\.partial\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.parameter_groups.html",
    "content": "\n<!-- ElastiCache cluster partial -->\n<script id=\"services.elasticache.regions.id.parameter_groups.partial\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Attributes</h4>\n        {{> generic_object resource}}\n    </div>\n</script>\n<script>\n    Handlebars.registerPartial(\"services.elasticache.regions.id.parameter_groups\", $(\"#services\\\\.elasticache\\\\.regions\\\\.id\\\\.parameter_groups\\\\.partial\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.security_groups.html",
    "content": "\n<!-- ElastiCache cluster partial -->\n<script id=\"services.elasticache.regions.id.security_groups.partial\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Attributes</h4>\n        {{> generic_object resource}}\n    </div>\n</script>\n<script>\n    Handlebars.registerPartial(\"services.elasticache.regions.id.security_groups\", $(\"#services\\\\.elasticache\\\\.regions\\\\.id\\\\.security_groups\\\\.partial\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.subnet_groups.html",
    "content": "\n<!-- ElastiCache cluster partial -->\n<script id=\"services.elasticache.regions.id.vpcs.id.subnet_groups.partial\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Attributes</h4>\n        {{> generic_object resource}}\n    </div>\n</script>\n<script>\n    Handlebars.registerPartial(\"services.elasticache.regions.id.vpcs.id.subnet_groups\", $(\"#services\\\\.elasticache\\\\.regions\\\\.id\\\\.vpcs\\\\.id\\\\.subnet_groups\\\\.partial\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.elasticache.regions.id.vpcs.id.clusters.html",
    "content": "\n    <!-- ElastiCache cluster partial -->\n    <script id=\"services.elasticache.regions.id.vpcs.id.clusters.partial\" type=\"text/x-handlebars-template\">\n        <div class=\"list-group-item active\">\n            <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n            <h4 class=\"list-group-item-heading\">Attributes</h4>\n            {{> generic_object resource}}\n        </div>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.elasticache.regions.id.vpcs.id.clusters\", $(\"#services\\\\.elasticache\\\\.regions\\\\.id\\\\.vpcs\\\\.id\\\\.clusters\\\\.partial\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.elb_policies.html",
    "content": "    <!-- ELB Policy partial -->\n    <script id=\"services.elb.regions.id.elb_policies.partial\" type=\"text/x-handlebars-template\">\n        <div id=\"resource-name\" class=\"list-group-item active\">\n          <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n            <h4 class=\"list-group-item-heading\">Information</h4>\n            <div class=\"list-group-item-text item-margin\">ARN: <samp>{{value_or_none arn}}</samp></div>\n        </div>\n        {{#ifEqual PolicyTypeName 'SSLNegotiationPolicyType'}}\n            <div class=\"list-group-item\">\n                <h4>Protocols</h4>\n                <ul>\n                    {{#each protocols}}\n                        <li class=\"list-group-item-text\">{{@key}}: {{this}}</li>\n                    {{/each}}\n                </ul>\n            </div>\n            <div class=\"list-group-item\">\n                <h4>Options</h4>\n                <ul>\n                    {{#each options}}\n                        <li class=\"list-group-item-text\">{{@key}}: {{this}}</li>\n                    {{/each}}\n                </ul>\n            </div>\n            <div class=\"list-group-item\">\n                <h4>Ciphers</h4>\n                <ul>\n                    {{#each ciphers}}\n                        {{#ifEqual this 'true'}}\n                            <li class=\"list-group-item-text\">{{@key}}: {{this}}</li>\n                        {{/ifEqual}}\n                    {{/each}}\n                </ul>\n        {{else}}\n            <div class=\"list-group-item\">\n                <h4>Attributes</h4>\n                <ul class=\"no-bullet\">\n                    {{#each PolicyAttributeDescriptions}}\n                        <li class=\"list-group-item-text\">{{AttributeName}}: {{AttributeValue}}</li>\n                    {{/each}}\n                </ul>\n            </div>\n        {{/ifEqual}}\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.elb.regions.id.elb_policies\", $(\"#services\\\\.elb\\\\.regions\\\\.id\\\\.elb_policies\\\\.partial\").html());\n    </script>\n\n    <!-- Single elb security group template -->\n    <script id=\"single_elb_elb_policy-template\" type=\"text/x-handlebars-template\">\n        {{> modal-template template='services.elb.regions.id.elb_policies'}}\n    </script>\n    <script>\n        var single_elb_elb_policy_template = Handlebars.compile($(\"#single_elb_elb_policy-template\").html());\n    </script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.html",
    "content": "\n    <!-- elb ELB partial -->\n    <script id=\"services.elb.regions.id.vpcs.id.elbs.partial\" type=\"text/x-handlebars-template\">\n        <div class=\"list-group-item active\">\n            <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n            <h4>Information</h4>\n            <ul>\n                <li class=\"list-group-item-text\">ARN: <samp>{{arn}}</samp></li>\n                <li class=\"list-group-item-text\">VPC: {{getValueAt 'services.elb.regions' region 'vpcs' vpc 'name'}} ({{vpc}})</li>\n                <li class=\"list-group-item-text\">DNS: {{DNSName}}</li>\n                <li class=\"list-group-item-text\">Scheme: {{Scheme}}</li>\n                <li class=\"list-group-item-text\">Availability zones:</li>\n                <ul>\n                    {{#each AvailabilityZones}}\n                        <li class=\"list-group-item-text\">{{this}}</li>\n                    {{/each}}\n                </ul>\n            </ul>\n        </div>\n        <div class=\"list-group-item\">\n            <h4>Listeners</h4>\n            <ul>\n                {{#each listeners}}\n                    <li class=\"list-group-item-text\">\n                      <span id=\"elb.regions.{{../region}}.vpcs.{{../vpc}}.elbs.{{@../key}}.listeners.{{@key}}\">{{@key}} ({{Protocol}}{{#if SslPolicy}}, {{SslPolicy}}{{/if}})</span>\n                    </li>\n                {{/each}}\n          </ul>\n        </div>\n        <div class=\"list-group-item\">\n            <h4>Attributes</h4>\n            <ul>\n                {{#each attributes}}\n                    {{#each this}}\n                        <li class=\"list-group-item-text\">{{@../key}}.{{@key}}: <span id=\"elb.regions.{{../../region}}.vpcs.{{../../vpc}}.elbs.{{@../../key}}.attributes.{{@../key}}.{{@key}}\">{{this}}</span></li>\n                    {{/each}}\n                {{/each}}\n            </ul>\n        </div>\n        <div class=\"list-group-item\" style=\"padding-bottom: 0 !important;\">\n          <div class=\"accordion\">\n            <h4 class=\"list-group-item-heading accordion-heading\">Security Groups\n              {{> count_badge count=security_groups.length target=(concat '#services.elb.regions' region 'vpcs' vpc 'elbs' @key 'security_groups')}}\n            </h4>\n            <div id=\"services.ec2.regions.{{region}}.vpcs.{{vpc}}.elbs.{{@key}}.security_groups\" class=\"accordion-body\">\n              <div class=\"accordion-inner\">\n                <ul class=\"no-bullet\">\n                  {{#each security_groups}}\n                    <li><a href=\"javascript:showObject('services.ec2.regions.{{../region}}.vpcs.{{../vpc}}.security_groups.{{GroupId}}')\">{{GroupId}}</a></li>\n                  {{/each}}\n                </ul>\n              </div>\n            </div>\n          </div>\n        </div>\n        <div class=\"list-group-item\">\n          <h4>Destination</h4>\n          <ul>\n            {{> services.elb.regions.vpcs.elbs.linked_resources service='ec2' region = region vpc = vpc resources = instances resource_type = 'instances'}}\n            {{> services.elb.regions.vpcs.elbs.linked_resources service='vpc' region = region vpc = vpc resources = Subnets resource_type = 'subnets'}}\n          </ul>\n        </div>\n        {{#if tags}}\n            <div class=\"list-group-item\">\n                <h4>Tags</h4>\n                <ul>\n                    {{#each tags}}\n                        <li class=\"list-group-item-text\"><samp>{{@key}}</samp>: <samp>{{this}}</samp></li>\n                    {{/each}}\n                </ul>\n            </div>\n        {{/if}}\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.elb.regions.id.vpcs.id.elbs\", $(\"#services\\\\.elb\\\\.regions\\\\.id\\\\.vpcs\\\\.id\\\\.elbs\\\\.partial\").html());\n    </script>\n\n    <!-- Single instance template -->\n    <script id=\"single_elb_elb-template\" type=\"text/x-handlebars-template\">\n        {{> modal-template template='services.elb.regions.id.vpcs.id.elbs'}}\n    </script>\n\n    <script>\n        var single_elb_elb_template = Handlebars.compile($(\"#single_elb_elb-template\").html());\n    </script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.linked_resources.html",
    "content": "\n    <!-- elb ELB partial -->\n    <script id=\"services.elb.regions.vpcs.elbs.linked_resources.partial\" type=\"text/x-handlebars-template\">\n        <div class=\"accordion\">\n          {{#if resources.length}}\n          <h5 class=\"list-group-item-heading accordion-heading\">{{makeTitle resource_type}}:\n            {{> count_badge count=resources.length target=(concat '#services' service 'regions' region 'vpcs' vpc 'elbs' @key resource_type)}}\n          </h5>\n          <div id=\"services.{{service}}.regions.{{region}}.vpcs.{{vpc}}.elbs.{{@key}}.{{resource_type}}\" class=\"accordion-body\">\n            <div class=\"accordion-inner\">\n              <ul>\n              {{#each resources}}\n                <li class=\"list-group-item-text\"><a href=\"javascript:showObject('services.{{../service}}.regions.{{../region}}.vpcs.{{../vpc}}.{{../resource_type}}.{{this}}')\">{{this}}</a></li>\n              {{/each}}\n              </ul>\n            </div>\n          </div>\n          {{else}}\n            <h5 class=\"list-group-item-heading accordion-heading\">{{makeTitle resource_type}}\n                <span class=\"badge float-right\">{{resources.length}}</span>\n            </h5>\n          {{/if}}\n        </div>\n    </script>\n    <script>\n        Handlebars.registerPartial(\"services.elb.regions.vpcs.elbs.linked_resources\", $(\"#services\\\\.elb\\\\.regions\\\\.vpcs\\\\.elbs\\\\.linked_resources\\\\.partial\").html());\n    </script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.listener.html",
    "content": "\n    <!-- elb ELB partial -->\n    <script id=\"services.elb.regions.vpcs.elbs.listener.partial\" type=\"text/x-handlebars-template\">\n        {{LoadBalancerPort}} ({{Protocol}}) <i class=\"fa fa-arrow-right\"></i> {{InstancePort}} ({{InstanceProtocol}})\n    </script>\n    <script>\n        Handlebars.registerPartial(\"services.elb.regions.vpcs.elbs.listener\", $(\"#services\\\\.elb\\\\.regions\\\\.vpcs\\\\.elbs\\\\.listener\\\\.partial\").html());\n    </script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcsid.elbs.linked_policy.html",
    "content": "    <!-- elb ELB partial -->\n    <script id=\"services.elb.regions.vpcs.elbs.linked_policy.partial\" type=\"text/x-handlebars-template\">\n        <a href=\"javascript:showObject('services.elb.regions.{{region}}.elb_policies.{{item}}')\">\n            {{get_value_at (concat 'services.elb.regions' region 'elb_policies' item 'name')}}\n        </a>\n    </script>\n    <script>\n        Handlebars.registerPartial(\"services.elb.regions.vpcs.elbs.linked_policy\", $(\"#services\\\\.elb\\\\.regions\\\\.vpcs\\\\.elbs\\\\.linked_policy\\\\.partial\").html());\n    </script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.elbv2.regions.id.vpcs.id.elbs.html",
    "content": "\n    <!-- ELBv2 LB partial -->\n    <script id=\"services.elbv2.regions.id.vpcs.id.lbs.partial\" type=\"text/x-handlebars-template\">\n        <div class=\"list-group-item active\">\n            <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n            <h4>Information</h4>\n            <ul>\n                <li class=\"list-group-item-text\">ARN: <samp>{{arn}}</samp></li>\n                <li class=\"list-group-item-text\">VPC: {{getValueAt 'services.elbv2.regions' region 'vpcs' vpc 'name'}} ({{vpc}})</li>\n                <li class=\"list-group-item-text\">DNS: {{DNSName}}</li>\n                <li class=\"list-group-item-text\"><span id=\"elbv2.regions.{{region}}.vpcs.{{vpc}}.lbs.{{@key}}.load_balancer_scheme\">Scheme: {{Scheme}}</span></li>\n                <li class=\"list-group-item-text\">Type: {{Type}}</li>\n                <li class=\"list-group-item-text\">Availability zones:</li>\n                <ul>\n                    {{#each AvailabilityZones}}\n                        <li class=\"list-group-item-text\">{{ZoneName}} ({{SubnetId}})</li>\n                    {{/each}}\n                </ul>\n            </ul>\n        </div>\n        <div class=\"list-group-item\">\n            <h4>Listeners</h4>\n            <ul>\n                {{#each listeners}}\n                    <li class=\"list-group-item-text\">\n                        <span id=\"elbv2.regions.{{../region}}.vpcs.{{../vpc}}.lbs.{{@../key}}.listeners.{{@key}}\">{{@key}} ({{Protocol}}{{#if SslPolicy}}, {{SslPolicy}}{{/if}})</span>\n                    </li>\n                {{/each}}\n            </ul>\n        </div>\n        <div class=\"list-group-item\">\n            <h4>Attributes</h4>\n            <ul>\n                {{#each attributes}}\n                    <li class=\"list-group-item-text\">{{Key}}: <span id=\"elbv2.regions.{{../region}}.vpcs.{{../vpc}}.lbs.{{@../key}}.attributes.{{@key}}\">{{Value}}</span></li>\n                {{/each}}\n            </ul>\n        </div>\n        {{#unless isNetwork}}\n        <div class=\"list-group-item\" style=\"padding-bottom: 0 !important;\">\n            <div class=\"accordion\">\n                <h4 class=\"list-group-item-heading accordion-heading\">Security Groups\n                  {{> count_badge count=security_groups.length target=(concat '#services.elbv2.regions' region 'vpcs' vpc 'lbs' @key 'security_groups')}}\n                </h4>\n                <div id=\"services.elbv2.regions.{{region}}.vpcs.{{vpc}}.lbs.{{@key}}.security_groups\" class=\"accordion-body\">\n                    <div class=\"accordion-inner\">\n                        <ul class=\"no-bullet\">\n                            {{#each security_groups}}\n                                <li><a href=\"javascript:showObject('services.ec2.regions.{{../region}}.vpcs.{{../vpc}}.security_groups.{{GroupId}}')\">{{GroupId}}</a></li>\n                            {{/each}}\n                        </ul>\n                    </div>\n                </div>\n            </div>\n        </div>\n        {{/unless}}\n        {{#if tags}}\n            <div class=\"list-group-item\">\n                <h4>Tags</h4>\n                <ul>\n                    {{#each tags}}\n                    <li class=\"list-group-item-text\"><samp>{{@key}}</samp>: <samp>{{this}}</samp></li>\n                    {{/each}}\n                </ul>\n            </div>\n        {{/if}}\n\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.elbv2.regions.id.vpcs.id.lbs\", $(\"#services\\\\.elbv2\\\\.regions\\\\.id\\\\.vpcs\\\\.id\\\\.lbs\\\\.partial\").html());\n    </script>\n\n    <!-- Single instance template -->\n    <script id=\"single_elbv2_lb-template\" type=\"text/x-handlebars-template\">\n        {{> modal-template template='services.elbv2.regions.id.vpcs.id.lbs'}}\n    </script>\n\n    <script>\n        var single_elbv2_lb_template = Handlebars.compile($(\"#single_elbv2_lb-template\").html());\n    </script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.emr.regions.id.vpcs.id.clusters.html",
    "content": "\n    <!-- EMR cluster partial -->\n    <script id=\"services.emr.regions.id.vpcs.id.clusters.partial\" type=\"text/x-handlebars-template\">\n        <div id=\"resource-name\" class=\"list-group-item active\">\n            <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n            <h4>Information</h4>\n            <ul>\n                <li class=\"list-group-item-text\">Region: <samp>{{region}}</samp></li>\n                <li class=\"list-group-item-text\">ARN: <samp>{{arn}}</samp></li>\n                <li class=\"list-group-item-text\">VPC: <samp>{{getValueAt 'services.ec2.regions' region 'vpcs' vpc 'name'}} ({{getValueAt 'services.ec2.regions' region 'vpcs' vpc 'arn'}})</samp></li>\n                <li class=\"list-group-item-text\">Id: <samp>{{id}}</samp></li>\n                <li class=\"list-group-item-text\">Availability zone: <samp>{{Ec2InstanceAttributes.Ec2AvailabilityZone}}</samp></li>\n                <li class=\"list-group-item-text\">Status: <samp>{{Status.State}}</samp></li>\n                <li class=\"list-group-item-text\">Instance profile: <samp>{{Ec2InstanceAttributes.IamInstanceProfile}}</samp></li>\n                <li class=\"list-group-item-text\">Visible to all users: <samp>{{VisibleToAllUsers}}</samp></li>\n            </ul>\n        </div>\n        <div class=\"list-group-item\">\n            <h4>Master</h4>\n            <ul>\n                <li class=\"list-group-item-text\">Public DNS: {{#if MasterPublicDnsName}}{{MasterPublicDnsName}}{{else}}N/A{{/if}}</li>\n                <li class=\"list-group-item-text\">Security group:\n                    {{#if Ec2InstanceAttributes.EmrManagedMasterSecurityGroup}}\n                        <a href=\"javascript:showObject('services.ec2.regions.{{region}}.vpcs.{{vpc}}.security_groups.{{Ec2InstanceAttributes.EmrManagedMasterSecurityGroup}}')\">\n                            {{getValueAt 'services.ec2.regions' region 'vpcs' vpc 'security_groups' Ec2InstanceAttributes.EmrManagedMasterSecurityGroup 'name'}}\n                        </a>\n                    {{else}}\n                        N/A\n                    {{/if}}\n                </li>\n            </ul>\n        </div>\n        <div class=\"list-group-item\">\n            <h4>Slave</h4>\n            <ul>\n                <li class=\"list-group-item-text\">Security group:\n                    {{#if Ec2InstanceAttributes.EmrManagedSlaveSecurityGroup}}\n                        <a href=\"javascript:showObject('services.ec2.regions.{{region}}.vpcs.{{vpc}}.security_groups.{{Ec2InstanceAttributes.EmrManagedSlaveSecurityGroup}}')\">\n                            {{getValueAt 'services.ec2.regions' region 'vpcs' vpc 'security_groups' Ec2InstanceAttributes.EmrManagedSlaveSecurityGroup 'name'}}\n                        </a>\n                    {{else}}\n                        N/A\n                    {{/if}}\n                </li>\n            </ul>\n        </div>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.emr.regions.id.vpcs.id.clusters\", $(\"#services\\\\.emr\\\\.regions\\\\.id\\\\.vpcs\\\\.id\\\\.clusters\\\\.partial\").html());\n    </script>\n\n    <!-- Single EMR cluster template -->\n    <script id=\"single_emr_cluster-template\" type=\"text/x-handlebars-template\">\n        {{> modal-template template='services.emr.regions.id.vpcs.id.clusters'}}\n    </script>\n    <script>\n        var single_emr_cluster_template = Handlebars.compile($(\"#single_emr_cluster-template\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html",
    "content": "\n  <!-- IAM credential report partial -->\n  <script id=\"services.iam.credential_reports.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n      <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Credentials Report</h4>\n        <div class=\"list-group-item-text item-margin\">Creation Date: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'user_creation_time')}}</div>\n        <div class=\"list-group-item-text item-margin\">Last Used Date:  <span id=\"iam.credential_reports.{{@key}}.inactive_user\">{{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'last_used')}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Password Enabled: <span {{#ifEqual password_enabled 'true'}}class=\"iam.credential_reports.{{@key}}.unused_credentials\"{{/ifEqual}}><samp>{{getValueAt 'services' 'iam' 'credential_reports' @key 'password_enabled'}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Password Last Used: <span {{#ifEqual password_enabled 'true'}}class=\"iam.credential_reports.{{@key}}.unused_credentials\"{{/ifEqual}} id=\"iam.credential_reports.{{@key}}.password_last_used\">{{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'password_last_used')}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Password Last Changed: <span>{{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'password_last_changed')}}</span></div>\n        <div class=\"list-group-item-text item-margin\">MFA Active: <span id=\"iam.credential_reports.{{@key}}.mfa_active\"><samp>{{getValueAt 'services' 'iam' 'credential_reports' @key 'mfa_active'}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Hardware MFA Active: <span id=\"iam.credential_reports.{{@key}}.mfa_active_hardware\"><samp>{{getValueAt 'services' 'iam' 'credential_reports' @key 'mfa_active_hardware'}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Access Key 1 Active: <span {{#ifEqual access_key_1_active 'true'}}class=\"iam.credential_reports.{{@key}}.unused_credentials\"{{/ifEqual}} id=\"iam.credential_reports.{{@key}}.access_key_1_active\"><samp>{{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_active'}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Access Key 1 Last Used: <span {{#ifEqual access_key_1_active 'true'}}class=\"iam.credential_reports.{{@key}}.unused_credentials\"{{/ifEqual}} class=\"iam.credential_reports.{{@key}}.unused_access_key\">{{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_used_date')}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Access Key 1 Last Rotated: <span>{{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_rotated')}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Access Key 2 Active: <span {{#ifEqual access_key_2_active 'true'}}class=\"iam.credential_reports.{{@key}}.unused_credentials\"{{/ifEqual}} id=\"iam.credential_reports.{{@key}}.access_key_2_active\"><samp>{{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_active'}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Access Key 2 Last Used: <span {{#ifEqual access_key_2_active 'true'}}class=\"iam.credential_reports.{{@key}}.unused_credentials\"{{/ifEqual}} class=\"iam.credential_reports.{{@key}}.unused_access_key\">{{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_used_date')}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Access Key 2 Last Rotated: <span>{{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_rotated')}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Signing Cert 1 Active: <samp>{{getValueAt 'services' 'iam' 'credential_reports' @key 'cert_1_active'}}</samp></div>\n        <div class=\"list-group-item-text item-margin\">Signing Cert 2 Active: <samp>{{getValueAt 'services' 'iam' 'credential_reports' @key 'cert_2_active'}}</samp></div>\n    </div>\n  </script>\n\n  <script>\n    Handlebars.registerPartial(\"services.iam.credential_reports\", $(\"#services\\\\.iam\\\\.credential_reports\\\\.partial\").html());\n  </script>\n\n<!-- Single IAM credential_reports template -->\n<script id=\"services.iam.credential_reports.template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.iam.credential_reports'}}\n</script>\n\n<script>\n    var single_iam_credential_reports_template = Handlebars.compile($(\"#services\\\\.iam\\\\.credential_reports\\\\.template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.iam.groups.html",
    "content": "\n    <!-- IAM group partial -->\n    <script id=\"services.iam.groups.partial\" type=\"text/x-handlebars-template\">\n        <div id=\"resource-name\" class=\"list-group-item active\">\n          <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n          <h4 class=\"list-group-item-heading\">Information</h4>\n            <div class=\"list-group-item-text item-margin\">Arn: <span id=\"iam.groups.{{@key}}.arn\"><samp>{{value_or_none arn}}</samp></span></div>\n            <div class=\"list-group-item-text item-margin\">Creation date: {{CreateDate}}</div>\n        </div>\n        <div class=\"list-group-item\" style=\"padding-bottom: 0 !important;\">\n            <h4 class=\"list-group-item-heading\">Members\n                {{> count_badge count=users.length target=(concat '#iam.groups' id 'users')}}\n            </h4>\n            <div class=\"accordion-inner\">\n                <ul>\n                    {{#each this.users}}\n                    <li><a href=\"javascript:showObject('services.iam.users.{{this}}')\">{{getValueAt 'services.iam.users' this 'name'}}</a></li>\n                    {{/each}}\n                </ul>\n            </div>\n        </div>\n        {{> services.iam.inline_policies resource_type = 'groups' resource_id = @key}}\n        {{> services.iam.policies_list}}\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.iam.groups\", $(\"#services\\\\.iam\\\\.groups\\\\.partial\").html());\n    </script>\n\n    <!-- Single IAM group template -->\n    <script id=\"services.iam.groups.template\" type=\"text/x-handlebars-template\">\n        {{> modal-template template='services.iam.groups'}}\n    </script>\n    <script>\n        var single_iam_group_template = Handlebars.compile($(\"#services\\\\.iam\\\\.groups\\\\.template\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.iam.inline_policies.html",
    "content": "\n    <!-- IAM inline policies partial -->\n    <script id=\"services.iam.inline_policies.partial\" type=\"text/x-handlebars-template\">\n        <div class=\"list-group-item\">\n          <h4 class=\"list-group-item-heading\">\n            Inline Policies \n            {{> count_badge count=inline_policies_count}}\n          </h4>\n          {{#each inline_policies}}\n            {{> accordion_policy name = name document = PolicyDocument policy_path = (concat 'iam' ../resource_type ../resource_id 'inline_policies' @key 'PolicyDocument') heading=\"h5\" samp=true}}\n          {{/each}}\n        </div>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.iam.inline_policies\", $(\"#services\\\\.iam\\\\.inline_policies\\\\.partial\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.iam.managed_policies.html",
    "content": "\n    <!-- IAM managed policy partial -->\n    <script id=\"services.iam.policies.partial\" type=\"text/x-handlebars-template\">\n      <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n      </div>\n      <div class=\"list-group-item\">\n          {{> accordion_policy name = arn document = PolicyDocument policy_path = (concat 'iam.policies' @key 'PolicyDocument') heading = \"h5\" }}\n      </div>\n      <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Attached Entities</h4>\n        <ul>\n          {{#each attached_to}}\n            <li>{{makeTitle @key}}</li>\n            <ul>\n              {{#each this}}\n                <li><a href=\"javascript:showObject('services.iam.{{@../key}}.{{id}}')\">{{name}}</a></li>\n              {{/each}}\n            </ul>\n          {{/each}}\n        </ul>\n      </div>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.iam.policies\", $(\"#services\\\\.iam\\\\.policies\\\\.partial\").html());\n    </script>\n\n    <!-- Single IAM managed policy template -->\n    <script id=\"services.iam.policy.template\" type=\"text/x-handlebars-template\">\n        {{> modal-template template='services.iam.policies'}}\n    </script>\n    <script>\n        var single_iam_policy_template = Handlebars.compile($(\"#services\\\\.iam\\\\.policy\\\\.template\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.iam.managed_policies_list.html",
    "content": "\n    <!-- IAM managed policies partial -->\n    <script id=\"services.iam.policies_list.partial\" type=\"text/x-handlebars-template\">\n        <div class=\"list-group-item\">\n          <h4 class=\"list-group-item-heading\">Managed Policies {{> count_badge count=this.policies.length}}</h4>\n          <ul class=\"no-bullet\">\n          {{#each policies}}\n            <li class=\"list-group-item-text\"><a href=\"javascript:showObject('services.iam.policies.{{this}}')\">{{getValueAt 'services.iam.policies' this 'name'}}</a></li>\n          {{/each}}\n          </ul>\n        </div>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.iam.policies_list\", $(\"#services\\\\.iam\\\\.policies_list\\\\.partial\").html());\n    </script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.iam.roles.html",
    "content": "\n    <!-- IAM role partial -->\n    <script id=\"services.iam.roles.partial\" type=\"text/x-handlebars-template\">\n        <div id=\"resource-name\" class=\"list-group-item active\">\n          <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n            <h4 class=\"list-group-item-heading\">Information</h4>\n            <div class=\"list-group-item-text item-margin\">ID: <span id=\"iam.roles.{{@key}}.id\"><samp>{{value_or_none id}}</samp></span></div>\n            <div class=\"list-group-item-text item-margin\">Arn: <span id=\"iam.roles.{{@key}}.arn\"><samp>{{value_or_none arn}}</samp></span></div>\n            <div class=\"list-group-item-text item-margin\">Description: <span id=\"iam.roles.{{@key}}.description\"><samp>{{value_or_none description}}</samp></span></div>\n            <div class=\"list-group-item-text item-margin\">Creation Date: <span id=\"iam.roles.{{@key}}.create_date\">{{format_date create_date}}</span></div>\n            <div class=\"list-group-item-text item-margin\">Path: <span id=\"iam.roles.{{@key}}.path\"><samp>{{value_or_none path}}</samp></span></div>\n            <div class=\"list-group-item-text item-margin\">Max Session Duration: <span id=\"iam.roles.{{@key}}.max_session_duration\"><samp>{{value_or_none max_session_duration}}</samp></span></div>\n        </div>\n        <div class=\"list-group-item\">\n            {{> accordion_policy name = 'Role Trust Policy' policy_path = (concat 'iam.roles' @key 'assume_role_policy.PolicyDocument') document = assume_role_policy.PolicyDocument}}\n        </div>\n        <div class=\"list-group-item\">\n          <div class=\"accordion\">\n            <h4 class=\"list-group-item-heading accordion-heading\">Instances\n                {{> count_badge count=instances_count target=(concat '#iam.roles' id 'instances')}}\n            </h4>\n            <div id=\"iam.roles.{{id}}.instances\" class=\"accordion-body\">\n              <div class=\"accordion-inner\">\n                <ul class=\"no-bullet\">\n                  {{#each instance_profiles}}\n                    {{#each instances}}\n                      <li><a href=\"javascript:findAndShowEC2Object('regions.vpcs.instances', '{{this}}')\">{{this}}</a></li>\n                    {{/each}}\n                  {{/each}}\n                </ul>\n              </div>\n            </div>\n          </div>\n        </div>\n        <div class=\"list-group-item\">\n          <div class=\"accordion\">\n            <h4 class=\"list-group-item-heading accordion-heading\"> Lambda functions\n              {{> count_badge count=awslambdas_count target=(concat '#iam.roles' id 'awslambdas')}}\n            </h4>\n            <div id=\"iam.roles.{{id}}.awslambdas\" class=\"accordion-body\">\n              <div class=\"accordion-inner\">\n                <ul class=\"no-bullet\">\n                  {{#each awslambdas}}\n                    <li><a href=\"javascript:showObject('services.awslambda.regions.{{this.region}}.functions.{{this.name}}')\">{{this.name}}</a></li>\n                  {{/each}}\n                </ul>\n              </div>\n            </div>\n          </div>\n        </div>\n        {{> services.iam.inline_policies resource_type = 'roles' resource_id = id}}\n        {{> services.iam.policies_list resource_type = 'roles' resource_id = id}}\n        {{#if Tags}}\n        <div class=\"list-group-item\">\n          <h4>Tags</h4>\n          <ul>\n            {{#each Tags}}\n            <li class=\"list-group-item-text\"><samp>{{Key}}</samp>: <samp>{{Value}}</samp></li>\n            {{/each}}\n          </ul>\n        </div>\n        {{/if}}\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.iam.roles\", $(\"#services\\\\.iam\\\\.roles\\\\.partial\").html());\n    </script>\n\n    <!-- Single IAM role template -->\n    <script id=\"services.iam.roles.template\" type=\"text/x-handlebars-template\">\n        {{> modal-template template='services.iam.roles'}}\n    </script>\n    <script>\n        var single_iam_role_template = Handlebars.compile($(\"#services\\\\.iam\\\\.roles\\\\.template\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.iam.users.html",
    "content": "\n  <!-- IAM user partial -->\n  <script id=\"services.iam.users.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n      <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n      <h4 class=\"list-group-item-heading\">Information</h4>\n      <div class=\"list-group-item-text item-margin\">Arn: <span id=\"iam.users.{{@key}}.arn\"><samp>{{value_or_none arn}}</samp></span></div>\n      <div class=\"list-group-item-text item-margin\">Creation date: {{format_date CreateDate}}</div>\n    </div>\n    <div class=\"list-group-item\">\n      <h4 class=\"list-group-item-heading\">Authentication methods</h4>\n      <p class=\"list-group-item-text item-margin\">Password enabled: {{has_profiles? LoginProfile}}</p>\n      <ul></ul>\n      <p class=\"list-group-item-text item-margin\">Multi-Factor enabled: <span id=\"iam.users.{{id}}.mfa_enabled\">{{has_mfa? MFADevices}}</span></p>\n      <ul class=\"item-margin\">\n      {{#each MFADevices}}\n        <li class=\"list-group-item-text\"> Serial number: {{SerialNumber}}</li>\n      {{/each}}\n      </ul>\n      <p class=\"list-group-item-text item-margin\">Access Keys: <span id=\"iam.users.{{id}}.multiple_api_keys\">{{has_access_keys? AccessKeys}}</span></p>\n      <ul class=\"item-margin\">\n      {{#each AccessKeys}}\n        <li class=\"list-group-item-text\"><span id=\"iam.users.{{@../key}}.AccessKeys.{{@key}}\">{{AccessKeyId}}, {{Status}}, created on {{CreateDate}}</span></li>\n      {{/each}}\n      </ul>\n      {{#ifHasProfiles LoginProfile}}\n        {{#greaterLengthThan AccessKeys 0}}\n          <p class=\"list-group-item-text item-margin\">\n            <span id=\"iam.users.{{id}}.password_and_keys\" class=\"finding-hidden\">\n              <i class=\"fa fa-exclamation-triangle\"></i> Review the need for password-based and key-based authentication\n            </span>\n          </p>\n        {{/greaterLengthThan}}\n      {{/ifHasProfiles }}\n      {{#greaterLengthThan AccessKeys 1}}\n      <p class=\"list-group-item-text item-margin\">\n          <span id=\"iam.users.{{id}}.multiple_active_api_keys\" class=\"finding-hidden\">\n            <i class=\"fa fa-exclamation-triangle\"></i> Review the need for multiple active access keys\n          </span>\n      </p>\n      {{/greaterLengthThan}}\n    </div>\n    <div class=\"list-group-item\">\n      <h4 id=\"iam.users.{{id}}.user_groups\" class=\"list-group-item-heading\">Groups\n        {{> count_badge count=groups.length}}\n      </h4>\n      <ul>\n      {{#each groups}}\n        <li class=\"list-group-item-text\"><a href=\"javascript:showObject('services.iam.groups', 'name', '{{this}}')\">{{this}}</a></li>\n      {{/each}}\n      </ul>\n    </div>\n    {{> services.iam.inline_policies resource_type = 'users' resource_id = id}}\n    {{> services.iam.policies_list resource_type = 'users' resource_id = id}}\n    {{#if Tags}}\n    <div class=\"list-group-item\">\n      <h4>Tags</h4>\n      <ul>\n        {{#each Tags}}\n        <li class=\"list-group-item-text\"><samp>{{Key}}</samp>: <samp>{{Value}}</samp></li>\n        {{/each}}\n      </ul>\n    </div>\n    {{/if}}\n  </script>\n  <script>\n    Handlebars.registerPartial(\"services.iam.users\", $(\"#services\\\\.iam\\\\.users\\\\.partial\").html());\n  </script>\n\n    <!-- Single IAM user template -->\n    <script id=\"services.iam.users.template\" type=\"text/x-handlebars-template\">\n        {{> modal-template template='services.iam.users'}}\n    </script>\n    <script>\n        var single_iam_user_template = Handlebars.compile($(\"#services\\\\.iam\\\\.users\\\\.template\").html());\n    </script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html",
    "content": "\n<!-- Key partial -->\n<script id=\"services.kms.regions.id.keys.partial\" type=\"text/x-handlebars-template\">\n  {{#unless scout2_link}}\n    <div id=\"resource-name\" class=\"list-group-item active\">\n      <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n    <h4>Information</h4>\n      <ul>\n        <li class=\"list-group-item-text\">ID: <span id=\"kms.regions.{{region}}.keys.{{@key}}.id\"><samp>{{id}}</samp></span></li>\n        <li class=\"list-group-item-text\">ARN: <span id=\"kms.regions.{{region}}.keys.{{@key}}.arn\"><samp>{{arn}}</samp></span></li>\n        <li class=\"list-group-item-text\">Description: <span id=\"kms.regions.{{region}}.keys.{{@key}}.description\"><samp>{{value_or_none description}}</samp></span></li>\n        <li class=\"list-group-item-text\">Creation Date: <span id=\"kms.regions.{{region}}.keys.{{@key}}.creation_date\">{{format_date creation_date}}</span></li>\n        <li class=\"list-group-item-text\">Status: <span id=\"kms.regions.{{region}}.keys.{{@key}}.key_enabled\">{{convert_bool_to_enabled key_enabled}}</span></li>\n        <li class=\"list-group-item-text\">Origin: <span id=\"kms.regions.{{region}}.keys.{{@key}}.origin\"><samp>{{value_or_none origin}}</samp></span></li>\n        <li class=\"list-group-item-text\">Key Manager: <span id=\"kms.regions.{{region}}.keys.{{@key}}.key_manager\"><samp>{{value_or_none key_manager}}</samp></span></li>\n        <li class=\"list-group-item-text\">Rotation: <span id=\"kms.regions.{{region}}.keys.{{@key}}.rotation_enabled\">{{convert_bool_to_enabled rotation_enabled}}</span></li>\n      </ul>\n    </div>\n    <div class=\"list-group-item\">\n      {{#if aliases.length}}\n      <h4 class=\"list-group-item-heading accordion-heading\">Aliases</h4>\n      <ul>\n        {{#each aliases}}\n        <li><samp>{{name}}</samp></li>\n        {{/each}}\n      </ul>\n      {{else}}\n      <h4 class=\"list-group-item-heading accordion-heading text-secondary\">Aliases</h4>\n      {{/if}}\n    </div>\n    <div class=\"list-group-item\">\n      <h4 class=\"list-group-item-heading accordion-heading\">Grants</h4>\n      <ul>\n        {{#each grants}}\n        <li><b>Name: {{value_or_none name}}</b></li>\n        <samp>{{> generic_object this}}</samp>\n        {{/each}}\n      </ul>\n    </div>\n    <div class=\"list-group-item\">\n    {{#if policy}}\n      {{> accordion_policy name = 'Key Policy' document = policy policy_path = (concat 'kms.regions' region 'keys' @key 'policy')}}\n    {{else}}\n      <h4 class=\"list-group-item-heading accordion-heading text-secondary\">Key Policy</h4>\n    {{/if}}\n    </div>\n  {{/unless}}\n</script>\n<script>\n  Handlebars.registerPartial(\"services.kms.regions.id.keys\", $(\"#services\\\\.kms\\\\.regions\\\\.id\\\\.keys\\\\.partial\").html());\n</script>\n\n<!-- Single KMS instance template -->\n<script id=\"single_kms_key-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.kms.regions.id.keys' }}\n</script>\n<script>\n    var single_kms_key_template = Handlebars.compile($(\"#single_kms_key-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.parameter_groups.html",
    "content": "\n    <!-- RDS parameter group partial -->\n    <script id=\"services.rds.regions.id.parameter_groups.partial\" type=\"text/x-handlebars-template\">\n        <div class=\"list-group-item active\">\n            <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n            <h4 class=\"list-group-item-heading\">Information</h4>\n            <div class=\"list-group-item-text\">Group family: {{DBParameterGroupFamily}}</div>\n            <div class=\"list-group-item-text\">Description: {{Description}}</div>\n            <div class=\"list-group-item-text\">ARN: {{arn}}</div>\n        </div>\n        <div class=\"list-group-item\">\n            <div class=\"accordion\">\n                <h4 class=\"list-group-item-heading accordion-heading\">Parameters</h4>\n                <div class=\"accordion-body item-margin\">\n                    <div class=\"accordion-inner\">\n                        <table class=\"table-striped\" width=\"100%\" >\n                            <tr>\n                                <td width=\"20%\">Name</td>\n                                <td width=\"20%\">Value</td>\n                                <td width=\"60%\">Description</td>\n                            </tr>\n                            {{#each parameters}}\n                            <tr>\n                                <td width=\"20%\">{{@key}}</td>\n                                <td width=\"20%\">{{ParameterValue}}</td>\n                                <td width=\"60%\">{{Description}}</td>\n                            </tr>\n                            {{/each}}\n                        </table>\n                    </div>\n                </div>\n            </div>\n        </div>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.rds.regions.id.parameter_groups\", $(\"#services\\\\.rds\\\\.regions\\\\.id\\\\.parameter_groups\\\\.partial\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.security_groups.html",
    "content": "\n    <!-- RDS security group partials -->\n    <script id=\"services.rds.regions.id.security_groups.partial\" type=\"text/x-handlebars-template\">\n        <div class=\"list-group-item active\">\n          <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n          <h4 class=\"list-group-item-heading\">Information</h4>\n          <div class=\"list-group-item-text item-margin\">Description: {{DBSecurityGroupDescription}}</div>\n        </div>\n        <div class=\"list-group-item\">\n          <h4 class=\"list-group-item-heading\">Authorizations</h4>\n          <ul>\n            {{#each EC2SecurityGroups}}\n              <li class=\"list-group-item-text\">\n                {{EC2SecurityGroupName}} ({{EC2SecurityGroupId}}) @ {{EC2SecurityGroupOwnerId}} ({{Status}})\n              </li>\n            {{/each}}\n            {{#each IPRanges}}\n              <li class=\"list-group-item-text\">{{CIDRIP}} ({{Status}})</li>\n            {{/each}}\n          </ul>\n        </div>\n    </script>\n    <script>\n        Handlebars.registerPartial(\"services.rds.regions.id.security_groups\", $(\"#services\\\\.rds\\\\.regions\\\\.id\\\\.security_groups\\\\.partial\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.instances.html",
    "content": "\n    <!-- RDS instance partial -->\n    <script id=\"services.rds.regions.id.vpcs.id.instances.partial\" type=\"text/x-handlebars-template\">\n        <div id=\"resource-name\" class=\"list-group-item active\">\n            <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n          <h4>Information</h4>\n            <ul>\n                <li class=\"list-group-item-text\">ARN: <samp>{{arn}}</samp></li>\n                <li class=\"list-group-item-text\">Region: <samp>{{region}}</samp></li>\n                <li class=\"list-group-item-text\">Engine: <samp>{{Engine}}</samp></li>\n                <li class=\"list-group-item-text\">Created: {{format_date InstanceCreateTime}}</li>\n                <li class=\"list-group-item-text\">Status: <samp>{{makeTitle DBInstanceStatus}}</samp></li>\n                <li class=\"list-group-item-text\">Is Read Replica: <samp>{{is_read_replica}}</samp></li>\n                <li class=\"list-group-item-text\">Auto Minor Version Upgrade: <span id=\"rds.regions.{{region}}.vpcs.{{vpc}}.instances.{{@key}}.AutoMinorVersionUpgrade\">{{convert_bool_to_enabled AutoMinorVersionUpgrade}}</span></li>\n                <li class=\"list-group-item-text\">Multi Availability Zones: <span id=\"rds.regions.{{region}}.vpcs.{{vpc}}.instances.{{@key}}.MultiAZ\">{{convert_bool_to_enabled MultiAZ}}</span></li>\n                <li class=\"list-group-item-text\">Instance Class: <span id=\"rds.regions.{{region}}.vpcs.{{vpc}}.instances.{{@key}}.DBInstanceClass\"><samp>{{DBInstanceClass}}</samp></span></li>\n                <li class=\"list-group-item-text\">Backup Retention Period: <span id=\"rds.regions.{{region}}.vpcs.{{vpc}}.instances.{{@key}}.BackupRetentionPeriod\">{{BackupRetentionPeriod}} days</span>\n                <li class=\"list-group-item-text\">Enhanced Monitoring:\n                    <span id=\"rds.regions.{{region}}.vpcs.{{vpc}}.instances.{{@key}}.EnhancedMonitoringResourceArn\">{{convert_bool_to_enabled EnhancedMonitoringResourceArn}}</span>\n                </li>\n                <li class=\"list-group-item-text\">Encrypted Storage: <span id=\"rds.regions.{{region}}.vpcs.{{vpc}}.instances.{{@key}}.StorageEncrypted\">{{convert_bool_to_enabled StorageEncrypted}}</span></li>\n                <li class=\"list-group-item-text\">CA Certificate: <span id=\"rds.regions.{{region}}.vpcs.{{vpc}}.instances.{{@key}}.CACertificateIdentifier\"><samp>{{CACertificateIdentifier}}</samp></span></li>\n            </ul>\n        </div>\n        <div class=\"list-group-item\">\n            <h4>Network</h4>\n            <ul>\n                <li class=\"list-group-item-text\">Endpoint: <samp>{{Endpoint.Address}}:{{Endpoint.Port}}</samp></li>\n                <li class=\"list-group-item-text\">Publicly Accessible: <span id=\"rds.regions.{{region}}.vpcs.{{vpc}}.instances.{{@key}}.instance_publicly_accessible\">{{convert_bool_to_enabled PubliclyAccessible}}</span>\n            </ul>\n        </div>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.rds.regions.id.vpcs.id.instances\", $(\"#services\\\\.rds\\\\.regions\\\\.id\\\\.vpcs\\\\.id\\\\.instances\\\\.partial\").html());\n    </script>\n\n    <!-- Single RDS instance template -->\n    <script id=\"single_rds_instance-template\" type=\"text/x-handlebars-template\">\n        {{> modal-template template='services.rds.regions.id.vpcs.id.instances'}}\n    </script>\n    <script>\n        var single_rds_instance_template = Handlebars.compile($(\"#single_rds_instance-template\").html());\n    </script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.snapshots.html",
    "content": "\n    <!-- RDS snapshot partial -->\n    <script id=\"services.rds.regions.id.vpcs.id.snapshots.partial\" type=\"text/x-handlebars-template\">\n        <div class=\"list-group-item active\">\n          <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n          <h4>Information</h4>\n          <ul>\n              {{#if is_cluster}}\n              <li class=\"list-group-item-text\">DB Cluster: <samp>{{DBClusterIdentifier}}</samp></a></li>\n              {{else}}\n              <li class=\"list-group-item-text\">RDS Instance: <samp><a href=\"javascript:showObject('services.rds.regions.{{region}}.vpcs.{{vpc_id}}.instances.{{DBInstanceIdentifier}}')\">{{DBInstanceIdentifier}}</a></samp></li>\n              {{/if}}\n              {{#if is_cluster}}\n              <li class=\"list-group-item-text\">Cluster Snapshot: <samp>{{is_cluster}}</samp></li>\n              {{/if}}\n            <li class=\"list-group-item-text\">Created: {{format_date SnapshotCreateTime}}</li>\n            <li class=\"list-group-item-text\">Encryption: <span id=\"rds.regions.{{region}}.vpcs.{{vpc_id}}.snapshots.{{@key}}.snapshot-not-encrypted\">{{convert_bool_to_enabled Encrypted}}</span></li>\n            {{#unless is_cluster}}\n              <li class=\"list-group-item-text\">Option group: <samp>{{OptionGroupName}}</samp></li>\n              {{/unless}}\n          </ul>\n        </div>\n        <div class=\"list-group-item\">\n          <h4>Attributes</h4>\n          <ul>\n            {{#each attributes}}\n              <li class=\"list-group-item-text\"><samp>{{AttributeName}}</samp>: <samp><span id=\"rds.regions.{{../region}}.vpcs.{{../vpc_id}}.snapshots.{{@../key}}.attributes.{{@index}}\">{{value_or_none AttributeValues}}</span></samp></li>\n            {{/each}}\n          </ul>\n        </div>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.rds.regions.id.vpcs.id.snapshots\", $(\"#services\\\\.rds\\\\.regions\\\\.id\\\\.vpcs\\\\.id\\\\.snapshots\\\\.partial\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.subnet_groups.html",
    "content": "\n    <!-- RDS subnet group partial -->\n    <script id=\"services.rds.regions.id.vpcs.id.subnet_groups.partial\" type=\"text/x-handlebars-template\">\n        <div class=\"list-group-item active\">\n            <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n            <h4 class=\"list-group-item-heading\">Attributes</h4>\n            {{> generic_object resource}}\n        </div>\n    </script>\n    <script>\n        Handlebars.registerPartial(\"services.rds.regions.id.vpcs.id.subnet_groups\", $(\"#services\\\\.rds\\\\.regions\\\\.id\\\\.vpcs\\\\.id\\\\.subnet_groups\\\\.partial\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html",
    "content": "<!-- Redshift parameter group partial -->\n\n<script id=\"services.redshift.regions.id.parameter_groups.partial\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ARN: <samp>{{arn}}</samp></div>\n        <div class=\"list-group-item-text item-margin\">Description: <samp>{{description}}</samp></div>\n        <div class=\"list-group-item-text item-margin\">Group Family: <samp>{{family}}</samp></div>\n        <div class=\"list-group-item-text item-margin\">Default Parameter Group: <samp>{{is_default}}</samp></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Parameters</h4>\n        <ul>\n            {{#each parameters}}\n            <div class=\"list-group-item-text item-margin\">ARN: <samp>{{arn}}</samp></div>\n            <li class=\"list-group-item-text\"><samp>{{@key}}</samp>:\n                <span id=\"redshift.regions.{{../region}}.parameter_groups.{{@../key}}.{{@key}}\"><samp>{{value}}</samp></span>\n            </li>\n            {{/each}}\n        </ul>\n    </div>\n</script>\n<script>\n    Handlebars.registerPartial(\"services.redshift.regions.id.parameter_groups\", $(\"#services\\\\.redshift\\\\.regions\\\\.id\\\\.parameter_groups\\\\.partial\").html());\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.vpcs.id.clusters.html",
    "content": "\n    <!-- Redshift cluster partial -->\n    <script id=\"services.redshift.regions.id.vpcs.id.clusters.partial\" type=\"text/x-handlebars-template\">\n        <div class=\"list-group-item active\">\n          <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n          <h4 class=\"list-group-item-heading\">Information</h4>\n          <ul>\n            <li class=\"list-group-item-text\">ARN: <samp>{{arn}}</samp></li>\n            <li class=\"list-group-item-text\">Node Type: {{NodeType}}</li>\n            <li class=\"list-group-item-text\">Allow Version Upgrade: <span id=\"redshift.regions.{{region}}.vpcs.{{vpc}}.clusters.{{name}}.AllowVersionUpgrade\">{{AllowVersionUpgrade}}</span><li>\n            <li class=\"list-group-item-text\">Automated Snapshot Retention Period: {{AutomatedSnapshotRetentionPeriod}}</li>\n            <li class=\"list-group-item-text\">Created at: {{ClusterCreateTime}}</li>\n            <li class=\"list-group-item-text\">Availability Zone: {{AvailabilityZone}}</li>\n            <li class=\"list-group-item-text\">Encrypted: <span id=\"redshift.regions.{{region}}.vpcs.{{vpc}}.clusters.{{name}}.Encrypted\">{{Encrypted}}</span></li>\n            <li class=\"list-group-item-text\">Cluster Parameter Groups:\n              <ul>\n                {{#each ClusterParameterGroups}}\n                  <li>{{ParameterGroupName}}</li>\n                {{/each}}\n              </ul>\n            </li>\n          </ul>\n        </div>\n        <div class=\"list-group-item\">\n          <h4 class=\"list-group-item-heading\">Network</h4>\n          <ul>\n            <li class=\"list-group-item-text\">Endpoint: {{Endpoint.Address}}:{{Endpoint.Port}}</li>\n            <li class=\"list-group-item-text\">Publicly accessible: <span id=\"redshift.regions.{{region}}.vpcs.{{vpc}}.clusters.{{name}}.PubliclyAccessible\">{{PubliclyAccessible}}</span></li>\n            <li class=\"list-group-item-text\">VPC: {{VpcId}}</li>\n            <li class=\"list-group-item-text\">Subnet: {{ClusterSubnetGroupName}}</li>\n            <li class=\"list-group-item-text\">Security groups:\n              <ul>\n                {{#each VpcSecurityGroups}}\n                  <li>{{VpcSecurityGroupId}}: {{Status}}</li>\n                {{/each}}\n                {{#each ClusterSecurityGroups}}\n                  <li>{{ClusterSecurityGroupName}}: {{Status}}</li>\n                {{/each}}\n              </ul>\n            </li>\n          </ul>\n        </div>\n        {{!--\n        {{> accordion service_name = 'redshift' resource_type = 'clusters' resource_id = name member_type = 'Nodes' members = ClusterNodes member_partial_name = 'services.redshift.regions.vpcs.cluster_nodes'}}\n        --}}\n    </script>\n    <script>\n        Handlebars.registerPartial(\"services.redshift.regions.id.vpcs.id.clusters\", $(\"#services\\\\.redshift\\\\.regions\\\\.id\\\\.vpcs\\\\.id\\\\.clusters\\\\.partial\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.vpcs.id.security_groups.html",
    "content": "\n    <!-- Redshift security group partials -->\n    <script id=\"services.redshift.regions.id.vpcs.id.security_groups.partial\" type=\"text/x-handlebars-template\">\n        <div class=\"list-group-item active\">\n          <h4 class=\"list-group-item-heading\">{{resource_key}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n          <h4 class=\"list-group-item-heading\">Information</h4>\n          <div class=\"list-group-item-text item-margin\">Description: {{Description}}</div>\n        </div>\n        <div class=\"list-group-item\">\n          <h4 class=\"list-group-item-heading\">Rules</h4>\n          <ul>\n            {{#if IPRanges}}\n              <li class=\"list-group-item-text\">IP addresses:</li>\n              <ul>\n                {{#each IPRanges}}\n                  <li class=\"list-group-item-text\">{{CIDRIP}}: <span id=\"services.redshift.regions.vpcs.security_groupss-all-ips-authorized-{{../resource_key}}\">{{Status}}</span></li>\n                {{/each}}\n              </ul>\n            {{/if}}\n            {{#if EC2SecurityGroups}}\n              <li class=\"list-group-item-text\">EC2 security groups:</li>\n              <ul>\n                {{#each EC2SecurityGroups}}\n                  <li class=\"list-group-item-text\">{{EC2SecurityGroupName}} (AWS account ID {{UserId}}): {{Status}}</li>\n                {{/each}}\n              </ul>\n            {{/if}}\n          </ul>\n        </div>\n    </script>\n    <script>\n        Handlebars.registerPartial(\"services.redshift.regions.id.vpcs.id.security_groups\", $(\"#services\\\\.redshift\\\\.regions\\\\.id\\\\.vpcs\\\\.id\\\\.security_groups\\\\.partial\").html());\n    </script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.redshift.regions.vpcs.cluster_nodes.html",
    "content": "\n    <!-- Redshift node partial -->\n    <script id=\"services.redshift.regions.vpcs.cluster_nodes.partial\" type=\"text/x-handlebars-template\">\n      {{NodeRole}}: {{PrivateIPAddress}} / {{PublicIPAddress}}\n    </script>\n    <script>\n        Handlebars.registerPartial(\"services.redshift.regions.vpcs.cluster_nodes\", $(\"#services\\\\.redshift\\\\.regions\\\\.vpcs\\\\.cluster_nodes\\\\.partial\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.route53.regions.id.domains.html",
    "content": "<!-- route53 domains -->\n<script id=\"services.route53.regions.id.domains.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ARN: <span id=\"route53.regions.id.domains.{{@key}}.arn\"><samp>{{value_or_none arn}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Auto Renew: <span\n                id=\"route53.regions.id.domains.{{@key}}.auto_renew\">{{convert_bool_to_enabled auto_renew}}</span>\n        </div>\n        <div class=\"list-group-item-text item-margin\">Transfer Lock:\n            <span id=\"route53.regions.id.domains.{{@key}}.transfer_lock\">{{convert_bool_to_enabled transfer_lock}}\n                <i class=\"fa fa-exclamation-triangle\"></i>\n                <span id=\"route53.regions.id.domains.{{@key}}.transfer_lock_unauthorized\">\n                    This domain's top-level domain (TLD) does not support domain locking.\n                </span>\n            </span>\n        </div>\n        <div class=\"list-group-item-text item-margin\">Expiry:\n            <span id=\"route53.regions.id.domains.{{@key}}.expiry\">{{format_date expiry}}</span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.route53.regions.id.domains\", $(\"#services\\\\.route53\\\\.regions\\\\.id\\\\.domains\\\\.partial\").html());\n</script>\n\n<!-- Single route53 domain template -->\n<script id=\"single_route53_domain-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.route53.regions.id.domains'}}\n</script>\n<script>\n    var single_route53_domain_template = Handlebars.compile($(\"#single_route53_domain-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.route53.regions.id.hosted_zones.html",
    "content": "<!-- route53 hosted_zones -->\n<script id=\"services.route53.regions.id.hosted_zones.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"route53.regions.id.hosted_zones.{{@key}}.id\"><samp>{{value_or_none id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">ARN: <span id=\"route53.regions.id.hosted_zones.{{@key}}.arn\"><samp>{{value_or_none arn}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Caller Reference: <span id=\"route53.regions.id.hosted_zones.{{@key}}.caller_reference\"><samp>{{value_or_none caller_reference}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Resource Record Set Count: <span id=\"route53.regions.id.hosted_zones.{{@key}}.resource_record_set_count\"><samp>{{value_or_none resource_record_set_count}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.route53.regions.id.hosted_zones\", $(\"#services\\\\.route53\\\\.regions\\\\.id\\\\.hosted_zones\\\\.partial\").html());\n</script>\n\n<!-- Single route53 hosted_zone template -->\n<script id=\"single_route53_hosted_zone-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.route53.regions.id.hosted_zones'}}\n</script>\n<script>\n    var single_route53_hosted_zone_template = Handlebars.compile($(\"#single_route53_hosted_zone-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.s3.acls.html",
    "content": "\n    <script id=\"services.s3.acls.partial\" type=\"text/x-handlebars-template\">\n        <div class=\"list-group-item\">\n          <div class=\"accordion\">\n          <h4 class=\"list-group-item-heading\">{{makeTitle resource_type}} ACLs</h4>\n          <div class=\"accordion-body item-margin\">\n            <div class=\"accordion-inner\">\n              <table class=\"table-striped\" >\n                <tr class=\"table-padding\">\n                  <td width=\"20%\" class=\"text-center well\"></td>\n                  <td width=\"20%\" class=\"text-center well\">List</td>\n                  <td width=\"20%\" class=\"test-center well\">Upload/Delete</td>\n                  <td width=\"20%\" class=\"text-center well\">View<br>Permissions</td>\n                  <td width=\"20%\" class=\"text-center well\">Edit<br>Permissions</td>\n                </tr>\n                {{#each grantees}}\n                <tr>\n                  <td width=\"20%\" class=\"text-center bucket-name table-hover\" onclick=\"toggleName(this)\">{{DisplayName}}</td>\n                  <td width=\"20%\" class=\"text-center\">\n                    {{#if permissions.read}}\n                    <i id=\"{{../../resource_path}}.grantees.{{@key}}.read\" class=\"fa fa-check\"></i>\n                    {{else}}\n                    <i id=\"{{../../resource_path}}.grantees.{{@key}}.read\" class=\"fa fa-times\"></i>\n                    {{/if}}\n                  </td>\n                  <td width=\"20%\" class=\"text-center\">\n                    {{#if permissions.write}}\n                    <i id=\"{{../../resource_path}}.grantees.{{@key}}.write\" class=\"fa fa-check\"></i>\n                    {{else}}\n                    <i id=\"{{../../resource_path}}.grantees.{{@key}}.write\" class=\"fa fa-times\"></i>\n                    {{/if}}\n                  </td>\n                  <td width=\"20%\" class=\"text-center\">\n                    {{#if permissions.read_acp}}\n                    <i id=\"{{../../resource_path}}.grantees.{{@key}}.read_acp\" class=\"fa fa-check\"></i>\n                    {{else}}\n                    <i id=\"{{../../resource_path}}.grantees.{{@key}}.read_acp\" class=\"fa fa-times\"></i>\n                    {{/if}}\n                  </td>\n                  <td width=\"20%\" class=\"text-center\">\n                    {{#if permissions.write_acp}}\n                    <i id=\"{{../../resource_path}}.grantees.{{@key}}.write_acp\" class=\"fa fa-check\"></i>\n                    {{else}}\n                    <i id=\"{{../../resource_path}}.grantees.{{@key}}.write_acp\" class=\"fa fa-times\"></i>\n                    {{/if}}\n                  </td>\n                </tr>\n                {{/each}}\n              </table>\n            </div>\n          </div>\n          </div>\n        </div>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.s3.acls\", $(\"#services\\\\.s3\\\\.acls\\\\.partial\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.s3.bucket_iam_policies.html",
    "content": "\n    <!-- List of IAM policies referring a given bucket -->\n    <script id=\"services.s3.bucket_iam_policies.partial\" type=\"text/x-handlebars-template\">\n        {{#if resource_type}}\n          <div class=\"list-group-item\">\n            <div class=\"accordion\">\n              <h4 class=\"list-group-item-heading accordion-heading\">{{makeTitle resource_type}} with access via IAM policies</h4>\n              <div id=\"s3_iam_{{resource_type}}_policies_details-{{escape_special_chars ../name}}\" class=\"accordion-body item-margin\">\n                <div class=\"accordion-inner\">\n                  <table class=\"table-striped\" width=\"100%\" >\n                    <tr>\n                      <td width=\"40%\">{{makeTitle ../resource_type}} name</td>\n                      <td width=\"40%\" class=\"text-center\">Policy name</td>\n                      <td width=\"20%\" class=\"text-center\">Condition?</td>\n                    </tr>\n                    {{#each (lookup . resource_type)}}\n                      {{#each policies}}\n                        <tr>\n                        <td width=\"40%\"><a href=\"javascript:showObject('services.iam.{{../../resource_type}}.{{@../key}}')\">\n                          {{getValueAt 'services.iam' ../../resource_type @../key 'name'}}\n                        </a></td>\n                        <td width=\"40%\" class=\"text-center\">\n                          <a href=\"javascript:showIAMManagedPolicy('{{@key}}')\">{{getValueAt 'services.iam.policies' @key 'name'}}</a>\n                        </td>\n                        <td width=\"20%\" class=\"text-center\">\n                          {{has_condition  this}}\n                        </td>\n                        </tr>\n                      {{/each}}\n                      {{#each inline_policies}}\n                        <tr>\n                        <td width=\"40%\"><a href=\"javascript:showObject('services.iam.{{../../resource_type}}.{{@../key}}')\">\n                          {{getValueAt 'services.iam' ../../resource_type @../key 'name'}}\n                        </a></td>\n                        <td width=\"40%\" class=\"text-center\">\n                          <a href=\"javascript:showIAMInlinePolicy('{{../../resource_type}}', '{{@../key}}', '{{@key}}')\">\n                            {{getValueAt 'services.iam' ../../resource_type @../key 'inline_policies' @key 'name'}}\n                          </a>\n                        </td>\n                        <td width=\"20%\" class=\"text-center\">\n                          {{has_condition  this}}\n                        </td>\n                        </tr>\n                      {{/each}}\n                    {{/each}}\n                  </table>\n                </div>\n              </div>\n            </div>\n          </div>\n        {{/if}}\n    </script>\n    <script>\n        Handlebars.registerPartial(\"services.s3.bucket_iam_policies\", $(\"#services\\\\.s3\\\\.bucket_iam_policies\\\\.partial\").html());\n    </script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.s3.buckets.html",
    "content": "\n    <!-- S3 bucket partial -->\n    <script id=\"services.s3.buckets.partial\" type=\"text/x-handlebars-template\">\n        <div id=\"resource-name\" class=\"list-group-item active\">\n          <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n            <h4 class=\"list-group-item-heading\">Information</h4>\n            <div class=\"list-group-item-text item-margin\">ARN: <samp>{{arn}}</samp></div>\n            <div class=\"list-group-item-text item-margin\">Region: {{region}}</div>\n            <div class=\"list-group-item-text item-margin\">Creation Date: {{CreationDate}}</div>\n            <div class=\"list-group-item-text item-margin\">Logging: <span id=\"s3.buckets.{{@key}}.logging\">{{has_logging? logging}}</span></div>\n            <div class=\"list-group-item-text item-margin\">Default Encryption: <span id=\"s3.buckets.{{@key}}.default_encryption_enabled\">{{ convert_bool_to_enabled default_encryption_enabled}}</span></div>\n            {{#if default_encryption_enabled}}\n                <div class=\"list-group-item-text item-margin\">Encryption Algorithm: <span class=\"s3.buckets.{{@key}}.encryption_config\"><samp>{{ value_or_none default_encryption_algorithm}}</samp></span></div>\n                <div class=\"list-group-item-text item-margin\">Encryption Key: <span class=\"s3.buckets.{{@key}}.encryption_config\"><samp>{{ value_or_none default_encryption_key}}</samp></span></div>\n            {{/if}}\n            <div class=\"list-group-item-text item-margin\">Versioning: <span id=\"s3.buckets.{{@key}}.versioning\">{{convert_bool_to_enabled versioning_status_enabled}}</span></div>\n            <div class=\"list-group-item-text item-margin\">MFA Delete: <span id=\"s3.buckets.{{@key}}.mfa_delete\">{{convert_bool_to_enabled version_mfa_delete_enabled}}</span></div>\n            <div class=\"list-group-item-text item-margin\">Secure Transport: <span id=\"s3.buckets.{{@key}}.secure_transport_enabled\">{{convert_bool_to_enabled secure_transport_enabled}}</span></div>\n            <div class=\"list-group-item-text item-margin\">Static Website Hosting: <span id=\"s3.buckets.{{@key}}.web_hosting_enabled\">{{convert_bool_to_enabled web_hosting_enabled}}</span></div>\n        </div>\n        {{> services.s3.public_access_block_configuration resource_type = 'bucket' resource_path = (concat 's3.buckets' @key)}}\n        <div class=\"list-group-item\">\n            {{#if policy}}\n                {{> accordion_policy name = 'Bucket Policy' document = policy policy_path = (concat 's3.buckets' @key 'policy')}}\n            {{else}}\n                <h4 class=\"list-group-item-heading accordion-heading text-secondary\">Bucket Policy</h4>\n            {{/if}}\n        </div>\n        {{> services.s3.acls resource_type = 'bucket' resource_path = (concat 's3.buckets' @key)}}\n        {{> services.s3.bucket_iam_policies resource_type = 'groups' resource_count = groups_count}}\n        {{> services.s3.bucket_iam_policies resource_type = 'roles' resource_count = roles_count}}\n        {{> services.s3.bucket_iam_policies resource_type = 'users' resource_count = users_count}}\n        {{#if keys}}\n          <div class=\"list-group-item\">\n            <div class=\"accordion\">\n              <h4 class=\"list-group-item-heading accordion-heading\">Keys\n                {{> count_badge count=keys_count target=(concat '#services.s3.buckets' @key 'keys')}}\n              </h4>\n              <div id=\"services.s3.buckets.{{@key}}.keys\" class=\"accordion-body item-margin\">\n                <div class=\"accordion-inner\">\n                  <table class=\"table-striped\" width=\"100%\" >\n                    <tr>\n                      <td width=\"80%\">Name</td>\n                      <td width=\"10%\" class=\"text-center\">Encrypted</td>\n                      <td width=\"10%\" class=\"text-center\">Perms</td>\n                    </tr>\n                    {{#each keys}}\n                    <tr>\n                      <td width=\"80%\"><a href=\"javascript:showS3Object('{{@../key}}', '{{@key}}')\">{{name}}</a></td>\n                      <td width=\"10%\" class=\"text-center\">\n                        <span id=\"s3.buckets.{{@../key}}.keys.{{@key}}.unencrypted\">\n                          {{{good_bad_icon 's3-object-unencrypted' @../key @key 'ServerSideEncryption'}}}\n                        </span>\n                      </td>\n                      <td width=\"10%\" class=\"text-center\">\n                        <span id=\"s3.buckets.{{@../key}}.keys.{{@key}}.grantees\">\n                          {{{good_bad_icon 's3-object-acls-mismatch-bucket' @../key @key 'grantees'}}}\n                        </span>\n                      </td>\n                    </tr>\n                    {{/each}}\n                  </table>\n                </div>\n              </div>\n            </div>\n          </div>\n        {{/if}}\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.s3.buckets\", $(\"#services\\\\.s3\\\\.buckets\\\\.partial\").html());\n    </script>\n\n    <!-- Single S3 bucket template -->\n    <script id=\"single_s3_bucket-template\" type=\"text/x-handlebars-template\">\n        {{> modal-template template='services.s3.buckets' }}\n    </script>\n    <script>\n        var single_s3_bucket_template = Handlebars.compile($(\"#single_s3_bucket-template\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.s3.buckets.objects.html",
    "content": "\n    <!-- S3 object partial -->\n    <script id=\"services.s3.buckets.objects.partial\" type=\"text/x-handlebars-template\">\n      <div class=\"list-group\" id=\"services.s3.buckets.objects.{{name}}.details\">\n        <div id=\"resource-name\" class=\"list-group-item active\">\n          <h4 class=\"list-group-item-heading\">{{getValueAt 'services.s3.buckets' bucket_id 'name'}}/{{getValueAt 'services.s3.buckets' bucket_id 'keys' key_id 'name'}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n          <h4 class=\"list-group-item-heading\">Information</h4>\n          <div class=\"list-group-item-text\">\n            <ul class=\"no-bullet\">\n              <li>Server-side encryption: {{{good_bad_icon 's3-object-unencrypted' bucket_id key_id 'ServerSideEncryption'}}}</li>                          \n              <li>Permissions match bucket's: {{{good_bad_icon 's3-object-acls-mismatch-bucket' bucket_id key_id 'grantees'}}}</li>\n            </ul>\n          </div>\n        </div>\n        {{> services.s3.acls resource_type = 'object' resource_path = (concat 's3.buckets' bucket_id 'keys' key_id)}}\n      </div>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.s3.buckets.objects\", $(\"#services\\\\.s3\\\\.buckets\\\\.objects\\\\.partial\").html());\n    </script>\n\n    <!-- Single S3 object template -->\n    <script id=\"single_s3_object-template\" type=\"text/x-handlebars-template\">\n        {{> modal-template template='services.s3.buckets.objects'}}\n    </script>\n    <script>\n      var single_s3_object_template = Handlebars.compile($(\"#single_s3_object-template\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.s3.public_access_block_configuration.html",
    "content": "<!-- public_access_block_configuration partial -->\n<script id=\"services.s3.public_access_block_configuration.partial\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\"><span id=\"s3.buckets.{{@key}}.public_access_block_configuration.public_access_block\">Public Access Block Configuration</span></h4>\n        <div class=\"list-group-item-text item-margin\">Ignore Public ACLs:\n            {{convert_bool_to_enabled public_access_block_configuration.IgnorePublicAcls}}\n        </div>\n        <div class=\"list-group-item-text item-margin\">Block Public Policies:\n            {{convert_bool_to_enabled public_access_block_configuration.BlockPublicPolicy}}\n        </div>\n        <div class=\"list-group-item-text item-margin\">Block Public ACLs:\n            {{convert_bool_to_enabled public_access_block_configuration.BlockPublicAcls}}\n        </div>\n        <div class=\"list-group-item-text item-margin\">Restrict Public Buckets:\n            {{convert_bool_to_enabled public_access_block_configuration.RestrictPublicBuckets}}\n        </div>\n    </div>\n</script>\n<script>\n      Handlebars.registerPartial(\"services.s3.public_access_block_configuration\", $(\"#services\\\\.s3\\\\.public_access_block_configuration\\\\.partial\").html());\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.secretsmanager.regions.id.secrets.html",
    "content": "<!-- secretsmanager secrets -->\n<script id=\"services.secretsmanager.regions.id.secrets.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"secretsmanager.regions.{{region}}.secrets.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">ARN: <span id=\"secretsmanager.regions.{{region}}.secrets.{{@key}}.arn\"><samp>{{value_or_none arn}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"secretsmanager.regions.{{region}}.secrets.{{@key}}.description\"><samp>{{value_or_none description}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Last Changed Date: <span id=\"secretsmanager.regions.{{region}}.secrets.{{@key}}.last_changed_date\"><samp>{{format_date last_changed_date}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Last Accessed Date: <span id=\"secretsmanager.regions.{{region}}.secrets.{{@key}}.last_accessed_date\"><samp>{{format_date last_accessed_date}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">KMS Key: <span id=\"secretsmanager.regions.{{region}}.secrets.{{@key}}.kms\"><samp>{{value_or_none kms}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Rotation: <span id=\"secretsmanager.regions.{{region}}.secrets.{{@key}}.rotation\">{{convert_bool_to_enabled rotation}}</span></div>\n        {{#if rotation}}\n        <div class=\"list-group-item-text item-margin\">Rotation Lambda ARN: <span id=\"secretsmanager.regions.{{region}}.secrets.{{@key}}.rotation_lambda_arn\"><samp>{{value_or_none rotation_lambda_arn}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Rotation Interval: <span id=\"secretsmanager.regions.{{region}}.secrets.{{@key}}.rotation_interval\"><samp>{{value_or_none rotation_interval}}</samp></span></div>\n        {{/if}}\n    </div>\n    {{#if policy.Statement}}\n    <div class=\"list-group-item\">\n        {{> accordion_policy name = 'Resource Permissions ' policy_path = (concat 'secretsmanager.regions' region 'secrets' @key 'policy') document = policy}}\n    </div>\n    {{/if}}\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.secretsmanager.regions.id.secrets\", $(\"#services\\\\.secretsmanager\\\\.regions\\\\.id\\\\.secrets\\\\.partial\").html());\n</script>\n\n<!-- Single secretsmanager secret template -->\n<script id=\"single_secretsmanager_secret-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.secretsmanager.regions.id.secrets'}}\n</script>\n<script>\n    var single_secretsmanager_secret_template = Handlebars.compile($(\"#single_secretsmanager_secret-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.ses.regions.id.identities.html",
    "content": "\n    <!-- SES queue partial -->\n    <script id=\"services.ses.regions.id.identities.partial\" type=\"text/x-handlebars-template\">\n        <div id=\"resource-name\" class=\"list-group-item active\">\n            <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n            <h4 class=\"list-group-item-heading\">Information</h4>\n            <div class=\"list-group-item-text item-margin\">ARN: <samp>{{arn}}</samp></div>\n        </div>\n        <div class=\"list-group-item\">\n            <h4 class=\"list-group-item-heading\">DKIM Configuration</h4>\n            <div class=\"list-group-item-text item-margin\">Enabled: {{DkimEnabled}}</div>\n            <div class=\"list-group-item-text item-margin\">Verification Status: {{DkimVerificationStatus}}</div>\n        </div>\n        <div class=\"list-group-item\">\n          <h4 class=\"list-group-item-heading\">Policies</h4>\n          {{#each policies}}\n              {{> accordion_policy name = (append @key ' (' arn ')') policy_path = (concat 'ses.regions' region 'identities' @../key 'policies' @index) document = this}}\n          {{/each}}\n        </div>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.ses.regions.id.identities\", $(\"#services\\\\.ses\\\\.regions\\\\.id\\\\.identities\\\\.partial\").html());\n    </script>\n\n    <!-- Single SES queue template -->\n    <script id=\"single_ses_queue-template\" type=\"text/x-handlebars-template\">\n        {{> modal-template template='services.ses.regions.id.identities'}}\n    </script>\n    <script>\n        var single_ses_queue_template = Handlebars.compile($(\"#single_ses_queue-template\").html());\n    </script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.sns.regions.id.topics.html",
    "content": "\n    <!-- SNS topic partial -->\n    <script id=\"services.sns.regions.id.topics.partial\" type=\"text/x-handlebars-template\">\n        <div id=\"resource-name\" class=\"list-group-item active\">\n          <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n          <h4 class=\"list-group-item-heading\">Information</h4>\n          <div class=\"list-group-item-text item-margin\">Region: {{region}}</div>\n          <div class=\"list-group-item-text item-margin\">ARN: {{arn}}</div>\n          <div class=\"list-group-item-text item-margin\">Display name: {{DisplayName}}</div>\n          <div class=\"list-group-item-text item-margin\" id=\"sns.regions.{{region}}.topics.{{@key}}.encrypted\">Encrypted: {{#if KmsMasterKeyId}} True {{else}} False {{/if}}</div>\n        </div>\n        {{#if Policy}}\n          <div class=\"list-group-item\">\n            {{> accordion_policy name = 'Access Control Policy' policy_path = (concat 'sns.regions' region 'topics' @key 'Policy') document = Policy}}\n          </div>\n        {{/if}}\n        {{#if DeliveryPolicy}}\n          <div class=\"list-group-item\">\n            {{> accordion_policy name = 'Delivery Policy' policy_path = (concat 'sns.regions' region 'topics' @key 'DeliveryPolicy') document = DeliveryPolicy}}\n          </div>\n        {{/if}}\n        <div class=\"list-group-item\">\n            {{#if EffectiveDeliveryPolicy}}\n                {{> accordion_policy name = 'Effective Delivery Policy' policy_path = (concat 'sns.regions' region 'topics' @key 'EffectiveDeliveryPolicy') document = EffectiveDeliveryPolicy}}\n            {{else}}\n                <h4 class=\"list-group-item-heading accordion-heading text-secondary\">Effective Delivery Policy</h4>\n            {{/if}}\n        </div>\n        <div class=\"list-group-item\">\n          <div class=\"accordion\">\n            <h4 class=\"list-group-item-heading accordion-heading\">Subscriptions\n                {{> count_badge count=subscriptions_count}}\n            </h4>\n            <div id=\"sns.regions.{{region}}.topics.{{@key}}.subscriptions\" class=\"accordion-body\">\n              <div class=\"accordion-inner\">\n                <ul>\n                {{#each subscriptions.protocol}}\n                  <li>{{makeTitle @key}}</li>\n                  <ul>\n                    {{#each this}}\n                       <li>Endpoint: <samp>{{Endpoint}}</samp></li>\n                       <li>ARN: <samp>{{arn}}</samp></li>\n                    {{/each}}\n                  </ul>\n                {{/each}}\n                </ul>\n              </div>\n            </div>\n          </div>\n        </div>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.sns.regions.id.topics\", $(\"#services\\\\.sns\\\\.regions\\\\.id\\\\.topics\\\\.partial\").html());\n    </script>\n\n    <!-- Single SNS topic template -->\n    <script id=\"single_sns_topic-template\" type=\"text/x-handlebars-template\">\n        {{> modal-template template='services.sns.regions.id.topics'}}\n    </script>\n    <script>\n        var single_sns_topic_template = Handlebars.compile($(\"#single_sns_topic-template\").html());\n    </script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.sqs.regions.id.queues.html",
    "content": "\n    <!-- SNS queue partial -->\n    <script id=\"services.sqs.regions.id.queues.partial\" type=\"text/x-handlebars-template\">\n        <div id=\"resource-name\" class=\"list-group-item active\">\n          <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n          <h4 class=\"list-group-item-heading\">Information</h4>\n          <div class=\"list-group-item-text item-margin\">Region: {{region}}</div>\n          <div class=\"list-group-item-text item-margin\">ARN: {{arn}}</div>\n          <div class=\"list-group-item-text item-margin\">KMS master key id:\n            <span id=\"sqs.regions.{{region}}.queues.{{@key}}.server-side-encryption-disabled\">\n              {{#if kms_master_key_id}} {{kms_master_key_id}} {{else}} None {{/if}}\n            </span>\n          </div>\n          <div class=\"list-group-item-text item-margin\">SQS-managed encryption keys:\n            <span id=\"sqs.regions.{{region}}.queues.{{@key}}.server-side-encryption-disabled\">\n              {{#ifEqual sqs_managed_sse_enabled \"true\"}} Enabled {{else}} Disabled {{/ifEqual}}\n            </span>\n          </div>\n          <div class=\"list-group-item-text item-margin\">Created on: {{CreatedTimestamp}}</div>\n        </div>\n        <div class=\"list-group-item\">\n            {{#if Policy.Statement.length}}\n                {{> accordion_policy name = 'Access Control Policy' policy_path = (concat 'sqs.regions' region 'queues' @key 'Policy') document = Policy}}\n            {{else}}\n                <h4 class=\"list-group-item-heading accordion-heading text-secondary\">Access Control Policy</h4>\n            {{/if}}\n        </div>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.sqs.regions.id.queues\", $(\"#services\\\\.sqs\\\\.regions\\\\.id\\\\.queues\\\\.partial\").html());\n    </script>\n\n    <!-- Single SNS queue template -->\n    <script id=\"single_sqs_queue-template\" type=\"text/x-handlebars-template\">\n        {{> modal-template template='services.sqs.regions.id.queues'}}\n    </script>\n    <script>\n        var single_sqs_queue_template = Handlebars.compile($(\"#single_sqs_queue-template\").html());\n    </script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.stackdriverlogging.sinks.html",
    "content": "\n<!-- Stackdriver Logging sinks partial -->\n<script id=\"services.stackdriverlogging.sinks.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"stackdriverlogging.sinks.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Filter: <span id=\"stackdriverlogging.sinks.{{@key}}.filter\"><code>{{filter}}</code></span></div>\n        <div class=\"list-group-item-text item-margin\">Destination: <span id=\"stackdriverlogging.sinks.{{@key}}.destination\"><code>{{destination}}</code></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.stackdriverlogging.sinks\", $(\"#services\\\\.stackdriverlogging\\\\.sinks\\\\.partial\").html());\n</script>\n\n<!-- Single stackdriverlogging sink template -->\n<script id=\"single_stackdriverlogging_sink-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.stackdriverlogging.sinks'}}\n</script>\n<script>\n    var single_stackdriverlogging_sink_template = Handlebars.compile($(\"#single_stackdriverlogging_sink-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.flow_logs.html",
    "content": "<!-- vpc flow_logs -->\n<script id=\"services.vpc.regions.id.flow_logs.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"vpc.regions.{{region}}.flow_logs.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Resource ID: <span id=\"vpc.regions.{{region}}.flow_logs.{{@key}}.resource_id\"><samp>{{value_or_none resource_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">ARN: <span id=\"vpc.regions.{{region}}.flow_logs.{{@key}}.arn\"><samp>{{value_or_none arn}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Creation Time: <span id=\"vpc.regions.{{region}}.flow_logs.{{@key}}.creation_time\"><samp>{{format_date creation_time}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Flow Log Status: <span id=\"vpc.regions.{{region}}.flow_logs.{{@key}}.flow_log_status\"><samp>{{value_or_none flow_log_status}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Deliver Logs Status: <span id=\"vpc.regions.{{region}}.flow_logs.{{@key}}.deliver_logs_status\"><samp>{{value_or_none deliver_logs_status}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Deliver Logs Error Message: <span id=\"vpc.regions.{{region}}.flow_logs.{{@key}}.deliver_logs_error_message\"><samp>{{value_or_none deliver_logs_error_message}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Traffic Type: <span id=\"vpc.regions.{{region}}.flow_logs.{{@key}}.traffic_type\"><samp>{{value_or_none traffic_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Log Destination Type: <span id=\"vpc.regions.{{region}}.flow_logs.{{@key}}.log_destination_type\"><samp>{{value_or_none log_destination_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Log Destination: <span id=\"vpc.regions.{{region}}.flow_logs.{{@key}}.log_destination\"><samp>{{value_or_none log_destination}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Log Format: <span id=\"vpc.regions.{{region}}.flow_logs.{{@key}}.log_format\"><samp>{{value_or_none log_format}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Max Aggregation Interval: <span id=\"vpc.regions.{{region}}.flow_logs.{{@key}}.max_aggregation_interval\"><samp>{{value_or_none max_aggregation_interval}}</samp></span></div>\n    </div>\n    {{#if tags}}\n    <div class=\"list-group-item\">\n        <h4>Tags</h4>\n        <ul>\n            {{#each tags}}\n            <li class=\"list-group-item-text\"><samp>{{Key}}</samp>: <samp>{{Value}}</samp></li>\n            {{/each}}\n        </ul>\n    </div>\n    {{/if}}\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.vpc.regions.id.flow_logs\", $(\"#services\\\\.vpc\\\\.regions\\\\.id\\\\.flow_logs\\\\.partial\").html());\n</script>\n\n<!-- Single vpc flow_log template -->\n<script id=\"single_vpc_flow_log-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.vpc.regions.id.flow_logs'}}\n</script>\n<script>\n    var single_vpc_flow_log_template = Handlebars.compile($(\"#single_vpc_flow_log-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.peering_connections.html",
    "content": "\n    <!-- VPC peering connection partial -->\n    <script id=\"services.vpc.regions.id.peering_connections.partial\" type=\"text/x-handlebars-template\">\n        <div id=\"resource-name\" class=\"list-group-item active\">\n            <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n            <div class=\"list-group-item-text\">Status: {{Status.Message}}</div>\n            <div class=\"list-group-item-text\">ARN: <samp>{{arn}}</samp></div>\n        </div>\n        {{> services.vpc.regions.id.peering_connections.vpc_info vpc_info = RequesterVpcInfo vpc_role = 'Requester'}}\n        {{> services.vpc.regions.id.peering_connections.vpc_info vpc_info = AccepterVpcInfo vpc_role = 'Accepter'}}\n        {{#if Tags}}\n        <div class=\"list-group-item\">\n            <h4>Tags</h4>\n            <ul>\n                {{#each Tags}}\n                <li class=\"list-group-item-text\"><samp>{{Key}}</samp>: <samp>{{Value}}</samp></li>\n                {{/each}}\n            </ul>\n        </div>\n        {{/if}}\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.vpc.regions.id.peering_connections\", $(\"#services\\\\.vpc\\\\.regions\\\\.id\\\\.peering_connections\\\\.partial\").html());\n    </script>\n\n    <!-- VPC info (accepter & requester) info -->\n    <script id=\"services.vpc.regions.id.peering_connections.vpc_info\" type=\"text/x-handlebars-template\">\n        <div class=\"list-group-item\">\n            <h4 class=\"list-group-item-heading\">{{vpc_role}} VPC</h4>\n            <ul>\n                <li class=\"list-group-item-text\">Account ID: <samp>{{vpc_info.OwnerId}}</samp></li>\n                <li class=\"list-group-item-text\">VPC ID: <samp>{{vpc_info.VpcId}}</samp></li>\n                <li class=\"list-group-item-text\">CIDR: <samp>{{vpc_info.CidrBlock}}</samp></li>\n                {{#if vpc_info.PeeringOptions}}\n                <li class=\"list-group-item-text\">Peering options:\n                    <ul>\n                        {{#each vpc_info.PeeringOptions}}\n                            <li class=\"list-group-item-text\">{{@key}}: {{convert_bool_to_enabled this}}</li>\n                        {{/each}}\n                    </ul>\n                </li>\n                {{/if}}\n            </ul>\n        </div>\n    </script>\n    <script>\n        Handlebars.registerPartial(\"services.vpc.regions.id.peering_connections.vpc_info\", $(\"#services\\\\.vpc\\\\.regions\\\\.id\\\\.peering_connections\\\\.vpc_info\").html());\n    </script>\n\n    <!-- Single VPC Subnet template -->\n    <script id=\"single_vpc_peering_connection-template\" type=\"text/x-handlebars-template\">\n        {{> modal-template template='services.vpc.regions.id.peering_connections'}}\n    </script>\n    <script>\n        var single_vpc_peering_connection_template = Handlebars.compile($(\"#single_vpc_peering_connection-template\").html());\n    </script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html",
    "content": "\n    <!-- VPC partial -->\n    <script id=\"services.vpc.regions.id.vpcs.partial\" type=\"text/x-handlebars-template\">\n        <div id=\"resource-name\" class=\"list-group-item active\">\n          <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n            <h4 class=\"list-group-item-heading\">Information</h4>\n            <div class=\"list-group-item-text\">ID: <samp>{{@key}}</samp></div>\n            <div class=\"list-group-item-text\">ARN: <samp>{{arn}}</samp></div>\n            <div class=\"list-group-item-text\">Region: <samp>{{region}}</samp></div>\n            <div class=\"list-group-item-text\">State: <samp>{{state}}</samp></div>\n            <div class=\"list-group-item-text\">CIDR Block: <samp>{{cidr_block}}</samp></div>\n            <div class=\"list-group-item-text\">Default: <samp>{{default}}</samp></div>\n        </div>\n        <div class=\"list-group-item\" style=\"padding-bottom: 0 !important;\">\n          <div class=\"accordion\">\n            <h4 class=\"list-group-item-heading accordion-heading\">Network ACLs\n              {{> count_badge count=(count_vpc_network_acls network_acls) target=(concat '#services.vpc.regions' region 'vpcs' @key 'network_acls')}}\n            </h4>\n            <div id=\"services.vpc.regions.{{region}}.vpcs.{{@key}}.network_acls\" class=\"accordion-body\">\n              <div class=\"accordion-inner\">\n                <ul class=\"no-bullet\">\n                  {{#each network_acls}}\n                    <li><a href=\"javascript:showObject('services.vpc.regions.{{../region}}.vpcs.{{@../key}}.network_acls.{{@key}}')\">{{@key}}</a></li>\n                  {{/each}}\n                </ul>\n              </div>\n            </div>\n          </div>\n        </div>\n        <div class=\"list-group-item\" style=\"padding-bottom: 0 !important;\">\n          <div class=\"accordion\">\n            <h4 class=\"list-group-item-heading accordion-heading\">Instances\n                {{> count_badge count=(count_vpc_instances instances) target=(concat '#services.vpc.regions' region 'vpcs' @key 'instances')}}\n            </h4>\n            <div id=\"services.vpc.regions.{{region}}.vpcs.{{@key}}.instances\" class=\"accordion-body\">\n              <ul>\n                {{#each instances}}\n                  <li class=\"list-group-item-text\"><a href=\"javascript:showObject('services.ec2.regions.{{../region}}.vpcs.{{@../key}}.instances.{{this}}')\">\n                    {{getValueAt 'services.ec2.regions' ../region 'vpcs' @../key 'instances' this 'name'}}\n                  </a></li>\n                {{/each}}\n              </ul>\n            </div>\n          </div>\n        </div>\n        <div class=\"list-group-item\">\n            <h4 class=\"list-group-item-heading accordion-heading\" id=\"vpc.regions.{{region}}.vpcs.{{vpc}}.subnets.{{@key}}.no_flowlog\">Flow logs\n                {{> count_badge count=flow_logs.length}}\n            </h4>\n            <ul>\n                {{#each flow_logs}}\n                <li><a href=\"javascript:showObject('services.vpc.regions.{{../region}}.flow_logs.{{this}}')\">{{this}}</a></li>\n                {{/each}}\n            </ul>\n        </div>\n        <div class=\"list-group-item\" style=\"padding-bottom: 0 !important\">\n            {{> accordion region = region items = peering_connections\n                title = 'Peering Connections'\n                item_partial = 'services.vpc.regions.vpcs.peering_connections'\n                accordion_id = (concat 'services.vpc.regions' region 'vpcs' @key 'peering_connections')\n            }}\n        </div>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.vpc.regions.id.vpcs\", $(\"#services\\\\.vpc\\\\.regions\\\\.id\\\\.vpcs\\\\.partial\").html());\n    </script>\n\n    <!-- Single VPC template -->\n    <script id=\"single_vpc-template\" type=\"text/x-handlebars-template\">\n        {{> modal-template template='services.vpc.regions.id.vpcs'}}\n    </script>\n    <script>\n        var single_vpc_template = Handlebars.compile($(\"#single_vpc-template\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.network_acls.html",
    "content": "\n    <!-- VPC Network ACL partial -->\n    <script id=\"services.vpc.regions.id.vpcs.id.network_acls.partial\" type=\"text/x-handlebars-template\">\n        <div id=\"resource-name\" class=\"list-group-item active\">\n            <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n        <div class=\"list-group-item\">\n            <h4 class=\"list-group-item-heading\">Information</h4>\n            <div class=\"list-group-item-text item-margin\">ID: <samp>{{id}}</samp></div>\n            <div class=\"list-group-item-text item-margin\">ARN: <samp>{{arn}}</samp></div>\n            <div class=\"list-group-item-text item-margin\">Default: <samp>{{IsDefault}}</samp></div>\n        </div>\n        {{#each rules}}\n            <div class=\"list-group-item\">\n                <h4 class=\"list-group-item-heading\">{{makeTitle @key}} rules</h4>\n                <table class=\"table-striped\" width=\"100%\">\n                    <tr>\n                        <td width=\"20%\" class=\"text-center\">Rule number</td>\n                        <td width=\"20%\" class=\"text-center\">Port</td>\n                        <td width=\"20%\" class=\"text-center\">Protocol</td>\n                        <td width=\"20%\" class=\"text-center\">IP address</td>\n                        <td width=\"20%\" class=\"text-center\">Action</td>\n                    </tr>\n                    {{#each this}}\n                        <tr id=\"vpc.regions.{{../../region}}.vpcs.{{../../vpc}}.network_acls.{{@../../key}}.{{@../key}}.{{@key}}\">\n                            <td width=\"20%\" class=\"text-center\">{{@key}}</td>\n                            <td width=\"20%\" class=\"text-center\">{{port_range}}</td>\n                            <td width=\"20%\" class=\"text-center\">{{protocol}}</td>\n                            <td width=\"20%\" class=\"text-center\">{{CidrBlock}}</td>\n                            <td width=\"20%\" class=\"text-center\">{{RuleAction}}</td>\n                        </tr>\n                    {{/each}}\n                </table>\n            </div>\n        {{/each}}\n        <div class=\"list-group-item\">\n            <h4 class=\"list-group-item-heading\">Associated Subnets</h4>\n            {{#if Associations}}\n                <ul>\n                {{#each Associations}}\n                    <li class=\"list-group-item-text\">\n                        {{> resource_link resource_path = (concat 'services.vpc.regions' ../region 'vpcs' ../vpc 'subnets' SubnetId)}}\n                    </li>\n                {{/each}}\n                </ul>\n                {{else}}\n                    {{#unless IsDefault}}\n                        <span id=\"vpc.regions.{{region}}.vpcs.{{vpc}}.network_acls.{{@key}}.unused\" class=\"finding-hidden item-margin\">\n                            <i class=\"fa fa-exclamation-triangle\"></i> This network ACL is not the VPC's default NACL and is not associated with any existing VPC.\n                        </span>\n                    {{/unless}}\n            {{/if}}\n        </div>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.vpc.regions.id.vpcs.id.network_acls\", $(\"#services\\\\.vpc\\\\.regions\\\\.id\\\\.vpcs\\\\.id\\\\.network_acls\\\\.partial\").html());\n    </script>\n\n    <!-- Single VPC Network ACL template -->\n    <script id=\"single_vpc_network_acl-template\" type=\"text/x-handlebars-template\">\n        {{> modal-template template='services.vpc.regions.id.vpcs.id.network_acls'}}\n    </script>\n    <script>\n        var single_vpc_network_acl_template = Handlebars.compile($(\"#single_vpc_network_acl-template\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.peering_connections.html",
    "content": "\n    <!-- Default accordion item -->\n    <script id=\"services.vpc.regions.vpcs.peering_connections.partial\" type=\"text/x-handlebars-template\">\n        <a href=\"javascript:showObject('services.vpc.regions.{{region}}.peering_connections.{{item}}')\">\n            {{getValueAt (concat 'services.vpc.regions' region 'peering_connections' item 'name')}}\n            ({{getValueAt (concat 'services.vpc.regions' region 'peering_connections' item 'Status.Message')}},\n            {{getValueAt (concat 'services.vpc.regions' region 'peering_connections' item 'peer_info.name')}})\n        </a>\n    </script>\n    <script>\n        Handlebars.registerPartial(\"services.vpc.regions.vpcs.peering_connections\", $(\"#services\\\\.vpc\\\\.regions\\\\.vpcs\\\\.peering_connections\\\\.partial\").html());\n    </script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.subnets.html",
    "content": "\n    <!-- VPC Subnet partial -->\n    <script id=\"services.vpc.regions.id.vpcs.id.subnets.partial\" type=\"text/x-handlebars-template\">\n        <div id=\"resource-name\" class=\"list-group-item active\">\n            <h4 class=\"list-group-item-heading\">{{name}}</h4>\n        </div>\n            <div class=\"list-group-item\">\n                <h4 class=\"list-group-item-heading\">Information</h4>\n                {{#ifEqual name id}}\n                <div class=\"list-group-item-text\">Name: <samp>None</samp></div>\n                {{else}}\n                <div class=\"list-group-item-text\">Name: <samp>{{name}}</samp></div>\n                {{/ifEqual}}\n                <div class=\"list-group-item-text\">ID: <samp>{{id}}</samp></div>\n                <div class=\"list-group-item-text\">ARN: <samp>{{arn}}</samp></div>\n                <div class=\"list-group-item-text\">VPC ID: <samp>{{VpcId}}</samp></div>\n                <div class=\"list-group-item-text\">Availability Zone: <samp>{{AvailabilityZone}}</samp></div>\n                <div class=\"list-group-item-text\">CIDR Block: <samp>{{CidrBlock}}</samp></div>\n                <div class=\"list-group-item-text\">IPv6 CIDR Block: {{value_or_none CidrBlockv6}}</div>\n                <div class=\"list-group-item-text\">Public IP on Launch: {{convert_bool_to_enabled MapPublicIpOnLaunch}}</div>\n            </div>\n            <div class=\"list-group-item\">\n                <h4 class=\"list-group-item-heading accordion-heading\">Instances\n                    {{> count_badge count=instances.length}}\n                </h4>\n                <ul>\n                    {{#each instances}}\n                        <li class=\"list-group-item-text\"><a href=\"javascript:showObject('services.ec2.regions.{{../region}}.vpcs.{{../vpc}}.instances.{{this}}')\">\n                        {{getValueAt 'services.ec2.regions' ../region 'vpcs' ../vpc 'instances' this 'name'}}\n                        </a></li>\n                    {{/each}}\n                </ul>\n            </div>\n            <div class=\"list-group-item\">\n                <h4 class=\"list-group-item-heading accordion-heading\" id=\"vpc.regions.{{region}}.vpcs.{{vpc}}.subnets.{{@key}}.no_flowlog\">Flow logs\n                    {{> count_badge count=flow_logs.length}}\n                </h4>\n                <ul>\n                    {{#each flow_logs}}\n                        <li><a href=\"javascript:showObject('services.vpc.regions.{{../region}}.flow_logs.{{this.FlowLogId}}')\">{{this.FlowLogId}}</a></li>\n                    {{/each}}\n                </ul>\n            </div>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"services.vpc.regions.id.vpcs.id.subnets\", $(\"#services\\\\.vpc\\\\.regions\\\\.id\\\\.vpcs\\\\.id\\\\.subnets\\\\.partial\").html());\n    </script>\n\n    <!-- Single VPC Subnet template -->\n    <script id=\"single_vpc_subnet-template\" type=\"text/x-handlebars-template\">\n        {{> modal-template template='services.vpc.regions.id.vpcs.id.subnets'}}\n    </script>\n    <script>\n        var single_vpc_subnet_template = Handlebars.compile($(\"#single_vpc_subnet-template\").html());\n    </script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/details_for_subscription.html",
    "content": "\n  <!-- Generic partial showing details about subscriptions and their resources -->\n  <script id=\"details_for_subscription.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"services.{{service_name}}.subscriptions.id.{{resource_type}}.details\">\n      {{#each items}}\n        {{#each (lookup . ../resource_type)}}\n          <div class=\"list-group\" id=\"services.{{../../service_name}}.subscriptions.{{@../key}}.{{../../resource_type}}.{{@key}}.view\">\n            {{> (lookup ../.. 'partial_name') service_name = ../../service_name subscription = @../key resource_type = ../../resource_type resource_key = @key resource = this}}\n          </div>\n        {{/each}}\n      {{/each}}\n    </div>\n  </script>\n  <script>\n    Handlebars.registerPartial(\"details_for_subscription\", $(\"#details_for_subscription\\\\.partial\").html());\n  </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/left_menu_for_subscription.html",
    "content": "<!-- Generic left-menu link partial for subscription-then-resource -->\n<script id=\"left_menu_for_subscription.partial\" type=\"text/x-handlebars-template\">\n  <div id=\"services.{{service_name}}.subscriptions.id.{{resource_type}}.list\">\n  <div class=\"list-group\" >\n    <div class=\"list-group-item\">\n      <a href=\"javascript:updateHash('services.{{service_name}}.subscriptions.id.{{resource_type}}')\">Show all <span class=\"badge float-right btn-info\">{{getValueAt 'metadata' service_group service_name 'resources' resource_type 'count'}}</span></a>\n    </div>\n  </div>\n  {{#each items}}\n  <div class=\"list-group\" id=\"services.{{../service_name}}.subscriptions.{{@key}}.{{../resource_type}}.list\">\n    <div class=\"list-group-item active\">\n      <a href=\"#services.{{../service_name}}.subscriptions.{{@key}}.{{../resource_type}}\">{{@key}}</a>\n      <span class=\"float-right\"><a href=\"javascript:hideList('services.{{../service_name}}.subscriptions.{{@key}}.{{../resource_type}}.list')\"><i class=\"fa fa-times-circle\"></i></a></span>\n    </div>\n    <div class=\"list-group-item\">\n      {{#each (lookup . ../resource_type)}}\n      <div class=\"list-group-item list-sub-element\" id=\"services.{{../../service_name}}.subscriptions.{{@../key}}.{{../../resource_type}}.{{@key}}.link\">\n        {{#if scout2_link}}\n        <a href=\"#{{scout2_link}}.view\">{{name}}</a>\n        {{else}}\n        <a href=\"#services.{{../../../service_name}}.subscriptions.{{@../key}}.{{../../../resource_type}}.{{@key}}.view\">{{name}}</a>\n        {{/if}}\n      </div>\n      {{/each}}\n    </div>\n  </div>\n  {{/each}}\n  </div>\n</script>\n<script>\n    Handlebars.registerPartial(\"left_menu_for_subscription\", $(\"#left_menu_for_subscription\\\\.partial\").html());\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.aad.applications.html",
    "content": "\n<!-- aad applications -->\n<script id=\"services.aad.applications.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"aad.applications.{{@key}}.id\"><samp>{{value_or_none id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">App ID: <span id=\"aad.applications.{{@key}}.app_id\"><samp>{{value_or_none app_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Type: <span id=\"aad.applications.{{@key}}.object_type\"><samp>{{value_or_none object_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Sign In Audience: <span id=\"aad.applications.{{@key}}.sign_in_audience\"><samp>{{value_or_none sign_in_audience}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Publisher Domain: <span id=\"aad.applications.{{@key}}.publisher_domain\"><samp>{{value_or_none publisher_domain}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Available To Other Tenants: <span id=\"aad.applications.{{@key}}.available_to_other_tenants\"><samp>{{value_or_none available_to_other_tenants}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Allow Guests Sign-In: <span id=\"aad.applications.{{@key}}.allow_guests_sign_in\"><samp>{{value_or_none allow_guests_sign_in}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Allow Passthrough Users: <span id=\"aad.applications.{{@key}}.allow_passthrough_users\"><samp>{{value_or_none allow_passthrough_users}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Public Client: <span id=\"aad.applications.{{@key}}.public_client\"><samp>{{value_or_none public_client}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Device-Only Auth Supported: <span id=\"aad.applications.{{@key}}.is_device_only_auth_supported\"><samp>{{value_or_none is_device_only_auth_supported}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Pre-Authorized Applications: <span id=\"aad.applications.{{@key}}.pre_authorized_applications\"><samp>{{value_or_none pre_authorized_applications}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Deletion Timestamp: <span id=\"aad.applications.{{@key}}.deletion_timestamp\"><samp>{{value_or_none deletion_timestamp}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Password Credentials\n            {{> count_badge count=password_credentials.length}}\n        </h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each password_credentials}}\n                <li class=\"list-group-item-text\">ID: <samp>{{value_or_none this.key_id}}</samp></li>\n                <ul>\n                    <li class=\"list-group-item-text\">Start Date: {{format_date this.start_date}}</li>\n                    <li class=\"list-group-item-text\">End Date: {{format_date this.end_date}}</li>\n                </ul>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.aad.applications\", $(\"#services\\\\.aad\\\\.applications\\\\.partial\").html());\n</script>\n\n<!-- Single aad application template -->\n<script id=\"single_aad_application-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.aad.applications'}}\n</script>\n<script>\n    var single_aad_application_template = Handlebars.compile($(\"#single_aad_application-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.aad.groups.html",
    "content": "\n<!-- aad groups -->\n<script id=\"services.aad.groups.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"aad.groups.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Type: <span id=\"aad.groups.{{@key}}.object_type\"><samp>{{value_or_none object_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Mail Nickname: <span id=\"aad.groups.{{@key}}.mail_nickname\"><samp>{{value_or_none mail_nickname}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Mail Status: <span id=\"aad.groups.{{@key}}.mail_enabled\">{{convert_bool_to_enabled mail_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Mail: <span id=\"aad.groups.{{@key}}.mail\"><samp>{{value_or_none mail}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Security Status: <span id=\"aad.groups.{{@key}}.security_enabled\">{{convert_bool_to_enabled security_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Deletion Timestamp: <span id=\"aad.groups.{{@key}}.deletion_timestamp\"><samp>{{value_or_none deletion_timestamp}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Role Assignments\n            {{> count_badge count=roles.length}}\n        </h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each roles}}\n                <li class=\"list-group-item-text\"><a href=\"javascript:showObject('services.rbac.subscriptions.{{this.subscription_id}}.roles', 'id', '{{this.role_id}}')\">{{getValueAt 'services.rbac.subscriptions' this.subscription_id 'roles' this.role_id 'name'}}</a> (subscription <samp>{{this.subscription_id}}</samp>)</li></a></li>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Members\n            {{> count_badge count=users.length}}\n        </h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each users}}\n                <li class=\"list-group-item-text\"><a href=\"javascript:showObject('services.aad.users', 'id', '{{this}}')\">{{getValueAt 'services.aad.users' this 'name'}}</a></li></a></li>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.aad.groups\", $(\"#services\\\\.aad\\\\.groups\\\\.partial\").html());\n</script>\n\n<!-- Single aad group template -->\n<script id=\"single_aad_group-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.aad.groups'}}\n</script>\n<script>\n    var single_aad_group_template = Handlebars.compile($(\"#single_aad_group-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.aad.policies.html",
    "content": "<!-- aad policies -->\n<script id=\"services.aad.policies.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"aad.policies.authorizationPolicy.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Allow Invites From: <span id=\"aad.policies.{{@key}}.allow_invites_from\"><samp>{{value_or_none allow_invites_from}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Allowed To Create Apps: <span id=\"aad.policies.{{@key}}.allowed_to_create_apps\"><samp>{{convert_bool_to_enabled allowed_to_create_apps}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Allowed To Create Security Groups: <span id=\"aad.policies.{{@key}}.allowed_to_create_security_groups\">{{convert_bool_to_enabled allowed_to_create_security_groups}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Allowed To Read Other Users: <span id=\"aad.policies.{{@key}}.allowed_to_read_other_users\"><samp>{{convert_bool_to_enabled allowed_to_read_other_users}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Allow Email Verified Users To Join Organization: <span id=\"aad.policies.{{@key}}.allow_email_verified_users_to_join_organization\">{{convert_bool_to_enabled allow_email_verified_users_to_join_organization}}</span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.aad.policies\", $(\"#services\\\\.aad\\\\.policies\\\\.partial\").html());\n</script>\n\n<!-- Single aad group template -->\n<script id=\"single_aad_policy-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.aad.policies'}}\n</script>\n<script>\n    var single_aad_policy_template = Handlebars.compile($(\"#single_aad_policy-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.aad.service_principals.html",
    "content": "\n<!-- aad service_principals -->\n<script id=\"services.aad.service_principals.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"aad.service_principals.{{@key}}.id\"><samp>{{value_or_none id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Tags: \n            {{#each tags}}\n                <div\n                    style=\"border-radius: 5px; -webkit-border-radius: 5px; float: center; background-color: #c2c2d6; padding: 0.1px; text-align: center; display: inline-flex;\">\n                    <samp>{{value_or_none this}}</samp>\n                </div>&nbsp;&nbsp;\n            {{else}}\n                <div style=\"display: inline-flex;\"><samp>None</samp></div>\n            {{/each}}\n        </div>\n        <div class=\"list-group-item-text item-margin\">Status: <span id=\"aad.service_principals.{{@key}}.account_enabled\">{{convert_bool_to_enabled account_enabled}}</span></div>\n        {{#if app_name}}\n            <div class=\"list-group-item-text item-margin\">App: <a href=\"javascript:showObject('services.aad.applications', 'app_id', '{{app_id}}')\">{{value_or_none app_name}}</a></span></div>\n        {{else}}\n            <div class=\"list-group-item-text item-margin\">App: {{value_or_none app_name}}</a></span></div>\n        {{/if}}\n        <div class=\"list-group-item-text item-margin\">App Owner Tenant ID: <span id=\"aad.service_principals.{{@key}}.app_owner_tenant_id\"><samp>{{value_or_none app_owner_tenant_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">App Role Assignment Required: <span id=\"aad.service_principals.{{@key}}.app_role_assignment_required\"><samp>{{value_or_none app_role_assignment_required}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Type: <span id=\"aad.service_principals.{{@key}}.object_type\"><samp>{{value_or_none object_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Service Principal Type: <span id=\"aad.service_principals.{{@key}}.service_principal_type\"><samp>{{value_or_none service_principal_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Publisher Name: <span id=\"aad.service_principals.{{@key}}.publisher_name\"><samp>{{value_or_none publisher_name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Deletion Timestamp: <span id=\"aad.service_principals.{{@key}}.deletion_timestamp\"><samp>{{value_or_none deletion_timestamp}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Roles\n            {{> count_badge count=roles.length}}\n        </h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each roles}}\n                <li class=\"list-group-item-text\"><a href=\"javascript:showObject('services.rbac.subscriptions.{{this.subscription_id}}.roles', 'id', '{{this.role_id}}')\">{{getValueAt 'services.rbac.subscriptions' this.subscription_id 'roles' this.role_id 'name'}}</a> (subscription <samp>{{this.subscription_id}}</samp>)</li></a></li>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Keys\n            {{> count_badge count=key_credentials.length}}\n        </h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each key_credentials}}\n                <li class=\"list-group-item-text\">ID: <samp>{{value_or_none this.key_id}}</samp></li>\n                <ul>\n                    <li class=\"list-group-item-text\">Type: <samp>{{value_or_none this.type}}</samp></li>\n                    <li class=\"list-group-item-text\">Usage: <samp>{{value_or_none this.usage}}</samp></li>\n                    <li class=\"list-group-item-text\">Start Date: {{format_date this.start_date}}</li>\n                    <li class=\"list-group-item-text\">End Date: {{format_date this.end_date}}</li>\n                </ul>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.aad.service_principals\", $(\"#services\\\\.aad\\\\.service_principals\\\\.partial\").html());\n</script>\n\n<!-- Single aad service_principal template -->\n<script id=\"single_aad_service_principal-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.aad.service_principals'}}\n</script>\n<script>\n    var single_aad_service_principal_template = Handlebars.compile($(\"#single_aad_service_principal-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.aad.users.html",
    "content": "\n<!-- aad users -->\n<script id=\"services.aad.users.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Principal Name: <span id=\"aad.users.{{@key}}.user_principal_name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Display Name: <span id=\"aad.users.{{@key}}.display_name\"><samp>{{value_or_none display_name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Given Name: <span id=\"aad.users.{{@key}}.given_name\"><samp>{{value_or_none given_name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Surname: <span id=\"aad.users.{{@key}}.surname\"><samp>{{value_or_none surname}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Mail Nickname: <span id=\"aad.users.{{@key}}.mail_nickname\"><samp>{{value_or_none mail_nickname}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Mail: <span id=\"aad.users.{{@key}}.mail\"><samp>{{value_or_none mail}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Sign-In Names: <span id=\"aad.users.{{@key}}.sign_in_names\"><samp>{{value_or_none sign_in_names}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Type: <span id=\"aad.users.{{@key}}.user_type\"><samp>{{value_or_none user_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Status: <span id=\"aad.users.{{@key}}.account_enabled\">{{convert_bool_to_enabled account_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Usage Location: <span id=\"aad.users.{{@key}}.usage_location\"><samp>{{value_or_none usage_location}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Deletion Timestamp: <span id=\"aad.users.{{@key}}.deletion_timestamp\"><samp>{{value_or_none deletion_timestamp}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\" id=\"aad.users.{{@key}}.roles\">Roles\n            {{> count_badge count=roles.length}}\n        </h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each roles}}\n                <li class=\"list-group-item-text\"><a href=\"javascript:showObject('services.rbac.subscriptions.{{this.subscription_id}}.roles', 'id', '{{this.role_id}}')\">{{getValueAt 'services.rbac.subscriptions' this.subscription_id 'roles' this.role_id 'name'}}</a> (subscription <samp>{{this.subscription_id}}</samp>)</li></a></li>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Groups\n            {{> count_badge count=groups.length}}\n        </h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each groups}}\n                <li class=\"list-group-item-text\"><a href=\"javascript:showObject('services.aad.groups', 'id', '{{this}}')\">{{getValueAt 'services.aad.groups' this 'name'}}</a></li></a></li>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.aad.users\", $(\"#services\\\\.aad\\\\.users\\\\.partial\").html());\n</script>\n\n<!-- Single aad user template -->\n<script id=\"single_aad_user-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.aad.users'}}\n</script>\n<script>\n    var single_aad_user_template = Handlebars.compile($(\"#single_aad_user-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html",
    "content": "<!-- appservice web_apps -->\n<script id=\"services.appservice.subscriptions.id.web_apps.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Resource Group: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.resource_group\"><samp>{{value_or_none resource_group}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Repository Site Name: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.repository_site_name\"><samp>{{value_or_none repository_site_name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Location: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.location\"><samp>{{value_or_none location}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Last Modified Time:<span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.last_modified_time_utc\">{{format_date last_modified_time_utc}}</span></div>\n        <div class=\"list-group-item-text item-margin\">State: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.state\"><samp>{{value_or_none state}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Usage State: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.usage_state\"><samp>{{value_or_none usage_state}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Availability State: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.availability_state\"><samp>{{value_or_none availability_state}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Kind: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.kind\"><samp>{{value_or_none kind}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Programming Language: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.programming_language\"><samp>{{value_or_none programming_language}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Programming Language Version: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.programming_language_version\"><samp>{{value_or_none programming_language_version}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Tags:\n            {{#each tags}}\n                <div\n                    style=\"border-radius: 5px; -webkit-border-radius: 5px; float: center; background-color: #c2c2d6; padding: 0.1px; text-align: center; display: inline-flex;\">\n                    <samp>{{value_or_none this}}</samp>\n                </div>&nbsp;&nbsp;\n            {{else}}\n                <div style=\"display: inline-flex;\"><samp>None</samp></div>\n            {{/each}}\n        </div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Configuration</h4>\n        <div class=\"list-group-item-text item-margin\">Authentication: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.authentication_enabled\">{{convert_bool_to_enabled authentication_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">HTTPS-Only Traffic: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.https_only\">{{convert_bool_to_enabled https_only}}</span></div>\n        <div class=\"list-group-item-text item-margin\">HTTPS 2.0 Support: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.http_2_enabled\">{{convert_bool_to_enabled http_2_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">HTTP Logging: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.http_logging_enabled\">{{convert_bool_to_enabled http_logging_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">FTP Deployment : <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.ftp_deployment_enabled\">{{convert_bool_to_enabled ftp_deployment_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Minimum TLS Version Supported: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.minimum_tls_supported\"><samp>{{value_or_none minimum_tls_version_supported}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Client Certificates: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.client_cert_enabled\">{{convert_bool_to_enabled client_cert_enabled}}</span></div>\n    </div>\n    {{#if identity}}\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Identities</h4>\n        <div class=\"list-group-item-text item-margin\">System Assigned Identity: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.identity.managed_principal_id\"><samp>{{value_or_none identity.principal_id}}</samp></span></div>\n        {{#if identity.user_assigned_identities}}\n        <div class=\"list-group-item-text item-margin\">\n            User Assigned Identities:\n            {{#each identity.user_assigned_identities}}\n            <ul>\n                <li><samp>{{this.principal_id}}</samp></li>\n            </ul>\n            {{/each}}\n        </div>\n        {{/if}}\n    </div>\n    {{/if}}\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Networking</h4>\n        <div class=\"list-group-item-text item-margin\">Default Host Name: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.default_host_name\"><samp>{{value_or_none default_host_name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Outbound IP Addresses: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.outbound_ip_addresses\">\n            <ul>\n            {{#each outbound_ip_addresses}}\n                <li><samp>{{this}}</samp></li>\n            {{/each}}\n            </ul>\n        </div>\n        <div class=\"list-group-item-text item-margin\">Possible Outbound IP Addresses: <span id=\"appservice.subscriptions.{{subscription}}.web_apps.{{@key}}.possible_outbound_ip_addresses\">\n            <ul>\n            {{#each possible_outbound_ip_addresses}}\n                <li><samp>{{this}}</samp></li>\n            {{/each}}\n            </ul>\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.appservice.subscriptions.id.web_apps\", $(\"#services\\\\.appservice\\\\.subscriptions\\\\.id\\\\.web_apps\\\\.partial\").html());\n</script>\n\n<!-- Single appservice web_app template -->\n<script id=\"single_appservice_web_app-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.appservice.subscriptions.id.web_apps'}}\n</script>\n<script>\n    var single_appservice_web_app_template = Handlebars.compile($(\"#single_appservice_web_app-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.keyvault.subscriptions.id.vaults.html",
    "content": "<!-- Key Vault partial -->\n<script id=\"services.keyvault.subscriptions.id.vaults.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"keyvault.subscriptions.{{@../key}}.vaults.{{@key}}.id\"><samp>{{ id }}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Location: <span id=\"keyvault.subscriptions.{{@../key}}.vaults.{{@key}}.location\"><samp>{{value_or_none location}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Public Access: <span id=\"keyvault.subscriptions.{{@../key}}.vaults.{{@key}}.public_access_allowed\">{{ convert_bool_to_enabled public_access_allowed }}</span></div>\n        <div class=\"list-group-item-text item-margin\">Vault Recoverable: <span id=\"keyvault.subscriptions.{{@../key}}.vaults.{{@key}}.recovery_protection_enabled\">{{ recovery_protection_enabled }}</span></div>\n        <div class=\"list-group-item-text item-margin\">RBAC Permission Model: <span id=\"keyvault.subscriptions.{{@../key}}.vaults.{{@key}}.rbac_authorization_enabled\">{{ convert_bool_to_enabled rbac_authorization_enabled }}</span></div>\n        <div class=\"list-group-item-text item-margin\">Tags:\n            {{#each tags}}\n                <div\n                    style=\"border-radius: 5px; -webkit-border-radius: 5px; float: center; background-color: #c2c2d6; padding: 0.1px; text-align: center; display: inline-flex;\">\n                    <samp>{{value_or_none this}}</samp>\n                </div>&nbsp;&nbsp;\n            {{else}}\n                <div style=\"display: inline-flex;\"><samp>None</samp></div>\n            {{/each}}\n        </div>\n        <div class=\"list-group-item-text item-margin\">Resource group: <span id=\"keyvault.subscriptions.{{@../key}}.vaults.{{@key}}.resource_group_name\"><samp>{{value_or_none resource_group_name}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.keyvault.subscriptions.id.vaults\", $(\"#services\\\\.keyvault\\\\.subscriptions\\\\.id\\\\.vaults\\\\.partial\").html());\n</script>\n\n<!-- Single Key Vault template -->\n<script id=\"single_keyvault_vaults-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.keyvault.vaults' }}\n</script>\n<script>\n    var single_keyvault_vaults_template = Handlebars.compile($(\"#single_keyvault_vaults-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.diagnostic_settings.html",
    "content": "<!-- Logging and Monitoring Diagnostic-->\n<script id=\"services.loggingmonitoring.subscriptions.id.diagnostic_settings.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Diagnostic setting exists: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.diagnostic_settings.{{@key}}.diagnostic_exist\"><samp>{{diagnostic_exist}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.loggingmonitoring.subscriptions.id.diagnostic_settings\", $(\"#services\\\\.loggingmonitoring\\\\.subscriptions\\\\.id\\\\.diagnostic_settings\\\\.partial\").html());\n</script>\n\n<!-- Single loggingmonitoring diagnostic template -->\n<script id=\"single_loggingmonitoring_diagnostic_settings-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.loggingmonitoring.subscriptions.id.diagnostic_settings'}}\n</script>\n<script>\n    var single_loggingmonitoring_diagnostic_settings_template = Handlebars.compile($(\"#single_loggingmonitoring_diagnostic_settings-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.log_alerts.html",
    "content": "<!-- Logging and Monitoring Log Alerts-->\n<script id=\"services.loggingmonitoring.subscriptions.id.log_alerts.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Create Policy Assignment activity log alert exist: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_alerts.{{@key}}.create_policy_assignment_exist\"><samp>{{value_or_none create_policy_assignment_exist}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Create or update Network Security Group activity log alert exist: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_alerts.{{@key}}.create_update_NSG_exist\"><samp>{{value_or_none create_update_NSG_exist}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Delete Network Security Group activity log alert exist: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_alerts.{{@key}}.delete_NSG_exist\"><samp>{{value_or_none delete_NSG_exist}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Create or update Network Security Group Rule activity log alert exist: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_alerts.{{@key}}.create_update_NSG_rule_exist\"><samp>{{value_or_none create_update_NSG_rule_exist}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Delete Network Security Group Rule activity log alert exist: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_alerts.{{@key}}.delete_NSG_rule_exist\"><samp>{{value_or_none delete_NSG_rule_exist}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Create or update Security Solution activity log alert exist: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_alerts.{{@key}}.create_update_security_solution_exist\"><samp>{{value_or_none create_update_security_solution_exist}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Delete Security Solution activity log alert exist: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_alerts.{{@key}}.delete_security_solution_exist\"><samp>{{value_or_none delete_security_solution_exist}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Create our update or delete SQL Server Firewall Rule activity log alert exist: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_alerts.{{@key}}.create_delete_firewall_rule_exist\"><samp>{{value_or_none create_delete_firewall_rule_exist}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.loggingmonitoring.subscriptions.id.log_alerts\", $(\"#services\\\\.loggingmonitoring\\\\.subscriptions\\\\.id\\\\.log_alerts\\\\.partial\").html());\n</script>\n\n<!-- Single loggingmonittoring log alerts template -->\n<script id=\"single_loggingmonitoring_log_alerts-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.loggingmonitoring.subscriptions.id.log_alerts'}}\n</script>\n<script>\n    var single_loggingmonitoring_log_alerts_template = Handlebars.compile($(\"#single_loggingmonitoring_log_alerts-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.log_profiles.html",
    "content": "<!-- Logging and Monitoring Log Profiles-->\n<script id=\"services.loggingmonitoring.subscriptions.id.log_profiles.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_profiles.{{@key}}.name\"><samp>{{name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Storage account id: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_profiles.{{@key}}.storage_account_id\"><samp>{{storage_account_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Captures all activities: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_profiles.{{@key}}.captures_all_activities\"><samp>{{captures_all_activities}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Retention policy enabled: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_profiles.{{@key}}.retention_policy_enabled\"><samp>{{retention_policy_enabled}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Retention policy days: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_profiles.{{@key}}.retention_policy_days\"><samp>{{retention_policy_days}}</samp></span></div>\n\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.loggingmonitoring.subscriptions.id.log_profiles\", $(\"#services\\\\.loggingmonitoring\\\\.subscriptions\\\\.id\\\\.log_profiles\\\\.partial\").html());\n</script>\n\n<!-- Single loggingmonitoring log profiles template -->\n<script id=\"single_loggingmonitoring_log_profiles-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.loggingmonitoring.subscriptions.id.log_profiles'}}\n</script>\n<script>\n    var single_loggingmonitoring_log_profiles_template = Handlebars.compile($(\"#single_loggingmonitoring_log_profiles-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.resources_logging.html",
    "content": "<!-- Logging and Monitoring Resource Logging-->\n<script id=\"services.loggingmonitoring.subscriptions.id.resources_logging.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Logging for key vault enabled: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.resources_logging.{{@key}}.diagnostic_key_vault_audit_event_enabled\"><samp>{{convert_bool_to_enabled diagnostic_key_vault.audit_event_enabled}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.loggingmonitoring.subscriptions.id.resources_logging\", $(\"#services\\\\.loggingmonitoring\\\\.subscriptions\\\\.id\\\\.resources_logging\\\\.partial\").html());\n</script>\n\n<!-- Single loggingmonitoring resource logging template -->\n<script id=\"single_loggingmonitoring_resources_logging-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.loggingmonitoring.subscriptions.id.resources_logging'}}\n</script>\n<script>\n    var single_loggingmonitoring_resources_logging_template = Handlebars.compile($(\"#single_loggingmonitoring_resources_logging-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.mysqldatabase.subscriptions.id.servers.html",
    "content": "<!-- MySQL Database partial -->\n<script id=\"services.mysqldatabase.subscriptions.id.servers.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">MySQL Server Name: <span id=\"mysqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Server SSL connection enforcement: <span id=\"mysqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.ssl_enforcement\">{{ssl_enforcement}}</span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.mysqldatabase.subscriptions.id.servers\", $(\"#services\\\\.mysqldatabase\\\\.subscriptions\\\\.id\\\\.servers\\\\.partial\").html());\n</script>\n\n<!-- Single SQL Database template -->\n<script id=\"single_mysqldatabase_servers-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.mysqldatabase.servers' }}\n</script>\n<script>\n    var single_mysqldatabase_servers_template = Handlebars.compile($(\"#single_mysqldatabase_servers-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.application_security_groups.html",
    "content": "\n<!-- network application_security_groups -->\n<script id=\"services.network.subscriptions.id.application_security_groups.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"network.subscriptions.{{@../key}}.application_security_groups.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Location: <span id=\"network.subscriptions.{{@../key}}.application_security_groups.{{@key}}.location\"><samp>{{value_or_none location}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Provisioning State: <span id=\"network.subscriptions.{{@../key}}.application_security_groups.{{@key}}.provisioning_state\"><samp>{{value_or_none provisioning_state}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Tags:\n            {{#each tags}}\n            <div\n                style=\"border-radius: 5px; -webkit-border-radius: 5px; float: center; background-color: #c2c2d6; padding: 0.1px; text-align: center; display: inline-flex;\">\n                <samp>{{value_or_none this}}</samp>\n            </div>&nbsp;&nbsp;\n            {{else}}\n                <div style=\"display: inline-flex;\"><samp>None</samp></div>\n            {{/each}}\n        </div>\n        <div class=\"list-group-item-text item-margin\">Resource group: <span id=\"network.subscriptions.{{@../key}}.application_security_groups.{{@key}}.resource_group_name\"><samp>{{value_or_none resource_group_name}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Attached Network Interfaces</h4>\n        {{#each network_interfaces}}\n        <div class=\"list-group-item-text item-margin\"><a href=\"javascript:showObject('services.network.subscriptions.{{../subscription}}.network_interfaces.{{this}}')\"><samp>{{getValueAt 'services.network.subscriptions' ../subscription 'network_interfaces' this 'name'}}</samp></a></div>\n        {{else}}\n        <div class=\"list-group-item-text item-margin\"><samp>None</samp></div>\n        {{/each}}\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.network.subscriptions.id.application_security_groups\", $(\"#services\\\\.network\\\\.subscriptions\\\\.id\\\\.application_security_groups\\\\.partial\").html());\n</script>\n\n<!-- Single network application_security_group template -->\n<script id=\"single_network_application_security_group-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.network.subscriptions.id.application_security_groups'}}\n</script>\n<script>\n    var single_network_application_security_group_template = Handlebars.compile($(\"#single_network_application_security_group-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.network_interfaces.html",
    "content": "\n<!-- network network_interfaces -->\n<script id=\"services.network.subscriptions.id.network_interfaces.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Provisioning State: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.provisioning_state\"><samp>{{value_or_none provisioning_state}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Primary: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.primary\"><samp>{{value_or_none primary}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">IP Configurations: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.ip_configurations\"><samp>{{value_or_none ip_configurations}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Mac Address: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.mac_address\"><samp>{{value_or_none mac_address}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Interface Endpoint: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.interface_endpoint\"><samp>{{value_or_none interface_endpoint}}</samp></span></div>\n        {{#if network_security_group}}\n            <div class=\"list-group-item-text item-margin\">Network Security Group: <a href=\"javascript:showObject('services.network.subscriptions.{{../subscription}}.security_groups.{{network_security_group}}')\"><samp>{{getValueAt 'services.network.subscriptions' ../subscription 'security_groups' network_security_group 'name'}}</samp></a></div>\n        {{else}}\n            <div class=\"list-group-item-text item-margin\">Network Security Group: <samp>None</samp></div>\n        {{/if}}\n        <div class=\"list-group-item-text item-margin\">Enable IP Forwarding: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.enable_ip_forwarding\"><samp>{{value_or_none enable_ip_forwarding}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Enable Accelerated Networking: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.enable_accelerated_networking\"><samp>{{value_or_none enable_accelerated_networking}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Tags: \n            {{#each tags}}\n                <div\n                    style=\"border-radius: 5px; -webkit-border-radius: 5px; float: center; background-color: #c2c2d6; padding: 0.1px; text-align: center; display: inline-flex;\">\n                    <samp>{{value_or_none this}}</samp>\n                </div>&nbsp;&nbsp;\n            {{else}}\n                <div style=\"display: inline-flex;\"><samp>None</samp></div>\n            {{/each}}\n        </div>\n        <div class=\"list-group-item-text item-margin\">Resource group: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.resource_group_name\"><samp>{{value_or_none resource_group_name}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">IP Configuration</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.ip_configuration.name\"><samp>{{value_or_none ip_configuration.name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Provisioning State: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.ip_configuration.provisioning_state\"><samp>{{value_or_none ip_configuration.provisioning_state}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Primary: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.ip_configuration.primary\"><samp>{{value_or_none ip_configuration.primary}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Public IP Address: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.ip_configuration.public_ip_address\"><samp>{{value_or_none ip_configuration.public_ip_address.ip_address}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Private IP Address: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.ip_configuration.private_ip_address\"><samp>{{value_or_none ip_configuration.private_ip_address}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Private IP Allocation Method: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.ip_configuration.private_ip_allocation_method\"><samp>{{value_or_none ip_configuration.private_ip_allocation_method}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Private IP Address Version: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.ip_configuration.private_ip_address_version\"><samp>{{value_or_none ip_configuration.private_ip_address_version}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Subnet: <a href=\"javascript:showObject('services.network.subscriptions.{{subscription}}.virtual_networks.{{ip_configuration.subnet.virtual_network_id}}.subnets.{{ip_configuration.subnet.id}}')\"><samp>{{getValueAt 'services.network.subscriptions' subscription 'virtual_networks' ip_configuration.subnet.virtual_network_id 'subnets' ip_configuration.subnet.id 'name'}}</samp></a></div>\n        {{#if ip_configuration.application_security_groups}}\n            <div class=\"list-group-item-text item-margin\">\n                <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.ip_configuration.application_security_groups\">Application Security Groups:</span>\n                <ul>\n                    {{#each ip_configuration.application_security_groups}}\n                    <li>\n                        <a href=\"javascript:showObject('services.network.subscriptions.{{../subscription}}.application_security_groups.{{this}}')\"><samp>{{getValueAt 'services.network.subscriptions' ../subscription 'application_security_groups' this 'name'}}</samp></a>\n                    </li>\n                    {{/each}}\n                </ul>\n            </div>\n        {{else}}\n            <div class=\"list-group-item-text item-margin\">Application Security Groups: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.ip_configuration.application_security_groups\"><samp>{{None}}</samp></span></div>\n        {{/if}}\n        <div class=\"list-group-item-text item-margin\">Application Gateway Backend Address Pools: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.ip_configuration.application_gateway_backend_address_pools\"><samp>{{value_or_none ip_configuration.application_gateway_backend_address_pools}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Load Balancer Backend Address Pools: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.ip_configuration.load_balancer_backend_address_pools\"><samp>{{value_or_none ip_configuration.load_balancer_backend_address_pools}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Load Balancer Inbound NAT Rules: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.ip_configuration.load_balancer_inbound_nat_rules\"><samp>{{value_or_none ip_configuration.load_balancer_inbound_nat_rules}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Virtual Network Taps: <span id=\"network.subscriptions.{{@../key}}.network_interfaces.{{@key}}.ip_configuration.virtual_network_taps\"><samp>{{value_or_none ip_configuration.virtual_network_taps}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.network.subscriptions.id.network_interfaces\", $(\"#services\\\\.network\\\\.subscriptions\\\\.id\\\\.network_interfaces\\\\.partial\").html());\n</script>\n\n<!-- Single network network_interface template -->\n<script id=\"single_network_network_interface-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.network.subscriptions.id.network_interfaces'}}\n</script>\n<script>\n    var single_network_network_interface_template = Handlebars.compile($(\"#single_network_network_interface-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.security_groups.html",
    "content": "\n<!-- Network Security Groups partial -->\n<script id=\"services.network.subscriptions.id.security_groups.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"network.subscriptions.{{@../key}}.security_groups.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Location: <span id=\"network.subscriptions.{{@../key}}.security_groups.{{@key}}.location\">{{ location }}</span></div>\n        <div class=\"list-group-item-text item-margin\">State: <span id=\"network.subscriptions.{{@../key}}.security_groups.{{@key}}.provisioning_state\">{{ provisioning_state }}</span></div>\n        <div class=\"list-group-item-text item-margin\">Tags:\n            {{#each tags}}\n            <div\n                style=\"border-radius: 5px; -webkit-border-radius: 5px; float: center; background-color: #c2c2d6; padding: 0.1px; text-align: center; display: inline-flex;\">\n                <samp>{{value_or_none this}}</samp>\n            </div>&nbsp;&nbsp;\n            {{else}}\n                <div style=\"display: inline-flex;\"><samp>None</samp></div>\n            {{/each}}\n        </div>\n        <div class=\"list-group-item-text item-margin\">Resource group: <span id=\"network.subscriptions.{{@../key}}.security_groups.{{@key}}.resource_group_name\"><samp>{{value_or_none resource_group_name}}</samp></span></div>\n        {{!--\n        <div class=\"list-group-item-text item-margin\">\n            <span id=\"network.subscriptions.{{@../key}}.security_groups.{{@key}}.ExposedPorts\">Exposed Ports:</span>\n            <div class=\"list-group-item-text item-margin\">\n                {{#each exposed_port_ranges}}\n                <li id=\"network.security_groups.{{@../key}}.exposed_port_ranges.{{@key}}\">{{ this }}</li>\n                {{/each}}\n            </div>\n        </div>\n        --}}\n    </div>\n    <div class=\"list-group-item\">\n        <div class=\"accordion\">\n            <h4 class=\"list-group-item-heading\">Inbound Security Rules</h4>\n            <table class=\"table-striped\" width=\"100%\" >\n                <tr class=\"table-padding\">\n                    <td width=\"10%\">Priority</td>\n                    <td width=\"40%\">Name</td>\n                    <td width=\"10%\">Protocol</td>\n                    <td width=\"10%\">Source Port</td>\n                    <td width=\"10%\">Source Filter</td>\n                    <td width=\"10%\">Destination Port</td>\n                    <td width=\"10%\">Destination Filter</td>\n                    <td width=\"10%\">Action</td>\n                </tr>\n                {{#each_dict_sorted security_rules \"priority\"}}\n                    {{#ifEqual direction \"Inbound\"}}\n                    <tr>\n                        <td width=\"10%\" class=\"text-center\">{{priority}}</td>\n                        <td width=\"40%\">{{name}}</td>\n                        <td width=\"10%\" class=\"text-center\">{{protocol}}</td>\n                        <td width=\"10%\" class=\"text-center\">{{source_port_ranges}}</td>\n                        {{#if source_address_prefixes_is_asg}}\n                            <td width=\"10%\" class=\"text-center\">\n                                <a href=\"javascript:showObject('services.network.application_security_groups.{{source_address_prefixes}}')\"><samp>{{getValueAt 'services.network.application_security_groups' source_address_prefixes 'name'}}</samp></a>\n                            </td>\n                        {{else}}\n                            <td width=\"10%\" class=\"text-center\">{{source_address_prefixes}}</td>\n                        {{/if}}\n                        <td width=\"10%\" class=\"text-center\">{{destination_port_ranges}}</td>\n                        <td width=\"10%\" class=\"text-center\">{{destination_address_prefixes}}</td>\n                        {{#if allow}}\n                        <td width=\"10%\" class=\"text-center\"><i class=\"fa fa-check-circle finding-good\"></i></td>\n                        {{else}}\n                        <td width=\"10%\" class=\"text-center\"><i class=\"fa fa-times-circle finding-danger\"></i></td>\n                        {{/if}}\n                    </tr>\n                    {{/ifEqual}}\n                {{/each_dict_sorted}}\n            </table>\n        </div>\n    </div>\n    <div class=\"list-group-item\">\n        <div class=\"accordion\">\n            <h4 class=\"list-group-item-heading\">Outbound Security Rules</h4>\n            <table class=\"table-striped\" width=\"100%\" >\n                <tr class=\"table-padding\">\n                    <td width=\"10%\">Priority</td>\n                    <td width=\"40%\">Name</td>\n                    <td width=\"10%\">Protocol</td>\n                    <td width=\"10%\">Source Port</td>\n                    <td width=\"10%\">Source Filter</td>\n                    <td width=\"10%\">Destination Port</td>\n                    <td width=\"10%\">Destination Filter</td>\n                    <td width=\"10%\">Action</td>\n                </tr>\n                {{#each_dict_sorted security_rules \"priority\"}}\n                    {{#ifEqual direction \"Outbound\"}}\n                    <tr>\n                        <td width=\"10%\" class=\"text-center\">{{priority}}</td>\n                        <td width=\"40%\">{{name}}</td>\n                        <td width=\"10%\" class=\"text-center\">{{protocol}}</td>\n                        <td width=\"10%\" class=\"text-center\">{{source_port_ranges}}</td>\n                        <td width=\"10%\" class=\"text-center\">{{source_address_prefixes}}</td>\n                        <td width=\"10%\" class=\"text-center\">{{destination_port_ranges}}</td>\n                        <td width=\"10%\" class=\"text-center\">{{destination_address_prefixes}}</td>\n                        {{#if allow}}\n                        <td width=\"10%\" class=\"text-center\"><i class=\"fa fa-check-circle finding-good\"></i></td>\n                        {{else}}\n                        <td width=\"10%\" class=\"text-center\"><i class=\"fa fa-times-circle finding-danger\"></i></td>\n                        {{/if}}\n                    </tr>\n                    {{/ifEqual}}\n                {{/each_dict_sorted}}\n            </table>\n        </div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Attached Subnets</h4>\n        {{#each subnets}}\n        <div class=\"list-group-item-text item-margin\"><a href=\"javascript:showObject('services.network.subscriptions.{{../subscription}}.virtual_networks.{{this.virtual_network_id}}.subnets.{{this.id}}')\"><samp>{{getValueAt 'services.network.subscriptions' ../subscription 'virtual_networks' this.virtual_network_id 'subnets' this.id 'name'}}</samp></a> (<samp>{{getValueAt 'services.network.subscriptions' ../subscription 'virtual_networks' this.virtual_network_id 'name'}}</samp>)</div>\n        {{else}}\n        <div class=\"list-group-item-text item-margin\"><samp>None</samp></div>\n        {{/each}}\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Attached Network Interfaces</h4>\n        {{#each network_interfaces}}\n        <div class=\"list-group-item-text item-margin\"><a href=\"javascript:showObject('services.network.subscriptions.{{../subscription}}.network_interfaces.{{this.id}}')\"><samp>{{getValueAt 'services.network.subscriptions' ../subscription 'network_interfaces' this.id 'name'}}</samp></a></div>\n        {{else}}\n        <div class=\"list-group-item-text item-margin\"><samp>None</samp></div>\n        {{/each}}\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.network.subscriptions.id.security_groups\", $(\"#services\\\\.network\\\\.subscriptions\\\\.id\\\\.security_groups\\\\.partial\").html());\n</script>\n\n<!-- Single security group template -->\n<script id=\"single_network_security_group-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.network.subscriptions.id.security_groups'}}\n</script>\n<script>\n    var single_network_security_group_template = Handlebars.compile($(\"#single_network_security_group-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.virtual_networks.html",
    "content": "\n<!-- network virtual_networks -->\n<script id=\"services.network.subscriptions.id.virtual_networks.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"network.subscriptions.{{@../key}}.virtual_networks.{{@key}}.name\"><samp>{{name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Resource GUID: <span id=\"network.subscriptions.{{@../key}}.virtual_networks.{{@key}}.resource_guid\"><samp>{{resource_guid}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Type: <span id=\"network.subscriptions.{{@../key}}.virtual_networks.{{@key}}.type\"><samp>{{type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Location: <span id=\"network.subscriptions.{{@../key}}.virtual_networks.{{@key}}.location\"><samp>{{location}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Provisioning State: <span id=\"network.subscriptions.{{@../key}}.virtual_networks.{{@key}}.provisioning_state\"><samp>{{provisioning_state}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Address Space: <span id=\"network.subscriptions.{{@../key}}.virtual_networks.{{@key}}.address_space\"><samp>{{address_space.address_prefixes}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">DHCP Options: <span id=\"network.subscriptions.{{@../key}}.virtual_networks.{{@key}}.dhcp_options\"><samp>{{value_or_none dhcp_options}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Virtual Network Peerings: <span id=\"network.subscriptions.{{@../key}}.virtual_networks.{{@key}}.virtual_network_peerings\"><samp>{{value_or_none virtual_network_peerings}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Enable VM Protection: <span id=\"network.subscriptions.{{@../key}}.virtual_networks.{{@key}}.enable_vm_protection\"><samp>{{enable_vm_protection}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Enable DDoS Protection: <span id=\"network.subscriptions.{{@../key}}.virtual_networks.{{@key}}.enable_ddos_protection\"><samp>{{enable_ddos_protection}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">DDoS Protection Plan: <span id=\"network.subscriptions.{{@../key}}.virtual_networks.{{@key}}.ddos_protection_plan\"><samp>{{value_or_none ddos_protection_plan}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Tags: \n            {{#each tags}}\n                <div\n                    style=\"border-radius: 5px; -webkit-border-radius: 5px; float: center; background-color: #c2c2d6; padding: 0.1px; text-align: center; display: inline-flex;\">\n                    <samp>{{value_or_none this}}</samp>\n                </div>&nbsp;&nbsp;\n            {{else}}\n                <div style=\"display: inline-flex;\"><samp>None</samp></div>\n            {{/each}}\n        </div>\n        <div class=\"list-group-item-text item-margin\">Resource group: <span id=\"network.subscriptions.{{@../key}}.virtual_networks.{{@key}}.resource_group_name\"><samp>{{value_or_none resource_group_name}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Subnets</h4>\n        {{#each subnets}}\n        <div class=\"list-group-item-text item-margin\">\n            <span id=\"network.subscriptions.{{../subscription}}.virtual_networks.{{@../key}}.subnets.{{@key}}\"><samp>{{getValueAt 'services.network.subscriptions' ../subscription 'virtual_networks' @../key 'subnets' this.id 'name'}}</samp></span>\n            (<a id=\"network.subscriptions.{{../subscription}}.virtual_networks.{{@../key}}.subnets.{{@key}}.address_prefix\" href=\"javascript:showObject('services.network.subscriptions.{{../subscription}}.virtual_networks.{{@../key}}.subnets.{{this.id}}')\">{{getValueAt 'services.network.subscriptions' ../subscription 'virtual_networks' @../key 'subnets' this.id 'address_prefix'}}</a>)\n        </div>\n        {{/each}}\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.network.subscriptions.id.virtual_networks\", $(\"#services\\\\.network\\\\.subscriptions\\\\.id\\\\.virtual_networks\\\\.partial\").html());\n</script>\n\n<!-- Single network virtual_network template -->\n<script id=\"single_network_virtual_network-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.network.subscriptions.id.virtual_networks'}}\n</script>\n<script>\n    var single_network_virtual_network_template = Handlebars.compile($(\"#single_network_virtual_network-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.virtual_networks.id.subnets.html",
    "content": "\n<!-- network virtual_networks subnet -->\n<script id=\"services.network.subscriptions.id.virtual_networks.id.subnets.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Address Prefix: <span id=\"network.virtual_networks.{{id}}.subnets.{{@key}}.address_prefix\"><samp>{{value_or_none address_prefix}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Address Prefixes: <span id=\"network.virtual_networks.{{id}}.subnets.{{@key}}.address_prefixes\"><samp>{{value_or_none address_prefixes}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Provisioning State: <span id=\"network.virtual_networks.{{id}}.subnets.{{@key}}.provisioning_state\"><samp>{{value_or_none provisioning_state}}</samp></span></div>\n        {{#if network_security_group}}\n        <div class=\"list-group-item-text item-margin\">Network Security Group: <a href=\"javascript:showObject('services.network.subscriptions.{{../subscription}}.security_groups.{{network_security_group}}')\"><samp>{{getValueAt 'services.network.subscriptions' ../subscription 'security_groups' network_security_group 'name'}}</samp></a></div>\n        {{else}}\n        <div class=\"list-group-item-text item-margin\">Network Security Group: <samp>None</samp></div>\n        {{/if}}\n        <div class=\"list-group-item-text item-margin\">Route Table: <span id=\"network.virtual_networks.{{id}}.subnets.{{@key}}.route_table\"><samp>{{value_or_none route_table}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Interface Endpoints: <span id=\"network.virtual_networks.{{id}}.subnets.{{@key}}.interface_endpoints\"><samp>{{value_or_none interface_endpoints}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">IP Configuration Profiles: <span id=\"network.virtual_networks.{{id}}.subnets.{{@key}}.ip_configuration_profiles\"><samp>{{value_or_none ip_configuration_profiles}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Service Endpoints: <span id=\"network.virtual_networks.{{id}}.subnets.{{@key}}.service_endpoints\"><samp>{{value_or_none service_endpoints}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Service Endpoint Policies: <span id=\"network.virtual_networks.{{id}}.subnets.{{@key}}.service_endpoint_policies\"><samp>{{value_or_none service_endpoint_policies}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Service Association Links: <span id=\"network.virtual_networks.{{id}}.subnets.{{@key}}.service_association_links\"><samp>{{value_or_none service_association_links}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Resource Navigation Links: <span id=\"network.virtual_networks.{{id}}.subnets.{{@key}}.resource_navigation_links\"><samp>{{value_or_none resource_navigation_links}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Delegations: <span id=\"network.virtual_networks.{{id}}.subnets.{{@key}}.delegations\"><samp>{{value_or_none delegations}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Purpose: <span id=\"network.virtual_networks.{{id}}.subnets.{{@key}}.purpose\"><samp>{{value_or_none purpose}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Instances</h4>\n        {{#each instances}}\n        <div class=\"list-group-item-text item-margin\"><a href=\"javascript:showObject('services.virtualmachines.subscriptions.{{../subscription}}.instances.{{this}}')\"><samp>{{getValueAt 'services.virtualmachines.subscriptions' ../subscription 'instances' this 'name'}}</samp></a></div>\n        {{else}}\n        <div class=\"list-group-item-text item-margin\"><samp>None</samp></div>\n        {{/each}}\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.network.subscriptions.id.virtual_networks.id.subnets\", $(\"#services\\\\.network\\\\.subscriptions\\\\.id\\\\.virtual_networks\\\\.id\\\\.subnets\\\\.partial\").html());\n</script>\n\n<!-- Single network virtual_network subnet template -->\n<script id=\"single_network_subnet-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.network.subscriptions.id.virtual_networks.id.subnets'}}\n</script>\n<script>\n    var single_network_subnet_template = Handlebars.compile($(\"#single_network_subnet-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.watchers.html",
    "content": "\n<!-- network watchers -->\n<script id=\"services.network.subscriptions.id.watchers.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"network.subscriptions.{{@../key}}.watchers.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Provisioning State: <span id=\"network.subscriptions.{{@../key}}.watchers.{{@key}}.provisioning_state\"><samp>{{value_or_none provisioning_state}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Location: <span id=\"network.subscriptions.{{@../key}}.watchers.{{@key}}.location\"><samp>{{value_or_none location}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Tags: \n            {{#each tags}}\n                <div\n                    style=\"border-radius: 5px; -webkit-border-radius: 5px; float: center; background-color: #c2c2d6; padding: 0.1px; text-align: center; display: inline-flex;\">\n                    <samp>{{value_or_none this}}</samp>\n                </div>&nbsp;&nbsp;\n            {{else}}\n                <div style=\"display: inline-flex;\"><samp>None</samp></div>\n            {{/each}}\n        </div>\n        <div class=\"list-group-item-text item-margin\">Resource group: <span id=\"network.subscriptions.{{@../key}}.watchers.{{@key}}.resource_group_name\"><samp>{{value_or_none resource_group_name}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.network.subscriptions.id.watchers\", $(\"#services\\\\.network\\\\.subscriptions\\\\.id\\\\.watchers\\\\.partial\").html());\n</script>\n\n<!-- Single network watcher template -->\n<script id=\"single_network_watcher-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.network.subscriptions.id.watchers'}}\n</script>\n<script>\n    var single_network_watcher_template = Handlebars.compile($(\"#single_network_watcher-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.postgresqldatabase.subscriptions.id.servers.html",
    "content": "<!-- PostgreSQL Database partial -->\n<script id=\"services.postgresqldatabase.subscriptions.id.servers.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n\n        <div class=\"list-group-item-text item-margin\">PostgreSQL Server Name: <span id=\"postgresqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Server SSL connection enforcement: <span id=\"postgresqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.ssl_enforcement\">{{ssl_enforcement}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Log checkpoint server parameter: <span id=\"postgresqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_log_checkpoints_value\">{{log_checkpoints.value}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Log connections server parameter: <span id=\"postgresqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_log_connections_value\">{{log_connections.value}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Log disconnections server parameter: <span id=\"postgresqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_log_disconnections_value\">{{log_disconnections.value}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Log duration server parameter: <span id=\"postgresqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_log_duration_value\">{{log_duration.value}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Connection throttling server parameter: <span id=\"postgresqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_connection_throttling_value\">{{connection_throttling.value}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Log retention days server parameter: <span id=\"postgresqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_log_retention_days_value\">{{log_retention_days.value}}</span></div>\n\n    </div>\n\n        <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">PostgreSQL Firewall Rules</h4>\n        <div class=\"list-group-item-text item-margin\">\n            {{#each postgresql_firewall_rules}}\n            <samp>{{name}}</samp>\n            <div class=\"list-group-item-text item-margin\">\n                <div class=\"list-group-item-text item-margin\">PostgreSQL Firewall rule start IP: <span id=\"postgresqldatabase.subscriptions.{{@../../key}}.servers.{{@../key}}.postgresql_firewall_rules.{{@key}}.start_ip\">{{start_ip}}</span></div>\n                <div class=\"list-group-item-text item-margin\">PostgreSQL Firewall rule end IP: <span id=\"postgresqldatabase.subscriptions.{{@../../key}}.servers.{{@../key}}.postgresql_firewall_rules.{{@key}}.end_ip\">{{end_ip}}</span></div>\n            </div>\n            {{/each}}\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.postgresqldatabase.subscriptions.id.servers\", $(\"#services\\\\.postgresqldatabase\\\\.subscriptions\\\\.id\\\\.servers\\\\.partial\").html());\n</script>\n\n<!-- Single SQL Database template -->\n<script id=\"single_postgresqldatabase_servers-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.postgresqldatabase.servers' }}\n</script>\n<script>\n    var single_postgresqldatabase_servers_template = Handlebars.compile($(\"#single_postgresqldatabase_servers-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.rbac.subscriptions.id.custom_roles_report.html",
    "content": "<!-- RBAC  -->\n<script id=\"services.rbac.subscriptions.id.custom_roles_report.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">No Administering Resource Locks Role: <span id=\"rbac.subscriptions.{{@../key}}.custom_roles_report.{{@key}}.missing_custom_role_administering_resource_locks\"><samp>{{ missing_custom_role_administering_resource_locks}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.rbac.subscriptions.id.custom_roles_report\", $(\"#services\\\\.rbac\\\\.subscriptions\\\\.id\\\\.custom_roles_report\\\\.partial\").html());\n</script>\n\n<!-- Single aad group template -->\n<script id=\"single_rbac_custom_roles_report-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.rbac.subscriptions.id.custom_roles_report'}}\n</script>\n<script>\n    var single_rbac_policy_template = Handlebars.compile($(\"#single_rbac_custom_roles_report-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.rbac.subscriptions.id.roles.html",
    "content": "<!-- rbac roles -->\n<script id=\"services.rbac.subscriptions.id.roles.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"rbac.subscriptions.{{@../key}}.roles.{{@key}}.id\"><samp>{{value_or_none id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"rbac.subscriptions.{{@../key}}.roles.{{@key}}.description\"><samp>{{value_or_none description}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Type: <span id=\"rbac.subscriptions.{{@../key}}.roles.{{@key}}.type\"><samp>{{value_or_none type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Role Type: <span id=\"rbac.subscriptions.{{@../key}}.roles.{{@key}}.role_type\"><samp>{{value_or_none role_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Assignable Scopes: <span id=\"rbac.subscriptions.{{@../key}}.roles.{{@key}}.assignable_scopes\"><samp>{{value_or_none assignable_scopes}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Custom Subscriptions Owner Roles: <span id=\"rbac.subscriptions.{{@../key}}.roles.{{@key}}.custom_subscription_owner_role\"><samp>{{custom_subscription_owner_role}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Permissions</h4>\n        <div class=\"accordion-inner\">\n            {{> accordion_policy name = '' document = permissions policy_path = (concat 'rbac' ../resource_type ../resource_id 'inline_policies' @key 'PolicyDocument') heading=\"h5\" samp=false}}\n        </div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\" id=\"rbac.subscriptions.{{@../key}}.roles.{{@key}}.assignments\">Assignments\n            {{> count_badge count=assignments_count}}\n        </h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#if assignments.users}}\n                <li><span id=\"rbac.subscriptions.{{@../key}}.roles.{{@key}}.users\">Users</span></li>\n                <ul>\n                    {{#each assignments.users}}\n                    <li class=\"list-group-item-text\"><a href=\"javascript:showObject('services.aad.users', 'id', '{{this}}')\">{{getValueAt 'services.aad.users' this 'name'}}</a></li></a></li>\n                    {{/each}}\n                </ul>\n                {{/if}}\n                {{#if assignments.groups}}\n                <li><span id=\"rbac.subscriptions.{{@../key}}.roles.{{@key}}.groups\">Groups</span></li>\n                <ul>\n                    {{#each assignments.groups}}\n                    <li class=\"list-group-item-text\"><a href=\"javascript:showObject('services.aad.groups', 'id', '{{this}}')\">{{getValueAt 'services.aad.groups' this 'name'}}</a></li></a></li>\n                    {{/each}}\n                </ul>\n                {{/if}}\n                {{#if assignments.service_principals}}\n                <li><span id=\"rbac.subscriptions.{{@../key}}.roles.{{@key}}.serviceprincipals\">Service Principals</span></li>\n                <ul>\n                    {{#each assignments.service_principals}}\n                    <li class=\"list-group-item-text\"><a href=\"javascript:showObject('services.aad.service_principals', 'id', '{{this}}')\">{{getValueAt 'services.aad.service_principals' this 'name'}}</a></li></a></li>\n                    {{/each}}\n                </ul>\n                {{/if}}\n            </ul>\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.rbac.subscriptions.id.roles\", $(\"#services\\\\.rbac\\\\.subscriptions\\\\.id\\\\.roles\\\\.partial\").html());\n</script>\n\n<!-- Single rbac role template -->\n<script id=\"single_rbac_role-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.rbac.subscriptions.id.roles'}}\n</script>\n<script>\n    var single_rbac_role_template = Handlebars.compile($(\"#single_rbac_role-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.auto_provisioning_settings.html",
    "content": "<!-- Storage Accounts partial -->\n<script id=\"services.securitycenter.subscriptions.id.auto_provisioning_settings.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"ressource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"securitycenter.subscriptions.{{@../key}}.auto_provisioning_settings.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Auto Provisioning: <span id=\"securitycenter.subscriptions.{{@../key}}.auto_provisioning_settings.{{@key}}.auto_provision\">{{ auto_provision }}</span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.securitycenter.subscriptions.id.auto_provisioning_settings\", $(\"#services\\\\.securitycenter\\\\.subscriptions\\\\.id\\\\.auto_provisioning_settings\\\\.partial\").html());\n</script>\n\n<!-- Single Pricings template -->\n<script id=\"single_securitycenter_auto_provisioning_settings-template\" type=\"text/x-handlebars-template\">\n    {{> modal_template template='services.securitycenter.subscriptions.id.auto_provisioning_settings'}}\n</script>\n<script>\n    var single_securitycenter_auto_provisioning_settings_template = Handlebars.compile($(\"#single_securitycenter_auto_provisioning_settings-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.compliance_results.html",
    "content": "<!-- securitycenter compliance_results -->\n<script id=\"services.securitycenter.subscriptions.id.compliance_results.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"securitycenter.subscriptions.{{subscription}}.compliance_results.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Resource Status: <span id=\"securitycenter.subscriptions.{{subscription}}.compliance_results.{{@key}}.resource_status\"><samp>{{value_or_none resource_status}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.securitycenter.subscriptions.id.compliance_results\", $(\"#services\\\\.securitycenter\\\\.subscriptions\\\\.id\\\\.compliance_results\\\\.partial\").html());\n</script>\n\n<!-- Single securitycenter compliance_result template -->\n<script id=\"single_securitycenter_compliance_result-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.securitycenter.subscriptions.id.compliance_results'}}\n</script>\n<script>\n    var single_securitycenter_compliance_result_template = Handlebars.compile($(\"#single_securitycenter_compliance_result-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.pricings.html",
    "content": "<!-- Storage Accounts partial -->\n<script id=\"services.securitycenter.subscriptions.id.pricings.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"ressource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Pricing Name: <span id=\"securitycenter.subscriptions.{{@../key}}.pricings.{{@key}}.name\"><samp>{{ name }}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Pricing Tier: <span id=\"securitycenter.subscriptions.{{@../key}}.pricings.{{@key}}.pricing_tier\">{{ pricing_tier }}</span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.securitycenter.subscriptions.id.pricings\", $(\"#services\\\\.securitycenter\\\\.subscriptions\\\\.id\\\\.pricings\\\\.partial\").html());\n</script>\n\n<!-- Single Pricings template -->\n<script id=\"single_securitycenter_pricing-template\" type=\"text/x-handlebars-template\">\n    {{> modal_template template='services.securitycenter.subscriptions.id.pricings'}}\n</script>\n<script>\n    var single_securitycenter_pricing_template = Handlebars.compile($(\"#single_securitycenter_pricing-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.regulatory_compliance_results.html",
    "content": "<!-- securitycenter regulatory_compliance_results -->\n<script id=\"services.securitycenter.subscriptions.id.regulatory_compliance_results.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Standard: <span id=\"securitycenter.subscriptions.{{subscription}}.regulatory_compliance_results.{{@key}}.standard_name\"><samp>{{value_or_none standard_name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Reference: <span id=\"securitycenter.subscriptions.{{subscription}}.regulatory_compliance_results.{{@key}}.reference\"><samp>{{value_or_none reference}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"securitycenter.subscriptions.{{subscription}}.regulatory_compliance_results.{{@key}}.description\"><samp>{{value_or_none description}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">State: <span id=\"securitycenter.subscriptions.{{subscription}}.regulatory_compliance_results.{{@key}}.state\"><samp>{{value_or_none state}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Passed Assessments: <span id=\"securitycenter.subscriptions.{{subscription}}.regulatory_compliance_results.{{@key}}.passed_assessments\"><samp>{{value_or_none passed_assessments}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Failed Assessments: <span id=\"securitycenter.subscriptions.{{subscription}}.regulatory_compliance_results.{{@key}}.failed_assessments\"><samp>{{value_or_none failed_assessments}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Skipped Assessments: <span id=\"securitycenter.subscriptions.{{subscription}}.regulatory_compliance_results.{{@key}}.skipped_assessments\"><samp>{{value_or_none skipped_assessments}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.securitycenter.subscriptions.id.regulatory_compliance_results\", $(\"#services\\\\.securitycenter\\\\.subscriptions\\\\.id\\\\.regulatory_compliance_results\\\\.partial\").html());\n</script>\n\n<!-- Single securitycenter regulatory_compliance_result template -->\n<script id=\"single_securitycenter_regulatory_compliance_result-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.securitycenter.subscriptions.id.regulatory_compliance_results'}}\n</script>\n<script>\n    var single_securitycenter_regulatory_compliance_result_template = Handlebars.compile($(\"#single_securitycenter_regulatory_compliance_result-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.security_contacts.html",
    "content": "<!-- Storage Accounts partial -->\n<script id=\"services.securitycenter.subscriptions.id.security_contacts.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"ressource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"securitycenter.subscriptions.{{@../key}}.security_contacts.{{@key}}.name\"><samp>{{ name }}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Email: <span id=\"securitycenter.subscriptions.{{@../key}}.security_contacts.{{@key}}.email\"><samp>{{ email }}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Phone: <span id=\"securitycenter.subscriptions.{{@../key}}.security_contacts.{{@key}}.phone\"><samp>{{value_or_none phone }}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Notify on Alert: <span id=\"securitycenter.subscriptions.{{@../key}}.security_contacts.{{@key}}.alert_notifications\">{{ convert_bool_to_enabled alert_notifications }}</span></div>\n        <div class=\"list-group-item-text item-margin\">Notify Administrators on Alert: <span id=\"securitycenter.subscriptions.{{@../key}}.security_contacts.{{@key}}.alerts_to_admins\">{{ convert_bool_to_enabled alerts_to_admins }}</span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.securitycenter.subscriptions.id.security_contacts\", $(\"#services\\\\.securitycenter\\\\.subscriptions\\\\.id\\\\.security_contacts\\\\.partial\").html());\n</script>\n\n<!-- Single Pricings template -->\n<script id=\"single_securitycenter_security_contacts-template\" type=\"text/x-handlebars-template\">\n    {{> modal_template template='services.securitycenter.subscriptions.id.security_contacts'}}\n</script>\n<script>\n    var single_securitycenter_security_contacts_template = Handlebars.compile($(\"#single_securitycenter_security_contacts-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.settings.html",
    "content": "<!-- Settings partial -->\n<script id=\"services.securitycenter.subscriptions.id.settings.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"ressource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"securitycenter.subscriptions.{{@../key}}.settings.{{@key}}.name\"><samp>{{ name }}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Kind: <span id=\"securitycenter.subscriptions.{{@../key}}.settings.{{@key}}.kind\"><samp>{{ kind }}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Enabled: <span id=\"securitycenter.subscriptions.{{@../key}}.settings.{{@key}}.enabled\"><samp>{{ enabled }}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.securitycenter.subscriptions.id.settings\", $(\"#services\\\\.securitycenter\\\\.subscriptions\\\\.id\\\\.settings\\\\.partial\").html());\n</script>\n\n<!-- Single settings template -->\n<script id=\"single_securitycenter_settings-template\" type=\"text/x-handlebars-template\">\n    {{> modal_template template='services.securitycenter.subscriptions.id.settings'}}\n</script>\n<script>\n    var single_securitycenter_settings_template = Handlebars.compile($(\"#single_securitycenter_settings-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html",
    "content": "<!-- SQL Database partial -->\n<script id=\"services.sqldatabase.subscriptions.id.servers.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">SQL Server Name: <span id=\"sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Azure Active Directory Admin: <span id=\"sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.ad_admin\"><samp>{{value_or_none ad_admin.login}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Auditing: <span id=\"sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_auditing_disabled\">{{ convert_bool_to_enabled auditing.auditing_enabled }}</span></div>\n        <div class=\"list-group-item-text item-margin\">Auditing retention period: <span id=\"sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_low_auditing_retention\">{{ auditing.retention_days }}</span></div>\n\n        <div class=\"list-group-item-text item-margin\">Advanced Threat Protection (ATP): <span id=\"sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_threat_detection_disabled\">{{ convert_bool_to_enabled threat_detection.threat_detection_enabled }}</span></div>\n        <div class=\"list-group-item-text item-margin\">Advanced Threat Protection (ATP) alerts: <span id=\"sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_threat_detection_alerts_disabled\">{{ convert_bool_to_enabled threat_detection.alerts_enabled }}</span></div>\n        <div class=\"list-group-item-text item-margin\">Send Advanced Threat Protection (ATP) alerts: <span id=\"sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_send_threat_detection_alerts_disabled\">{{ convert_bool_to_enabled threat_detection.send_alerts_enabled }}</span></div>\n        <div class=\"list-group-item-text item-margin\">Advanced Threat Protection (ATP) retention period: <span id=\"sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_low_threat_detection_retention\">{{ threat_detection.retention_days }}</span></div>\n\n        <div class=\"list-group-item-text item-margin\">Storage account name: <span id=\"sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_vulnerability_storage_account_name\">{{server_vulnerability.storage_account_name }}</span></div>\n        <div class=\"list-group-item-text item-margin\">Send email notification to admins and subscription owners: <span id=\"sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_vulnerability_email_subscription_admin\">{{convert_bool_to_enabled server_vulnerability.email_subscription_admin }}</span></div>\n        <div class=\"list-group-item-text item-margin\">Periodic recurring scans: <span id=\"sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_vulnerability_recurring_scans_enabled\">{{convert_bool_to_enabled server_vulnerability.recurring_scans_enabled }}</span></div>\n        <div class=\"list-group-item-text item-margin\">Send scan report to is configured: <span id=\"sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_vulnerability_send_scan_reports_to_not_empty\">{{server_vulnerability.send_scan_reports_to_not_empty}}</span></div>\n\n        <div class=\"list-group-item-text item-margin\">TDE server key type: <span id=\"sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.server_encryption_protectors_TDE_protector_is_encrypted\">{{ encryption_protectors.server_key_type }}</span></div>\n\n        <div class=\"list-group-item-text item-margin\">Tags:\n            {{#each tags}}\n            <div\n                style=\"border-radius: 5px; -webkit-border-radius: 5px; float: center; background-color: #c2c2d6; padding: 0.1px; text-align: center; display: inline-flex;\">\n                <samp>{{value_or_none this}}</samp>\n            </div>&nbsp;&nbsp;\n            {{else}}\n            <div style=\"display: inline-flex;\"><samp>None</samp></div>\n            {{/each}}\n        </div>\n        <div class=\"list-group-item-text item-margin\">Resource group: <span id=\"sqldatabase.subscriptions.{{@../key}}.servers.{{@key}}.resource_group_name\"><samp>{{value_or_none resource_group_name}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">SQL Databases</h4>\n        <div class=\"list-group-item-text item-margin\">\n            {{#each databases}}\n            <div class=\"list-group-item-text item-margin\"><b>Database name: </b>{{@key}}</div>\n            <div class=\"list-group-item-text item-margin\">\n                <div class=\"list-group-item-text item-margin\">Auditing: <span id=\"sqldatabase.subscriptions.{{@../../key}}.servers.{{@../key}}.databases.{{@key}}.db_auditing_disabled\">{{ convert_bool_to_enabled auditing.auditing_enabled }}</span></div>\n                <div class=\"list-group-item-text item-margin\">Auditing retention period: <span id=\"sqldatabase.subscriptions.{{@../../key}}.servers.{{@../key}}.databases.{{@key}}.db_low_auditing_retention\">{{ auditing.retention_days }}</span></div>\n                <div class=\"list-group-item-text item-margin\">Threat detection: <span id=\"sqldatabase.subscriptions.{{@../../key}}.servers.{{@../key}}.databases.{{@key}}.db_threat_detection_disabled\">{{ convert_bool_to_enabled threat_detection.threat_detection_enabled }}</span></div>\n                <div class=\"list-group-item-text item-margin\">Threat detection alerts: <span id=\"sqldatabase.subscriptions.{{@../../key}}.servers.{{@../key}}.databases.{{@key}}.db_threat_detection_alerts_disabled\">{{ convert_bool_to_enabled threat_detection.alerts_enabled }}</span></div>\n                <div class=\"list-group-item-text item-margin\">Send threat detection alerts: <span id=\"sqldatabase.subscriptions.{{@../../key}}.servers.{{@../key}}.databases.{{@key}}.db_send_threat_detection_alerts_disabled\">{{ convert_bool_to_enabled threat_detection.send_alerts_enabled }}</span></div>\n                <div class=\"list-group-item-text item-margin\">Threat detection retention period: <span id=\"sqldatabase.subscriptions.{{@../../key}}.servers.{{@../key}}.databases.{{@key}}.db_low_threat_detection_retention\">{{ threat_detection.retention_days }}</span></div>\n                <div class=\"list-group-item-text item-margin\">Transparent data encryption: <span id=\"sqldatabase.subscriptions.{{@../../key}}.servers.{{@../key}}.databases.{{@key}}.transparent_data_encryption_enabled\">{{ convert_bool_to_enabled transparent_data_encryption_enabled }}</span></div>\n                <div class=\"list-group-item-text item-margin\">Geo-replication configured: <span id=\"sqldatabase.subscriptions.{{@../../key}}.servers.{{@../key}}.databases.{{@key}}.replication_configured\"><samp>{{ replication_configured }}</samp></span></div>\n                <div class=\"list-group-item-text item-margin\">Tags:\n                    {{#each tags}}\n                    <div\n                            style=\"border-radius: 5px; -webkit-border-radius: 5px; float: center; background-color: #c2c2d6; padding: 0.1px; text-align: center; display: inline-flex;\">\n                        <samp>{{value_or_none this}}</samp>\n                    </div>&nbsp;&nbsp;\n                    {{else}}\n                    <div style=\"display: inline-flex;\"><samp>None</samp></div>\n                    {{/each}}\n                </div>\n                <div class=\"list-group-item-text item-margin\">Resource group: <span id=\"sqldatabase.subscriptions.{{@../../key}}.servers.{{@../key}}.databases.{{@key}}.resource_group_name\"><samp>{{value_or_none resource_group_name}}</samp></span></div>\n            </div>\n            {{/each}}\n        </div>\n    </div>\n\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Firewall Rules</h4>\n        <div class=\"list-group-item-text item-margin\">\n            {{#each firewall_rules}}\n            <samp>{{name}}</samp>\n            <div class=\"list-group-item-text item-margin\">\n                <div class=\"list-group-item-text item-margin\">Firewall rule start IP: <span id=\"sqldatabase.subscriptions.{{@../../key}}.servers.{{@../key}}.firewall_rules.{{@key}}.start_ip\">{{start_ip}}</span></div>\n                <div class=\"list-group-item-text item-margin\">Firewall rule end IP: <span id=\"sqldatabase.subscriptions.{{@../../key}}.servers.{{@../key}}.firewall_rules.{{@key}}.end_ip\">{{end_ip}}</span></div>\n            </div>\n            {{/each}}\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.sqldatabase.subscriptions.id.servers\", $(\"#services\\\\.sqldatabase\\\\.subscriptions\\\\.id\\\\.servers\\\\.partial\").html());\n</script>\n\n<!-- Single SQL Database template -->\n<script id=\"single_sqldatabase_servers-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.sqldatabase.servers' }}\n</script>\n<script>\n    var single_sqldatabase_servers_template = Handlebars.compile($(\"#single_sqldatabase_servers-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html",
    "content": "<!-- Storage Accounts partial -->\n<script id=\"services.storageaccounts.subscriptions.id.storage_accounts.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Storage Account Name: <span id=\"storageaccounts.subscriptions.{{@../key}}.storage_accounts.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Public Traffic: <span id=\"storageaccounts.subscriptions.{{@../key}}.storage_accounts.{{@key}}.public_traffic_allowed\">{{convert_bool_to_enabled public_traffic_allowed }}</span></div>\n        <div class=\"list-group-item-text item-margin\">HTTPS Required: <span id=\"storageaccounts.subscriptions.{{@../key}}.storage_accounts.{{@key}}.https_traffic_enabled\">{{convert_bool_to_enabled https_traffic_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Microsoft Trusted Services: <span id=\"storageaccounts.subscriptions.{{@../key}}.storage_accounts.{{@key}}.trusted_microsoft_services_enabled\">{{convert_bool_to_enabled trusted_microsoft_services_enabled }}</span></div>\n        <div class=\"list-group-item-text item-margin\">Access Key Usage: <span id=\"storageaccounts.subscriptions.{{@../key}}.storage_accounts.{{@key}}.shared_key_access_allowed\">{{convert_bool_to_enabled shared_key_access_allowed}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Last Access Key Rotation:\n            <span id=\"storageaccounts.subscriptions.{{@../key}}.storage_accounts.{{@key}}.access_keys_rotated\">\n                {{#if access_keys_last_rotation_date }}\n                    {{ access_keys_last_rotation_date }}\n                {{else}}\n                    Never\n                {{/if}}\n            </span>\n        </div>\n        <div class=\"list-group-item-text item-margin\">Storage encrypted with Customer Managed Key: <span id=\"storageaccounts.subscriptions.{{@../key}}.storage_accounts.{{@key}}.encryption_key_customer_managed\">{{convert_bool_to_enabled encryption_key_customer_managed }}</span></div>\n\n        <div class=\"list-group-item-text item-margin\">Tags: \n            {{#each tags}}\n                <div style=\"border-radius: 5px; -webkit-border-radius: 5px; float: center; background-color: #c2c2d6; padding: 0.1px; text-align: center; display: inline-flex;\">\n                    <samp>{{value_or_none this}}</samp>\n                </div>&nbsp;&nbsp;\n            {{else}}\n                <div style=\"display: inline-flex;\"><samp>None</samp></div>\n            {{/each}}\n        </div>\n        <div class=\"list-group-item-text item-margin\">Resource group: <span id=\"storageaccounts.subscriptions.{{@../key}}.storage_accounts.{{@key}}.resource_group_name\"><samp>{{value_or_none resource_group_name}}</samp></span></div>\n    </div>\n\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Blob Containers</h4>\n        <div class=\"list-group-item-text item-margin\">\n        {{#each blob_containers}}\n            <samp>{{@key}}</samp>\n            <div class=\"list-group-item-text item-margin\">\n                Public Access: <span id=\"storageaccounts.subscriptions.{{@../../key}}.storage_accounts.{{@../key}}.blob_containers.{{@key}}.public_access_allowed\">{{ convert_bool_to_enabled public_access_allowed }}</span>\n            </div>\n        {{/each}}\n        </div>\n    </div>\n\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Blob Services</h4>\n        <div class=\"list-group-item-text item-margin\">\n            {{#each blob_services}}\n            <samp>{{name}}</samp>\n            <div class=\"list-group-item-text item-margin\">\n                Soft Delete: <span id=\"storageaccounts.subscriptions.{{@../../key}}.storage_accounts.{{@../key}}.blob_services.{{@key}}.soft_delete_enabled\">{{ convert_bool_to_enabled soft_delete_enabled }}</span>\n            </div>\n            {{/each}}\n        </div>\n    </div>\n\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.storageaccounts.subscriptions.id.storage_accounts\", $(\"#services\\\\.storageaccounts\\\\.subscriptions\\\\.id\\\\.storage_accounts\\\\.partial\").html());\n</script>\n\n<!-- Single Storage Accounts template -->\n<script id=\"single_storageaccounts_storage_accounts-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.storageaccounts.subscriptions.id.storage_accounts' }}\n</script>\n<script>\n    var single_storageaccounts_storage_accounts_template = Handlebars.compile($(\"#single_storageaccounts_storage_accounts-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.disks.html",
    "content": "<!-- virtualmachines disks -->\n<script id=\"services.virtualmachines.subscriptions.id.disks.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Unique ID: <span id=\"virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.unique_id\"><samp>{{value_or_none unique_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Location: <span id=\"virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.location\"><samp>{{value_or_none location}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Time Created: <span id=\"virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.time_created\"><samp>{{format_date time_created}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Provisioning State: <span id=\"virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.provisioning_state\"><samp>{{value_or_none provisioning_state}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Disk State: <span id=\"virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.disk_state\"><samp>{{value_or_none disk_state}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Zones: <span id=\"virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.zones\"><samp>{{value_or_none zones}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Encryption Type: <span id=\"virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.encryption_type\"><samp>{{value_or_none encryption_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Encrypted using ADE: <span id=\"virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.encryption_type\"><samp>{{convert_bool_to_enabled encryption_ade}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">OS Type: <span id=\"virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.os_type\"><samp>{{value_or_none os_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Hyper V Generation: <span id=\"virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.hyper_vgeneration\"><samp>{{value_or_none hyper_vgeneration}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Disk Size GB: <span id=\"virtualmachines.subscriptions.{{subscription}}.disks.{{@key}}.disk_size_gb\"><samp>{{value_or_none disk_size_gb}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.virtualmachines.subscriptions.id.disks\", $(\"#services\\\\.virtualmachines\\\\.subscriptions\\\\.id\\\\.disks\\\\.partial\").html());\n</script>\n\n<!-- Single virtualmachines disk template -->\n<script id=\"single_virtualmachines_disk-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.virtualmachines.subscriptions.id.disks'}}\n</script>\n<script>\n    var single_virtualmachines_disk_template = Handlebars.compile($(\"#single_virtualmachines_disk-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.images.html",
    "content": "<!-- virtualmachines images -->\n<script id=\"services.virtualmachines.subscriptions.id.images.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"virtualmachines.subscriptions.{{subscription}}.images.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Provisioning State: <span id=\"virtualmachines.subscriptions.{{subscription}}.images.{{@key}}.provisioning_state\"><samp>{{value_or_none provisioning_state}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Location: <span id=\"virtualmachines.subscriptions.{{subscription}}.images.{{@key}}.location\"><samp>{{value_or_none location}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Hyper-V Generation: <span id=\"virtualmachines.subscriptions.{{subscription}}.images.{{@key}}.hyper_vgeneration\"><samp>{{value_or_none hyper_vgeneration}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.virtualmachines.subscriptions.id.images\", $(\"#services\\\\.virtualmachines\\\\.subscriptions\\\\.id\\\\.images\\\\.partial\").html());\n</script>\n\n<!-- Single virtualmachines image template -->\n<script id=\"single_virtualmachines_image-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.virtualmachines.subscriptions.id.images'}}\n</script>\n<script>\n    var single_virtualmachines_image_template = Handlebars.compile($(\"#single_virtualmachines_image-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.instances.html",
    "content": "<!-- virtualmachines instances -->\n<script id=\"services.virtualmachines.subscriptions.id.instances.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"virtualmachines.subscriptions.{{@../key}}.instances.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">VM ID: <span id=\"virtualmachines.subscriptions.{{@../key}}.instances.{{@key}}.vm_id\"><samp>{{value_or_none vm_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Location: <span id=\"virtualmachines.subscriptions.{{@../key}}.instances.{{@key}}.location\"><samp>{{value_or_none location}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Zones: <span id=\"virtualmachines.subscriptions.{{@../key}}.instances.{{@key}}.zones\"><samp>{{value_or_none zones}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Proximity Placement Group: <span id=\"virtualmachines.subscriptions.{{@../key}}.instances.{{@key}}.proximity_placement_group\"><samp>{{value_or_none proximity_placement_group}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Availability Set: <span id=\"virtualmachines.subscriptions.{{@../key}}.instances.{{@key}}.availability_set\"><samp>{{value_or_none availability_set}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Provisioning State: <span id=\"virtualmachines.subscriptions.{{@../key}}.instances.{{@key}}.provisioning_state\"><samp>{{value_or_none provisioning_state}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Identity Principal ID: <span id=\"virtualmachines.subscriptions.{{@../key}}.instances.{{@key}}.identity\"><samp>{{value_or_none identity.principal_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">License Type: <span id=\"virtualmachines.subscriptions.{{@../key}}.instances.{{@key}}.license_type\"><samp>{{value_or_none license_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Plan: <span id=\"virtualmachines.subscriptions.{{@../key}}.instances.{{@key}}.plan\"><samp>{{value_or_none plan}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Hardware Profile: <span id=\"virtualmachines.subscriptions.{{@../key}}.instances.{{@key}}.hardware_profile\"><samp>{{value_or_none hardware_profile}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Diagnostics Profile:\n            {{#each diagnostics_profile}}\n            <ul style=\"margin-bottom:0\">\n                <li><samp>{{@key}}: {{value_or_none this}}</samp></li>\n            </ul>\n            {{else}}\n            <div style=\"display: inline-flex;\"><samp>None</samp></div>\n            {{/each}}\n        </div>\n        <div class=\"list-group-item-text item-margin\">OS Profile:\n            {{#each os_profile}}\n            <ul style=\"margin-bottom:0\">\n                <li><samp>{{@key}}: {{value_or_none this}}</samp></li>\n            </ul>\n            {{else}}\n            <div style=\"display: inline-flex;\"><samp>None</samp></div>\n            {{/each}}\n        </div>\n        <div class=\"list-group-item-text item-margin\">Storage Profile:\n            {{#each storage_profile}}\n            <ul style=\"margin-bottom:0\">\n                <li><samp>{{@key}}: {{value_or_none this}}</samp></li>\n            </ul>\n            {{else}}\n            <div style=\"display: inline-flex;\"><samp>None</samp></div>\n            {{/each}}\n        </div>\n        <div class=\"list-group-item-text item-margin\">Additional Capabilities:\n            {{#each additional_capabilities}}    \n            <ul style=\"margin-bottom:0\">\n                <li><samp>{{this}}</samp></li>\n            </ul>\n            {{else}}\n                <div style=\"display: inline-flex;\"><samp>None</samp></div>\n            {{/each}}\n        </div>\n        <div class=\"list-group-item-text item-margin\">Tags:\n            {{#each tags}}\n            <div\n                style=\"border-radius: 5px; -webkit-border-radius: 5px; float: center; background-color: #c2c2d6; padding: 0.1px; text-align: center; display: inline-flex;\">\n                <samp>{{value_or_none this}}</samp>\n            </div>&nbsp;&nbsp;\n            {{else}}\n            <div style=\"display: inline-flex;\"><samp>None</samp></div>\n            {{/each}}\n        </div>\n        <div class=\"list-group-item-text item-margin\">Resource group: <span id=\"virtualmachines.subscriptions.{{@../key}}.instances.{{@key}}.resource_group_name\"><samp>{{value_or_none resource_group_name}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Network Interfaces</h4>\n        {{#each network_interfaces}}\n        <div class=\"list-group-item-text item-margin\"><a href=\"javascript:showObject('services.network.subscriptions.{{../subscription}}.network_interfaces.{{this}}')\"><samp>{{getValueAt 'services.network.subscriptions' ../subscription 'network_interfaces' this 'name'}}</samp></a></div>\n        {{/each}}\n    </div>\n    <div class=\"list-group-item\">\n        <h4 id=\"virtualmachines.subscriptions.{{@../key}}.instances.{{@key}}.extensions\" class=\"list-group-item-heading\">Extensions</h4>\n        {{#each extensions}}\n        <ul>\n            <li><samp>{{this.name}}</samp></li>\n        </ul>\n        {{/each}}\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.virtualmachines.subscriptions.id.instances\", $(\"#services\\\\.virtualmachines\\\\.subscriptions\\\\.id\\\\.instances\\\\.partial\").html());\n</script>\n\n<!-- Single virtualmachines instance template -->\n<script id=\"single_virtualmachines_instance-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.virtualmachines.subscriptions.id.instances'}}\n</script>\n<script>\n    var single_virtualmachines_instance_template = Handlebars.compile($(\"#single_virtualmachines_instance-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.snapshots.html",
    "content": "<!-- virtualmachines snapshots -->\n<script id=\"services.virtualmachines.subscriptions.id.snapshots.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Unique ID: <span id=\"virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.unique_id\"><samp>{{value_or_none unique_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Provisioning State: <span id=\"virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.provisioning_state\"><samp>{{value_or_none provisioning_state}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Time Created: <span id=\"virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.time_created\"><samp>{{format_date time_created}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Location: <span id=\"virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.location\"><samp>{{value_or_none location}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Encryption Type: <span id=\"virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.encryption_type\"><samp>{{value_or_none encryption_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">OS Type: <span id=\"virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.os_type\"><samp>{{value_or_none os_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Managed By: <span id=\"virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.managed_by\"><samp>{{value_or_none managed_by}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Hyper V Generation: <span id=\"virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.hyper_vgeneration\"><samp>{{value_or_none hyper_vgeneration}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Disk Size GB: <span id=\"virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.disk_size_gb\"><samp>{{value_or_none disk_size_gb}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Incremental: <span id=\"virtualmachines.subscriptions.{{subscription}}.snapshots.{{@key}}.incremental\"><samp>{{value_or_none incremental}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.virtualmachines.subscriptions.id.snapshots\", $(\"#services\\\\.virtualmachines\\\\.subscriptions\\\\.id\\\\.snapshots\\\\.partial\").html());\n</script>\n\n<!-- Single virtualmachines snapshot template -->\n<script id=\"single_virtualmachines_snapshot-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.virtualmachines.subscriptions.id.snapshots'}}\n</script>\n<script>\n    var single_virtualmachines_snapshot_template = Handlebars.compile($(\"#single_virtualmachines_snapshot-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/count_badge.html",
    "content": "<script id=\"count_badge.partial\" type=\"text/x-handlebars-template\">\n    {{#ifPositive count}}\n        <span class=\"badge float-right badge-dark\">{{count}}</span>\n    {{else}}\n        <span class=\"badge float-right badge-light disabled\">0</span>\n    {{/ifPositive}}\n</script>\n\n<script>\n    Handlebars.registerPartial(\"count_badge\", $(\"#count_badge\\\\.partial\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/dashboard.html",
    "content": "<!-- Dashboard partial -->\n<script id=\"services.id.findings.partial\" type=\"text/x-handlebars-template\">\n<div class=\"row\" id=\"services.{{service_name}}.findings.row\">\n    <div class=\"col-sm-12\" id=\"services.{{service_name}}.findings.list\">\n        <div class=\"form-group container row\">\n        <div class=\"col-sm-4\">\n            <input class=\"form-control dashboard-filter\" type=\"text\" id=\"dashboardFilter\" placeholder=\"Filter findings\">\n        </div>\n        <div class=\"col-sm-2\">\n            <button class=\"form-control btn btn-light\" id=\"finding-title\">Show All</button>\n        </div>\n        <div class=\"col-sm-2\">\n            <button class=\"form-control btn btn-success\" id=\"finding-title-good\">Good</button>\n        </div>\n        <div class=\"col-sm-2\">\n            <button class=\"form-control btn btn-warning\" id=\"finding-title-warning\">Warning</button>\n        </div>\n        <div class=\"col-sm-2\">\n            <button class=\"form-control btn btn-danger\" id=\"finding-title-danger\">Danger</button>\n        </div>\n        </div>\n\n        <ul class=\"list-group accordion\">\n            {{#each_dict_as_sorted_list findings}}\n                <div id=\"list-{{key}}\" class=\"card finding_items\">\n                <div class=\"card-header row finding-title finding-title-{{dashboard_color level checked_items flagged_items}} plain-link\">\n                    <div class=\"col-sm-11\">\n                        <i class=\"fa finding-badge finding-badge-{{dashboard_color level checked_items flagged_items}}\"></i>\n                        <a href=\"#services.{{../service_name}}.findings.{{key}}.items\">{{description}}</a>\n                    </div>\n                    <div class=\"col-sm-1\">\n                        <button class=\"finding btn fa collapsed\" style=\"background-color:transparent\" data-toggle=\"collapse\" data-target=\"#item-{{key}}\" aria-expanded=\"false\" aria-controls=\"item-{{key}}\"></button>\n                    </div>\n                </div>\n                <div class=\"collapse\" id=\"item-{{key}}\" aria-labelledby=\"item-{{key}}\" data-parent=\"#list-{{key}}\">\n                    <div class=\"card-body row\">\n                        <div class=\"col-sm-9\">\n                            <b>Description</b><br>\n                            {{#if rationale}}\n                                <p>{{{rationale}}}</p>\n                            {{else}}\n                                <p>No description available.</p>\n                            {{/if}}\n                            {{#if remediation}}\n                                <b>Remediation</b><br>\n                                <p>{{{remediation}}}</p>\n                            {{/if}}\n                            {{#if compliance}}\n                            <b>Compliance</b><br>\n                            <ul>\n                                {{#each compliance}}\n                                <li>{{this.name}} version {{this.version}}, reference {{this.reference}}</li>\n                                {{/each}}\n                            </ul>\n                            <br>\n                            {{/if}}\n                            {{#if references}}\n                                <b>References</b><br>\n                                <ul>\n                                    {{#each references}}\n                                    <li><a href=\"{{this}}\">{{this}}</a></li>\n                                    {{/each}}\n                                </ul>\n                            {{/if}}\n                        </div>\n                        <div class=\"col-sm-3\">\n                            <ul>\n                                <li>{{dashboard_name}} checked: {{checked_items}}</li>\n                                <li>{{dashboard_name}} flagged: {{flagged_items}}</li>\n                            </ul>\n                        </div>\n                    </div>\n                </div>\n            </div>\n            {{/each_dict_as_sorted_list}}\n        </ul>\n\n    </div>\n</div>\n</script>\n<script>\nHandlebars.registerPartial(\"dashboard\", $(\"#services\\\\.id\\\\.findings\\\\.partial\").html());\n</script>\n<script>\n    // Dashboard filtering\n    $(document).ready(function(){\n        // Filter by text search\n        $(\".dashboard-filter\").on(\"keyup\", function() {\n            var value = $(this).val().toLowerCase()\n            $(\".finding_items\").filter(function() {\n                $(this).toggle($(this).text().toLowerCase().indexOf(value) > -1)\n            })\n        })\n\n        // Filter by button\n        $('.btn').click(function() {\n            var value = $(this).attr('id')\n            if (value.indexOf('finding-title') > -1){\n                $(\".finding_items\").filter(function() {\n                    $(this).toggle($(this).find(\">:first-child\").attr(\"class\").indexOf(value) > -1)\n                });\n            }\n            $(\".dashboard-filter\").val(\"\")\n        })\n    })\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/details.html",
    "content": "\n  <!-- Generic partial for resource -->\n  <script id=\"details.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"services.{{service_name}}.{{resource_type}}.details\">\n      {{#each items}}\n        <div class=\"list-group\" id=\"services.{{../service_name}}.{{../resource_type}}.{{@key}}.view\">\n          {{> (lookup .. 'partial_name') service_name = ../service_name resource_type = ../resource_type resource_key = @key resource = this}}\n        </div>\n      {{/each}}\n    </div>\n  </script>\n  <script>\n    Handlebars.registerPartial(\"details\", $(\"#details\\\\.partial\").html());\n  </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/details_for_region.html",
    "content": "\n  <!-- Generic partial for region-then-resource -->\n  <script id=\"details_for_region.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"services.{{service_name}}.regions.id.{{resource_type}}.details\">\n      {{#each items}}\n        {{#each (lookup . ../resource_type)}}\n          <div class=\"list-group\" id=\"services.{{../../service_name}}.regions.{{@../key}}.{{../../resource_type}}.{{@key}}.view\">\n            {{> (lookup ../.. 'partial_name') service_name = ../../service_name region = @../key resource_type = ../../resource_type resource_key = @key resource = this}}\n          </div>\n        {{/each}}\n      {{/each}}\n    </div>\n  </script>\n  <script>\n    Handlebars.registerPartial(\"details_for_region\", $(\"#details_for_region\\\\.partial\").html());\n  </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/details_for_vpc.html",
    "content": "\n  <!-- Generic partial for region-then-vpc-then-resource -->\n  <script id=\"details_for_vpc.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"services.{{service_name}}.regions.id.vpcs.id.{{resource_type}}.details\">\n      {{#each items}}\n        {{#each vpcs}}\n          {{#each (lookup . ../../resource_type)}}\n            <div class=\"list-group\" id=\"services.{{../../../service_name}}.regions.{{@../../key}}.vpcs.{{@../key}}.{{../../../resource_type}}.{{@key}}.view\">\n              {{> (lookup ../../.. 'partial_name') service_name = ../../../service_name region = @../../key vpc = @../key resource_type = ../../../resource_type resource_key = @key resource = this}}\n            </div>\n          {{/each}}\n        {{/each}}\n      {{/each}}\n    </div>\n  </script>\n  <script>\n    Handlebars.registerPartial(\"details_for_vpc\", $(\"#details_for_vpc\\\\.partial\").html());\n  </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/do/services.database.databases.html",
    "content": "<!-- database databases -->\n<script id=\"services.database.databases.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Id: <span id=\"database.databases.{{@key}}.id\"><samp>{{value_or_none id}}</samp></span></div>    \n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"database.databases.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Engine: <span id=\"database.databases.{{@key}}.engine\"><samp>{{value_or_none engine}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Version: <span id=\"database.databases.{{@key}}.version\"><samp>{{value_or_none version}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Semantic Version: <span id=\"database.databases.{{@key}}.semantic_version\">\n            <samp>{{value_or_none semantic_version}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Connection Pools: <span id=\"database.databases.{{@key}}.connection_pools\"><samp>{{value_or_none connection_pools}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Eviciton Policy: <span id=\"database.databases.{{@key}}.eviction_policy\"><samp>{{value_or_none eviction_policy}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Legacy Password encryption: <span id=\"database.databases.{{@key}}.legacy_encryption_users\"><samp>{{value_or_none legacy_encryption_users}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Tags: <span id=\"database.databases.{{@key}}.tags\"><samp>{{value_or_none tags}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Databases: <span id=\"database.databases.{{@key}}.databases\"><samp>{{value_or_none databases}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Trusted Sources: <span id=\"database.databases.{{@key}}.trusted_sources\"><samp>{{value_or_none trusted_resources}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.database.databases\", $(\"#services\\\\.database\\\\.databases\\\\.partial\").html());\n</script>\n\n<!-- Single database database template -->\n<script id=\"single_database_database-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.database.databases'}}\n</script>\n<script>\n    var single_database_database_template = Handlebars.compile($(\"#single_database_database-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/do/services.droplet.droplets.html",
    "content": "<!-- droplet droplets -->\n<script id=\"services.droplet.droplets.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Id: <span id=\"droplet.droplets.{{@key}}.id\"><samp>{{value_or_none id}}</samp></span></div> \n        <div class=\"list-group-item-text item-margin\">Port 22 public: <span id=\"droplet.droplets.{{@key}}.port_22_exposed\"><samp>{{value_or_none port_22_exposed}}</samp></span></div>      \n        <div class=\"list-group-item-text item-margin\">All Ports public: <span id=\"droplet.droplets.{{@key}}.all_ports_exposed\"><samp>{{value_or_none all_ports_exposed}}</samp></span></div> \n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"droplet.droplets.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>        <div class=\"list-group-item-text item-margin\">Memory: <span id=\"droplet.droplets.{{@key}}.memory\"><samp>{{value_or_none memory}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Vcpus: <span id=\"droplet.droplets.{{@key}}.vcpus\"><samp>{{value_or_none vcpus}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Disk: <span id=\"droplet.droplets.{{@key}}.disk\"><samp>{{value_or_none disk}}</samp></span></div>        <div class=\"list-group-item-text item-margin\">Locked: <span id=\"droplet.droplets.{{@key}}.locked\"><samp>{{value_or_none locked}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Status: <span id=\"droplet.droplets.{{@key}}.status\"><samp>{{value_or_none status}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Kernel: <span id=\"droplet.droplets.{{@key}}.kernel\"><samp>{{value_or_none kernel}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Created At: <span id=\"droplet.droplets.{{@key}}.created_at\"><samp>{{value_or_none created_at}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Features: <span id=\"droplet.droplets.{{@key}}.features\"><samp>{{value_or_none features}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Backup Ids: <span id=\"droplet.droplets.{{@key}}.backup_ids\"><samp>{{value_or_none backup_ids}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Next Backup Window: <span id=\"droplet.droplets.{{@key}}.next_backup_window\"><samp>{{value_or_none next_backup_window}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Snapshot Ids: <span id=\"droplet.droplets.{{@key}}.snapshot_ids\"><samp>{{value_or_none snapshot_ids}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Image: <span id=\"droplet.droplets.{{@key}}.image\"><samp>{{value_or_none image}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Image Type: <span id=\"droplet.droplets.{{@key}}.image_type\"><samp>{{value_or_none image_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Volume Ids: <span id=\"droplet.droplets.{{@key}}.volume_ids\"><samp>{{value_or_none volume_ids}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Size: <span id=\"droplet.droplets.{{@key}}.size\"><samp>{{value_or_none size}}</samp></span></div>        <div class=\"list-group-item-text item-margin\">Size Slug: <span id=\"droplet.droplets.{{@key}}.size_slug\"><samp>{{value_or_none size_slug}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Networks: <span id=\"droplet.droplets.{{@key}}.networks\"><samp>{{value_or_none networks}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Region: <span id=\"droplet.droplets.{{@key}}.region\"><samp>{{value_or_none region}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Tags: <span id=\"droplet.droplets.{{@key}}.tags\"><samp>{{value_or_none tags}}</samp></span></div>        <div class=\"list-group-item-text item-margin\">Vpc Uuid: <span id=\"droplet.droplets.{{@key}}.vpc_uuid\"><samp>{{value_or_none vpc_uuid}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Firewalls: <span id=\"droplet.droplets.{{@key}}.firewalls\"><samp>{{value_or_none firewalls}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.droplet.droplets\", $(\"#services\\\\.droplet\\\\.droplets\\\\.partial\").html());\n</script>\n\n<!-- Single droplet droplet template -->\n<script id=\"single_droplet_droplet-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.droplet.droplets'}}\n</script>\n<script>\n    var single_droplet_droplet_template = Handlebars.compile($(\"#single_droplet_droplet-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/do/services.kubernetes.cluster.html",
    "content": "<!-- kubernetes.kubernetes -->\n<script id=\"services.kubernetes.kubernetes.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Id: <span id=\"kubernetes.kubernetes.{{@key}}.id\"><samp>{{value_or_none id}}</samp></span></div> \n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"kubernetes.kubernetes.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div> \n        <div class=\"list-group-item-text item-margin\">High Availability: <span id=\"kubernetes.kubernetes.{{@key}}.ha\"><samp>{{value_or_none ha}}</samp></span></div> \n        <div class=\"list-group-item-text item-margin\">Auto-upgrade Minor Version: <span id=\"kubernetes.kubernetes.{{@key}}.auto_upgrade\"><samp>{{value_or_none auto_upgrade}}</samp></span></div> \n        <div class=\"list-group-item-text item-margin\">Surge Upgrade: <span id=\"kubernetes.kubernetes.{{@key}}.surge_upgrade\"><samp>{{value_or_none surge_upgrade}}</samp></span></div> \n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.kubernetes.kubernetes\", $(\"#services\\\\.kubernetes\\\\.kubernetes\\\\.partial\").html());\n</script>\n\n<!-- Single kubernetes kubernetes template -->\n<script id=\"single_kubernetes_kubernetes-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.kubernetes.kubernetes'}}\n</script>\n<script>\n    var single_kubernetes_kubernetes_template = Handlebars.compile($(\"#single_kubernetes_kubernetes-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/do/services.networking.domains.html",
    "content": "<!-- networking domains -->\n<script id=\"services.networking.domains.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Id: <span id=\"networking.domains.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>    \n        <div class=\"list-group-item-text item-margin\">Spf Record: <span id=\"networking.domains.{{@key}}.spf_record\"><samp>{{value_or_none spf_record}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Dmarc Record: <span id=\"networking.domains.{{@key}}.dmarc_record\"><samp>{{value_or_none dmarc_record}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Dkim Record: <span id=\"networking.domains.{{@key}}.dkim_record\"><samp>{{value_or_none dkim_record}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Spf Record [+/~]all: <span id=\"networking.domains.{{@key}}.spf_record_all\"><samp>{{value_or_none spf_record_all}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">HighTTl Records (>3600s): <span id=\"networking.domains.{{@key}}.highttl_records\"><samp>{{value_or_none highttl_records}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.networking.domains\", $(\"#services\\\\.networking\\\\.domains\\\\.partial\").html());\n</script>\n\n<!-- Single networking damain template -->\n<script id=\"single_networking_damain-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.networking.domains'}}\n</script>\n<script>\n    var single_networking_damain_template = Handlebars.compile($(\"#single_networking_damain-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/do/services.networking.firewalls.html",
    "content": "<!-- networking firewalls -->\n<script id=\"services.networking.firewalls.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Id: <span id=\"networking.firewalls.{{@key}}.id\"><samp>{{value_or_none id}}</samp></span></div>  \n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"networking.firewalls.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Status: <span id=\"networking.firewalls.{{@key}}.status\"><samp>{{value_or_none status}}</samp></span></div>\n        <!-- <div class=\"list-group-item-text item-margin\">Inbound Rules: <span id=\"networking.firewalls.{{@key}}.inbound_rules\"><samp>{{value_or_none inbound_rules}}</samp></span></div> -->\n        <!-- <div class=\"list-group-item-text item-margin\">Outbound Rules: <span id=\"networking.firewalls.{{@key}}.outbound_rules\"><samp>{{value_or_none outbound_rules}}</samp></span></div> -->\n        <div class=\"list-group-item-text item-margin\">Created At: <span id=\"networking.firewalls.{{@key}}.created_at\"><samp>{{value_or_none created_at}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Droplet Ids: <span id=\"networking.firewalls.{{@key}}.droplet_ids\"><samp>{{value_or_none droplet_ids}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Tags: <span id=\"networking.firewalls.{{@key}}.tags\"><samp>{{value_or_none tags}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Pending Changes: <span id=\"networking.firewalls.{{@key}}.pending_changes\">\n            <samp>{{value_or_none pending_changes}}</samp></span></div>\n\n        <div class=\"list-group-item-text item-margin\">All Ports Publically Exposed: <span id=\"networking.firewalls.{{@key}}.all_ports_exposed\"><samp>{{value_or_none all_ports_exposed}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Public Ports Enabled: <span id=\"networking.firewalls.{{@key}}.public_ports_enabled\"><samp>{{value_or_none public_ports_enabled}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Public Port Detail: <span id=\"networking.firewalls.{{@key}}.public_port_detail\"><samp>{{value_or_none public_port_detail}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.networking.firewalls\", $(\"#services\\\\.networking\\\\.firewalls\\\\.partial\").html());\n</script>\n\n<!-- Single networking firewall template -->\n<script id=\"single_networking_firewall-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.networking.firewalls'}}\n</script>\n<script>\n    var single_networking_firewall_template = Handlebars.compile($(\"#single_networking_firewall-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/do/services.networking.load_balancers.html",
    "content": "<!-- networking load_balancers -->\n<script id=\"services.networking.load_balancers.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Id: <span id=\"networking.load_balancers.{{@key}}.id\"><samp>{{value_or_none id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"networking.load_balancers.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Redirect HTTP To HTTPS: <span id=\"networking.load_balancers.{{@key}}.redirect_http_to_https\"><samp>{{value_or_none redirect_http_to_https}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Enable Backend Keepalive: <span id=\"networking.load_balancers.{{@key}}.enable_backend_keepalive\"><samp>{{value_or_none enable_backend_keepalive}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Droplets: <span id=\"networking.load_balancers.{{@key}}.droplet_ids\"><samp>{{value_or_none droplet_ids}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.networking.load_balancers\", $(\"#services\\\\.networking\\\\.load_balancers\\\\.partial\").html());\n</script>\n\n<!-- Single networking load_balancer template -->\n<script id=\"single_networking_load_balancer-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.networking.load_balancers'}}\n</script>\n<script>\n    var single_networking_load_balancer_template = Handlebars.compile($(\"#single_networking_load_balancer-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/do/services.spaces.buckets.html",
    "content": "<!-- spaces buckets -->\n<script id=\"services.spaces.buckets.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"spaces.buckets.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>  \n        <div class=\"list-group-item-text item-margin\">Public Read: <span id=\"spaces.buckets.{{@key}}.public_read\"><samp>{{value_or_none public_read}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Public Write: <span id=\"spaces.buckets.{{@key}}.public_write\"><samp>{{value_or_none public_write}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Read Acp: <span id=\"spaces.buckets.{{@key}}.read_acp\"><samp>{{value_or_none read_acp}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Write Acp: <span id=\"spaces.buckets.{{@key}}.write_acp\"><samp>{{value_or_none write_acp}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">CORS: <span id=\"spaces.buckets.{{@key}}.CORS\"><samp>{{value_or_none CORS}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.spaces.buckets\", $(\"#services\\\\.spaces\\\\.buckets\\\\.partial\").html());\n</script>\n\n<!-- Single spaces bucket template -->\n<script id=\"single_spaces_bucket-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.spaces.buckets'}}\n</script>\n<script>\n    var single_spaces_bucket_template = Handlebars.compile($(\"#single_spaces_bucket-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/ec2_grants.html",
    "content": "\n    <!-- EC2 grant -->\n    <script id=\"ec2_grants.partial\" type=\"text/x-handlebars-template\">\n      <ul>\n        {{#each items}}\n          <li class=\"list-group-item-text\">\n            <span id=\"ec2.regions.{{../region}}.vpcs.{{../vpc}}.security_groups.{{../sg_id}}.rules.{{../direction}}.protocols.{{../protocol}}.ports.{{../ports}}.security_groups.{{@key}}\">\n              {{#if GroupName}}\n                {{GroupName}} (<a href=\"javascript:findAndShowEC2Object('regions.vpcs.security_groups', '{{GroupId}}')\">{{GroupId}}</a>)\n              {{else}}\n                {{GroupId}} (AWS account ID {{UserId}})\n              {{/if}}\n            </span>\n          </li>\n        {{/each}}\n      </ul>\n    </script>\n    <script>\n        Handlebars.registerPartial(\"ec2_grants\", $(\"#ec2_grants\\\\.partial\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/filters.html",
    "content": "<!-- Filters -->\n<script id=\"filters.list.template\" type=\"text/x-handlebars-template\">\n  {{#each items}}\n    {{#each filters}}   \n      <li id=\"services.{{display_path}}.filters\"><a class=\"dropdown-item\" href=\"#services.{{@../key}}.filters.{{@key}}.items\">{{description}}</a></li>\n    {{/each}}\n  {{/each}}\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/details_for_gcp_region.html",
    "content": "\n  <!-- Generic partial for region-then-resource -->\n  <script id=\"details_for_gcp_region.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"services.{{service_name}}.projects.id.regions.id.{{resource_type}}.details\">\n      {{#each items}}\n        {{#each (lookup . \"regions\")}}\n          {{#each (lookup . ../../resource_type)}}\n          <div class=\"list-group\" id=\"services.{{../../../service_name}}.projects.{{@../../key}}.regions.{{@../key}}.{{../../../resource_type}}.{{@key}}.view\">\n            {{> (lookup ../../.. 'partial_name') service_name = ../../../service_name project = @../../key region = @../key resource_type = ../../../resource_type resource_key = @key resource = this}}\n          </div>\n          {{/each}}\n        {{/each}}\n      {{/each}}\n    </div>\n  </script>\n  <script>\n    Handlebars.registerPartial(\"details_for_gcp_region\", $(\"#details_for_gcp_region\\\\.partial\").html());\n  </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/details_for_gcp_zone.html",
    "content": "\n  <!-- Generic partial for zone-then-resource -->\n  <script id=\"details_for_gcp_zone.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"services.{{service_name}}.projects.id.zones.id.{{resource_type}}.details\">\n      {{#each items}}\n        {{#each (lookup . \"zones\")}}\n          {{#each (lookup . ../../resource_type)}}\n          <div class=\"list-group\" id=\"services.{{../../../service_name}}.projects.{{@../../key}}.zones.{{@../key}}.{{../../../resource_type}}.{{@key}}.view\">\n            {{> (lookup ../../.. 'partial_name') service_name = ../../../service_name project = @../../key zone = @../key resource_type = ../../../resource_type resource_key = @key resource = this}}\n          </div>\n          {{/each}}\n        {{/each}}\n      {{/each}}\n    </div>\n  </script>\n  <script>\n    Handlebars.registerPartial(\"details_for_gcp_zone\", $(\"#details_for_gcp_zone\\\\.partial\").html());\n  </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/details_for_project.html",
    "content": "\n  <!-- Generic partial showing details about projects and their resources -->\n  <script id=\"details_for_project.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"services.{{service_name}}.projects.id.{{resource_type}}.details\">\n      {{#each items}}\n        {{#each (lookup . ../resource_type)}}\n          <div class=\"list-group\" id=\"services.{{../../service_name}}.projects.{{@../key}}.{{../../resource_type}}.{{@key}}.view\">\n            {{> (lookup ../.. 'partial_name') service_name = ../../service_name project = @../key resource_type = ../../resource_type resource_key = @key resource = this}}\n          </div>\n        {{/each}}\n      {{/each}}\n    </div>\n  </script>\n  <script>\n    Handlebars.registerPartial(\"details_for_project\", $(\"#details_for_project\\\\.partial\").html());\n  </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/left_menu_for_gcp_region.html",
    "content": "<!-- Generic left-menu link partial for region-then-resource -->\n<script id=\"left_menu_for_gcp_region.partial\" type=\"text/x-handlebars-template\">\n  <div id=\"services.{{service_name}}.projects.id.regions.id.{{resource_type}}.list\">\n  <div class=\"list-group\" >\n    <div class=\"list-group-item\">\n      <a href=\"javascript:updateHash('services.{{service_name}}.projects.id.regions.id.{{resource_type}}')\">Show all <span class=\"badge float-right btn-info\">{{getValueAt 'metadata' service_group service_name 'resources' resource_type 'count'}}</span></a>\n    </div>\n  </div>\n  {{#each items}}\n  <div class=\"list-group\" id=\"services.{{../service_name}}.projects.{{@key}}.regions.id.{{../resource_type}}.list\">\n    <div class=\"list-group-item active\">\n      <a href=\"javascript:showRowWithItems('services.{{../service_name}}.projects.{{@key}}.regions.id.{{../resource_type}}')\">{{@key}}</a>\n      <span class=\"float-right\"><a href=\"javascript:hideList('services.{{../service_name}}.projects.{{@key}}.regions.id.{{../resource_type}}.list')\"><i class=\"fa fa-times-circle\"></i></a></span>\n    </div>\n    <div>\n      {{#each (lookup . \"regions\")}}\n      {{#if (lookup . (concatWith ../../resource_type \"_count\" \"\"))}}\n      <div class=\"list-group-item\" id=\"services.{{../../../service_name}}.projects.{{@../key}}.regions.{{@key}}.{{../../../resource_type}}.list\">\n        {{#if scout2_link}}\n        <a href=\"#{{scout2_link}}.view\">{{@key}}</a>\n        {{else}}\n        <a href=\"#services.{{../../../../service_name}}.projects.{{@../key}}.regions.{{@key}}.{{../../../../resource_type}}\">{{@key}}</a>\n        {{/if}}\n        <span class=\"float-right\"><a href=\"javascript:hideList('services.{{../../../service_name}}.projects.{{@../key}}.regions.{{@key}}.{{../../../resource_type}}.list')\"><i class=\"fa fa-times-circle\"></i></a></span>\n        {{#each (lookup . ../../../resource_type)}}\n        <div class=\"list-group-item-text list-sub-element\">\n            <a href=\"#services.{{../../../../service_name}}.projects.{{@../../key}}.regions.{{@../key}}.{{../../../../resource_type}}.{{@key}}.view\">{{name}}</a>\n        </div>\n        {{/each}}    \n      </div>\n      {{/if}}\n      {{/each}}     \n    </div>\n  </div>\n  {{/each}}\n  </div>\n</script>\n<script>\n    Handlebars.registerPartial(\"left_menu_for_gcp_region\", $(\"#left_menu_for_gcp_region\\\\.partial\").html());\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/left_menu_for_gcp_zone.html",
    "content": "<!-- Generic left-menu link partial for zone-then-resource -->\n<script id=\"left_menu_for_gcp_zone.partial\" type=\"text/x-handlebars-template\">\n  <div id=\"services.{{service_name}}.projects.id.zones.id.{{resource_type}}.list\">\n  <div class=\"list-group\" >\n    <div class=\"list-group-item\">\n      <a href=\"javascript:updateHash('services.{{service_name}}.projects.id.zones.id.{{resource_type}}')\">Show all <span class=\"badge float-right btn-info\">{{getValueAt 'metadata' service_group service_name 'resources' resource_type 'count'}}</span></a>\n    </div>\n  </div>\n  {{#each items}}\n  <div class=\"list-group\" id=\"services.{{../service_name}}.projects.{{@key}}.zones.id.{{../resource_type}}.list\">\n    <div class=\"list-group-item active\">\n      <a href=\"javascript:showRowWithItems('services.{{../service_name}}.projects.{{@key}}.zones.id.{{../resource_type}}')\">{{@key}}</a>\n      <span class=\"float-right\"><a href=\"javascript:hideList('services.{{../service_name}}.projects.{{@key}}.zones.id.{{../resource_type}}.list')\"><i class=\"fa fa-times-circle\"></i></a></span>\n    </div>\n    <div>\n      {{#each (lookup . \"zones\")}}\n      {{#if (lookup . (concatWith ../../resource_type \"_count\" \"\"))}}\n      <div class=\"list-group-item\" id=\"services.{{../../../service_name}}.projects.{{@../key}}.zones.{{@key}}.{{../../../resource_type}}.list\">\n        {{#if scout2_link}}\n        <a href=\"#{{scout2_link}}.view\">{{@key}}</a>\n        {{else}}\n        <a href=\"#services.{{../../../../service_name}}.projects.{{@../key}}.zones.{{@key}}.{{../../../../resource_type}}\">{{@key}}</a>\n        {{/if}}\n        <span class=\"float-right\"><a href=\"javascript:hideList('services.{{../../../service_name}}.projects.{{@../key}}.zones.{{@key}}.{{../../../resource_type}}.list')\"><i class=\"fa fa-times-circle\"></i></a></span>\n        {{#each (lookup . ../../../resource_type)}}\n        <div class=\"list-group-item-text list-sub-element\">\n            <a href=\"#services.{{../../../../service_name}}.projects.{{@../../key}}.zones.{{@../key}}.{{../../../../resource_type}}.{{@key}}.view\">{{name}}</a>\n        </div>\n        {{/each}} \n      </div>   \n      {{/if}}\n      {{/each}}     \n    </div>\n  </div>\n  {{/each}}\n  </div>\n</script>\n<script>\n    Handlebars.registerPartial(\"left_menu_for_gcp_zone\", $(\"#left_menu_for_gcp_zone\\\\.partial\").html());\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/left_menu_for_project.html",
    "content": "<!-- Generic left-menu link partial for project-then-resource -->\n<script id=\"left_menu_for_project.partial\" type=\"text/x-handlebars-template\">\n  <div id=\"services.{{service_name}}.projects.id.{{resource_type}}.list\">\n  <div class=\"list-group\" >\n    <div class=\"list-group-item\">\n      <a href=\"javascript:updateHash('services.{{service_name}}.projects.id.{{resource_type}}')\">Show all <span class=\"badge float-right btn-info\">{{getValueAt 'metadata' service_group service_name 'resources' resource_type 'count'}}</span></a>\n    </div>\n  </div>\n  {{#each items}}\n  <div class=\"list-group\" id=\"services.{{../service_name}}.projects.{{@key}}.{{../resource_type}}.list\">\n    <div class=\"list-group-item active\">\n      <a href=\"#services.{{../service_name}}.projects.{{@key}}.{{../resource_type}}\">{{@key}}</a>\n      <span class=\"float-right\"><a href=\"javascript:hideList('services.{{../service_name}}.projects.{{@key}}.{{../resource_type}}.list')\"><i class=\"fa fa-times-circle\"></i></a></span>\n    </div>\n    <div class=\"list-group-item\">\n      {{#each (lookup . ../resource_type)}}\n      <div class=\"list-group-item list-sub-element\" id=\"services.{{../../service_name}}.projects.{{@../key}}.{{../../resource_type}}.{{@key}}.link\">\n        {{#if scout2_link}}\n        <a href=\"#{{scout2_link}}.view\">{{name}}</a>\n        {{else}}\n        <a href=\"#services.{{../../../service_name}}.projects.{{@../key}}.{{../../../resource_type}}.{{@key}}.view\">{{name}}</a>\n        {{/if}}\n      </div>\n      {{/each}}\n    </div>\n  </div>\n  {{/each}}\n  </div>\n</script>\n<script>\n    Handlebars.registerPartial(\"left_menu_for_project\", $(\"#left_menu_for_project\\\\.partial\").html());\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.bigquery.projects.id.datasets.html",
    "content": "<!-- bigquery datasets -->\n<script id=\"services.bigquery.projects.id.datasets.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"bigquery.projects.{{project}}.datasets.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Location: <span id=\"bigquery.projects.{{project}}.datasets.{{@key}}.location\"><samp>{{value_or_none location}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Creation Time: <span id=\"bigquery.projects.{{project}}.datasets.{{@key}}.creation_time\"><samp>{{format_date creation_time}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Last Modified Time: <span id=\"bigquery.projects.{{project}}.datasets.{{@key}}.last_modified_time\"><samp>{{format_date last_modified_time}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Default Encryption Key: <span id=\"bigquery.projects.{{project}}.datasets.{{@key}}.default_encryption_configuration\"><samp>{{value_or_none default_encryption_configuration}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\"><span id=\"bigquery.projects.{{@../key}}.datasets.{{@key}}.permissions\">IAM Permissions</span></h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each bindings}}\n                <li><span id=\"bigquery.projects.{{@../../key}}.datasets.{{@../key}}.{{@key}}\"><samp>{{@key}}</samp></span></li>\n                <ul>\n                    {{#each this}}\n                    <li><samp>{{type}}:{{member}}</samp></li>\n                    {{/each}}\n                </ul>\n                {{else}}\n                <li><samp>None</samp></li>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.bigquery.projects.id.datasets\", $(\"#services\\\\.bigquery\\\\.projects\\\\.id\\\\.datasets\\\\.partial\").html());\n</script>\n\n<!-- Single bigquery dataset template -->\n<script id=\"single_bigquery_dataset-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.bigquery.projects.id.datasets'}}\n</script>\n<script>\n    var single_bigquery_dataset_template = Handlebars.compile($(\"#single_bigquery_dataset-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.cloudmemorystore.projects.id.redis_instances.html",
    "content": "\n<!-- Cloud Memorystore for Redis partial -->\n<script id=\"services.cloudmemorystore.projects.id.redis_instances.partial\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Location: <span id=\"cloudmemorystore.projects.{{@../key}}.redis_instances.{{@key}}.location\">{{location}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Redis Version: <span id=\"cloudmemorystore.projects.{{@../key}}.redis_instances.{{@key}}.redis_version\">{{redis_version}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Transit Encryption Mode: <span id=\"cloudmemorystore.projects.{{@../key}}.redis_instances.{{@key}}.ssl_required\">{{convert_bool_to_enabled ssl_required}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Auth Enabled: <span id=\"cloudmemorystore.projects.{{@../key}}.redis_instances.{{@key}}.auth_enabled\"><samp>{{convert_bool_to_enabled auth_enabled}}</samp></span></div>\n    </div>\n</script>\n<script>\n    Handlebars.registerPartial(\"services.cloudmemorystore.projects.id.redis_instances\", $(\"#services\\\\.cloudmemorystore\\\\.projects\\\\.id\\\\.redis_instances\\\\.partial\").html());\n</script>\n\n<!-- Single redis instance template -->\n<script id=\"single_cloudmemorystore_redis_instance-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.cloudmemorystore.projects.id.redis_instances'}}\n</script>\n<script>\n    var single_cloudmemorystore_redis_template = Handlebars.compile($(\"#single_cloudmemorystore_redis_instance-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.cloudsql.projects.id.instances.html",
    "content": "\n<!-- Cloud Storage instances partial -->\n<script id=\"services.cloudsql.projects.id.instances.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Project ID: <span id=\"cloudsql.projects.{{@../key}}.instances.{{@key}}.project_id\"><samp>{{project_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Automatic Backups: <span id=\"cloudsql.projects.{{@../key}}.instances.{{@key}}.automatic_backup_enabled\">{{convert_bool_to_enabled automatic_backup_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Last Backup: <span id=\"cloudsql.projects.{{@../key}}.instances.{{@key}}.last_backup_timestamp\">{{format_date last_backup_timestamp}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Logs: <span id=\"cloudsql.projects.{{@../key}}.instances.{{@key}}.log_enabled\">{{convert_bool_to_enabled log_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">SSL Required: <span id=\"cloudsql.projects.{{@../key}}.instances.{{@key}}.ssl_required\">{{convert_bool_to_enabled ssl_required}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Public IP Address: <span id=\"cloudsql.projects.{{@../key}}.instances.{{@key}}.public_ip\"><samp>{{value_or_none public_ip}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Private IP Address: <span id=\"cloudsql.projects.{{@../key}}.instances.{{@key}}.private_ip\"><samp>{{value_or_none private_ip}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Local Infile Flag is Off: <span id=\"cloudsql.projects.{{@../key}}.instances.{{@key}}.local_infile_off\"><samp>{{value_or_none local_infile_off}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Cross db Ownership Chaining Flag is Off: <span id=\"cloudsql.projects.{{@../key}}.instances.{{@key}}.cross_db_ownership_chaining_off\"><samp>{{value_or_none cross_db_ownership_chaining_off}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Contained Database Authentication Flag is Off: <span id=\"cloudsql.projects.{{@../key}}.instances.{{@key}}.contained_database_authentication_off\"><samp>{{value_or_none contained_database_authentication_off}}</samp></span></div>\n\n        <div class=\"list-group-item-text item-margin\">Log Checkpoints Flag is On: <span id=\"cloudsql.projects.{{@../key}}.instances.{{@key}}.log_checkpoints_on\"><samp>{{value_or_none log_checkpoints_on}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Log Connections Flag is On: <span id=\"cloudsql.projects.{{@../key}}.instances.{{@key}}.log_connections_on\"><samp>{{value_or_none log_connections_on}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Log Disconnections Flag is On: <span id=\"cloudsql.projects.{{@../key}}.instances.{{@key}}.log_disconnections_on\"><samp>{{value_or_none log_disconnections_on}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Log Lock Waits Flag is On: <span id=\"cloudsql.projects.{{@../key}}.instances.{{@key}}.log_lock_waits_on\"><samp>{{value_or_none log_lock_waits_on}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Log Min Messages Flag set Appropriately: <span id=\"cloudsql.projects.{{@../key}}.instances.{{@key}}.log_min_messages\"><samp>{{value_or_none log_min_messages}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Log Temp Files Flag set to 0: <span id=\"cloudsql.projects.{{@../key}}.instances.{{@key}}.log_temp_files_0\"><samp>{{value_or_none log_temp_files_0}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Log Min Duration Statement Flag set to -1: <span id=\"cloudsql.projects.{{@../key}}.instances.{{@key}}.log_min_duration_statement_-1\"><samp>{{value_or_none log_min_duration_statement_-1}}</samp></span></div>\n\n        {{#if authorized_networks}}\n        <div class=\"list-group-item-text item-margin\">Authorized Networks:</div>\n        <ul>\n            {{#each authorized_networks }}\n                <li><span id=\"cloudsql.projects.{{@../../key}}.instances.{{@../key}}.authorized_networks.{{@key}}.open_to_the_world\">{{ value }}</span></li>\n            {{/each}}\n        </ul>\n        {{else}}\n        <div class=\"list-group-item-text item-margin\">Authorized Networks: <samp>None</samp></div>\n        {{/if}}\n        <div class=\"list-group-item-text item-margin\">Users:</div>\n        <ul>\n            {{#each users }}\n            <li><span id=\"cloudsql.projects.{{@../../key}}.instances.{{@../key}}.root_access_from_any_host\"><samp>{{ name }}</samp>{{#if host}} (host: <samp>{{host}}</samp>){{/if}}</span></li>\n            {{/each}}\n        </ul>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.cloudsql.projects.id.instances\", $(\"#services\\\\.cloudsql\\\\.projects\\\\.id\\\\.instances\\\\.partial\").html());\n</script>\n\n<!-- Single cloudsql instance template -->\n<script id=\"single_cloudsql_instance-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.cloudsql.projects.id.instances'}}\n</script>\n<script>\n    var single_cloudsql_instance_template = Handlebars.compile($(\"#single_cloudsql_instance-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html",
    "content": "\n<!-- Cloud Storage bucket partial -->\n<script id=\"services.cloudstorage.projects.id.buckets.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Project ID: <span id=\"cloudstorage.projects.{{@../key}}.buckets.{{@key}}.project_id\"><samp>{{project_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Creation Date: <span id=\"cloudstorage.projects.{{@../key}}.buckets.{{@key}}.creation_date\">{{format_date creation_date}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Location: <span id=\"cloudstorage.projects.{{@../key}}.buckets.{{@key}}.location\"><samp>{{location}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Storage Class: <span id=\"cloudstorage.projects.{{@../key}}.buckets.{{@key}}.storage_class\"><samp>{{storage_class}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Logging: <span id=\"cloudstorage.projects.{{@../key}}.buckets.{{@key}}.logging_enabled\">{{convert_bool_to_enabled logging_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Versioning: <span id=\"cloudstorage.projects.{{@../key}}.buckets.{{@key}}.versioning_enabled\">{{convert_bool_to_enabled versioning_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Public Access Prevention: <span id=\"cloudstorage.projects.{{@../key}}.buckets.{{@key}}.public_access_prevention\">{{public_access_prevention}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Uniform Bucket-Level Access: <span id=\"cloudstorage.projects.{{@../key}}.buckets.{{@key}}.uniform_bucket_level_access\">{{convert_bool_to_enabled uniform_bucket_level_access}}</span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\"><span id=\"cloudstorage.projects.{{@../key}}.buckets.{{@key}}.permissions\">IAM Permissions</span></h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each member_bindings}}\n                <li><span id=\"cloudstorage.projects.{{@../../key}}.buckets.{{@../key}}.{{@key}}\"><samp>{{@key}}</samp></span></li>\n                <ul>\n                    {{#each this}}\n                    <li><samp>{{this}}</samp></li>\n                    {{/each}}\n                </ul>\n                {{else}}\n                <li><samp>None</samp></li>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\"><span id=\"cloudstorage.projects.{{@../key}}.buckets.{{@key}}.acls\">ACL Permissions</span></h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each acls}}\n                <li><samp>{{entity}}</samp></li>\n                <ul>\n                    <li><samp>{{role}}</samp></li>\n                </ul>\n                {{else}}\n                <li><samp>None</samp></li>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\"><span id=\"cloudstorage.projects.{{@../key}}.buckets.{{@key}}.default_object_acls\">Default Object ACL Permissions</span></h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each default_object_acl}}\n                <li><span id=\"cloudstorage.projects.{{@../../key}}.buckets.{{@../key}}.default_object_acl.{{@key}}.{{entity}}\"><samp>{{entity}}</samp></span></li>\n                <ul>\n                    <li><samp>{{role}}</samp></li>\n                </ul>\n                {{else}}\n                <li><samp>None</samp></li>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.cloudstorage.projects.id.buckets\", $(\"#services\\\\.cloudstorage\\\\.projects\\\\.id\\\\.buckets\\\\.partial\").html());\n</script>\n\n<!-- Single cloudstorage bucket template -->\n<script id=\"single_cloudstorage_bucket-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.cloudstorage.projects.id.buckets'}}\n</script>\n<script>\n    var single_cloudstorage_bucket_template = Handlebars.compile($(\"#single_cloudstorage_bucket-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.firewalls.html",
    "content": "\n<!-- Compute Engine firewalls partial -->\n<script id=\"services.computeengine.projects.id.firewalls.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Firewall name: <span id=\"computeengine.projects.{{@../key}}.firewalls.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Project ID: <span id=\"computeengine.projects.{{@../key}}.instances.{{@key}}.project_id\"><samp>{{project_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"computeengine.projects.{{@../key}}.firewalls.{{@key}}.description\"><samp>{{description}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Disabled: <span id=\"computeengine.projects.{{@../key}}.firewalls.{{@key}}.disabled\"><samp>{{disabled}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Network: <span id=\"computeengine.projects.{{@../key}}.firewalls.{{@key}}.network\"><a href=\"javascript:showObject('services.computeengine.projects.{{@../key}}.networks.{{network_id}}')\">{{getValueAt 'services.computeengine.projects' @../key 'networks' network_id 'name'}}</a></span></div>\n        <div class=\"list-group-item-text item-margin\">Creation Date: <span id=\"computeengine.projects.{{@../key}}.firewalls.{{@key}}.creation_timestamp\">{{format_date creation_timestamp}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Priority: <span id=\"computeengine.projects.{{@../key}}.firewalls.{{@key}}.priority\"><samp>{{priority}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Logs: <span id=\"computeengine.projects.{{@../key}}.firewalls.{{@key}}.logs\"><samp>{{convert_bool_to_enabled logs}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Configuration</h4>\n        <div class=\"list-group-item-text item-margin\">Direction: <span id=\"computeengine.projects.{{@../key}}.firewalls.{{@key}}.direction\"><samp>{{direction}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Action: <span id=\"computeengine.projects.{{@../key}}.firewalls.{{@key}}.action\"><samp>{{action}}</samp></span></div>\n        {{#if source_ranges}}\n        <div class=\"list-group-item-text item-margin\"><span id=\"computeengine.projects.{{@../key}}.firewalls.{{@key}}.source_ranges\">Source Ranges:</span></div>\n        <ul>\n            {{#each source_ranges}}\n            <li><samp>{{this}}</samp></li>\n            {{else}}\n            <li><samp>None</samp></li>\n            {{/each}}\n        </ul>\n        {{/if}}\n        {{#if destination_ranges}}\n        <div class=\"list-group-item-text item-margin\"><span id=\"computeengine.projects.{{@../key}}.firewalls.{{@key}}.destination_ranges\">Destination Ranges:</span></div>\n        <ul>\n            {{#each destination_ranges}}\n            <li><samp>{{this}}</samp></li>\n            {{else}}\n            <li><samp>None</samp></li>\n            {{/each}}\n        </ul>\n        {{/if}}\n        {{#if source_tags}}\n        <div class=\"list-group-item-text item-margin\">Source Tags:</div>\n        <ul>\n            {{#each source_tags}}\n            <li><samp>{{this}}</samp></li>\n            {{else}}\n            <li><samp>None</samp></li>\n            {{/each}}\n        </ul>\n        {{/if}}\n        {{#if target_tags}}\n        <div class=\"list-group-item-text item-margin\">Target Tags:</div>\n        <ul>\n            {{#each target_tags}}\n            <li><samp>{{this}}</samp></li>\n            {{else}}\n            <li><samp>None</samp></li>\n            {{/each}}\n        </ul>\n        {{/if}}\n    </div>\n    <div class=\"list-group-item\">\n        {{#ifEqual action \"allowed\"}}\n            <h4 class=\"list-group-item-heading\"><span id=\"computeengine.projects.{{@../key}}.firewalls.{{@key}}.allowed_traffic\">Allowed Traffic</span></h4>\n            <ul>\n                {{#each allowed_traffic}}\n                    <li><samp>{{@key}}</samp></li>\n                    <ul>\n                    {{#each this}}\n                        <li><span id=\"computeengine.projects.{{@../../../key}}.firewalls.{{@../../key}}.allowed_traffic.{{@../key}}.{{@key}}.permissive_ports\"><samp>{{this}}</samp></span></li>\n                    {{else}}\n                        <li><samp>None</samp></li>\n                    {{/each}}\n                    </ul>\n                {{else}}\n                    <li><samp>None</samp></li>\n                {{/each}}\n            </ul>\n        {{else}}\n            <h4 class=\"list-group-item-heading\"><span id=\"computeengine.projects.{{@../key}}.firewalls.{{@key}}.denied_traffic\">Denied Traffic</span></h4>\n            <ul>\n                {{#each denied_traffic}}\n                    <li><samp>{{@key}}</samp></li>\n                    <ul>\n                        {{#each this}}\n                            <li><span id=\"computeengine.projects.{{@../../../key}}.firewalls.{{@../../key}}.allowed_traffic.{{@../key}}.{{@key}}.permissive_ports\"><samp>{{this}}</samp></span></li>\n                        {{else}}\n                            <li><samp>None</samp></li>\n                        {{/each}}\n                    </ul>\n                {{else}}\n                    <li><samp>None</samp></li>\n                {{/each}}\n            </ul> {{/ifEqual}}\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.computeengine.projects.id.firewalls\", $(\"#services\\\\.computeengine\\\\.projects\\\\.id\\\\.firewalls\\\\.partial\").html());\n</script>\n\n<!-- Single computeengine firewall template -->\n<script id=\"single_computeengine_firewall-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.computeengine.projects.id.firewalls'}}\n</script>\n<script>\n    var single_computeengine_firewall_template = Handlebars.compile($(\"#single_computeengine_firewall-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.global_forwarding_rules.html",
    "content": "<!-- computeengine global_forwarding_rules -->\n<script id=\"services.computeengine.projects.id.global_forwarding_rules.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.id\"><samp>{{value_or_none id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Creation Timestamp: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.creation_timestamp\"><samp>{{format_date creation_timestamp}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.description\"><samp>{{value_or_none description}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Network: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.network\"><samp>{{value_or_none network}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Subnetwork: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.subnetwork\"><samp>{{value_or_none subnetwork}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">IP Address: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.ip_address\"><samp>{{value_or_none ip_address}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">IP Protocol: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.ip_protocol\"><samp>{{value_or_none ip_protocol}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">IP Version: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.ip_version\"><samp>{{value_or_none ipVersion}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Allow Global Access: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.allow_global_access\"><samp>{{value_or_none allowGlobalAccess}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">All Ports: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.all_ports\"><samp>{{value_or_none allPorts}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Port Range: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.port_range\"><samp>{{value_or_none port_range}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Ports: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.ports\"><samp>{{value_or_none ports}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Target: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.target\"><samp>{{value_or_none target}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Load Balancing Scheme: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.load_balancing_scheme\"><samp>{{value_or_none load_balancing_scheme}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Network Tier: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.network_tier\"><samp>{{value_or_none network_tier}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Backend Service: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.backend_service\"><samp>{{value_or_none backendService}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Service Name: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.service_name\"><samp>{{value_or_none serviceName}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Service Label: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.service_label\"><samp>{{value_or_none serviceLabel}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Labels: <span id=\"computeengine.projects.{{project}}.global_forwarding_rules.{{@key}}.labels\"><samp>{{value_or_none labels}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.computeengine.projects.id.global_forwarding_rules\", $(\"#services\\\\.computeengine\\\\.projects\\\\.id\\\\.global_forwarding_rules\\\\.partial\").html());\n</script>\n\n<!-- Single computeengine global_forwarding_rule template -->\n<script id=\"single_computeengine_global_forwarding_rule-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.computeengine.projects.id.global_forwarding_rules'}}\n</script>\n<script>\n    var single_computeengine_global_forwarding_rule_template = Handlebars.compile($(\"#single_computeengine_global_forwarding_rule-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.networks.html",
    "content": "\n<!-- Compute Engine networks partial -->\n<script id=\"services.computeengine.projects.id.networks.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"computeengine.projects.{{@../key}}.networks.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"computeengine.projects.{{@../key}}.networks.{{@key}}.id\">{{id}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Project ID: <span id=\"computeengine.projects.{{@../key}}.networks.{{@key}}.project_id\">{{project_id}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"computeengine.projects.{{@../key}}.networks.{{@key}}.description\"><samp>{{description}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Creation Date: <span id=\"computeengine.projects.{{@../key}}.networks.{{@key}}.creation_timestamp\">{{format_date creation_timestamp}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Legacy Mode: <span id=\"computeengine.projects.{{@../key}}.networks.{{@key}}.legacy_mode\">{{ legacy_mode}}</span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading accordion-heading\">Firewall Rules\n            {{> count_badge count=(count_vpc_instances firewalls) target=(concat '#services.computeengine.projects' project 'networks' @key 'firewalls')}}\n        </h4>\n        <div id=\"computeengine.projects.{{@../key}}.networks.{{@key}}.firewalls\" class=\"accordion-body\">\n            <div class=\"accordion-inner\">\n                <ul>\n                    {{#each firewalls}}\n                    <li><a href=\"javascript:showObject('services.computeengine.projects.{{@../../key}}.firewalls.{{this}}')\">{{getValueAt 'services.computeengine.projects' @../../key 'firewalls' this 'name'}}</a></li>\n                    {{/each}}\n                </ul>\n            </div>\n        </div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading accordion-heading\">Compute Engine Instances\n            {{> count_badge count=(count_vpc_instances instances) target=(concat '#services.computeengine.projects' project 'neworks' @key 'instances')}}\n        </h4>\n        <div id=\"computeengine.projects.{{@../key}}.networks.{{@key}}.instances\" class=\"accordion-body\">\n            <div class=\"accordion-inner\">\n                <ul>\n                    {{#each instances}}\n                    <li><a href=\"javascript:showObject('services.computeengine.projects.{{@../../key}}.zones.{{instance_zone}}.instances.{{instance_id}}')\">{{getValueAt 'services.computeengine.projects' @../../key 'zones' instance_zone 'instances' instance_id 'name'}}</a></li>\n                    {{/each}}\n                </ul>\n            </div>\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.computeengine.projects.id.networks\", $(\"#services\\\\.computeengine\\\\.projects\\\\.id\\\\.networks\\\\.partial\").html());\n</script>\n\n<!-- Single computeengine network template -->\n<script id=\"single_computeengine_network-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.computeengine.projects.id.networks'}}\n</script>\n<script>\n    var single_computeengine_network_template = Handlebars.compile($(\"#single_computeengine_network-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.regions.id.forwarding_rules.html",
    "content": "<!-- computeengine forwarding_rules -->\n<script id=\"services.computeengine.projects.id.regions.id.forwarding_rules.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.id\"><samp>{{value_or_none id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Creation Timestamp: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.creation_timestamp\"><samp>{{format_date creation_timestamp}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.description\"><samp>{{value_or_none description}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Region: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.region\"><samp>{{value_or_none region}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Network: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.network\"><samp>{{value_or_none network}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Subnetwork: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.subnetwork\"><samp>{{value_or_none subnetwork}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">IP Address: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.ip_address\"><samp>{{value_or_none ip_address}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">IP Protocol: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.ip_protocol\"><samp>{{value_or_none ip_protocol}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">IP Version: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.ip_version\"><samp>{{value_or_none ipVersion}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Allow Global Access: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.allow_global_access\"><samp>{{value_or_none allowGlobalAccess}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">All Ports: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.all_ports\"><samp>{{value_or_none allPorts}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Port Range: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.port_range\"><samp>{{value_or_none port_range}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Ports: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.ports\"><samp>{{value_or_none ports}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Target: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.target\"><samp>{{value_or_none target}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Load Balancing Scheme: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.load_balancing_scheme\"><samp>{{value_or_none load_balancing_scheme}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Network Tier: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.network_tier\"><samp>{{value_or_none network_tier}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Backend Service: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.backend_service\"><samp>{{value_or_none backendService}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Service Name: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.service_name\"><samp>{{value_or_none serviceName}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Service Label: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.service_label\"><samp>{{value_or_none serviceLabel}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Labels: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.forwarding_rules.{{@key}}.labels\"><samp>{{value_or_none labels}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.computeengine.projects.id.regions.id.forwarding_rules\", $(\"#services\\\\.computeengine\\\\.projects\\\\.id\\\\.regions\\\\.id\\\\.forwarding_rules\\\\.partial\").html());\n</script>\n\n<!-- Single computeengine forwarding_rule template -->\n<script id=\"single_computeengine_forwarding_rule-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.computeengine.projects.id.regions.id.forwarding_rules'}}\n</script>\n<script>\n    var single_computeengine_forwarding_rule_template = Handlebars.compile($(\"#single_computeengine_forwarding_rule-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.regions.id.subnetworks.html",
    "content": "\n<!-- Compute Engine subnetworks partial -->\n<script id=\"services.computeengine.projects.id.regions.id.subnetworks.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.subnetworks.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.subnetworks.{{@key}}.id\">{{id}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Project ID: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.subnetworks.{{@key}}.project_id\">{{project_id}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Region: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.subnetworks.{{@key}}.region\"><samp>{{region}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Creation Date: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.subnetworks.{{@key}}.creation_timestamp\">{{format_date creation_timestamp}}</span></div>\n        <div class=\"list-group-item-text item-margin\">IP Range: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.subnetworks.{{@key}}.ip_range\"><samp>{{ip_range}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Gateway Address: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.subnetworks.{{@key}}.gateway_address\"><samp>{{gateway_address}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Private Google Access: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.subnetworks.{{@key}}.private_ip_google_access_disabled\">{{convert_bool_to_enabled private_ip_google_access}}</span></div>\n        <div class=\"list-group-item-text item-margin\">VPC Flow Logs: <span id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.subnetworks.{{@key}}.flowlogs_enabled\">{{flowlogs_enabled}}</span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading accordion-heading\">Compute Engine Instances\n            {{> count_badge count=(count_vpc_instances instances) target=(concat '#services.compouteengine.projects' project 'regions' @../../key 'subnetworks' @key 'instances')}}\n        </h4>\n        <div id=\"computeengine.projects.{{@../../key}}.regions.{{@../key}}.subnetworks.{{@key}}..instances\" class=\"accordion-body\">\n            <div class=\"accordion-inner\">\n                <ul>\n                    {{#each instances}}\n                    <li><a href=\"javascript:showObject('services.computeengine.projects.{{@../../../key}}.zones.{{instance_zone}}.instances.{{instance_id}}')\">{{getValueAt 'services.computeengine.projects' @../../../key 'zones' instance_zone 'instances' instance_id 'name'}}</a></li>\n                    {{/each}}\n                </ul>\n            </div>\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.computeengine.projects.id.regions.id.subnetworks\", $(\"#services\\\\.computeengine\\\\.projects\\\\.id\\\\.regions\\\\.id\\\\.subnetworks\\\\.partial\").html());\n</script>\n\n<!-- Single computeengine subnetwork template -->\n<script id=\"single_computeengine_subnetwork-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.computeengine.projects.id.regions.id.subnetworks'}}\n</script>\n<script>\n    var single_computeengine_subnetwork_template = Handlebars.compile($(\"#single_computeengine_subnetwork-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.snapshots.html",
    "content": "\n<!-- Compute Engine snapshots partial -->\n<script id=\"services.computeengine.projects.id.snapshots.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"computeengine.projects.{{@../key}}.snapshots.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Project ID: <span id=\"computeengine.projects.{{project}}.groups.{{@key}}.project_id\"><samp>{{project}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"computeengine.projects.{{@../key}}.snapshots.{{@key}}.description\"><samp>{{description}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Creation Date: <span id=\"computeengine.projects.{{@../key}}.snapshots.{{@key}}.creation_timestamp\">{{format_date creation_timestamp}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Status: <span id=\"computeengine.projects.{{@../key}}.snapshots.{{@key}}.status\">{{status}}</span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.computeengine.projects.id.snapshots\", $(\"#services\\\\.computeengine\\\\.projects\\\\.id\\\\.snapshots\\\\.partial\").html());\n</script>\n\n<!-- Single computeengine snapshot template -->\n<script id=\"single_computeengine_snapshot-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.computeengine.projects.id.snapshots'}}\n</script>\n<script>\n    var single_computeengine_snapshot_template = Handlebars.compile($(\"#single_computeengine_snapshot-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.zones.id.instances.html",
    "content": "\n<!-- Compute Engine instances partial -->\n<script id=\"services.computeengine.projects.id.zones.id.instances.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Instance Name: <span id=\"computeengine.projects.{{@../../key}}.zones.{{@../key}}.instances.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Project ID: <span id=\"computeengine.projects.{{@../../key}}.zones.{{@../key}}.instances.{{@key}}.project_id\">{{project_id}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"computeengine.projects.{{@../../key}}.zones.{{@../key}}.instances.{{@key}}.description\"><samp>{{description}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Creation Date: <span id=\"computeengine.projects.{{@../../key}}.zones.{{@../key}}.instances.{{@key}}.creation_timestamp\">{{format_date creation_timestamp}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Status: <span id=\"computeengine.projects.{{@../../key}}.zones.{{@../key}}.instances.{{@key}}.status\">{{status}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Deletion Protection: <span id=\"computeengine.projects.{{@../../key}}.zones.{{@../key}}.instances.{{@key}}.deletion_protection_enabled\">{{convert_bool_to_enabled deletion_protection_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Block Project SSH Keys: <span id=\"computeengine.projects.{{@../../key}}.zones.{{@../key}}.instances.{{@key}}.block_project_ssh_keys_disabled\">{{convert_bool_to_enabled block_project_ssh_keys_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">IP Forwarding: <span id=\"computeengine.projects.{{@../../key}}.zones.{{@../key}}.instances.{{@key}}.ip_forwarding_enabled\">{{convert_bool_to_enabled ip_forwarding_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">OS Login: <span id=\"computeengine.projects.{{@../../key}}.zones.{{@../key}}.instances.{{@key}}.oslogin_disabled\">{{convert_bool_to_enabled oslogin_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Serial Port Connection: <span id=\"computeengine.projects.{{@../../key}}.zones.{{@../key}}.instances.{{@key}}.serial_port_enabled\">{{convert_bool_to_enabled serial_port_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Public IP Addresses: <span id=\"computeengine.projects.{{@../../key}}.zones.{{@../key}}.instances.{{@key}}.public_ip_addresses\">{{convert_bool_to_enabled public_ip_addresses}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Shielded VM: <span id=\"computeengine.projects.{{@../../key}}.zones.{{@../key}}.instances.{{@key}}.shielded_enable\">{{convert_bool_to_enabled shielded_enable}}</span></div>\n\n        {{#if tags}}\n        <div class=\"list-group-item-text item-margin\">Tags:</div>\n        <ul>\n            {{#each tags}}\n            <li><samp>{{@key}}</samp></li>\n            <ul>\n                {{#each this}}\n                <li><samp>{{this}}</samp></li>\n                {{else}}\n                <li><samp>None</samp></li>\n                {{/each}}\n            </ul>\n            {{else}}\n            <li><samp>None</samp></li>\n            {{/each}}\n        </ul>\n        {{/if}}\n    </div>\n    <div class=\"list-group-item\">\n        <h5 class=\"list-group-item-heading\">Network Interfaces</h5>\n        {{#if network_interfaces}}\n        <ul>\n            {{#each network_interfaces}}\n            <li><samp>{{name}}</samp></li>\n            <ul>\n                <li>IP: <samp>{{networkIP}}</samp></li>\n                <li>Network: <a href=\"javascript:showObject('services.computeengine.projects.{{@../../../key}}.networks.{{network_id}}')\">{{getValueAt 'services.computeengine.projects' @../../../key 'networks' network_id 'name'}}</a></li>\n                <li>Subnetwork: <a href=\"javascript:showObject('services.computeengine.projects.{{@../../../key}}.regions.{{subnetwork_region}}.subnetworks.{{subnetwork_id}}')\">{{getValueAt 'services.computeengine.projects' @../../../key 'regions' subnetwork_region 'subnetworks' subnetwork_id 'name'}}</a></li>\n            </ul>\n            {{else}}\n            <li><samp>None</samp></li>\n            {{/each}}\n        </ul>\n        {{/if}}\n    </div>\n    <div class=\"list-group-item\">\n        <h5 class=\"list-group-item-heading\"><span id=\"computeengine.projects.{{@../../key}}.zones.{{@../key}}.instances.{{@key}}.identity\">Identity & API Access</span></h5>\n        <div class=\"list-group-item-text item-margin\">Service Account: <span id=\"computeengine.projects.{{@../../key}}.zones.{{@../key}}.instances.{{@key}}.service_account\"><samp>{{value_or_none service_account}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Access Scopes: <span id=\"computeengine.projects.{{@../../key}}.zones.{{@../key}}.instances.{{@key}}.access_scopes\">:\n        <ul>\n            {{#each access_scopes}}\n            <li><samp>{{this}}</samp></li>\n            {{/each}}\n        </ul>\n        </span></div>\n        <div class=\"list-group-item-text item-margin\">Default Service Account with Full Access to All Cloud APIs: <span id=\"computeengine.projects.{{@../../key}}.zones.{{@../key}}.instances.{{@key}}.full_access_apis\"><samp>{{convert_bool_to_enabled full_access_apis}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h5 class=\"list-group-item-heading\">Disks</h5>\n        {{#if disks}}\n        <ul>\n            {{#each disks}}\n            <li><samp>{{source_device_name}}</samp></li>\n            <ul>\n                <li>Bootable: <samp>{{bootable}}</samp></li> \n                <li>Type: <samp>{{type}}</samp></li>\n                <li>Mode: <samp>{{mode}}</samp></li>\n                {{#if latest_snapshot}}\n                <li id=\"latest_snapshot\">Latest snapshot: <samp>{{latest_snapshot.creation_timestamp}}</samp></li>\n                {{else}}\n                <li id=\"latest_snapshot\">Latest snapshot: <samp>None</samp></li>\n                {{/if}}\n                <li>Customer Supplied Encryption: <span id=\"computeengine.projects.{{@../../../key}}.zones.{{@../../key}}.instances.{{@../key}}.disks.{{@key}}.encrypted_with_csek\">{{convert_bool_to_enabled encrypted_with_csek}}</span></li>\n            </ul>\n            {{else}}\n            <li><samp>None</samp></li>\n            {{/each}}\n        </ul>\n        {{/if}}\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.computeengine.projects.id.zones.id.instances\", $(\"#services\\\\.computeengine\\\\.projects\\\\.id\\\\.zones\\\\.id\\\\.instances\\\\.partial\").html());\n</script>\n\n<!-- Single computeengine instance template -->\n<script id=\"single_computeengine_instance-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.computeengine.projects.id.zones.id.instances'}}\n</script>\n<script>\n    var single_computeengine_instance_template = Handlebars.compile($(\"#single_computeengine_instance-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.dns.projects.id.managed_zones.html",
    "content": "\n<!-- Cloud DNS zones partial -->\n<script id=\"services.dns.projects.id.managed_zones.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"dns.projects.{{@../key}}.managed_zones{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"dns.projects.{{@../key}}.managed_zones{{@key}}.id\">{{id}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"dns.projects.{{@../key}}.managed_zones{{@key}}.description\"><samp>{{description}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Creation Date: <span id=\"dns.projects.{{@../key}}.managed_zones{{@key}}.creation_timestamp\">{{format_date creation_timestamp}}</span></div>\n        <div class=\"list-group-item-text item-margin\">DNSSEC: <span id=\"dns.projects.{{@../key}}.managed_zones{{@key}}.dnssec_enabled\">{{convert_bool_to_enabled dnssec_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Visibility: <span id=\"dns.projects.{{@../key}}.managed_zones{{@key}}.visibility\">{{ visibility}}</span></div>\n    <div class=\"list-group-item\">\n        <h5  id=\"dns.projects.{{@../key}}.managed_zones.{{@key}}.dnssec_keys\" class=\"list-group-item-heading\">DNSSEC Keys:</h5>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each dnssec_keys}}\n                <li><samp>{{@key}}</samp></li>\n                <ul>\n                    <li id=\"dns.projects.{{@../../key}}.managed_zones.{{@../key}}.dnssec_keys.{{@key}}.key_algorithm\">Key Algorithm: <samp>{{key_algorithm}}</samp></li>\n                    <li id=\"dns.projects.{{@../../key}}.managed_zones.{{@../key}}.dnssec_keys.{{@key}}.key_type\">Key Type: <samp>{{key_type}}</samp></li>\n                    <li id=\"dns.projects.{{@../../key}}.managed_zones.{{@../key}}.dnssec_keys.{{@key}}.length\">Length: {{length}}</li>\n                </ul>\n                {{else}}\n                <li><samp>None</samp></li>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.dns.projects.id.managed_zones\", $(\"#services\\\\.dns\\\\.projects\\\\.id\\\\.managed_zones\\\\.partial\").html());\n</script>\n\n<!-- Single dns zones template -->\n<script id=\"single_dns_network-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.dns.projects.id.managed_zones'}}\n</script>\n<script>\n    var single_dns_managed_zones_template = Handlebars.compile($(\"#single_dns_managed_zones-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v1.html",
    "content": "<!-- functions functions_v1 -->\n<script id=\"services.functions.projects.id.functions_v1.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"functions.projects.{{project}}.functions_v1.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Status: <span id=\"functions.projects.{{project}}.functions_v1.{{@key}}.status\"><samp>{{value_or_none status}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Update Time: <span id=\"functions.projects.{{project}}.functions_v1.{{@key}}.update_time\"><samp>{{value_or_none update_time}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Version: <span id=\"functions.projects.{{project}}.functions_v1.{{@key}}.version_id\"><samp>{{value_or_none version_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Runtime: <span id=\"functions.projects.{{project}}.functions_v1.{{@key}}.runtime\"><samp>{{value_or_none runtime}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Memory: <span id=\"functions.projects.{{project}}.functions_v1.{{@key}}.memory\"><samp>{{value_or_none memory}}MB</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Max Instances: <span id=\"functions.projects.{{project}}.functions_v1.{{@key}}.max_instances\"><samp>{{value_or_none max_instances}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Docker Registry: <span id=\"functions.projects.{{project}}.functions_v1.{{@key}}.docker_registry\"><samp>{{value_or_none docker_registry}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\" id=\"functions.projects.{{project}}.functions_v1.{{@key}}.environment_variables\">Environment Variables\n            {{#if environment_variables}}\n            <ul>\n                {{#each environment_variables}}\n                <li><samp>{{@key}}: {{this}}</samp></li>\n                {{/each}}\n            </ul>\n            {{else}}\n            <span>None</span>\n            {{/if}}\n        </div>\n        {{#if environment_variables_secrets}}\n        <div class=\"list-group-item-text item-margin\" id=\"functions.projects.{{project}}.functions_v1.{{@key}}.environment_variables_secrets\">Environment Variables Secrets (Potential)\n            <ul>\n                {{#each environment_variables_secrets}}\n                <li><samp>{{this}}</samp></li>\n                {{/each}}\n            </ul>\n        </div>\n        {{/if}}\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Trigger</h4>\n        <div class=\"list-group-item-text item-margin\">URL: <span id=\"functions.projects.{{project}}.functions_v1.{{@key}}.url\"><samp>{{value_or_none url}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Security Level: <span id=\"functions.projects.{{project}}.functions_v1.{{@key}}.security_level\"><samp>{{value_or_none security_level}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Ingress Settings: <span id=\"functions.projects.{{project}}.functions_v1.{{@key}}.ingress_settings\"><samp>{{value_or_none ingress_settings}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\"><span id=\"functions.projects.{{project}}.functions_v1.{{@key}}.bindings\">Bindings:</span></h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each bindings}}\n                <li>Role <samp>{{role}}</samp></li>\n                <ul>\n                    {{#each members}}\n                    <li><samp>{{this}}</samp></li>\n                    {{/each}}\n                </ul>\n                {{else}}\n                <li><samp>None</samp></li>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.functions.projects.id.functions_v1\", $(\"#services\\\\.functions\\\\.projects\\\\.id\\\\.functions_v1\\\\.partial\").html());\n</script>\n\n<!-- Single functions function_v1 template -->\n<script id=\"single_functions_function_v1-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.functions.projects.id.functions_v1'}}\n</script>\n<script>\n    var single_functions_function_v1_template = Handlebars.compile($(\"#single_functions_function_v1-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v2.html",
    "content": "<!-- functions functions_v2 -->\n<script id=\"services.functions.projects.id.functions_v2.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"functions.projects.{{project}}.functions_v2.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Status: <span id=\"functions.projects.{{project}}.functions_v2.{{@key}}.status\"><samp>{{value_or_none status}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Update Time: <span id=\"functions.projects.{{project}}.functions_v2.{{@key}}.update_time\"><samp>{{value_or_none update_time}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Version: <span id=\"functions.projects.{{project}}.functions_v2.{{@key}}.version_id\"><samp>{{value_or_none version_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Runtime: <span id=\"functions.projects.{{project}}.functions_v2.{{@key}}.runtime\"><samp>{{value_or_none runtime}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Memory: <span id=\"functions.projects.{{project}}.functions_v2.{{@key}}.memory\"><samp>{{value_or_none memory}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Max Instances: <span id=\"functions.projects.{{project}}.functions_v2.{{@key}}.max_instances\"><samp>{{value_or_none max_instances}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Service Account: <span id=\"functions.projects.{{project}}.functions_v2.{{@key}}.service_account\"><samp>{{value_or_none service_account}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\" id=\"functions.projects.{{project}}.functions_v2.{{@key}}.environment_variables\">Environment Variables\n            {{#if environment_variables}}\n            <ul>\n                {{#each environment_variables}}\n                <li><samp>{{@key}}: {{this}}</samp></li>\n                {{/each}}\n            </ul>\n            {{else}}\n            <span>None</span>\n            {{/if}}\n        </div>\n        {{#if environment_variables_secrets}}\n        <div class=\"list-group-item-text item-margin\" id=\"functions.projects.{{project}}.functions_v2.{{@key}}.environment_variables_secrets\">Environment Variables Secrets (Potential)\n            <ul>\n                {{#each environment_variables_secrets}}\n                <li><samp>{{this}}</samp></li>\n                {{/each}}\n            </ul>\n        </div>\n        {{/if}}\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Trigger</h4>\n        <div class=\"list-group-item-text item-margin\">URL: <span id=\"functions.projects.{{project}}.functions_v2.{{@key}}.url\"><samp>{{value_or_none url}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Ingress Settings: <span id=\"functions.projects.{{project}}.functions_v2.{{@key}}.ingress_settings\"><samp>{{value_or_none ingress_settings}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\"><span id=\"functions.projects.{{project}}.functions_v2.{{@key}}.bindings\">Bindings:</span></h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each bindings}}\n                <li>Role <samp>{{role}}</samp></li>\n                <ul>\n                    {{#each members}}\n                    <li><samp>{{this}}</samp></li>\n                    {{/each}}\n                </ul>\n                {{else}}\n                <li><samp>None</samp></li>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.functions.projects.id.functions_v2\", $(\"#services\\\\.functions\\\\.projects\\\\.id\\\\.functions_v2\\\\.partial\").html());\n</script>\n\n<!-- Single functions function_v2 template -->\n<script id=\"single_functions_function_v2-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.functions.projects.id.functions_v2'}}\n</script>\n<script>\n    var single_functions_function_v2_template = Handlebars.compile($(\"#single_functions_function_v2-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.bindings.html",
    "content": "\n<!-- Cloud Resources Manager bindings' partial -->\n<script id=\"services.iam.projects.id.bindings.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Title: <span id=\"iam.projects.{{@../key}}.bindings.{{@key}}.title\"><samp>{{title}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"iam.projects.{{@../key}}.bindings.{{@key}}.description\"><samp>{{value_or_none description}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Project ID: <span id=\"iam.projects.{{project}}.users.{{@key}}.project_id\"><samp>{{project}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Custom Role: <span id=\"iam.projects.{{project}}.users.{{@key}}.custom_role\">{{custom_role}}</span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Permissions</h4>\n        <div class=\"accordion-inner\">\n            {{> accordion_policy name = '' document = permissions policy_path = (concat 'iam' ../resource_type ../resource_id 'permissions' @key 'PolicyDocument') heading=\"h5\" samp=false}}\n        </div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Bindings</h4>\n        <h5  id=\"iam.projects.{{@../key}}.bindings.{{@key}}.users\" class=\"list-group-item-heading\">Attached Users:</h5>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each members.users}}\n                <li><samp><samp>{{this}}</samp></samp></li>\n                {{else}}\n                <li><samp>None</samp></li>\n                {{/each}}\n            </ul>\n        </div>\n        <h5  id=\"iam.projects.{{@../key}}.bindings.{{@key}}.groups\" class=\"list-group-item-heading\">Attached Groups:</h5>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each members.groups}}\n                <li><samp>{{this}}</samp></li>\n                {{else}}\n                <li><samp>None</samp></li>\n                {{/each}}\n            </ul>\n        </div>\n        <h5  id=\"iam.projects.{{@../key}}.bindings.{{@key}}.service_accounts\" class=\"list-group-item-heading\">Attached Service Accounts:</h5>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each members.service_accounts}}\n                <li><samp>{{this}}</samp></li>\n                {{else}}\n                <li><samp>None</samp></li>\n                {{/each}}\n            </ul>\n        </div>\n        <h5  id=\"iam.projects.{{@../key}}.bindings.{{@key}}.domains\" class=\"list-group-item-heading\">Attached Domains:</h5>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each members.domains}}\n                <li><samp>{{this}}</samp></li>\n                {{else}}\n                <li><samp>None</samp></li>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.iam.projects.id.bindings\", $(\"#services\\\\.iam\\\\.projects\\\\.id\\\\.bindings\\\\.partial\").html());\n</script>\n\n<!-- Single iam binding template -->\n<script id=\"single_iam_binding-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.iam.projects.id.bindings'}}\n</script>\n<script>\n    var single_iam_binding_template = Handlebars.compile($(\"#single_iam_binding-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.bindings_separation_duties.html",
    "content": "\n<!-- Cloud Resources Manager Separation Duties bindings' partial -->\n<script id=\"services.iam.projects.id.bindings_separation_duties.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Separation of duties enforced for service account related roles: <span id=\"iam.projects.{{@../key}}.bindings_separation_duties.{{@key}}.account_separation_duties\"><samp>{{account_separation_duties}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Separation of duties enforced for KMS related roles: <span id=\"iam.projects.{{@../key}}.bindings_separation_duties.{{@key}}.kms_separation_duties\"><samp>{{kms_separation_duties}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.iam.projects.id.bindings_separation_duties\", $(\"#services\\\\.iam\\\\.projects\\\\.id\\\\.bindings_separation_duties\\\\.partial\").html());\n</script>\n\n<!-- Single iam bindings separation duties template -->\n<script id=\"single_iam_bindings_separation_duties-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.iam.projects.id.bindings_separation_duties'}}\n</script>\n<script>\n    var single_iam_bindings_separation_duties_template = Handlebars.compile($(\"#single_iam_bindings_separation_duties-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.domains.html",
    "content": "\n<!-- Cloud Resources Manager domains' partial -->\n<script id=\"services.iam.projects.id.domains.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Domain: <span id=\"iam.projects.{{@../key}}.domains.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Project ID: <span id=\"iam.projects.{{project}}.domains.{{@key}}.project_id\"><samp>{{project}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Bindings:</h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each roles}}\n                <li><samp>{{this}}</samp></li>\n                {{else}}\n                <li><samp>None</samp></li>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.iam.projects.id.domains\", $(\"#services\\\\.iam\\\\.projects\\\\.id\\\\.domains\\\\.partial\").html());\n</script>\n\n<!-- Single iam domain template -->\n<script id=\"single_iam_domain-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.iam.projects.id.domains'}}\n</script>\n<script>\n    var single_iam_domain_template = Handlebars.compile($(\"#single_iam_domain-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.groups.html",
    "content": "\n<!-- Cloud Resources Manager groups' partial -->\n<script id=\"services.iam.projects.id.groups.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Group: <span id=\"iam.projects.{{@../key}}.groups.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Project ID: <span id=\"iam.projects.{{project}}.groups.{{@key}}.project_id\"><samp>{{project}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Bindings:</h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each roles}}\n                <li><samp>{{this}}</samp></li>\n                {{else}}\n                <li><samp>None</samp></li>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.iam.projects.id.groups\", $(\"#services\\\\.iam\\\\.projects\\\\.id\\\\.groups\\\\.partial\").html());\n</script>\n\n<!-- Single iam group template -->\n<script id=\"single_iam_group-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.iam.projects.id.groups'}}\n</script>\n<script>\n    var single_iam_group_template = Handlebars.compile($(\"#single_iam_group-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.service_accounts.html",
    "content": "\n<!-- Cloud Storage service_accounts partial -->\n<script id=\"services.iam.projects.id.service_accounts.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"iam.projects.{{@../key}}.service_accounts.{{@key}}.id\"><samp>{{id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Project ID: <span id=\"iam.projects.{{@../key}}.service_accounts.{{@key}}.project_id\"><samp>{{project_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Email: <span id=\"iam.projects.{{@../key}}.service_accounts.{{@key}}.email\"><samp>{{email}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Display Name: <span id=\"iam.projects.{{@../key}}.service_accounts.{{@key}}.display_name\"><samp>{{display_name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Default Service Account: <span id=\"iam.projects.{{@../key}}.service_accounts.{{@key}}.default_service_account\"><samp>{{default_service_account}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\"><span id=\"iam.projects.{{@../key}}.service_accounts.{{@key}}.keys\">Keys:</span></h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each keys}}\n                <li>Key <samp>{{@key}}</samp></li>\n                <ul>\n                    <li id=\"iam.projects.{{@../../key}}.service_accounts.{{@../key}}.keys.{{@key}}.key_type\">Key Type: <samp>{{key_type}}</samp></li>\n                    <li id=\"iam.projects.{{@../../key}}.service_accounts.{{@../key}}.keys.{{@key}}.algorithm\">Key Algorithm: <samp>{{key_algorithm}}</samp></li>\n                    <li id=\"iam.projects.{{@../../key}}.service_accounts.{{@../key}}.keys.{{@key}}.valid_before\">Valid Before: {{format_date valid_before}}</li>\n                    <li id=\"iam.projects.{{@../../key}}.service_accounts.{{@../key}}.keys.{{@key}}.valid_after\">Valid After: {{format_date valid_after}}</li>\n                </ul>\n                {{else}}\n                <li><samp>None</samp></li>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\"><span id=\"iam.projects.{{@../key}}.service_accounts.{{@key}}.bindings\">Service Account Users:</span></h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each bindings}}\n                <li>Role <samp>{{role}}</samp></li>\n                <ul>\n                    {{#each members}}\n                    <li><samp>{{this}}</samp></li>\n                    {{/each}}\n                </ul>\n                {{else}}\n                <li><samp>None</samp></li>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.iam.projects.id.service_accounts\", $(\"#services\\\\.iam\\\\.projects\\\\.id\\\\.service_accounts\\\\.partial\").html());\n</script>\n\n<!-- Single iam service_account template -->\n<script id=\"single_iam_service_account-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.iam.projects.id.service_accounts'}}\n</script>\n<script>\n    var single_iam_service_account_template = Handlebars.compile($(\"#single_iam_service_account-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.users.html",
    "content": "\n<!-- Cloud Resources Manager users' partial -->\n<script id=\"services.iam.projects.id.users.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">User: <span id=\"iam.projects.{{@../key}}.users.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Project ID: <span id=\"iam.projects.{{project}}.users.{{@key}}.project_id\"><samp>{{project}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Bindings:</h4>\n        <div class=\"accordion-inner\">\n            <ul>\n                {{#each roles}}\n                <li><samp>{{this}}</samp></li>\n                {{else}}\n                <li><samp>None</samp></li>\n                {{/each}}\n            </ul>\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.iam.projects.id.users\", $(\"#services\\\\.iam\\\\.projects\\\\.id\\\\.users\\\\.partial\").html());\n</script>\n\n<!-- Single iam user template -->\n<script id=\"single_iam_user-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.iam.projects.id.users'}}\n</script>\n<script>\n    var single_iam_user_template = Handlebars.compile($(\"#single_iam_user-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.kms.projects.id.keyrings.html",
    "content": "\n<!-- Cloud KMS keyrings' partial -->\n<script id=\"services.kms.projects.id.keyrings.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"kms.projects.{{@../key}}.keyrings.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Project ID: <span id=\"kms.projects.{{project}}.keyrings.{{@key}}.project_id\"><samp>{{project}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Location: <span id=\"kms.projects.{{@../key}}.keyrings.{{@key}}.location\"><samp>{{location}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\"><span id=\"kms.projects.{{@../key}}.keyrings.{{@key}}.keys\">Keys:</span></h4>\n            <div class=\"accordion-inner\">\n                <ul>\n                    {{#each keys}}\n                    <li><samp>{{@key}}</samp></li>\n                    <ul>\n                        <li id=\"kms.projects.{{@../../key}}.keyrings.{{@../key}}.keys.{{@key}}.state\">State: <samp>{{state}}</samp></li>\n                        <li id=\"kms.projects.{{@../../key}}.keyrings.{{@../key}}.keys.{{@key}}.protection_level\">Protection Level: {{protection_level}}</li>\n                        <li id=\"kms.projects.{{@../../key}}.keyrings.{{@../key}}.keys.{{@key}}.algorithm\">Algorithm: <samp>{{algorithm}}</samp></li>\n                        <li id=\"kms.projects.{{@../../key}}.keyrings.{{@../key}}.keys.{{@key}}.purpose\">Purpose: {{purpose}}</li>\n                        <li id=\"kms.projects.{{@../../key}}.keyrings.{{@../key}}.keys.{{@key}}.creation_datetime\">Creation Date: {{format_date creation_datetime}}</li>\n                        <li id=\"kms.projects.{{@../../key}}.keyrings.{{@../key}}.keys.{{@key}}.rotation_period\">Rotation Period: {{value_or_none rotation_period}}</li>\n                        <li id=\"kms.projects.{{@../../key}}.keyrings.{{@../key}}.keys.{{@key}}.next_rotation_datetime\">Next Rotation Date: {{value_or_none next_rotation_datetime}}</li>\n                        <li id=\"kms.projects.{{@../../key}}.keyrings.{{@../key}}.keys.{{@key}}.next_rotation_time_days\">Days Until Next Rotation: {{value_or_none next_rotation_time_days}}</li>\n                        <li>Bindings</li>\n                        <ul>\n                            {{#each kms_iam_policy}}\n                            <li><samp>{{name}}</samp></li>\n                            <ul>\n                                <li id=\"kms.projects.{{@../../../key}}.keyrings.{{@../../key}}.keys.{{@../key}}.kms_iam_policy.{{@key}}.title\">Title: <samp>{{title}}</samp></li>\n                                <li id=\"kms.projects.{{@../../../key}}.keyrings.{{@../../key}}.keys.{{@../key}}.kms_iam_policy.{{@key}}.description\">Description: {{value_or_none description}}</li>\n                                <li id=\"kms.projects.{{@../../../key}}.keyrings.{{@../../key}}.keys.{{@../key}}.kms_iam_policy.{{@key}}.custom_role\">Custom Role: <samp>{{custom_role}}</samp></li>\n                                <li id=\"kms.projects.{{@../../../key}}.keyrings.{{@../../key}}.keys.{{@../key}}.kms_iam_policy.{{@key}}.anonymous_public_accessible\">Not anonymously or publicly accessible: <samp>{{anonymous_public_accessible}}</samp></li>\n                            </ul>\n\n                            {{else}}\n                            <li><samp>None</samp></li>\n                            {{/each}}\n                        </ul>\n                    </ul>\n\n                    <br>\n\n\n\n                    {{else}}\n                    <li><samp>None</samp></li>\n                    {{/each}}\n                </ul>\n            </div>\n    </div>\n\n\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.kms.projects.id.keyrings\", $(\"#services\\\\.kms\\\\.projects\\\\.id\\\\.keyrings\\\\.partial\").html());\n</script>\n\n<!-- Single kms keyring template -->\n<script id=\"single_kms_keyring-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.kms.projects.id.keyrings'}}\n</script>\n<script>\n    var single_kms_keyring_template = Handlebars.compile($(\"#single_kms_keyring-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html",
    "content": "<!-- Kubernetes Engine clusters partial -->\n<script id=\"services.kubernetesengine.projects.id.clusters.partial\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    \n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Project ID: <span id=\"kubernetesengine.projects.{{project}}.clusters.{{@key}}.project_id\"><samp>{{project}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Location: <span id=\"kubernetesengine.projects.{{project}}.clusters.{{@key}}.location\"><samp>{{location}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Type: <span id=\"kubernetesengine.projects.{{project}}.clusters.{{@key}}.type\"><samp>{{type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Status: <span id=\"kubernetesengine.projects.{{project}}.clusters.{{@key}}.status\"><samp>{{status}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Image Type: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.container_optimized_os_not_used\">{{image_type}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Release Channel: <span id=\"kubernetesengine.projects.{{project}}.clusters.{{@key}}.release_channel\"><samp>{{value_or_none release_channel}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Basic Authentication: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.basic_authentication_enabled\">{{convert_bool_to_enabled basic_authentication_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Client Certificate Authentication: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.client_certificate_enabled\">{{convert_bool_to_enabled client_certificate_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Dashboard: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.dashboard_status\">{{dashboard_status}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Legacy Authorization (ABAC): <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.legacy_abac_enabled\">{{convert_bool_to_enabled legacy_abac_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Pod Security Policy: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.pod_security_policy_enabled\">{{convert_bool_to_enabled pod_security_policy_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Network Policy: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.network_policy_disabled\">{{convert_bool_to_enabled network_policy_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Service Account: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.default_service_account_used\">{{service_account}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Workload Identity: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.workload_identity_enabled\">{{convert_bool_to_enabled workload_identity_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Private Google Access: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.private_ip_google_access_disabled\">{{convert_bool_to_enabled private_ip_google_access_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Alias IP: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.alias_ip_disabled\">{{convert_bool_to_enabled alias_ip_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Endpoint: <span id=\"kubernetesengine.projects.{{project}}.clusters.{{@key}}.endpoint\"><samp>{{endpoint}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Private Endpoint: <span id=\"kubernetesengine.projects.{{project}}.clusters.{{@key}}.private_endpoint_enabled\"><samp>{{convert_bool_to_enabled private_endpoint_enabled}}</samp></span></div>\n        {{#if private_endpoint}}\n        <div class=\"list-group-item-text item-margin\">Private Endpoint IP: <span id=\"kubernetesengine.projects.{{project}}.clusters.{{@key}}.private_endpoint\"><samp>{{private_endpoint}}</samp></span></div>\n        {{/if}}\n        {{#if public_endpoint}}\n        <div class=\"list-group-item-text item-margin\">Public Endpoint IP: <span id=\"kubernetesengine.projects.{{project}}.clusters.{{@key}}.public_endpoint\"><samp>{{public_endpoint}}</samp></span></div>\n        {{/if}}\n        <div class=\"list-group-item-text item-margin\">Binary Authorization: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.binary_authorization_enabled\">{{convert_bool_to_enabled binary_authorization_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Shielded Nodes: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.shielded_nodes_enabled\">{{convert_bool_to_enabled shielded_nodes_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Application-Layer Secrets Encryption: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.application_layer_encryption_enabled\">{{convert_bool_to_enabled application_layer_encryption_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Stackdriver Logging: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.logging_disabled\">{{convert_bool_to_enabled logging_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Stackdriver Monitoring: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.monitoring_disabled\">{{convert_bool_to_enabled monitoring_enabled}}</span></div>\n        {{#if labels}}\n        <div class=\"list-group-item-text item-margin\">Labels: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.has_no_labels\">{{labels}}</span></div>\n        {{/if}}\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\"><span class=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.scopes\">Scopes</span></h4>\n            {{#if scopes}}\n            <ul>\n                {{#each scopes}}\n                <li><samp>{{this}}</samp></li>\n                {{/each}}\n            </ul>\n            {{else}}\n            <span>None</span>\n            {{/if}}\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\"><span class=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.accessible_cluster\">Master Authorized Networks</span></h4>\n        <div class=\"list-group-item-text item-margin\">Status: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.master_authorized_networks_disabled\">{{convert_bool_to_enabled master_authorized_networks_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\"><span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.authorized_networks_cidr_blocks\">CIDR Blocks</span>:\n            {{#if master_authorized_networks_config.cidrBlocks}}\n            <ul>\n                {{#each master_authorized_networks_config.cidrBlocks}}\n                <li><samp>{{this.displayName}}</samp>: <samp>{{this.cidrBlock}}</samp></li>\n                {{/each}}\n            </ul>\n            {{else}}\n                <span>None</span>\n            {{/if}}\n        </div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Node pools</h4>\n        <div class=\"list-group-item-text item-margin\">Private Nodes: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.private_nodes_enabled\" class=\"kubernetesengine.projects.{{@../key}}.nodes.{{@key}}.accessible_cluster\">{{convert_bool_to_enabled private_nodes_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Metadata Server: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.metadata_server_enabled\" class=\"kubernetesengine.projects.{{@../key}}.nodes.{{@key}}.accessible_cluster\">{{convert_bool_to_enabled metadata_server_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">\n            {{#each node_pools}}\n            <samp>{{@key}}</samp>\n            <div class=\"list-group-item-text item-margin\">\n                Integrity Monitoring: <span id=\"kubernetesengine.projects.{{@../../key}}.clusters.{{@../key}}.node_pools.{{@key}}.integrity_monitoring_enabled\">{{convert_bool_to_enabled integrity_monitoring_enabled}}</span>\n            </div>\n            <div class=\"list-group-item-text item-margin\">\n                Secure Boot: <span id=\"kubernetesengine.projects.{{@../../key}}.clusters.{{@../key}}.node_pools.{{@key}}.secure_boot_enabled\">{{convert_bool_to_enabled secure_boot_enabled}}</span>\n            </div>\n            <div class=\"list-group-item-text item-margin\">\n                Legacy Metadata Endpoints: <span id=\"kubernetesengine.projects.{{@../../key}}.clusters.{{@../key}}.node_pools.{{@key}}.legacy_metadata_endpoints_enabled\">{{convert_bool_to_enabled legacy_metadata_endpoints_enabled}}</span>\n            </div>\n            <div class=\"list-group-item-text item-margin\">\n                Automatic Node Upgrades: <span id=\"kubernetesengine.projects.{{@../../key}}.clusters.{{@../key}}.node_pools.{{@key}}.auto_upgrade_disabled\">{{convert_bool_to_enabled auto_upgrade_enabled}}</span>\n            </div>\n            <div class=\"list-group-item-text item-margin\">\n                Automatic Node Repair: <span id=\"kubernetesengine.projects.{{@../../key}}.clusters.{{@../key}}.node_pools.{{@key}}.auto_repair_disabled\">{{convert_bool_to_enabled auto_repair_enabled}}</span>\n            </div>\n            {{/each}}\n        </div>\n    </div>\n\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.kubernetesengine.projects.id.clusters\", $(\"#services\\\\.kubernetesengine\\\\.projects\\\\.id\\\\.clusters\\\\.partial\").html());\n</script>\n\n<!-- Single kubernetesengine cluster template -->\n<script id=\"single_kubernetesengine_cluster-template\" type=\"text/x-handlebars-template\">\n    <div style=\"text-align: right; padding-right: 10px; text-weight: bold;\"><a href=\"javascript:hidePopup()\">X</a></div>\n    {{> services.kubernetesengine.projects.id.clusters}}\n</script>\n<script>\n    var single_kubernetesengine_cluster_template = Handlebars.compile($(\"#single_kubernetesengine_cluster-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.stackdriverlogging.projects.id.logging_metrics.html",
    "content": "\n<!-- Stackdriver All Logging metrics partial -->\n<script id=\"services.stackdriverlogging.projects.id.logging_metrics.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Project Ownership Assignment/Changes Log Metric Filter Exist: <span id=\"stackdriverlogging.projects.{{@../key}}.logging_metrics.{{@key}}.project_ownership_assignments\">{{project_ownership_assignments}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Audit Configuration Changes Log Metric Filter Exist: <span id=\"stackdriverlogging.projects.{{@../key}}.logging_metrics.{{@key}}.audit_config_change\">{{audit_config_change}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Custom Role Changes Log Metric Filter Exist: <span id=\"stackdriverlogging.projects.{{@../key}}.logging_metrics.{{@key}}.custom_role_change\">{{custom_role_change}}</span></div>\n        <div class=\"list-group-item-text item-margin\">VPC Network Firewall Rule Changes Log Metric Filter Exist: <span id=\"stackdriverlogging.projects.{{@../key}}.logging_metrics.{{@key}}.vpc_network_firewall_rule_change\">{{vpc_network_firewall_rule_change}}</span></div>\n        <div class=\"list-group-item-text item-margin\">VPC Network Route Changes Log Metric Filter Exist: <span id=\"stackdriverlogging.projects.{{@../key}}.logging_metrics.{{@key}}.vpc_network_route_change\">{{vpc_network_route_change}}</span></div>\n        <div class=\"list-group-item-text item-margin\">VPC Network Changes Log Metric Filter Exist: <span id=\"stackdriverlogging.projects.{{@../key}}.logging_metrics.{{@key}}.vpc_network_change\">{{vpc_network_change}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Cloud Storage IAM Permission Changes Log Metric Filter Exist: <span id=\"stackdriverlogging.projects.{{@../key}}.logging_metrics.{{@key}}.cloud_storage_iam_permission_change\">{{cloud_storage_iam_permission_change}}</span></div>\n        <div class=\"list-group-item-text item-margin\">SQL Instance Configuration Changes Log Metric Filter Exist: <span id=\"stackdriverlogging.projects.{{@../key}}.logging_metrics.{{@key}}.sql_instance_conf_change\">{{sql_instance_conf_change}}</span></div>\n\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.stackdriverlogging.projects.id.logging_metrics\", $(\"#services\\\\.stackdriverlogging\\\\.projects\\\\.id\\\\.logging_metrics\\\\.partial\").html());\n</script>\n\n<!-- Single stackdriverlogging metric template -->\n<script id=\"single_stackdriverlogging_logging_metrics-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.stackdriverlogging.projects.id.logging_metrics'}}\n</script>\n<script>\n    var single_stackdriverlogging_logging_metrics_template = Handlebars.compile($(\"#single_stackdriverlogging_logging_metrics-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.stackdriverlogging.projects.id.metrics.html",
    "content": "\n<!-- Stackdriver Logging metrics partial -->\n<script id=\"services.stackdriverlogging.projects.id.metrics.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"stackdriverlogging.projects.{{@../key}}.metrics.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Project ID: <span id=\"stackdriverlogging.projects.{{project}}.keyrings.{{@key}}.project_id\"><samp>{{project}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"stackdriverlogging.projects.{{@../key}}.metrics.{{@key}}.description\"><samp>{{value_or_none description}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Filter: <span id=\"stackdriverlogging.projects.{{@../key}}.metrics.{{@key}}.filter\"><code>{{filter}}</code></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.stackdriverlogging.projects.id.metrics\", $(\"#services\\\\.stackdriverlogging\\\\.projects\\\\.id\\\\.metrics\\\\.partial\").html());\n</script>\n\n<!-- Single stackdriverlogging metric template -->\n<script id=\"single_stackdriverlogging_metric-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.stackdriverlogging.projects.id.metrics'}}\n</script>\n<script>\n    var single_stackdriverlogging_metric_template = Handlebars.compile($(\"#single_stackdriverlogging_metric-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.stackdriverlogging.projects.id.sinks.html",
    "content": "\n<!-- Stackdriver Logging sinks partial -->\n<script id=\"services.stackdriverlogging.projects.id.sinks.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Sink Name: <span id=\"stackdriverlogging.projects.{{@../key}}.sinks.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Project ID: <span id=\"stackdriverlogging.projects.{{project}}.keyrings.{{@key}}.project_id\"><samp>{{project}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Filter: <span id=\"stackdriverlogging.projects.{{@../key}}.sinks.{{@key}}.filter\"><code>{{filter}}</code></span></div>\n        <div class=\"list-group-item-text item-margin\">Destination: <span id=\"stackdriverlogging.projects.{{@../key}}.sinks.{{@key}}.destination\"><samp>{{destination}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.stackdriverlogging.projects.id.sinks\", $(\"#services\\\\.stackdriverlogging\\\\.projects\\\\.id\\\\.sinks\\\\.partial\").html());\n</script>\n\n<!-- Single stackdriverlogging sink template -->\n<script id=\"single_stackdriverlogging_sink-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.stackdriverlogging.projects.id.sinks'}}\n</script>\n<script>\n    var single_stackdriverlogging_sink_template = Handlebars.compile($(\"#single_stackdriverlogging_sink-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.stackdrivermonitoring.projects.id.alert_policies.html",
    "content": "<!-- stackdrivermonitoring uptime_checks -->\n<script id=\"services.stackdrivermonitoring.projects.id.uptime_checks.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"stackdrivermonitoring.projects.{{project}}.uptime_checks.{{@key}}.name\"><samp>{{value_or_none display_name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Monitored Resource: <span id=\"stackdrivermonitoring.projects.{{project}}.uptime_checks.{{@key}}.monitored_resource\"><code>{{value_or_none monitored_resource}}</code></span></div>\n        <div class=\"list-group-item-text item-margin\">HTTP Check: <span id=\"stackdrivermonitoring.projects.{{project}}.uptime_checks.{{@key}}.http_check\"><code>{{value_or_none http_check}}</code></span></div>\n        <div class=\"list-group-item-text item-margin\">Period: <span id=\"stackdrivermonitoring.projects.{{project}}.uptime_checks.{{@key}}.period\"><samp>{{value_or_none period}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Timeout: <span id=\"stackdrivermonitoring.projects.{{project}}.uptime_checks.{{@key}}.timeout\"><samp>{{value_or_none timeout}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.stackdrivermonitoring.projects.id.uptime_checks\", $(\"#services\\\\.stackdrivermonitoring\\\\.projects\\\\.id\\\\.uptime_checks\\\\.partial\").html());\n</script>\n\n<!-- Single stackdrivermonitoring uptime_check template -->\n<script id=\"single_stackdrivermonitoring_uptime_check-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.stackdrivermonitoring.projects.id.uptime_checks'}}\n</script>\n<script>\n    var single_stackdrivermonitoring_uptime_check_template = Handlebars.compile($(\"#single_stackdrivermonitoring_uptime_check-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.stackdrivermonitoring.projects.id.monitoring_alert_policies.html",
    "content": "<!-- stackdrivermonitoring all alert policies -->\n<script id=\"services.stackdrivermonitoring.projects.id.monitoring_alert_policies.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Project Ownership Assignment/Changes Alerts Exist: <span id=\"stackdrivermonitoring.projects.{{project}}.monitoring_alert_policies.{{@key}}.project_ownership_assignments\"><samp>{{project_ownership_assignments}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Audit Configuration Changes Alerts Exist: <span id=\"stackdrivermonitoring.projects.{{@../key}}.monitoring_alert_policies.{{@key}}.audit_config_change\">{{audit_config_change}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Custom Role Changes Alerts Exist: <span id=\"stackdrivermonitoring.projects.{{@../key}}.monitoring_alert_policies.{{@key}}.custom_role_change\">{{custom_role_change}}</span></div>\n        <div class=\"list-group-item-text item-margin\">VPC Network Firewall Rule Changes Alerts Exist: <span id=\"stackdrivermonitoring.projects.{{@../key}}.monitoring_alert_policies.{{@key}}.vpc_network_firewall_rule_change\">{{vpc_network_firewall_rule_change}}</span></div>\n        <div class=\"list-group-item-text item-margin\">VPC Network Route Changes Alerts Exist: <span id=\"stackdrivermonitoring.projects.{{@../key}}.monitoring_alert_policies.{{@key}}.vpc_network_route_change\">{{vpc_network_route_change}}</span></div>\n        <div class=\"list-group-item-text item-margin\">VPC Network Changes Alerts Exist: <span id=\"stackdrivermonitoring.projects.{{@../key}}.monitoring_alert_policies.{{@key}}.vpc_network_change\">{{vpc_network_change}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Cloud Storage IAM Permission Changes Alerts Exist: <span id=\"stackdrivermonitoring.projects.{{@../key}}.monitoring_alert_policies.{{@key}}.cloud_storage_iam_permission_change\">{{cloud_storage_iam_permission_change}}</span></div>\n        <div class=\"list-group-item-text item-margin\">SQL Instance Configuration Changes Alerts Exist: <span id=\"stackdrivermonitoring.projects.{{@../key}}.monitoring_alert_policies.{{@key}}.sql_instance_conf_change\">{{sql_instance_conf_change}}</span></div>\n\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.stackdrivermonitoring.projects.id.monitoring_alert_policies\", $(\"#services\\\\.stackdrivermonitoring\\\\.projects\\\\.id\\\\.monitoring_alert_policies\\\\.partial\").html());\n</script>\n\n<!-- Single stackdrivermonitoring monitoring_alert_policies template -->\n<script id=\"single_stackdrivermonitoring_monitoring_alert_policies-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.stackdrivermonitoring.projects.id.monitoring_alert_policies'}}\n</script>\n<script>\n    var single_stackdrivermonitoring_monitoring_alert_policies_template = Handlebars.compile($(\"#single_stackdrivermonitoring_monitoring_alert_policies-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/gcp/services.stackdrivermonitoring.projects.id.uptime_checks.html",
    "content": "<!-- stackdrivermonitoring alert_policies -->\n<script id=\"services.stackdrivermonitoring.projects.id.alert_policies.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"stackdrivermonitoring.projects.{{project}}.alert_policies.{{@key}}.name\"><samp>{{value_or_none name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Creation Record: <span id=\"stackdrivermonitoring.projects.{{project}}.alert_policies.{{@key}}.creation_record\"><code>{{value_or_none creation_record}}</code></span></div>\n        <div class=\"list-group-item-text item-margin\">Mutation Record: <span id=\"stackdrivermonitoring.projects.{{project}}.alert_policies.{{@key}}.mutation_record\"><code>{{value_or_none mutation_record}}</code></span></div>\n        <div class=\"list-group-item-text item-margin\">Conditions: <span id=\"stackdrivermonitoring.projects.{{project}}.alert_policies.{{@key}}.conditions\"><code>{{value_or_none conditions}}</code></span></div>\n        <div class=\"list-group-item-text item-margin\">Combiner: <span id=\"stackdrivermonitoring.projects.{{project}}.alert_policies.{{@key}}.combiner\"><samp>{{value_or_none combiner}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Enabled: <span id=\"stackdrivermonitoring.projects.{{project}}.alert_policies.{{@key}}.enabled\"><samp>{{value_or_none enabled}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.stackdrivermonitoring.projects.id.alert_policies\", $(\"#services\\\\.stackdrivermonitoring\\\\.projects\\\\.id\\\\.alert_policies\\\\.partial\").html());\n</script>\n\n<!-- Single stackdrivermonitoring alert_policie template -->\n<script id=\"single_stackdrivermonitoring_alert_policie-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.stackdrivermonitoring.projects.id.alert_policies'}}\n</script>\n<script>\n    var single_stackdrivermonitoring_alert_policie_template = Handlebars.compile($(\"#single_stackdrivermonitoring_alert_policie-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/generic_object.html",
    "content": "\n    <!-- Generic object partial -->\n    <script id=\"generic_object.partial\" type=\"text/x-handlebars-template\">\n        <ul>\n            {{#each this}}\n                <li class=\"list-group-item-text no-margin\">{{@key}}:\n                {{#ifType this 'object'}}\n                    {{> generic_object this}}\n                {{else}}\n                    {{this}}\n                {{/ifType}}\n                </li>\n            {{/each}}\n        </ul>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"generic_object\", $(\"#generic_object\\\\.partial\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/ip_grants.html",
    "content": "\n    <!-- IP grant -->\n    <script id=\"ip_grants.partial\" type=\"text/x-handlebars-template\">\n      <ul>\n        {{#each items}}\n            <li class=\"list-group-item-text\">\n                {{#if ../span_id_prefix}}\n                    <span id=\"{{../../span_id_prefix}}.{{@key}}.CIDR\">\n                {{/if}}\n                {{CIDR}} {{#if CIDRName}}({{CIDRName}}){{/if}}\n                {{#if ../span_id_prefix}}\n                    </span>\n                {{/if}}\n            </li>\n        {{/each}}\n      </ul>\n    </script>\n    <script>\n        Handlebars.registerPartial(\"ip_grants\", $(\"#ip_grants\\\\.partial\").html());\n    </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/details_for_kubernetes_resource.html",
    "content": "<!-- services.cluster_role_binding.v1-rbac-authorization-k8s-io -->\n<script id=\"details_for_kubernetes_resource.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"services.{{ service_name }}.{{ resource_type }}.details\">\n        {{#each items.resources}}\n        <div class=\"list-group\" id=\"services.{{ ../service_name }}.{{ ../resource_type }}.{{ @key }}.view\">\n            <div class=\"list-group-item active\">\n                <h4 class=\"list-group-item-heading\">\n                    {{#if metadata.namespace}}[{{ metadata.namespace }}]{{/if}}\n                    {{ metadata.name }}\n                </h4>\n            </div>\n\n            {{#if roleRef}}\n                <div class=\"list-group-item\">\n                    <b>Role Reference:</b>\n                    <a href=\"{{ roleRef.href }}\">\n                        {{ roleRef.text }}\n                    </a>\n                </div>\n            {{/if}}\n\n            {{#if ownerReferences}}\n                <div class=\"list-group-item\">\n                    <b>Owner References</b>\n                    <ul style=\"list-style: none\">\n                        {{#each ownerReferences}}\n                            <li class=\"list-group-item-text no-margin\">\n                                <a href=\"{{ href }}\">\n                                    {{ text }}\n                                </a>\n                            </li>\n                        {{/each}}\n                    </ul>\n                </div>\n            {{/if}}\n\n            {{#if data.spec.template.spec}}\n                {{> kubernetes_pod_security_context id_prefix=(concat ../../service_name ../../resource_type) sc=data.spec.template.spec.securityContext }}\n                {{> kubernetes_resource_containers id_prefix=(concat ../../service_name ../../resource_type) spec=data.spec.template.spec }}\n                {{> kubernetes_resource_host id_prefix=(concat ../../service_name ../../resource_type) spec=data.spec.template.spec }}\n            {{else if data.spec}}\n                {{> kubernetes_pod_security_context id_prefix=(concat ../../../service_name ../../../resource_type) sc=data.spec.securityContext }}\n                {{> kubernetes_resource_containers id_prefix=(concat ../../../service_name ../../../resource_type) spec=data.spec }}\n                {{> kubernetes_resource_host id_prefix=(concat ../../../service_name ../../../resource_type) spec=data.spec }}\n            {{/if}}\n\n            {{#each stringified_data}}\n            {{> kubernetes_code title=@key code=this id_prefix=(concat 'services' ../../service_name ../../resource_type ../id 'section' @key) }}\n            {{/each}}\n\n            {{> kubernetes_code title='metadata' code=stringified_metadata id_prefix=(concat 'services' ../service_name ../resource_type @key 'metadata') hide=1 }}\n\n            {{> kubernetes_code title='JSON' code=json id_prefix=(concat 'services' ../service_name ../resource_type @key 'json') hide=1 }}\n            {{> kubernetes_code title='YAML' code=yaml id_prefix=(concat 'services' ../service_name ../resource_type @key 'yaml') hide=1 }}\n        </div>\n        {{/each}}\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"details_for_kubernetes_resource\", $(\"#details_for_kubernetes_resource\\\\.partial\").html())\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/details_for_project.html",
    "content": "\n  <!-- Generic partial showing details about projects and their resources -->\n  <script id=\"details_for_project.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"services.{{service_name}}.projects.id.{{resource_type}}.details\">\n      {{#each items}}\n        {{#each (lookup . ../resource_type)}}\n          <div class=\"list-group\" id=\"services.{{../../service_name}}.projects.{{@../key}}.{{../../resource_type}}.{{@key}}.view\">\n            {{> (lookup ../.. 'partial_name') service_name = ../../service_name project = @../key resource_type = ../../resource_type resource_key = @key resource = this}}\n          </div>\n        {{/each}}\n      {{/each}}\n    </div>\n  </script>\n  <script>\n    Handlebars.registerPartial(\"details_for_project\", $(\"#details_for_project\\\\.partial\").html());\n  </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/details_for_subscription.html",
    "content": "\n  <!-- Generic partial showing details about subscriptions and their resources -->\n  <script id=\"details_for_subscription.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"services.{{service_name}}.subscriptions.id.{{resource_type}}.details\">\n      {{#each items}}\n        {{#each (lookup . ../resource_type)}}\n          <div class=\"list-group\" id=\"services.{{../../service_name}}.subscriptions.{{@../key}}.{{../../resource_type}}.{{@key}}.view\">\n            {{> (lookup ../.. 'partial_name') service_name = ../../service_name subscription = @../key resource_type = ../../resource_type resource_key = @key resource = this}}\n          </div>\n        {{/each}}\n      {{/each}}\n    </div>\n  </script>\n  <script>\n    Handlebars.registerPartial(\"details_for_subscription\", $(\"#details_for_subscription\\\\.partial\").html());\n  </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/kubernetes_code.html",
    "content": "<script id=\"kubernetes_code_partial\" type=\"text/x-handlebars-template\">\n    {{! exclusively for json and yaml }}\n\n    {{#if code}}\n    <div class=\"list-group-item\">\n        <h5>\n            {{title}}\n\n            {{#if hide}}\n            <a href=\"#{{escape_dots id_prefix}}\" data-toggle=\"collapse\" class=\"k8s-item-heading\">\n                <span class=\"badge float-right btn-info\">Details</span>\n            </a>\n            {{/if}}\n\n        </h5>\n\n        <div id=\"{{id_prefix}}\"{{#if hide}} class=\"collapse\"{{/if}}>\n            <div class=\"k8s-code-copy\">\n                <a href=\"{{location_hash id_prefix}}\" class=\"k8s-code-copy-text\"\n                    id=\"{{id_prefix}}.copy\"\n                    onclick=\"copyCode('{{id_prefix}}')\"\n                >\n                    copy\n                </a>\n            </div>\n            <code>\n                <samp>\n                    <pre class=\"k8s-code-text\" id=\"{{id_prefix}}.code\">{{remove_whitespace code}}</pre>\n                </samp>\n            </code>\n        </div>\n    </div>\n    {{/if}}\n</script>\n\n<style>\n    .k8s-code-copy {\n        padding-bottom: 0.5rem;\n        width: 100%;\n        text-align: right;\n    }\n\n    .k8s-code-text {\n        padding: 0.5rem 1.5rem 1rem 1.5rem;\n        background-color: lightgray;\n        max-height: 32rem;\n        font-size: larger;\n    }\n</style>\n\n<script>\n    const copyCode = id => {\n        const element = document.getElementById(`${id}.code`)\n        navigator.clipboard.writeText(element.textContent)\n\n        for (const copy of document.querySelectorAll('.k8s-code-copy-text')) {\n            copy.textContent = 'copy'\n        }\n\n        const copy = document.getElementById(`${id}.copy`)\n        copy.textContent = 'copied'\n\n    }\n\n    Handlebars.registerPartial('kubernetes_code', $('#kubernetes_code_partial').html())\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/kubernetes_container_security_context.html",
    "content": "<script id=\"kubernetes_container_security_context_partial\" type=\"text/x-handlebars-template\">\n    <ul>\n        <samp>\n            <li class=\"list-group-item-text no-margin\">\n                allowPrivilegeEscalation:\n                <span id=\"{{id_prefix}}.securityContext.allowPrivilegeEscalation\">\n                    {{sc.allowPrivilegeEscalation}}\n                </span>\n            </li>\n            <li class=\"list-group-item-text no-margin\">\n                capabilities:\n                {{#if sc.capabilities}}\n                <ul>\n                    {{#each sc.capabilities}}\n                    <li class=\"list-group-item-text no-margin\">\n                        {{ @key }}:\n                        <ul>\n                        {{#each this}}\n                            <li class=\"list-group-item-text no-margin\">{{ this }}</li>\n                        {{/each}}\n                        </ul>\n                    </li>\n                    {{/each}}\n                </ul>\n                {{else}}\n                    {{sc.capabilities}}\n                {{/if}}\n            </li>\n            <li class=\"list-group-item-text no-margin\">\n                privileged:\n                <span id=\"{{id_prefix}}.securityContext.privileged\">\n                    <span>{{sc.privileged}}</span>\n                </span>\n            </li>\n            <li class=\"list-group-item-text no-margin\">\n                procMount:\n                <span id=\"{{id_prefix}}.securityContext.proc_mount\">\n                    {{sc.procMount}}\n                </span>\n            </li>\n            <li class=\"list-group-item-text no-margin\">\n                readOnlyRootFilesystem:\n                <span id=\"{{id_prefix}}.securityContext.readOnlyRootFilesystem\">\n                    {{sc.readOnlyRootFilesystem}}\n                </span>\n            </li>\n            <li class=\"list-group-item-text no-margin\">\n                runAsGroup:\n                <span id=\"{{id_prefix}}.securityContext.runAsGroup\">\n                    {{sc.runAsGroup}}\n                </span>\n            </li>\n            <li class=\"list-group-item-text no-margin\">\n                runAsNonRoot:\n                <span id=\"{{id_prefix}}.securityContext.runAsNonRoot\">\n                    {{sc.runAsNonRoot}}\n                </span>\n            </li>\n            <li class=\"list-group-item-text no-margin\">\n                runAsUser:\n                <span id=\"{{id_prefix}}.securityContext.runAsUser\">\n                    {{sc.runAsUser}}\n                </span>\n            </li>\n            <li class=\"list-group-item-text no-margin\">\n                seLinuxOptions:\n                <span id=\"{{id_prefix}}.securityContext.seLinuxOptions\">\n                    {{sc.seLinuxOptions}}\n                </span>\n            </li>\n            <li class=\"list-group-item-text no-margin\">\n                seccompProfile:\n                <span id=\"{{id_prefix}}.securityContext.seccompProfile\">\n                    {{sc.seccompProfile}}\n                </span>\n            </li>\n            <li class=\"list-group-item-text no-margin\">\n                windowsOptions:\n                <span id=\"{{id_prefix}}.securityContext.windowsOptions\">\n                    {{sc.windowsOptions}}\n                </span>\n            </li>\n        </samp>\n    </ul>\n</script>\n\n<script>\n    Handlebars.registerPartial('kubernetes_container_security_context', $('#kubernetes_container_security_context_partial').html())\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/kubernetes_data.html",
    "content": "<script id=\"kubernetes_data_partial\" type=\"text/x-handlebars-template\">\n    {{#if code}}\n    <div class=\"list-group-item\">\n        <h5 class=\"list-group-item-text\">\n            {{title}}\n\n            {{#if hide}}\n            <a href=\"#{{escape_dots id_prefix}}\" data-toggle=\"collapse\" class=\"k8s-item-heading\">\n                <span class=\"badge float-right btn-info\">Details</span>\n            </a>\n            {{/if}}\n        </h5>\n\n        <div class=\"item-margin{{#if hide}} collapse{{/if}}\" id=\"{{id_prefix}}\">\n            {{>kubernetes_code code=code}}\n        </div>\n    </div>\n    {{/if}}\n</script>\n\n<script>\n    Handlebars.registerPartial('kubernetes_data', $('#kubernetes_data_partial').html())\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/kubernetes_object.html",
    "content": "<script id=\"kubernetes_object_partial\" type=\"text/x-handlebars-template\">\n    {{! good for debugging }}\n\n    {{#if this}}\n\n    {{#ifType this 'object'}}\n    <ul>\n        {{#each this}}\n        <li class=\"list-group-item-text no-margin\">\n            {{#if this}}\n            <b>{{@key}}:</b>\n                {{#ifType this 'object'}}\n                {{>kubernetes_object this}}\n                {{else}}\n                <pre class=\"k8s-section\">{{remove_whitespace this}}</pre>\n                {{/ifType}}\n            {{else}}\n            <samp>null</samp>\n            {{/if}}\n        </li>\n        {{/each}}\n    </ul>\n    {{else}}\n        <pre class=\"k8s-section\">{{remove_whitespace this}}</pre>\n    {{/ifType}}\n\n    {{else}}\n    <div>\n        <samp>null</samp>\n    </div>\n\n    {{/if}}\n\n    <style>\n        .k8s-section {\n            margin: 0;\n            padding: 1rem;\n            background-color: #f1f1f1;\n        }\n    </style>\n</script>\n\n<script>\n    Handlebars.registerPartial('kubernetes_object', $('#kubernetes_object_partial').html())\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/kubernetes_pod_security_context.html",
    "content": "<script id=\"kubernetes_pod_security_context_partial\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group-item\">\n        <h5><b>Security Context</b></h5>\n        <ul>\n            <samp>\n                <li class=\"list-group-item-text\">\n                    capabilities:\n                    {{#if sc.capabilities}}\n                    <ul>\n                        {{#each sc.capabilities}}\n                        <li class=\"list-group-item-text\">\n                            {{ @key }}:\n                            <ul>\n                            {{#each this}}\n                                <li class=\"list-group-item-text\">{{ this }}</li>\n                            {{/each}}\n                            </ul>\n                        </li>\n                        {{/each}}\n                    </ul>\n                    {{else}}\n                        {{sc.capabilities}}\n                    {{/if}}\n                </li>\n                <li class=\"list-group-item-text\">\n                    runAsGroup:\n                    <span id=\"{{id_prefix}}.securityContext.runAsGroup\">\n                        {{sc.runAsGroup}}\n                    </span>\n                </li>\n                <li class=\"list-group-item-text\">\n                    runAsNonRoot:\n                    <span id=\"{{id_prefix}}.securityContext.runAsNonRoot\">\n                        {{sc.runAsNonRoot}}\n                    </span>\n                </li>\n                <li class=\"list-group-item-text\">\n                    runAsUser:\n                    <span id=\"{{id_prefix}}.securityContext.runAsUser\">\n                        {{sc.runAsUser}}\n                    </span>\n                </li>\n                <li class=\"list-group-item-text\">\n                    seLinuxOptions:\n                    <span id=\"{{id_prefix}}.securityContext.seLinuxOptions\">\n                        {{sc.seLinuxOptions}}\n                    </span>\n                </li>\n                <li class=\"list-group-item-text\">\n                    seccompProfile:\n                    <span id=\"{{id_prefix}}.securityContext.seccompProfile\">\n                        {{sc.seccompProfile}}\n                    </span>\n                </li>\n            </samp>\n        </ul>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial('kubernetes_pod_security_context', $('#kubernetes_pod_security_context_partial').html())\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/kubernetes_resource_containers.html",
    "content": "<script id=\"kubernetes_resource_containers_partial\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group-item\">\n        <h5><b>Containers</b></h5>\n\n        {{#each spec.containers}}\n        <div class=\"list-group-item-text\">\n            <h6><b><u>{{ name }}</u></b></h6>\n        </div>\n\n        <ul class=\"list-group-item-text\">\n            <li>\n                Security Context\n                {{> kubernetes_container_security_context sc=securityContext id_prefix=(concat ../id_prefix @../key 'spec.containers' @key) }}\n            </li>\n            <li>\n                Resource Limits\n                {{> kubernetes_resource_limits limits=resources.limits id_prefix=(concat ../id_prefix @../key 'spec.containers' @key) }}\n            </li>\n        </ul>\n        {{/each}}\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial('kubernetes_resource_containers', $('#kubernetes_resource_containers_partial').html())\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/kubernetes_resource_host.html",
    "content": "<script id=\"kubernetes_resource_host_partial\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group-item\">\n        <ul style=\"margin-bottom:0\">\n            <li class=\"list-group-item-text no-margin\">\n                <b>Host IPC:</b>\n                <span id=\"{{ id_prefix }}.{{@key}}.spec.hostIPC\">\n                    <samp>{{spec.hostIPC}}</samp>\n                </span>\n            </li>\n\n            <li class=\"list-group-item-text no-margin\">\n                <b>Host Network:</b>\n                <span id=\"{{ id_prefix }}.{{@key}}.spec.hostNetwork\">\n                    <samp>{{spec.hostNetwork}}</samp>\n                </span>\n            </li>\n\n            <li class=\"list-group-item-text no-margin\">\n                <b>Host PID:</b>\n                <span id=\"{{ id_prefix }}.{{@key}}.spec.hostPID\">\n                    <samp>{{spec.hostPID}}</samp>\n                </span>\n            </li>\n        </ul>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial('kubernetes_resource_host', $('#kubernetes_resource_host_partial').html())\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/kubernetes_resource_limits.html",
    "content": "<script id=\"kubernetes_resource_limits_partial\" type=\"text/x-handlebars-template\">\n    <ul>\n        <samp>\n            <li class=\"list-group-item-text no-margin\">\n                cpu:\n                <span id=\"{{id_prefix}}.resources.limits.cpu\">\n                    {{limits.cpu}}\n                </span>\n            </li>\n            <li class=\"list-group-item-text no-margin\">\n                memory:\n                <span id=\"{{id_prefix}}.resources.limits.memory\">\n                    {{limits.memory}}\n                </span>\n            </li>\n        </samp>\n    </ul>\n</script>\n\n<script>\n    Handlebars.registerPartial('kubernetes_resource_limits', $('#kubernetes_resource_limits_partial').html())\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/left_menu_for_kubernetes_resource.html",
    "content": "<!-- Generic left-menu link partial for kubernetes_resource-then-resource -->\n<script id=\"left_menu_for_kubernetes_resource.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"services.{{service_name}}.{{resource_type}}.list\">\n        <div class=\"list-group\">\n            <div class=\"list-group-item\">\n                <a href=\"javascript:updateHash(`services.{{ service_name }}.{{ resource_type }}`)\">\n                    Show all\n                    <span style=\"font-size:small\" class=\"float-right\">\n                        ({{ getValueAt 'metadata' service_group service_name 'resources' resource_type 'count' }})\n                    </span>\n                </a>\n            </div>\n        </div>\n\n        {{#if items.namespaced}}\n\n            {{#each items.namespaces}}\n                <div class=\"list-group\" id=\"services.{{ ../service_name }}.{{ ../resource_type }}.--{{ @key }}--.list\">\n                    <div class=\"list-group-item active\">\n                        <a href=\"javascript:showNamespacedResources(`services.{{ ../service_name }}.{{ ../resource_type }}`, `{{ @key }}`)\">{{ this }}</a>\n                        <span class=\"float-right\">\n                            <a href=\"javascript:hideList(`services.{{ ../service_name }}.{{ ../resource_type }}.--{{ @key }}--.list`)\">\n                                <i class=\"fa fa-times-circle\"></i>\n                            </a>\n                        </span>\n                    </div>\n                    {{#each ../items.resources}}\n                        {{#if (resource_is_in_namespace @key @../key) }}\n                            <div class=\"list-group-item\" id=\"services.{{ ../../../service_name }}.{{ ../../../resource_type }}.{{ @key }}.link\">\n                                <a href=\"#services.{{ ../../../service_name }}.{{ ../../../resource_type }}.{{ @key }}.view\">{{ metadata.name }}</a>\n                            </div>\n                        {{/if}}\n                    {{/each}}\n                </div>\n            {{/each}}\n\n        {{else}}\n\n            {{#each items.resources}}\n                <div class=\"list-group-item\" id=\"services.{{ ../service_name }}.{{ ../resource_type }}.{{ @key }}.link\">\n                    <a href=\"#services.{{ ../service_name }}.{{ ../resource_type }}.{{ @key }}.view\">{{ metadata.name }}</a>\n                </div>\n            {{/each}}\n\n        {{/if}}\n\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"left_menu_for_kubernetes_resource\", $(\"#left_menu_for_kubernetes_resource\\\\.partial\").html())\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/left_menu_for_project.html",
    "content": "<!-- Generic left-menu link partial for project-then-resource -->\n<script id=\"left_menu_for_project.partial\" type=\"text/x-handlebars-template\">\n  <div id=\"services.{{service_name}}.projects.id.{{resource_type}}.list\">\n  <div class=\"list-group\" >\n    <div class=\"list-group-item\">\n      <a href=\"javascript:updateHash('services.{{service_name}}.projects.id.{{resource_type}}')\">Show all <span class=\"badge float-right btn-info\">{{getValueAt 'metadata' service_group service_name 'resources' resource_type 'count'}}</span></a>\n    </div>\n  </div>\n  {{#each items}}\n  <div class=\"list-group\" id=\"services.{{../service_name}}.projects.{{@key}}.{{../resource_type}}.list\">\n    <div class=\"list-group-item active\">\n      <a href=\"#services.{{../service_name}}.projects.{{@key}}.{{../resource_type}}\">{{@key}}</a>\n      <span class=\"float-right\"><a href=\"javascript:hideList('services.{{../service_name}}.projects.{{@key}}.{{../resource_type}}.list')\"><i class=\"fa fa-times-circle\"></i></a></span>\n    </div>\n    <div class=\"list-group-item\">\n      {{#each (lookup . ../resource_type)}}\n      <div class=\"list-group-item list-sub-element\" id=\"services.{{../../service_name}}.projects.{{@../key}}.{{../../resource_type}}.{{@key}}.link\">\n        {{#if scout2_link}}\n        <a href=\"#{{scout2_link}}.view\">{{name}}</a>\n        {{else}}\n        <a href=\"#services.{{../../../service_name}}.projects.{{@../key}}.{{../../../resource_type}}.{{@key}}.view\">{{name}}</a>\n        {{/if}}\n      </div>\n      {{/each}}\n    </div>\n  </div>\n  {{/each}}\n  </div>\n</script>\n<script>\n    Handlebars.registerPartial(\"left_menu_for_project\", $(\"#left_menu_for_project\\\\.partial\").html());\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/left_menu_for_subscription.html",
    "content": "<!-- Generic left-menu link partial for subscription-then-resource -->\n<script id=\"left_menu_for_subscription.partial\" type=\"text/x-handlebars-template\">\n  <div id=\"services.{{service_name}}.subscriptions.id.{{resource_type}}.list\">\n  <div class=\"list-group\" >\n    <div class=\"list-group-item\">\n      <a href=\"javascript:updateHash('services.{{service_name}}.subscriptions.id.{{resource_type}}')\">Show all <span class=\"badge float-right btn-info\">{{getValueAt 'metadata' service_group service_name 'resources' resource_type 'count'}}</span></a>\n    </div>\n  </div>\n  {{#each items}}\n  <div class=\"list-group\" id=\"services.{{../service_name}}.subscriptions.{{@key}}.{{../resource_type}}.list\">\n    <div class=\"list-group-item active\">\n      <a href=\"#services.{{../service_name}}.subscriptions.{{@key}}.{{../resource_type}}\">{{@key}}</a>\n      <span class=\"float-right\"><a href=\"javascript:hideList('services.{{../service_name}}.subscriptions.{{@key}}.{{../resource_type}}.list')\"><i class=\"fa fa-times-circle\"></i></a></span>\n    </div>\n    <div class=\"list-group-item\">\n      {{#each (lookup . ../resource_type)}}\n      <div class=\"list-group-item list-sub-element\" id=\"services.{{../../service_name}}.subscriptions.{{@../key}}.{{../../resource_type}}.{{@key}}.link\">\n        {{#if scout2_link}}\n        <a href=\"#{{scout2_link}}.view\">{{name}}</a>\n        {{else}}\n        <a href=\"#services.{{../../../service_name}}.subscriptions.{{@../key}}.{{../../../resource_type}}.{{@key}}.view\">{{name}}</a>\n        {{/if}}\n      </div>\n      {{/each}}\n    </div>\n  </div>\n  {{/each}}\n  </div>\n</script>\n<script>\n    Handlebars.registerPartial(\"left_menu_for_subscription\", $(\"#left_menu_for_subscription\\\\.partial\").html());\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/services.eks.encryption.html",
    "content": "<script id=\"services.eks.encryption.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n\n    <div class=\"list-group-item\">\n        {{> generic_object this }}\n    </div>\n\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.eks.encryption\", $(\"#services\\\\.eks\\\\.encryption\\\\.partial\").html());\n</script>\n\n<script id=\"single_eks_encryption-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.eks.encryption'}}\n</script>\n<script>\n    var single_eks_encryption_template = Handlebars.compile($(\"#single_eks_encryption-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/services.eks.logging.html",
    "content": "<script id=\"services.eks.logging.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        Enabled: <span id=\"eks.logging.{{id}}.enabled\">{{enabled}}</span>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.eks.logging\", $(\"#services\\\\.eks\\\\.logging\\\\.partial\").html());\n</script>\n\n<script id=\"single_eks_logging-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.eks.logging'}}\n</script>\n<script>\n    var single_eks_logging_template = Handlebars.compile($(\"#single_eks_logging-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/services.kubernetesengine.clusters.html",
    "content": "<!-- Kubernetes Engine clusters partial -->\n<script id=\"services.kubernetesengine.projects.id.clusters.partial\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    \n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Project ID: <span id=\"kubernetesengine.projects.{{project}}.clusters.{{@key}}.project_id\"><samp>{{project}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Location: <span id=\"kubernetesengine.projects.{{project}}.clusters.{{@key}}.location\"><samp>{{location}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Type: <span id=\"kubernetesengine.projects.{{project}}.clusters.{{@key}}.type\"><samp>{{type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Status: <span id=\"kubernetesengine.projects.{{project}}.clusters.{{@key}}.status\"><samp>{{status}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Image Type: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.container_optimized_os_not_used\">{{image_type}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Release Channel: <span id=\"kubernetesengine.projects.{{project}}.clusters.{{@key}}.release_channel\"><samp>{{value_or_none release_channel}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Basic Authentication: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.basic_authentication_enabled\">{{convert_bool_to_enabled basic_authentication_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Client Certificate Authentication: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.client_certificate_enabled\">{{convert_bool_to_enabled client_certificate_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Dashboard: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.dashboard_status\">{{dashboard_status}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Legacy Authorization (ABAC): <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.legacy_abac_enabled\">{{convert_bool_to_enabled legacy_abac_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Pod Security Policy: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.pod_security_policy_enabled\">{{convert_bool_to_enabled pod_security_policy_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Network Policy: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.network_policy_disabled\">{{convert_bool_to_enabled network_policy_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Service Account: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.default_service_account_used\">{{service_account}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Workload Identity: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.workload_identity_enabled\">{{convert_bool_to_enabled workload_identity_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Private Google Access: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.private_ip_google_access_disabled\">{{convert_bool_to_enabled private_ip_google_access_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Alias IP: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.alias_ip_disabled\">{{convert_bool_to_enabled alias_ip_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Endpoint: <span id=\"kubernetesengine.projects.{{project}}.clusters.{{@key}}.endpoint\"><samp>{{endpoint}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Private Endpoint: <span id=\"kubernetesengine.projects.{{project}}.clusters.{{@key}}.private_endpoint_enabled\"><samp>{{convert_bool_to_enabled private_endpoint_enabled}}</samp></span></div>\n        {{#if private_endpoint}}\n        <div class=\"list-group-item-text item-margin\">Private Endpoint IP: <span id=\"kubernetesengine.projects.{{project}}.clusters.{{@key}}.private_endpoint\"><samp>{{private_endpoint}}</samp></span></div>\n        {{/if}}\n        {{#if public_endpoint}}\n        <div class=\"list-group-item-text item-margin\">Public Endpoint IP: <span id=\"kubernetesengine.projects.{{project}}.clusters.{{@key}}.public_endpoint\"><samp>{{public_endpoint}}</samp></span></div>\n        {{/if}}\n        <div class=\"list-group-item-text item-margin\">Binary Authorization: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.binary_authorization_enabled\">{{convert_bool_to_enabled binary_authorization_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Shielded Nodes: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.shielded_nodes_enabled\">{{convert_bool_to_enabled shielded_nodes_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Application-Layer Secrets Encryption: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.application_layer_encryption_enabled\">{{convert_bool_to_enabled application_layer_encryption_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Stackdriver Logging: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.logging_disabled\">{{convert_bool_to_enabled logging_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Stackdriver Monitoring: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.monitoring_disabled\">{{convert_bool_to_enabled monitoring_enabled}}</span></div>\n        {{#if labels}}\n        <div class=\"list-group-item-text item-margin\">Labels: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.has_no_labels\">{{labels}}</span></div>\n        {{/if}}\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\"><span class=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.scopes\">Scopes</span></h4>\n            {{#if scopes}}\n            <ul>\n                {{#each scopes}}\n                <li><samp>{{this}}</samp></li>\n                {{/each}}\n            </ul>\n            {{else}}\n            <span>None</span>\n            {{/if}}\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\"><span class=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.accessible_cluster\">Master Authorized Networks</span></h4>\n        <div class=\"list-group-item-text item-margin\">Status: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.master_authorized_networks_disabled\">{{convert_bool_to_enabled master_authorized_networks_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\"><span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.authorized_networks_cidr_blocks\">CIDR Blocks</span>:\n            {{#if master_authorized_networks_config.cidrBlocks}}\n            <ul>\n                {{#each master_authorized_networks_config.cidrBlocks}}\n                <li><samp>{{this.displayName}}</samp>: <samp>{{this.cidrBlock}}</samp></li>\n                {{/each}}\n            </ul>\n            {{else}}\n                <span>None</span>\n            {{/if}}\n        </div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Node pools</h4>\n        <div class=\"list-group-item-text item-margin\">Private Nodes: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.private_nodes_enabled\" class=\"kubernetesengine.projects.{{@../key}}.nodes.{{@key}}.accessible_cluster\">{{convert_bool_to_enabled private_nodes_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Metadata Server: <span id=\"kubernetesengine.projects.{{@../key}}.clusters.{{@key}}.metadata_server_enabled\" class=\"kubernetesengine.projects.{{@../key}}.nodes.{{@key}}.accessible_cluster\">{{convert_bool_to_enabled metadata_server_enabled}}</span></div>\n        <div class=\"list-group-item-text item-margin\">\n            {{#each node_pools}}\n            <samp>{{@key}}</samp>\n            <div class=\"list-group-item-text item-margin\">\n                Integrity Monitoring: <span id=\"kubernetesengine.projects.{{@../../key}}.clusters.{{@../key}}.node_pools.{{@key}}.integrity_monitoring_enabled\">{{convert_bool_to_enabled integrity_monitoring_enabled}}</span>\n            </div>\n            <div class=\"list-group-item-text item-margin\">\n                Secure Boot: <span id=\"kubernetesengine.projects.{{@../../key}}.clusters.{{@../key}}.node_pools.{{@key}}.secure_boot_enabled\">{{convert_bool_to_enabled secure_boot_enabled}}</span>\n            </div>\n            <div class=\"list-group-item-text item-margin\">\n                Legacy Metadata Endpoints: <span id=\"kubernetesengine.projects.{{@../../key}}.clusters.{{@../key}}.node_pools.{{@key}}.legacy_metadata_endpoints_enabled\">{{convert_bool_to_enabled legacy_metadata_endpoints_enabled}}</span>\n            </div>\n            <div class=\"list-group-item-text item-margin\">\n                Automatic Node Upgrades: <span id=\"kubernetesengine.projects.{{@../../key}}.clusters.{{@../key}}.node_pools.{{@key}}.auto_upgrade_disabled\">{{convert_bool_to_enabled auto_upgrade_enabled}}</span>\n            </div>\n            <div class=\"list-group-item-text item-margin\">\n                Automatic Node Repair: <span id=\"kubernetesengine.projects.{{@../../key}}.clusters.{{@../key}}.node_pools.{{@key}}.auto_repair_disabled\">{{convert_bool_to_enabled auto_repair_enabled}}</span>\n            </div>\n            {{/each}}\n        </div>\n    </div>\n\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.kubernetesengine.projects.id.clusters\", $(\"#services\\\\.kubernetesengine\\\\.projects\\\\.id\\\\.clusters\\\\.partial\").html());\n</script>\n\n<!-- Single kubernetesengine cluster template -->\n<script id=\"single_kubernetesengine_cluster-template\" type=\"text/x-handlebars-template\">\n    <div style=\"text-align: right; padding-right: 10px; text-weight: bold;\"><a href=\"javascript:hidePopup()\">X</a></div>\n    {{> services.kubernetesengine.projects.id.clusters}}\n</script>\n<script>\n    var single_kubernetesengine_cluster_template = Handlebars.compile($(\"#single_kubernetesengine_cluster-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.diagnostic_settings.html",
    "content": "<!-- Logging and Monitoring Diagnostic-->\n<script id=\"services.loggingmonitoring.subscriptions.id.diagnostic_settings.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Diagnostic setting exists: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.diagnostic_settings.{{@key}}.diagnostic_exist\"><samp>{{diagnostic_exist}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.loggingmonitoring.subscriptions.id.diagnostic_settings\", $(\"#services\\\\.loggingmonitoring\\\\.subscriptions\\\\.id\\\\.diagnostic_settings\\\\.partial\").html());\n</script>\n\n<!-- Single loggingmonitoring diagnostic template -->\n<script id=\"single_loggingmonitoring_diagnostic_settings-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.loggingmonitoring.subscriptions.id.diagnostic_settings'}}\n</script>\n<script>\n    var single_loggingmonitoring_diagnostic_settings_template = Handlebars.compile($(\"#single_loggingmonitoring_diagnostic_settings-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.log_alerts.html",
    "content": "<!-- Logging and Monitoring Log Alerts-->\n<script id=\"services.loggingmonitoring.subscriptions.id.log_alerts.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Create Policy Assignment activity log alert exist: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_alerts.{{@key}}.create_policy_assignment_exist\"><samp>{{value_or_none create_policy_assignment_exist}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Create or update Network Security Group activity log alert exist: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_alerts.{{@key}}.create_update_NSG_exist\"><samp>{{value_or_none create_update_NSG_exist}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Delete Network Security Group activity log alert exist: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_alerts.{{@key}}.delete_NSG_exist\"><samp>{{value_or_none delete_NSG_exist}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Create or update Network Security Group Rule activity log alert exist: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_alerts.{{@key}}.create_update_NSG_rule_exist\"><samp>{{value_or_none create_update_NSG_rule_exist}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Delete Network Security Group Rule activity log alert exist: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_alerts.{{@key}}.delete_NSG_rule_exist\"><samp>{{value_or_none delete_NSG_rule_exist}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Create or update Security Solution activity log alert exist: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_alerts.{{@key}}.create_update_security_solution_exist\"><samp>{{value_or_none create_update_security_solution_exist}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Delete Security Solution activity log alert exist: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_alerts.{{@key}}.delete_security_solution_exist\"><samp>{{value_or_none delete_security_solution_exist}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Create our update or delete SQL Server Firewall Rule activity log alert exist: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_alerts.{{@key}}.create_delete_firewall_rule_exist\"><samp>{{value_or_none create_delete_firewall_rule_exist}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.loggingmonitoring.subscriptions.id.log_alerts\", $(\"#services\\\\.loggingmonitoring\\\\.subscriptions\\\\.id\\\\.log_alerts\\\\.partial\").html());\n</script>\n\n<!-- Single loggingmonittoring log alerts template -->\n<script id=\"single_loggingmonitoring_log_alerts-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.loggingmonitoring.subscriptions.id.log_alerts'}}\n</script>\n<script>\n    var single_loggingmonitoring_log_alerts_template = Handlebars.compile($(\"#single_loggingmonitoring_log_alerts-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.log_profiles.html",
    "content": "<!-- Logging and Monitoring Log Profiles-->\n<script id=\"services.loggingmonitoring.subscriptions.id.log_profiles.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_profiles.{{@key}}.name\"><samp>{{name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Storage account id: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_profiles.{{@key}}.storage_account_id\"><samp>{{storage_account_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Captures all activities: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_profiles.{{@key}}.captures_all_activities\"><samp>{{captures_all_activities}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Retention policy enabled: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_profiles.{{@key}}.retention_policy_enabled\"><samp>{{retention_policy_enabled}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Retention policy days: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.log_profiles.{{@key}}.retention_policy_days\"><samp>{{retention_policy_days}}</samp></span></div>\n\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.loggingmonitoring.subscriptions.id.log_profiles\", $(\"#services\\\\.loggingmonitoring\\\\.subscriptions\\\\.id\\\\.log_profiles\\\\.partial\").html());\n</script>\n\n<!-- Single loggingmonitoring log profiles template -->\n<script id=\"single_loggingmonitoring_log_profiles-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.loggingmonitoring.subscriptions.id.log_profiles'}}\n</script>\n<script>\n    var single_loggingmonitoring_log_profiles_template = Handlebars.compile($(\"#single_loggingmonitoring_log_profiles-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.resources_logging.html",
    "content": "<!-- Logging and Monitoring Resource Logging-->\n<script id=\"services.loggingmonitoring.subscriptions.id.resources_logging.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Logging for key vault enabled: <span id=\"loggingmonitoring.subscriptions.{{@../key}}.resources_logging.{{@key}}.diagnostic_key_vault_audit_event_enabled\"><samp>{{convert_bool_to_enabled diagnostic_key_vault.audit_event_enabled}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.loggingmonitoring.subscriptions.id.resources_logging\", $(\"#services\\\\.loggingmonitoring\\\\.subscriptions\\\\.id\\\\.resources_logging\\\\.partial\").html());\n</script>\n\n<!-- Single loggingmonitoring resource logging template -->\n<script id=\"single_loggingmonitoring_resources_logging-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.loggingmonitoring.subscriptions.id.resources_logging'}}\n</script>\n<script>\n    var single_loggingmonitoring_resources_logging_template = Handlebars.compile($(\"#single_loggingmonitoring_resources_logging-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/services.version.details.html",
    "content": "<script id=\"services.version.details.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        {{>generic_object resource}}\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.version.details\", $(\"#services\\\\.version\\\\.details\\\\.partial\").html())\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/kubernetes/utils.html",
    "content": "<script>\n    Handlebars.registerHelper('remove_whitespace', data => {\n        // TODO: find a better way to address Handlebars-specific indentation weirdness in <pre>\n        return `${data}`.replace(/\\r\\n/g, `\\r`).replace(/\\n/g, `\\r`)\n    })\n\n    Handlebars.registerHelper('location_hash', () => {\n        return location.hash\n    })\n\n    Handlebars.registerHelper('resource_is_in_namespace', (resource_id, formatted_ns) => {\n        return resource_id.startsWith(`--${formatted_ns}--`)\n    })\n\n    const showNamespacedResources = (base, ns) => {\n        hideItems(base)\n        showItems(`${base}.--${ns}--`)\n    }\n\n    const onHashChange = () => {\n        const hash = location.hash\n\n        if (!hash) {\n            updateDOM('')\n            return\n        }\n\n        if (hash.endsWith('.view')) {\n            updateDOM(hash.split('.').slice(0, 3).join('.'))\n        }\n\n        updateDOM(hash)\n    }\n\n    showItems = path => {\n        $(`[id^=\"${path}\"][id$=\".link\"]`).show()\n        $(`[id^=\"${path}\"][id$=\".view\"]`).show()\n    }\n\n    showRow = path => {\n        showList(path)\n        showDetails(path)\n    }\n\n    showDetails = path => {\n        $(`[id^=\"${path}\"][id$=\".details\"]`).show()\n    }\n\n    showList = path => {\n        $(`[id^=\"${path}\"][id$=\".list\"]`).show()\n    }\n\n    hideItems = path => {\n        $(`[id^=\"${path}\"][id$=\".view\"]`).hide()\n    }\n\n    hideLinks = path => {\n        $(`[id^=\"${path}\"][id$=\".link\"]`).hide()\n    }\n\n    hideList = path => {\n        // this function assumes a namespaced resource kind\n        $(`[id=\"${path}\"]`).hide()\n        hideItems(path.replace(/\\.list$/, ''))\n    }\n\n    window.onhashchange = onHashChange\n\n    $(document).ready(() => {\n        onPageLoad()\n        onHashChange()\n    })\n</script>\n\n<style>\n    .k8s-item-heading {\n        font-weight: bold;\n        margin: 0;\n        padding: 0;\n        cursor: pointer;\n        color: black;\n    }\n</style>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/last_run_details.html",
    "content": "<script id=\"last_run_details-template\" type=\"text/x-handlebars-template\">\n    <div class=\"modal-dialog modal-lg modal-dialog-centered\" role=\"document\">\n        <div class=\"modal-content\">\n            <div class=\"modal-header\">\n                <h5 class=\"modal-title\">Execution Details</h5>\n                <button type=\"button\" class=\"close\" data-dismiss=\"modal\" aria-label=\"Close\">\n                    <span aria-hidden=\"true\">&times;</span>\n                </button>\n            </div>\n            <div class=\"modal-body m-3\">\n                <div>\n                    <p><strong>Provider:</strong> {{provider_name}}</p>\n                    <p><strong>Time:</strong> {{format_date last_run.time}}</p>\n                    {{#if last_run.run_parameters.services}}\n                    <p><strong>Services:</strong> {{last_run.run_parameters.services}}</p>\n                    {{/if}}\n                    {{#if last_run.run_parameters.skipped_services}}\n                    <p><strong>Skipped Services:</strong> {{last_run.run_parameters.skipped_services}}</p>\n                    {{/if}}\n                    {{#if last_run.run_parameters.regions}}\n                    <p><strong>Regions:</strong> {{last_run.run_parameters.regions}}</p>\n                    {{/if}}\n                    <p><strong>Scout version:</strong> <samp>{{last_run.version}}</samp></p>\n                    <p><strong>Using ruleset</strong> <samp>{{last_run.ruleset_name}}</samp>:\n                    <p class=\"ml-4 mr-4 text-justify\"><em>{{last_run.ruleset_about}}</em></p>\n                </div>\n            </div>\n        </div>\n    </div>\n</script>\n\n<script>\n    var last_run_details_template = Handlebars.compile($(\"#last_run_details-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/left_menu.html",
    "content": "<!-- Generic left-menu link partial for resources -->\n<script id=\"left_menu.partial\" type=\"text/x-handlebars-template\">\n  <div id=\"services.{{service_name}}.{{resource_type}}.list\">\n    <div class=\"list-group\" >\n      <div class=\"list-group-item\">\n        <a href=\"#services.{{service_name}}.{{resource_type}}\">Show all <span class=\"badge float-right\">{{items.length}}</span></a>\n      </div>\n    </div>\n    <div class=\"list-group\">\n      {{#each items}}\n      <div class=\"list-group-item\" id=\"services.{{../service_name}}.{{../resource_type}}.{{id}}.link\">\n        <a href=\"#services.{{../service_name}}.{{../resource_type}}.{{id}}.view\">{{name}}</a>\n      </div>\n      {{/each}}\n    </div>\n</script>\n<script>\n    Handlebars.registerPartial(\"left_menu\", $(\"#left_menu\\\\.partial\").html());\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/metadata.html",
    "content": "<!-- Per Service Type navigation bar -->\n<script id=\"metadata.list.template\" type=\"text/x-handlebars-template\">\n      <div class=\"container\">\n        <div class=\"navbar-header\">\n          <span class=\"navbar-brand\"><a id=\"scoutsuite_navbar\" class=\"text-white\" href=\"javascript:showMainDashboard()\">Scout</a></span>\n        </div>\n        <div class=\"navbar-collapse collapse\">\n            <ul class=\"nav navbar-nav\">\n                {{#each items}}\n                <li id=\"{{@key}}_navbar\" class=\"nav-item dropdown\">\n                    <a href=\"#\" class=\"nav-link dropdown-toggle\" role=\"button\" data-toggle=\"dropdown\">{{makeTitle @key}}</a>\n                    <ul class=\"dropdown-menu\" role=\"button\">\n                        {{#if summaries}}\n                            <li class=\"dropdown-submenu\">\n                                <a href=\"#\" class=\"dropdown-toggle nav-link\" data-toggle=\"dropdown\">Summaries</a>\n                                <ul class=\"dropdown-menu\">\n                                    {{#each summaries}}\n                                    <li><a class=\"dropdown-item nav-link\" href=\"#{{path}}\" id=\"{{@key}}_subnavbar\">{{makeTitle @key}}</a></li>\n                                    {{/each}}\n                                </ul>\n                                <div class=\"dropdown-divider\"></div>\n                            </li>\n                        {{/if}} \n\n                        {{#each this}} {{#unlessEqual @key 'summaries'}} {{#unless hidden}}\n                            <li class=\"dropdown-submenu\">\n                                <a href=\"#\" class=\"dropdown-toggle nav-link\" data-toggle=\"dropdown\">{{ makeTitle @key }}</a>\n                                <ul class=\"dropdown-menu\">\n                                    <li class=\"dropdown-header\">Summaries</li>\n                                    <li><a class=\"dropdown-item\" href=\"#services.{{@key}}.findings\" id=\"{{@key}}_subnavbar\">Dashboard</a></li>\n                                    {{#each summaries}} {{#if risks}}\n                                        <li class=\"dropdown-submenu\"><a href=\"#{{path}}\" id=\"{{@key}}_subnavbar\">{{makeTitle @key}}</a>\n                                            <ul class=\"dropdown-menu\">\n                                                <li class=\"dropdown-header\">Security risks</li>\n                                                {{#each risks}}\n                                                <li><a class=\"dropdown-item\" href=\"#services.{{@../../key}}.findings.{{this}}.items\" id=\"{{@key}}_subnavbar\">\n                                                    {{getValueAt 'services' @../../key 'findings' this 'description'}}\n                                                </a></li>\n                                                {{/each}}\n                                            </ul>\n                                        </li>\n                                    {{else}}\n                                        <li><a class=\"dropdown-item\" href=\"#{{path}}\" id=\"{{@key}}_subnavbar\">{{makeTitle @key}}</a></li>\n                                    {{/if}} {{/each}}\n\n                                    <li class=\"dropdown-divider\"></li>\n                                    <li class=\"dropdown-header\">{{makeTitle @key}} config</li>\n                                    {{#each resources}} {{#unless hidden}} {{#if risks}}\n                                        <li class=\"dropdown-submenu\"><a href=\"#{{path}}\" id=\"{{@key}}_subnavbar\">{{makeTitle @key}} ({{count}})</a>\n                                            <ul class=\"dropdown-menu\">\n                                                <li class=\"dropdown-header\">Security risks</li>\n                                                {{#each risks}}\n                                                <li><a class=\"dropdown-item\" href=\"#services.{{@../../key}}.findings.{{this}}.items\" id=\"{{@key}}_subnavbar\">\n                                                    {{getValueAt 'services' @../../key 'findings' this 'description'}}\n                                                </a></li>\n                                                {{/each}}\n                                            </ul>\n                                        </li>\n                                    {{else}} {{#if count}}\n                                        <li><a class=\"dropdown-item\" href=\"#{{path}}\" id=\"{{@key}}_subnavbar\">{{makeTitle @key}} ({{count}})</a></li>\n                                    {{else}}\n                                        <li class=\"disabled\"><a class=\"dropdown-item disabled\" href=\"\">{{makeTitle @key}}</a></li>\n                                    {{/if}} {{/if}} {{/unless}} {{/each}}\n                                </ul>\n                            </li>\n                        {{/unless}} {{/unlessEqual}} {{/each}}\n                    </ul>\n                </li>\n                {{/each}}\n            </ul>\n\n            <ul class=\"nav navbar-nav ml-auto\">\n              <li class=\"nav-item dropdown\">\n                <a href=\"#\" class=\"nav-link dropdown-toggle\" data-toggle=\"dropdown\">Filters</a>\n                <ul class=\"dropdown-menu\" id=\"filters.list\">\n                </ul>\n              </li>\n              <li class=\"nav-item dropdown\">\n                <a href=\"#\" class=\"nav-link dropdown-toggle\" data-toggle=\"dropdown\"><i class=\"fa fa-cog\"></i></a>\n                <ul class=\"dropdown-menu\">\n                  <li><a class=\"dropdown-item\" href=\"javascript:showLastRunDetails()\">Execution Details</a></li>\n                  <li><a class=\"dropdown-item\" href=\"javascript:showResourcesDetails()\">Resources Details</a></li>\n                  <li><a class=\"dropdown-item\" href=\"javascript:downloadExceptions()\">Export Exceptions</a><a id=\"downloadAnchorElem\" style=\"display:none\"></a></li>\n                  <li><a class=\"dropdown-item\" href=\"javascript:exportSummary()\">Export Summary</a></li>\n                    <li><a class=\"dropdown-item\" href=\"javascript:showAbout()\">About Scout</a></li>\n                  <li><span>Dark theme</span>\n                    <label class=\"switch\">\n                      <input type=\"checkbox\" id=\"theme_checkbox\" onclick=\"toggleTheme()\">\n                      <span class=\"slider round\"></span>\n                    </label></a>\n                  </li>\n                </ul>\n              </li>\n            </ul>\n          </div>\n      </div>\n  </script>\n\n<script src=\"inc-scoutsuite/theme.js\"></script>\n<script>\n    loadLastTheme();\n    if (isDarkThemeEnabled() && document.getElementById(\"theme_checkbox\")) {\n        document.getElementById(\"theme_checkbox\").checked = true;\n    }\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/modal.html",
    "content": "<script id=\"modal-template\" type=\"text/x-handlebars-template\">\n    {{#if name}}\n    <style>\n        .modal-dialog #resource-name { display: none; }        \n    </style>\n    {{/if}}\n\n    <div class=\"modal-dialog modal-lg modal-dialog-centered\" role=\"document\">\n        <div class=\"modal-content\">\n            <div class=\"modal-header\">\n                <h5 class=\"modal-title\">{{name}}</h5>\n                <button type=\"button\" class=\"close\" data-dismiss=\"modal\" aria-label=\"Close\">\n                    <span aria-hidden=\"true\">&times;</span>\n                </button>\n            </div>\n            <div class=\"modal-body\">\n                {{> (lookup . 'template') }}\n            </div>\n        </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"modal-template\", $(\"#modal-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/network_interface.html",
    "content": "<!-- Network interface partial -->\n<script id=\"network_interface.partial\" type=\"text/x-handlebars-template\" xmlns=\"http://www.w3.org/1999/html\">\n  <div class=\"accordion\">\n      <h5 class=\"list-group-item-heading accordion-heading\"><samp>{{@key}}</samp>\n          <a class=\"accordion-toggle collapsed\" data-toggle=\"collapse\" href=\"#{{escape_dots (concat 'ec2.regions' region 'vpcs' vpc 'instances' instance_id 'network_interfaces' network_interface)}}\">\n              <span class=\"badge float-right btn-info\">Details</span>\n          </a>\n      </h5>\n      <div id=\"{{concat 'ec2.regions' region 'vpcs' vpc 'instances' instance_id 'network_interfaces' network_interface}}\" class=\"accordion-body item-margin collapse\">\n          <div class=\"accordion-inner\">\n              <ul>\n                  {{#if Description}}<li class=\"list-group-item-text no-margin\">Description: {{Description}}</li>{{/if}}\n                      {{#if Association}}\n                          <li class=\"list-group-item-text no-margin\">Public IP: <samp>{{Association.PublicIp}}</samp></li>\n                  {{#if Association.PublicDnsName}}<li class=\"list-group-item-text no-margin\">Public DNS: <samp>{{Association.PublicDnsName}}</samp></li>{{/if}}\n                  {{/if}}\n                  {{#if Attachment}}\n                  <li class=\"list-group-item-text no-margin\">Attached to Instance: <samp>{{Attachment.InstanceId}}</samp></li>\n                  {{/if}}\n                  {{#if Ipv6Addresses}}\n                      <li class=\"list-group-item-text no-margin\">IPv6 Addresses:</li>\n                      <ul>\n                          {{#each Ipv6Addresses}}\n                          <li class=\"list-group-item-text\"><samp>{{Ipv6Address}}</samp></li>\n                          {{/each}}\n                      </ul>\n                  {{/if}}\n                  {{#each PrivateIpAddresses}}\n                  <li class=\"list-group-item-text no-margin\">{{#if Primary}}Primary {{/if}}Private IP: <samp>{{PrivateIpAddress}}</samp></li>\n                  {{/each}}\n                  <li class=\"list-group-item-text no-margin\">Security Groups:\n                      <ul>\n                          {{#each Groups}}\n                              <li><a href=\"javascript:showObject('services.ec2.regions.{{../region}}.vpcs.{{../vpc}}.security_groups.{{GroupId}}')\">{{GroupName}}</a></li>\n                          {{/each}}\n                      </ul>\n                  </li>\n              </ul>\n          </div>\n      </div>\n  </div>\n</script>\n\n<script>\n  Handlebars.registerPartial(\"network_interface\", $(\"#network_interface\\\\.partial\").html());\n</script>\n\n<!-- Single instance template -->\n<script id=\"single_network_interface-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='network_interface' name=network_interface}}\n</script>\n\n<script>\n  var single_ec2_network_interface_template = Handlebars.compile($(\"#single_network_interface-template\").html());\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/oci/services.identity.groups.html",
    "content": "\n<!-- identity groups -->\n<script id=\"services.identity.groups.partial\" type=\"text/x-handlebars-template\">\n  <div id=\"resource-name\" class=\"list-group-item active\">\n    <h4 class=\"list-group-item-heading\">{{name}}</h4>\n  </div>\n  <div class=\"list-group-item\">\n    <h4 class=\"list-group-item-heading\">Information</h4>\n    <div class=\"list-group-item-text item-margin\">Name: <span id=\"identity.groups.{{@key}}.name\"><samp>{{name}}</samp></span></div>\n    <div class=\"list-group-item-text item-margin\">ID: <span id=\"identity.groups.{{@key}}.id\"><samp>{{identifier}}</samp></span></div>\n    <div class=\"list-group-item-text item-margin\">Compartment Id: <span id=\"identity.groups.{{@key}}.compartment_id\"><samp>{{compartment_id}}</samp></span></div>\n    <div class=\"list-group-item-text item-margin\">Description: <span id=\"identity.groups.{{@key}}.description\"><samp>{{description}}</samp></span></div>\n    <div class=\"list-group-item-text item-margin\">Time Created: <span id=\"identity.groups.{{@key}}.time_created\">{{format_date time_created}}</span></div>\n    <div class=\"list-group-item-text item-margin\">Lifecycle State: <span id=\"identity.groups.{{@key}}.lifecycle_state\"><samp>{{lifecycle_state}}</samp></span></div>\n    <div class=\"list-group-item-text item-margin\">Inactive Status: <span id=\"identity.groups.{{@key}}.inactive_status\"><samp>{{inactive_status}}</samp></span></div>\n    <div class=\"list-group-item-text item-margin\">Defined Tags: <span id=\"identity.groups.{{@key}}.defined_tags\"><samp>{{defined_tags}}</samp></span></div>\n    <div class=\"list-group-item-text item-margin\">Freeform Tags: <span id=\"identity.groups.{{@key}}.freeform_tags\"><samp>{{freeform_tags}}</samp></span></div>\n  </div>\n  <div class=\"list-group-item\" style=\"padding-bottom: 0 !important;\">\n    <h4 class=\"list-group-item-heading\">Members\n      {{> count_badge count=users.length target=(concat '#identity.groups' id 'users')}}\n    </h4>\n    <div class=\"accordion-inner\">\n      <ul>\n        {{#each this.users}}\n        <li><a href=\"javascript:showObject('services.identity.users.{{this.user_id}}')\">{{getValueAt 'services.identity.users' this.user_id 'name'}}</a></li>\n        {{/each}}\n      </ul>\n    </div>\n  </div>\n</script>\n\n<script>\n  Handlebars.registerPartial(\"services.identity.groups\", $(\"#services\\\\.identity\\\\.groups\\\\.partial\").html());\n</script>\n\n<!-- Single identity group template -->\n<script id=\"single_identity_group-template\" type=\"text/x-handlebars-template\">\n  {{> modal-template template='services.identity.groups'}}\n</script>\n<script>\n  var single_identity_group_template = Handlebars.compile($(\"#single_identity_group-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/oci/services.identity.policies.html",
    "content": "\n<!-- Identity policy -->\n<script id=\"services.identity.policies.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"identity.policies.{{@key}}.id\"><samp>{{identifier}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"identity.policies.{{@key}}.name\">{{name}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Description: <span id=\"identity.policies.{{@key}}.description\">{{description}}</span></div>\n        <div class=\"list-group-item-text item-margin\">State: <span id=\"identity.policies.{{@key}}.state\">{{state}}</span></div>\n    </div>\n    {{#if statements }}\n    <div class=\"list-group-item\">\n        <h5 class=\"list-group-item-heading\" id=\"identity.policies.{{@key}}.statements\">Statements</h5>\n        <ul>\n            {{#each statements}}\n            <li><code>{{this}}</code></li>\n            {{/each}}\n        </ul>\n    </div>\n    {{/if}}\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.identity.policies\", $(\"#services\\\\.identity\\\\.policies\\\\.partial\").html());\n</script>\n\n<!-- Single identity policy template -->\n<script id=\"single_identity_policy-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.identity.policies'}}\n</script>\n<script>\n    var single_identity_policy_template = Handlebars.compile($(\"#single_identity_policy-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/oci/services.identity.users.html",
    "content": "\n<!-- Identity user -->\n<script id=\"services.identity.users.partial\" type=\"text/x-handlebars-template\">\n  <div id=\"resource-name\" class=\"list-group-item active\">\n    <h4 class=\"list-group-item-heading\">{{name}}</h4>\n  </div>\n  <div class=\"list-group-item\">\n    <h4 class=\"list-group-item-heading\">Information</h4>\n    <div class=\"list-group-item-text item-margin\">Name: <span id=\"identity.users.{{@key}}.name\">{{name}}</span></div>\n    <div class=\"list-group-item-text item-margin\">ID: <span id=\"identity.users.{{@key}}.id\"><samp>{{identifier}}</samp></span></div>\n  </div>\n  {{#if api_keys_count }}\n  <div class=\"list-group-item\">\n    <h5 class=\"list-group-item-heading\" id=\"identity.users.{{@key}}.multiple_api_keys\">API Keys</h5>\n    <ul>\n      {{#each api_keys}}\n      <li>Fingerprint: <code>{{fingerprint}}</code></li>\n      <ul>\n        <li>State: <samp>{{state}}</samp></li>\n      </ul>\n      {{/each}}\n    </ul>\n  </div>\n  {{/if}}\n  <div class=\"list-group-item\">\n    <h4 class=\"list-group-item-heading\">Groups\n      {{> count_badge count=groups.length}}\n    </h4>\n    <ul>\n      {{#each groups}}\n      <li class=\"list-group-item-text\"><a href=\"javascript:showObject('services.identity.groups.{{this.id}}')\">{{this.name}}</a></li>\n      {{/each}}\n    </ul>\n  </div>\n</script>\n\n<script>\n  Handlebars.registerPartial(\"services.identity.users\", $(\"#services\\\\.identity\\\\.users\\\\.partial\").html());\n</script>\n\n<!-- Single identity user template -->\n<script id=\"single_identity_user-template\" type=\"text/x-handlebars-template\">\n  {{> modal-template template='services.identity.users'}}\n</script>\n<script>\n  var single_identity_user_template = Handlebars.compile($(\"#single_identity_user-template\").html());\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/oci/services.kms.keyvaults.html",
    "content": "<!-- kms keyvaults -->\n<script id=\"services.kms.keyvaults.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">ID: <span id=\"kms.keyvaults.{{@key}}.id\"><samp>{{identifier}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Display Name: <span id=\"kms.keyvaults.{{@key}}.display_name\"><samp>{{display_name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Time Created: <span id=\"kms.keyvaults.{{@key}}.time_created\">{{format_date time_created}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Compartment ID: <span id=\"kms.keyvaults.{{@key}}.compartment_id\"><samp>{{compartment_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Vault Type: <span id=\"kms.keyvaults.{{@key}}.vault_type\"><samp>{{vault_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Lifecycle State: <span id=\"kms.keyvaults.{{@key}}.lifecycle_state\"><samp>{{lifecycle_state}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Management Endpoint: <span id=\"kms.keyvaults.{{@key}}.management_endpoint\"><samp>{{management_endpoint}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Crypto Endpoint: <span id=\"kms.keyvaults.{{@key}}.crypto_endpoint\"><samp>{{crypto_endpoint}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Defined Tags: <span id=\"kms.keyvaults.{{@key}}.defined_tags\"><samp>{{defined_tags}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Freeform Tags: <span id=\"kms.keyvaults.{{@key}}.freeform_tags\"><samp>{{freeform_tags}}</samp></span></div>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\"><span id=\"kms.keyvaults.{{@key}}.keys\">Keys:</span></h5>\n            <div class=\"accordion-inner\">\n                <ul>\n                    {{#each keys}}\n                    <li><span id=\"kms.keyvaults.{{@../key}}.keys.{{@key}}.id\"><samp>{{identifier}}</samp></span></li>\n                    <ul>\n                        <div class=\"list-group-item-text item-margin\">Display Name: <span id=\"kms.keyvaults.{{@../key}}.keys.{{@key}}.display_name\"><samp>{{display_name}}</samp></span></div>\n                        <div class=\"list-group-item-text item-margin\">Time Created: <span id=\"kms.keyvaults.{{@../key}}.keys.{{@key}}.time_created\">{{format_date time_created}}</span></div>\n                        <div class=\"list-group-item-text item-margin\">Compartment ID: <span id=\"kms.keyvaults.{{@../key}}.keys.{{@key}}.compartment_id\"><samp>{{compartment_id}}</samp></span></div>\n                        <div class=\"list-group-item-text item-margin\">Vault ID: <span id=\"kms.keyvaults.{{@../key}}.keys.{{@key}}.vault_id\"><samp>{{vault_id}}</samp></span></div>\n                        <div class=\"list-group-item-text item-margin\">Lifecycle State: <span id=\"kms.keyvaults.{{@../key}}.keys.{{@key}}.lifecycle_state\"><samp>{{lifecycle_state}}</samp></span></div>\n                        <div class=\"list-group-item-text item-margin\">Defined Tags: <span id=\"kms.keyvaults.{{@../key}}.keys.{{@key}}.defined_tags\"><samp>{{defined_tags}}</samp></span></div>\n                        <div class=\"list-group-item-text item-margin\">Freeform Tags: <span id=\"kms.keyvaults.{{@../key}}.keys.{{@key}}.freeform_tags\"><samp>{{freeform_tags}}</samp></span></div>\n                    </ul>\n                    {{else}}\n                    <li><samp>None</samp></li>\n                    {{/each}}\n                </ul>\n            </div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.kms.keyvaults\", $(\"#services\\\\.kms\\\\.keyvaults\\\\.partial\").html());\n</script>\n\n<!-- Single kms keyvault template -->\n<script id=\"single_kms_keyvault-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.kms.keyvaults'}}\n</script>\n<script>\n    var single_kms_keyvault_template = Handlebars.compile($(\"#single_kms_keyvault-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/oci/services.objectstorage.buckets.html",
    "content": "\n<!-- objectstorage buckets -->\n<script id=\"services.objectstorage.buckets.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{name}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>\n        <div class=\"list-group-item-text item-margin\">Name: <span id=\"objectstorage.buckets.{{@key}}.name\"><samp>{{name}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Time Created: <span id=\"objectstorage.buckets.{{@key}}.time_created\">{{format_date time_created}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Created By: <span id=\"objectstorage.buckets.{{@key}}.created_by\"><samp>{{created_by}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Compartment ID: <span id=\"objectstorage.buckets.{{@key}}.compartment_id\"><samp>{{compartment_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Namespace: <span id=\"objectstorage.buckets.{{@key}}.namespace\"><samp>{{namespace}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Public Access Type: <span id=\"objectstorage.buckets.{{@key}}.public_access_type\"><samp>{{public_access_type}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">KMS Key ID: <span id=\"objectstorage.buckets.{{@key}}.kms_key_id\"><samp>{{value_or_none kms_key_id}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Storage Tier: <span id=\"objectstorage.buckets.{{@key}}.storage_tier\"><samp>{{storage_tier}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Approximate Count: <span id=\"objectstorage.buckets.{{@key}}.approximate_count\"><samp>{{approximate_count}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Approximate Size: <span id=\"objectstorage.buckets.{{@key}}.approximate_size\"><samp>{{approximate_size}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Metadata: <span id=\"objectstorage.buckets.{{@key}}.metadata\"><samp>{{metadata}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Defined Tags: <span id=\"objectstorage.buckets.{{@key}}.defined_tags\"><samp>{{defined_tags}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Freeform Tags: <span id=\"objectstorage.buckets.{{@key}}.freeform_tags\"><samp>{{freeform_tags}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Etag: <span id=\"objectstorage.buckets.{{@key}}.etag\"><samp>{{etag}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Object Lifecycle Policy Etag: <span id=\"objectstorage.buckets.{{@key}}.object_lifecycle_policy_etag\"><samp>{{object_lifecycle_policy_etag}}</samp></span></div>\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.objectstorage.buckets\", $(\"#services\\\\.objectstorage\\\\.buckets\\\\.partial\").html());\n</script>\n\n<!-- Single objectstorage bucket template -->\n<script id=\"single_objectstorage_bucket-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='services.objectstorage.buckets'}}\n</script>\n<script>\n    var single_objectstorage_bucket_template = Handlebars.compile($(\"#single_objectstorage_bucket-template\").html());\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/policy.html",
    "content": "    <!-- Policy partial -->\n    <script id=\"policy.partial\" type=\"text/x-handlebars-template\">\n        <pre class=\"code\">{{jsonToString document}}</pre>\n    </script>\n    <script>\n      Handlebars.registerPartial(\"policy\", $(\"#policy\\\\.partial\").html());\n    </script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/report_footer.html",
    "content": "<footer id=\"report-footer\">\n    <div>\n        <p>Scout Suite is an open-source tool released by <a href=\"https://www.nccgroup.trust\" rel=\"author\" target=\"_blank\">NCC Group</a>\n            <img src=\"inc-scoutsuite/favicon.ico\" rel=\"icon\" type=\"image/x-icon\" alt=\"Red dot\" />\n        </p>\n    </div>\n</footer>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/resource_link.html",
    "content": "    <!-- Generic link to other resources -->\n    <script id=\"resource_link.partial\" type=\"text/x-handlebars-template\">\n        <a href=\"javascript:showObject('{{resource_path}}')\">\n            {{getValueAt resource_path 'name'}}\n        </a>\n    </script>\n    <script>\n        Handlebars.registerPartial(\"resource_link\", $(\"#resource_link\\\\.partial\").html());\n    </script>"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/resources_details.html",
    "content": "<script id=\"resources_details-template\" type=\"text/x-handlebars-template\">\n    <div class=\"modal-dialog modal-lg modal-dialog-centered\" role=\"document\">\n        <div class=\"modal-content\">\n            <div class=\"modal-header\">\n                <h5 class=\"modal-title\">Resources Details\n                    <button id=\"resources_details_download_csv_button\" type=\"button\" class=\"btn btn-secondary\"><i class=\"fa fa-download\"></i>CSV</button>\n                </h5>\n                <button type=\"button\" class=\"close\" data-dismiss=\"modal\" aria-label=\"Close\">\n                    <span aria-hidden=\"true\">&times;</span>\n                </button>\n            </div>\n            <div class=\"modal-body m-3\">\n                <div>\n                    <table class=\"table\">\n                        <thead class=\"thead-dark\">\n                        <tr>\n                            <th scope=\"col\">Service</th>\n                            <th scope=\"col\">Resource</th>\n                            <th scope=\"col\">#</th>\n                        </tr>\n                        </thead>\n                        <tbody>\n                        {{#each metadata}}\n                            {{#each this}}\n                                {{#each this.resources}}\n                                    <tr>\n                                        {{#if this.count}}\n                                            <th>{{makeTitle @../key}}</th>\n                                            <th>{{makeTitle @key}}</th>\n                                            <th>{{this.count}}</th>\n                                        {{/if}}\n                                    </tr>\n                                {{/each}}\n                            {{/each}}\n                        {{/each}}\n                        </tbody>\n                    </table>\n                </div>\n            </div>\n        </div>\n</script>\n\n<script>\n    var resources_details_template = Handlebars.compile($(\"#resources_details-template\").html())\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/partials/singles.html",
    "content": "\n<!-- Single Redshift cluster template -->\n<script id=\"single_redshift_cluster-template\" type=\"text/x-handlebars-template\">\n    {{> modal-template template='redshift_cluster'}}\n</script>\n<script>\n    var single_redshift_cluster_template = Handlebars.compile($(\"#single_redshift_cluster-template\").html());\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/report.html",
    "content": "<!DOCTYPE html>\n<html lang=\"en\" xmlns=\"http://www.w3.org/1999/html\">\n<head>\n    <meta charset=\"utf-8\">\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n    <meta name=\"description\" content=\"\">\n    <meta name=\"author\" content=\"\">\n\n    <title>Scout Report</title>\n\n    <!-- NCC favicon --> \n    <link href=\"inc-scoutsuite/favicon.ico\" rel=\"icon\" type=\"image/x-icon\">\n\n    <!-- Bootstrap core CSS -->\n    <link href=\"inc-bootstrap/css/bootstrap.min.css\" rel=\"stylesheet\">\n    \n    <!-- Bootstrap theme -->\n    <link id=\"bootstrap-theme\" href=\"inc-bootstrap/css/bootstrap-light.min.css\" rel=\"stylesheet\">\n    \n    <!-- Fontawesome CSS -->\n    <link href=\"inc-fontawesome/css/all.min.css\" rel=\"stylesheet\">\n    <!-- Fallback fonts to solve CORS issue-->\n    <link href=\"https://use.fontawesome.com/releases/v5.6.3/css/all.css\" rel=\"stylesheet\">\n    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->\n    <!--[if lt IE 9]>\n    <script src=\"https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js\"></script>\n    <script src=\"https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js\"></script>\n    <![endif]-->\n\n    <!-- jQuery -->\n    <script src=\"inc-jquery/jquery-3.3.1.min.js\"></script>\n\n    <!-- Handlebars -->\n    <script src=\"inc-handlebars/handlebars-v3.0.0.js\"></script>\n\n    <!-- Scout -->\n    <script src=\"inc-scoutsuite/scoutsuite.js\"></script>\n    <script src=\"inc-scoutsuite/pagination.js\"></script>\n    <script src=\"inc-scoutsuite/provider.js\"></script>\n    <script src=\"inc-scoutsuite/helpers.js\"></script>\n    <link href=\"inc-scoutsuite/css/scoutsuite.css\" rel=\"stylesheet\">\n    <link id=\"scout-theme\" href=\"inc-scoutsuite/css/scoutsuite-light.css\" rel=\"stylesheet\">\n</head>\n\n<body>\n\n    <!------------------>\n    <!-- Fixed navbar -->\n    <!------------------>\n\n    <div class=\"navbar fixed-top navbar-expand-md bg-primary\" role=\"navigation\" id=\"metadata.list\"></div>\n\n    <!--------------->\n    <!-- Container -->\n    <!--------------->\n\n    <div class=\"container theme-showcase mt-5 pt-5\" id=\"container-user\">\n\n        <!-- AWS account ID -->\n        <div class=\"row justify-content-center\" id=\"account_id.details\">\n            <h4>\n                <div class=\"list-group-item-text std-size\" onclick=\"toggle_element('scout_display_account_id_on_all_pages_form')\" >\n                    <span id=\"account_id\"></span>\n                </div>\n                <div id=\"scout_display_account_id_on_all_pages_form\" class=\"list-group-item-text center std-size\" style=\"text-align: center; display: none\">\n                    <label><input id=\"scout_display_account_id_on_all_pages\" type=\"checkbox\" value=\"\">Display account ID on all pages</label>\n                </div>\n            </h4>\n        </div>\n\n        <!-- Title section -->\n        <!--<div id=\"section_title-div\">-->\n        <div id=\"section_title-div\" style=\"display:flex;flex-direction:column;position:relative;\">\n            <h2 id=\"section_title-h2\"></h2>\n            <div id=\"findings_download_button\" style=\"display:none;position:relative;margin-left:auto\">\n                <button id=\"findings_download_csv_button\" type=\"button\" class=\"btn btn-secondary\"><i class=\"fa fa-download\"></i>CSV</button>\n                <button id=\"findings_download_json_button\" type=\"button\" class=\"btn btn-secondary\"><i class=\"fa fa-download\"></i>JSON</button>\n            </div>\n        </div>\n\n        <!-- One column container -->\n        <div class=\"row\">\n            <div class=\"col-sm-12 w-100\" id=\"single-column\">\n            </div>\n\n            <!-- Two columns container -->\n            <div class=\"row w-100\">\n                <div class=\"col-sm-3 w-100 text-overflow\" id=\"double-column-left\"></div>\n                <div class=\"col-sm-9 w-100 pr-0\" id=\"double-column-right\"></div>\n            </div>\n\n            <!-- CONTENTS PLACEHOLDER -->\n\n            <div class=\"modal-backdrop fade show\" id=\"please-wait-backdrop\"></div>\n            <div class=\"modal fade show\" tabindex=\"-1\" role=\"dialog\" id=\"please-wait-modal\" style=\"padding-right: 17px; display: block;\" aria-modal=\"true\">\n                <div class=\"modal-dialog modal-dialog-centered\" role=\"document\">\n                    <div class=\"modal-content\">\n                        <div class=\"modal-header\">\n                            <h5 class=\"modal-title\">Please wait</h5>\n                        </div>\n                        <div class=\"modal-body\">\n                            <div class=\"row list-group-item\">\n                                <p>Loading data, this may take a while...</p>\n                            </div>\n                        </div>\n                    </div>\n                </div>\n            </div>\n\n            <!-- About-run dashboard -->\n            <script id=\"last_run.details.template\" type=\"text/x-handlebars-template\">\n                <h4>\n                    <div class=\"row std-size\" id=\"last_run.details\">\n                        <div class=\"list-group-item active ml-3\">\n                            <div class=\"list-group-item-heading\">Dashboard</div>\n                        </div>\n                        <div class=\"accordion\" id=\"last_run\">\n                            <a class=\"card\">\n                                <div class=\"card-header card-header-dark\">Service\n                                    <div class=\"col-sm-2 float-right\" style=\"text-align: center\">Checks</div>\n                                    <div class=\"col-sm-2 float-right\" style=\"text-align: center\">Findings</div>\n                                    <div class=\"col-sm-2 float-right\" style=\"text-align: center\">Rules</div>\n                                    <div class=\"col-sm-2 float-right\" style=\"text-align: center\">Resources</div>\n                                </div>\n                            </a>\n                            {{#each items.summary}}\n                            <div class=\"card finding-title finding-title-{{dashboard_color level rules_count rules_count}} plain-link\">\n                                <a href=\"#services.{{@key}}.findings\">\n                                    <div class=\"finding-title card-header\">\n                                        <i class=\"fa finding-badge finding-badge-{{dashboard_color max_level checked_items flagged_items}}\"></i>\n                                        {{makeTitle @key}}\n                                        <div class=\"col-sm-2 float-right\" style=\"text-align: center\">{{checked_items}}</div>\n                                        <div class=\"col-sm-2 float-right\" style=\"text-align: center\">{{flagged_items}}</div>\n                                        <div class=\"col-sm-2 float-right\" style=\"text-align: center\">{{rules_count}}</div>\n                                        <div class=\"col-sm-2 float-right\" style=\"text-align: center\">{{resources_count}}</div>\n                                    </div>\n                                </a>\n                            </div>\n                            {{/each}}\n                        </div>\n                    </div>\n                </h4>\n            </script>\n\n            <!-- Service-specific dashboards -->\n            <div class=\"row\">\n                <div class=\"col-sm-12\" id=\"services.id.findings.details\">\n                    <script id=\"services.id.findings.details.template\" type=\"text/x-handlebars-template\">\n                        {{#each items}}\n                        {{> dashboard service_name = @key}}\n                        {{/each}}\n                    </script>\n                </div>\n            </div>\n\n        </div> <!-- /container -->\n\n        <!-- Bootstrap core JavaScript, placed at the end of the document so the pages load faster -->\n        <script src=\"inc-bootstrap/js/bootstrap.min.js\"></script>\n\n        <!-- Display dashbord -->\n        <script>\n            loadMetadata();\n        </script>\n\n        <!-- Paging section -->\n        <div id=\"section_paging-div\" style=\"display:flex;flex-direction:column\">\n            <h2 id=\"section_paging-h2\"></h2>\n            <div id=\"paging_buttons\" style=\"margin:auto\">\n                <button id=\"page_backward\" type=\"button\" class=\"btn btn-secondary\" disabled><i class=\"fa fa-arrow-circle-left\"></i> Back</button>\n                <button id=\"page_forward\" type=\"button\" class=\"btn btn-secondary\">Next <i class=\"fa fa-arrow-circle-right\"></i></button>                \n            </div>\n        </div>\n\n        <!-- Used by showPopup -->\n        <div id=\"modal-container\" class=\"modal fade\" tabindex=\"-1\" role=\"dialog\"></div>\n\n    </div>\n\n</body>\n\n\n</html>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/aliyun/services.ram.password_policy.html",
    "content": "<!-- Account password policy -->\n<script id=\"services.ram.password_policy.details.template\" type=\"text/x-handlebars-template\">\n  <div class=\"list-group\" id=\"services.ram.password_policy.details\">\n    <div class=\"list-group\" id=\"services.ram.password_policy.view\">\n      <div class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">Password policy</h4>\n      </div>\n      <div class=\"list-group-item\">\n        <div class=\"list-group-item-text item-margin\">Minimum password length: <span id=\"ram.password_policy.minimum_password_length\">{{items.minimum_password_length}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Maximum login attempts: <span id=\"ram.password_policy.max_login_attempts\">{{items.max_login_attempts}} (a value of 0 indicates that the password retry constraint is disabled)</span></div>\n        <div class=\"list-group-item-text item-margin\">Password expiration period (in days): <span id=\"ram.password_policy.max_password_age\">{{items.max_password_age}} (a value of 0 indicates that the password never expires)</span></div>\n        <div class=\"list-group-item-text item-margin\">Disable Logon after Password Expiration: <span id=\"ram.password_policy.hard_expiry\"><samp>{{items.hard_expiry}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Prevent password reuse: <span id=\"ram.password_policy.password_reuse_prevention\"><samp>{{items.password_reuse_prevention}}</samp>\n            {{#if items.password_reuse_prevention}}\n             (users not allowed to use the latest <b>{{items.password_reuse_count}}</b> passwords)\n            {{/if}}\n        </span>\n        </div>\n        <div class=\"list-group-item-text item-margin\">Require at least one uppercase letter: <span id=\"ram.password_policy.require_uppercase_characters\"><samp>{{items.require_uppercase_characters}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Require at least one lowercase letter: <span id=\"ram.password_policy.require_lowercase_characters\"><samp>{{items.require_lowercase_characters}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Require at least one number: <span id=\"ram.password_policy.require_numbers\"><samp>{{items.require_numbers}}</samp></span></div>\n        <div class=\"list-group-item-text item-margin\">Require at least one non-alphanumeric character: <span id=\"ram.password_policy.require_symbols\"><samp>{{items.require_symbols}}</samp></span></div>\n      </div>\n    </div></div>\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/aliyun/services.ram.security_policy.html",
    "content": "<!-- Account security policy -->\n<script id=\"services.ram.security_policy.details.template\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group\" id=\"services.ram.security_policy.details\">\n        <div class=\"list-group\" id=\"services.ram.security_policy.view\">\n            <div class=\"list-group-item active\">\n                <h4 class=\"list-group-item-heading\">Security Policy</h4>\n            </div>\n            <div class=\"list-group-item\">\n                <div class=\"list-group-item-text item-margin\">Save MFA logon status for 7 days: <span id=\"ram.security_policy.enable_save_mfa_ticket\"><samp>{{items.enable_save_mfa_ticket}}</samp></span></div>\n                <div class=\"list-group-item-text item-margin\">Login Session Duration (hours): <span id=\"ram.security_policy.login_session_duration\">{{items.login_session_duration}}</span></div>\n                <div class=\"list-group-item-text item-margin\">Logon Address Mask:<span id=\"ram.security_policy.login_network_masks\"><samp>{{value_or_none items.login_network_masks}}</samp></span></div>\n                <div class=\"list-group-item-text item-margin\">Allow users to change password: <span id=\"ram.security_policy.allow_user_change_password\"><samp>{{items.allow_user_change_password}}</samp></span></div>\n                <div class=\"list-group-item-text item-margin\">Allow users to manage access keys: <span id=\"ram.security_policy.allow_user_manage_access_keys\"><samp>{{items.allow_user_manage_access_keys}}</samp></span></div>\n                <div class=\"list-group-item-text item-margin\">Allow users to manage MFA devices: <span id=\"ram.security_policy.allow_user_manage_mfa_devices\"><samp>{{items.allow_user_manage_mfa_devices}}</samp></span></div>\n                <div class=\"list-group-item-text item-margin\">Allow users to manage public keys: <span id=\"ram.security_policy.allow_user_manage_public_keys\"><samp>{{items.allow_user_manage_public_keys}}</samp></span></div>\n            </div>\n        </div></div>\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/attack_surface.html",
    "content": "<!-- Template for network attack surface -->\n<script id=\"attack_surface.partial\" type=\"text/x-handlebars-template\">\n  <div class=\"list-group\" id=\"services.{{service}}.attack_surface.details\">\n    <div class=\"list-group\" id=\"services.{{service}}.attack_surface.view\">\n       <div class=\"list-group\" id=\"{{service}}_attack_surfaces.list\">\n         <div class=\"row list-group-item active\">\n           <div class=\"col-sm-6\"><h4>Public IP/DNS</h4></div>\n           <div class=\"col-sm-6\"><h4>Open ports</h4></div>\n         </div>\n         {{#each items}}\n           <div class=\"row list-group-item\">\n             <div class=\"col-sm-6\">Public Address: <samp>{{@key}}</samp></div>\n             {{#if this.InstanceName}}\n             <div class=\"col-sm-6\">Instance Name: <samp>{{this.InstanceName}}</samp></div>\n             {{/if}}\n             {{#if this.PublicDnsName}}\n             <div class=\"col-sm-8\">Public DNS Name: <samp>{{this.PublicDnsName}}</samp></div>\n             {{/if}}\n             <div class=\"col-sm-6\">\n               <ul>\n               {{#each protocols ip = @key}}\n                 <li class=\"list-group-item-text\">{{@key}}</li>\n                 <ul>\n                 {{#each ports}}\n                   <li>{{@key}}</li>\n                   {{> ip_grants items = cidrs}}\n                 {{/each}}\n                 </ul>\n               {{/each}}\n               </ul>\n             </div>\n           </div>\n         {{/each}}\n       </div>\n    </div>\n  </div>\n</script>\n<script>\n    Handlebars.registerPartial(\"attack_surface\", $(\"#attack_surface\\\\.partial\").html());\n</script>\n\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/aws/services.ec2.external_attack_surface.html",
    "content": "<!-- Template for network attack surface -->\n<script id=\"services.ec2.external_attack_surface.details.template\" type=\"text/x-handlebars-template\">\n  {{> attack_surface service = 'ec2'}}\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/aws/services.elb.external_attack_surface.html",
    "content": "<!-- Template for network attack surface -->\n<script id=\"services.elb.external_attack_surface.details.template\" type=\"text/x-handlebars-template\">\n  {{> attack_surface service = 'elb'}}\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/aws/services.elbv2.external_attack_surface.html",
    "content": "<!-- Template for network attack surface -->\n<script id=\"services.elbv2.external_attack_surface.details.template\" type=\"text/x-handlebars-template\">\n  {{> attack_surface service = 'elbv2'}}\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/aws/services.iam.password_policy.html",
    "content": "\n  <!-- Account password policy -->\n  <script id=\"services.iam.password_policy.details.template\" type=\"text/x-handlebars-template\">\n  <div class=\"list-group\" id=\"services.iam.password_policy.details\">\n  <div class=\"list-group\" id=\"services.iam.password_policy.view\">\n    <div class=\"list-group-item active\">\n      <h4 class=\"list-group-item-heading\">Password policy</h4>\n    </div>\n    <div class=\"list-group-item\">\n    <div class=\"list-group-item-text item-margin\">Minimum password length: <span id=\"iam.password_policy.MinimumPasswordLength\">{{items.MinimumPasswordLength}}</span>\n        {{#ifLooseEqual items.MinimumPasswordLength 1}}\n        <i class=\"fa fa-exclamation-triangle\"></i> It should be noted that 1 character passwords are authorized when no password policy exists, even though the web console displays \"6\".\n        {{/ifLooseEqual}}\n    </div>\n      <div class=\"list-group-item-text item-margin\">Require at least one uppercase letter: <span id=\"iam.password_policy.RequireUppercaseCharacters\">{{items.RequireUppercaseCharacters}}</span></div>\n      <div class=\"list-group-item-text item-margin\">Require at least one lowercase letter: <span id=\"iam.password_policy.RequireLowercaseCharacters\">{{items.RequireLowercaseCharacters}}</span></div>\n      <div class=\"list-group-item-text item-margin\">Require at least one number: <span id=\"iam.password_policy.RequireNumbers\">{{items.RequireNumbers}}</span></div>\n      <div class=\"list-group-item-text item-margin\">Require at least one non-alphanumeric character: <span id=\"iam.password_policy.RequireSymbols\">{{items.RequireSymbols}}</span></div>\n      <div class=\"list-group-item-text item-margin\">Enable password expiration: <span id=\"iam.password_policy.ExpirePasswords\">{{items.ExpirePasswords}}</span></div>\n      {{#if items.MaxPasswordAge}}\n        <div class=\"list-group-item-text item-margin\">Password expiration period (in days): <span id=\"iam.password_policy.MaxPasswordAge\">{{items.MaxPasswordAge}}</span></div>\n      {{/if}}\n      <div class=\"list-group-item-text item-margin\">Prevent password reuse: <span id=\"iam.password_policy.PasswordReusePrevention\">{{items.PasswordReusePrevention}}</span></div>\n      {{#if items.PreviousPasswordPrevented}}\n        <div class=\"list-group-item-text item-margin\">Number of passwords to remember: <span id=\"iam.password_policy.PreviousPasswordPrevented\">{{items.PreviousPasswordPrevented}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Allow users to change their own password: <span id=\"iam.password_policy.AllowUsersToChangePassword\">{{items.AllowUsersToChangePassword}}</span></div>\n        <div class=\"list-group-item-text item-margin\">Allow users to set a new password after their password has expired: <span id=\"iam.password_policy.HardExpiry\">{{items.HardExpiry}}</span></div>\n      {{/if}}\n    </div>\n  </div></div>\n  </script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/aws/services.iam.permissions.html",
    "content": "\n<!-- IAM permissions -->\n<script id=\"services.iam.permissions.details.template\" type=\"text/x-handlebars-template\">\n  <div class=\"list-group\" id=\"services.iam.permissions.details\">\n    <div class=\"list-group\" id=\"services.iam.permissions.view\">\n      {{#each items}}\n        <!-- Action / NotAction -->\n        <div class=\"list-group\">\n          <div class=\"row list-group-item active\">\n            <div class=\"col-sm-4\"><h4>{{@key}} Permission</h4></div>\n            <div class=\"col-sm-8\"><h4>Details</h4></div>\n          </div>\n          {{#each this}}\n            <!-- Action value -->\n            <div class=\"row list-group-item\" id=\"services.iam.permissions\">\n              <div class=\"col-sm-4\">{{@key}}</div>\n              <div class=\"col-sm-8\">\n                {{#each this}}\n                  <!-- IAM Resource type -->\n                  {{addMember 'type' @key}}\n                  <div class=\"list-group-item-text\">{{makeTitle @key}}:</div>\n                  <ul>\n                    {{#each this}}\n                      <!-- Effect -->\n                      {{#ifShow @key 'type'}}\n                        <li class=\"list-group-item-text\">{{makeTitle @key}}:</li>\n                        <ul>\n                          {{#each this}}\n                            <div id=\"services.iam.permissions.{{../../../type}}.{{@key}}\"> <!-- filter -->\n                            <!-- IAM Resource ID -->\n                            {{addMember 'name' @key}}\n                            <li class=\"list-group-item-text\"><a href=\"javascript:showObject('services.iam.{{../../../type}}.{{@key}}')\">{{getValueAt 'services.iam' ../../../type @key 'name'}}</a></li>\n                            <ul>\n                              {{#each this}}\n                                <!-- Resource / NotResource -->\n                                {{#ifShow @key 'name'}}\n                                  <li class=\"list-group-item-text\">{{makeTitle @key}}s</li>\n                                  <ul class=\"no-bullet\">\n                                    {{#each this}}\n                                      <!-- Resource ARN -->\n                                      {{addMember 'Resource' @key}}\n                                      {{#each inline_policies}}\n                                        <li>\n                                          {{../Resource}} granted in <a href=\"javascript:showObject('services.iam.{{../../../../../../../type}}.{{../../../../name}}.inline_policies.{{@key}}')\">{{getValueAt 'services.iam' ../../../../../../../type ../../../../name 'inline_policies' @key 'name'}}</a>\n                                          {{#if condition}}\n                                            <ul class=\"no-bullet\">\n                                              <li class=\"list-group-item-text\">Condition: {{condition}}</li>\n                                            </ul>\n                                          {{/if}}\n                                        </li>\n                                      {{/each}}\n                                      {{#each policies}}\n                                        <li>\n                                          {{../Resource}} granted in <a href=\"javascript:showObject('services.iam.policies.{{@key}}')\">{{getValueAt 'services.iam.policies' @key 'name'}}</a>\n                                          {{#if condition}}\n                                            <ul class=\"no-bullet\">\n                                              <li class=\"list-group-item-text\">Condition: {{condition}}</li>\n                                            </ul>\n                                          {{/if}}\n                                        </li>\n                                      {{/each}}\n                                    {{/each}}\n                                  </ul>\n                                {{/ifShow}}\n                              {{/each}}\n                            </ul>\n                            </div>\n                          {{/each}}\n                        </ul>\n                      {{/ifShow}}\n                    {{/each}}\n                  </ul>\n                {{/each}}\n              </div>\n            </div>\n          {{/each}}\n        </div>\n      {{/each}}\n    </div>\n  </div>\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/aws/services.rds.external_attack_surface.html",
    "content": "<!-- Template for network attack surface -->\n<script id=\"services.rds.external_attack_surface.details.template\" type=\"text/x-handlebars-template\">\n  {{> attack_surface service = 'rds'}}\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/aws/services.redshift.external_attack_surface.html",
    "content": "\n<!-- Template for network attack surface -->\n<script id=\"services.redshift.external_attack_surface.details.template\" type=\"text/x-handlebars-template\">\n  {{> attack_surface service = 'redshift'}}\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/azure/.keep",
    "content": ""
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/do/.gitkeep",
    "content": ""
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/gcp/.keep",
    "content": ""
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/kubernetes/services.kubernetes_workload.images.html",
    "content": "<script id=\"services.workload.images.details.template\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group\" id=\"services.workload.images.details\">\n        <div class=\"list-group\" id=\"services.workload.images.view\">\n            <div class=\"list-group\">\n                <div class=\"row list-group-item active\"></div>\n\n                {{#each items}}\n                    <div class=\"row list-group-item\" id=\"services.workload.images\">\n                        {{ this }}\n                    </div>\n                {{/each}}\n            </div>\n        </div>\n    </div>\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/kubernetes/services.rbac.dangerous_grants.html",
    "content": "<script id=\"services.rbac.dangerous_grants.details.template\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group\" id=\"services.rbac.dangerous_grants.details\">\n        <div class=\"list-group\" id=\"services.rbac.dangerous_grants.view\">\n            <div class=\"list-group\">\n                {{#each items}}\n                    <div class=\"row list-group-item active\">\n                        <h4>Who can {{ @key }}</h4>\n                    </div>\n                    <div class=\"row list-group-item\">\n                        <table style=\"width: 100%\">\n                            <thead>\n                                <tr>\n                                    <th>Subject</th>\n                                    <th>Verb</th>\n                                    <th>Resource</th>\n                                    <th>Namespace</th>\n                                    <th>Binding</th>\n                                </tr>\n                            </thead>\n                            <tbody>\n                                {{#each this}}\n                                <tr>\n                                    <td>{{ kind }}/{{ name }}</td>\n                                    <td>{{ verb }}</td>\n                                    <td>{{ resource }}</td>\n                                    <td>{{ namespace }}</td>\n                                    <td>{{ binding_kind }}Binding/{{ binding_name }}</td>\n                                </tr>\n                                {{/each}}\n                            </tbody>\n                        </table>\n                    </div>\n                {{/each}}\n            </div>\n        </div>\n    </div>\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/kubernetes/services.rbac.dodgy_subjects.html",
    "content": "<script id=\"services.rbac.dodgy_subjects.details.template\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group\" id=\"services.rbac.dodgy_subjects.details\">\n        <div class=\"list-group\" id=\"services.rbac.dodgy_subjects.view\">\n            <div class=\"list-group\">\n                {{#each items}}\n                    <div class=\"row list-group-item active\">\n                        <h4>{{ @key }}</h4>\n                    </div>\n                    <div class=\"row list-group-item\">\n                        <ul>\n                            {{#each this}}\n                                <li>\n                                    Bound to <b>{{ version }}/{{ data.roleRef.kind }}/{{ data.roleRef.name }}</b>\n                                </li>\n                            {{/each}}\n                        </ul>\n                    </div>\n                {{/each}}\n            </div>\n        </div>\n    </div>\n</script>\n"
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/kubernetes/services.rbac.permissive_bindings.html",
    "content": "<script id=\"services.rbac.permissive_bindings.details.template\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group\" id=\"services.rbac.permissive_bindings.details\">\n        <div class=\"list-group\" id=\"services.rbac.permissive_bindings.view\">\n            <div class=\"list-group\">\n                {{#each items}}\n                    <div class=\"row list-group-item active\">\n                        <h4>{{ @key }}</h4>\n                    </div>\n                    <div class=\"row list-group-item\">\n                        <h5>Bound to <b>{{ data.roleRef.kind }}/{{ data.roleRef.name }}</b></h5>\n                        <ul>\n                            {{#each data.subjects}}\n                                {{#if apiGroup}}\n                                <li>Subject <b>{{ kind }}/{{ name }}</b> from API group <b>{{ apiGroup }}</b></li>\n                                {{else}}\n                                <li>Subject <b>{{ kind }}/{{ name }}</b> from namespace <b>{{ namespace }}</b></li>\n                                {{/if}}\n                            {{/each}}\n                        </ul>\n                    </div>\n                {{/each}}\n            </div>\n        </div>\n    </div>\n</script>"
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/oci/services.identity.password_policy.html",
    "content": "<!-- identity password_policys -->\n<script id=\"services.identity.password_policy.details.template\" type=\"text/x-handlebars-template\">\n    <div class=\"list-group\" id=\"services.identity.password_policy.details\">\n        <div class=\"list-group\" id=\"services.identity.password_policy.view\">\n            <div class=\"list-group-item active\">\n                <h4 class=\"list-group-item-heading\">Password policy</h4>\n            </div>\n            <div class=\"list-group-item\">\n                <div class=\"list-group-item-text item-margin\">Minimum Password Length: <span id=\"identity.password_policy.minimum_password_length\"><samp>{{items.minimum_password_length}}</samp></span></div>\n                <div class=\"list-group-item-text item-margin\">May contain username: <span id=\"identity.password_policy.is_username_containment_allowed\"><samp>{{items.is_username_containment_allowed}}</samp></span></div>\n                <div class=\"list-group-item-text item-margin\">Must contain at least 1 numeric character: <span id=\"identity.password_policy.is_numeric_characters_required\"><samp>{{items.is_numeric_characters_required}}</samp></span></div>\n                <div class=\"list-group-item-text item-margin\">Must contain at least 1 special character: <span id=\"identity.password_policy.is_special_characters_required\"><samp>{{items.is_special_characters_required}}</samp></span></div>\n                <div class=\"list-group-item-text item-margin\">Must contain at least 1 uppercase character: <span id=\"identity.password_policy.is_uppercase_characters_required\"><samp>{{items.is_uppercase_characters_required}}</samp></span></div>\n                <div class=\"list-group-item-text item-margin\">Must contain at least 1 lowercase character: <span id=\"identity.password_policy.is_lowercase_characters_required\"><samp>{{items.is_lowercase_characters_required}}</samp></span></div>\n\n            </div>\n        </div></div>\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/service_groups.compute.summaries.external_attack_surface.html",
    "content": "\n<!-- Template for network attack surface -->\n<script id=\"service_groups.compute.summaries.external_attack_surface.details.template\" type=\"text/x-handlebars-template\">\n  {{> attack_surface service = 'Compute'}}\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/html/summaries/service_groups.database.summaries.external_attack_surface.html",
    "content": "<!-- Template for network attack surface -->\n<script id=\"service_groups.database.summaries.external_attack_surface.details.template\" type=\"text/x-handlebars-template\">\n  {{> attack_surface service = 'Database'}}\n</script>\n\n"
  },
  {
    "path": "ScoutSuite/output/data/inc-scoutsuite/css/modal.css",
    "content": ".modal-dialog .list-group-item { \n    border: none;\n}\n\n.modal-header {\n    background-color: #2C3E50;\n    border-radius: 3px 3px 0 0;\n    color: white;\n}\n\n.modal .close,\n.modal .close:not(:disabled):not(.disabled):hover, \n.modal .close:not(:disabled):not(.disabled):focus {\n    color: white;\n}\n\n.modal-header {\n    height: 65px;\n    background: #414042;\n}\n\n.modal-body {\n    overflow-y: auto;\n}\n\n.modal-body .list-group-item {\n    background: transparent !important;\n}\n\n.modal-content {\n    max-height: 80vh;\n}"
  },
  {
    "path": "ScoutSuite/output/data/inc-scoutsuite/css/scoutsuite-dark.css",
    "content": ".dropdown-item {\n    color: #fff;\n}\n\n.dropdown-item.disabled, .dropdown-item:disabled {\n    color: #647273;\n}\n\na.nav-link {\n    color: rgb(235, 235, 235) ;\n}\n\n.dropdown-submenu a.nav-link {\n    color: rgb(235, 235, 235) ;\n}\n\n.bg-primary .navbar-nav .active>.nav-link {\n    color: #fff !important;\n    font-weight: bolder;\n    font-size: 15px;\n    transition: font-size 0.4s ease;\n}\n\n.navbar-brand .active {\n    color: #fff !important;\n    font-weight: bolder;\n    font-size: 18px;\n    transition: font-size 0.4s ease;\n}\n\n#double-column-left .list-group {\n    border: 1px solid #444;\n}\n\n.dropdown-header { \n    background: #7672779c;\n    color: #fff;\n}\n\n.dropdown-submenu:hover, .dropdown-item:hover {\n    background: transparent;\n    color: #fff;\n    border-left: 10px solid #c41230 ;\n    -webkit-transition: border 0.2s ease-in-out; /* Safari */\n    transition: border 0.2s ease-in-out;\n}\n\n::-webkit-scrollbar {\n    background: transparent;\n    padding: 2px;\n }\n ::-webkit-scrollbar-corner {\n     background: transparent;\n   }\n ::-webkit-scrollbar-thumb {\n     background-clip: padding-box;\n     background-color: rgba(168, 168, 168, 0.733);\n     -webkit-box-shadow: inset -1px -1px 0px rgba(0, 0, 0, 0.05), inset 1px 1px 0px rgba(0, 0, 0, 0.05);\n }\n ::-webkit-scrollbar-button {\n     width: 0;\n     height: 0;\n     display: none;\n }\n\n .show {\n     border-bottom: unset;\n }\n\n .card-header {\n    background-color: #626164;\n    color: #fff !important;\n    font-size: 14px;\n}\n\nspan.slider.round {\n    background: #c41230 !important;\n}\n\n.btn-light {\n    background-color: #626164;\n}\n\n.btn-light:hover {\n    background-color: #86858a;\n}\n\n.dropdown-menu {\n    background: #414042;\n    \n}\n\n.plain-link a:link,\n.plain-link a:visited,\n.plain-link a:active {\n    color: #fff;\n    text-decoration: none;\n}\n\n.disabled-link a:link,\n.disabled-link a:active,\n.disabled-link a:visited,\n.disabled-link a:hover {\n    color: rgb(173, 173, 173);\n    pointer-events: none;\n    cursor: default;\n}\n\n.plain-link a:hover {\n    text-decoration: underline;\n}\n\n.card-body {\n    color: #fff;\n}\n\n#account_id .fa-cloud {\n    color: #fff;\n    margin-right: 5px;\n}\n\n.disabled-link a .finding-title {\n    color: rgb(173, 173, 173) !important;\n}\n"
  },
  {
    "path": "ScoutSuite/output/data/inc-scoutsuite/css/scoutsuite-light.css",
    "content": "a.nav-link {\n    color: rgb(235, 235, 235) ;\n}\n\na.nav-link:hover {\n    font-weight: bold;\n    transition: all 0.2s ease;\n}\n\n.dropdown-submenu a.nav-link {\n    color: #7b8a8b;\n}\n\n.dropdown-submenu a.nav-link:hover {\n    color: black;\n    border-left: 10px solid #c41230 ;\n    -webkit-transition: border 0.2s ease-in-out; /* Safari */\n    transition: border 0.2s ease-in-out;\n}\n\n.bg-primary .navbar-nav .active>.nav-link, .navbar-brand .active {\n    color: #fff !important;\n    font-weight: bolder;\n    font-size: 15px;\n    transition: font-size 0.4s ease;\n}\n\n.navbar-brand .active {\n    color: #fff !important;\n    font-weight: bolder;\n    font-size: 18px;\n    transition: font-size 0.4s ease;\n}\n\n.finding.btn::before {\n    color: black !important;\n}\n\n"
  },
  {
    "path": "ScoutSuite/output/data/inc-scoutsuite/css/scoutsuite.css",
    "content": "@import url(\"./modal.css\");\n\na {\n    color: #4990e2;\n}\n\na:hover {\n    color: #67acfc;\n    text-decoration: none !important;\n}\nbody {\n    font-family: 'Roboto', sans-serif;\n    font-size: 14px;\n}\n/* Bootstrap overrides */\n\n.btn-success,\n.btn-success:focus\n {\n    color: #fff;\n    background-color: #23af44;\n    border-color: #23af44;\n}\n\n.btn-success:hover,\n.btn-success:active\n {\n    color: #fff;\n    background-color: #1f9b3c;\n    border-color: #1f9b3c;\n}\n\n.btn-warning:focus {\n    color: #fff;\n    background-color: #F39C12;\n    border-color: #F39C12;\n}\n\n.btn-danger:focus {\n    color: #fff;\n    background-color: #E74C3C;\n    border-color: #E74C3C;\n}\n\n.btn-info.disabled, .btn-info:disabled {\n    color: rgb(255, 255, 255);\n    background-color: rgb(180, 180, 180);\n    border-color: rgb(180, 180, 180);\n}\n\n/* Scout Suite */\n\n.item-margin {\n    margin-left: 25px;\n}\n.no-margin {\n    margin-left: -25px !important;\n}\n\n.finding-title {\n    font-size: 14px !important;\n}\n.finding-badge {\n    margin-bottom: 1px;\n    margin-right: 8px;\n    display: inline-block;\n    border-radius: 100%;\n}\n\n.finding-badge-good:before { \n    content: '\\f058';\n    color: #23af44; \n}\n\n.finding-badge-warning:before { \n    content: '\\f06a';\n    color: #fdbe00; \n}\n\n.finding-badge-danger:before { \n    content: '\\f06a';\n    color:#ee293d; \n}\n\n.finding-badge-unknown:before {  \n    content: '\\f111';\n    color: rgb(225, 225, 225);\n}\n\n.finding-good { color: #23af44; }\n.finding-warning { color: #fdbe00; }\n.finding-danger { color:#ee293d; \n                  font-weight: bold;}\n\nul.no-bullet {\n    list-style-type: none;\n}\n.list-sub-element {\n    border: 0 !important;\n    padding-left: 25px;\n}\n\n.list-group-item > .list-group-item {\n    background: transparent;\n}\n\n.active-dropdown {\n    color: #428bca;\n}\n\n.overlay-bg {\n    position: fixed;\n    top: 0;\n    left: 0;\n    width: 100%;\n    height: 100%;\n    background: black;\n    z-index: 1337;\n    opacity: 0.5;\n    display: none;\n}\n.overlay {\n    position: fixed;\n    top: 40%;\n    left: 40%;\n    max-height: 80%;\n    background-color: white;\n    z-index: 7331;\n    overflow: auto;\n    margin-left: -200px;\n    margin-top: -200px;\n    display: none;\n    border-radius: 5px;\n}\n\n.plain-link a:link,\n.plain-link a:visited,\n.plain-link a:active {\n    color: black;\n    text-decoration: none;\n}\n\n.plain-link a:hover {\n    text-decoration: underline;\n}\n\n.disabled-link a:link,\n.disabled-link a:active,\n.disabled-link a:visited,\n.disabled-link a:hover {\n    color: rgb(173, 173, 173);\n    pointer-events: none;\n    cursor: default;\n}\n\n.dropdown-submenu {\n    position: relative;\n}\n\n.dropdown-submenu>.dropdown-menu {\n    top: 0;\n    left: 100%;\n    margin-top: -6px;\n    margin-left: -1px;\n    -webkit-border-radius: 0 6px 6px 6px;\n    -moz-border-radius: 0 6px 6px;\n    border-radius: 0 6px 6px 6px;\n}\n\n.dropdown-submenu:hover>.dropdown-menu {\n    display: block;\n}\n\n.dropdown-submenu>a:after {\n    display: block;\n    content: \" \";\n    float: right;\n    width: 0;\n    height: 0;\n    border-color: transparent;\n    border-style: solid;\n    border-width: 5px 0 5px 5px;\n    border-left-color: #ccc;\n    margin-top: 5px;\n}\n\n.dropdown-submenu:hover>a:after {\n    border-left-color: #fff;\n}\n\n.dropdown-submenu.pull-left {\n    float: none;\n}\n\n.dropdown-submenu.pull-left>.dropdown-menu {\n    left: -100%;\n    margin-left: 10px;\n    -webkit-border-radius: 6px 0 6px 6px;\n    -moz-border-radius: 6px 0 6px 6px;\n    border-radius: 6px 0 6px 6px;\n}\n\n.dropdown-item.disabled, .dropdown-item:disabled {\n    color: #bbcdce;\n}\n\n.rationale-overlay {\n    z-index: 2147483647;\n    display: block;\n    position: fixed;\n    width: 20%;\n    display: none;\n}\n\n.switch {\n    position: relative;\n    display: inline-block;\n    width: 26px;\n    height: 14px;\n    line-height: 1em;\n  }\n\n.switch input { \n    opacity: 0;\n    width: 0;\n    height: 0;\n}\n\n.slider {\n    position: absolute;\n    cursor: pointer;\n    top: 0;\n    left: 0;\n    right: 0;\n    bottom: 0;\n    background-color: #ccc;\n}\n\n.slider:before {\n    position: absolute;\n    content: \"\";\n    height: 11px;\n    width: 11px;\n    left: 2px;\n    bottom: 2px;\n    background-color: white;\n}\n\ninput:checked + .slider {\n    background-color: #428bca;\n}\n\ninput:focus + .slider {\n    box-shadow: 0 0 1px 1px #428bca;\n}\n\ninput:checked + .slider:before {\n    -ms-transform: translateX(11px);\n    transform: translateX(11px);\n}\n\n.slider.round {\n    border-radius: 14px;\n    top: 2px;\n    bottom: -2px;\n}\n\n.slider.round:before {\n    border-radius: 50%;\n}\n\n.sub-navbar {\n    position: inherit;\n    float: bottom;\n    margin-top: 3rem;\n    width: 100%;\n    left: 0rem;\n    right: 0rem;\n    top: 0rem;\n    padding-top: 2rem;\n    padding-left: 8rem;\n    align-content: stretch;\n    z-index: -1;\n}\n\n.pr-0 {\n    padding-right: 0rem;\n}\n\n.text-overflow {\n    word-wrap: break-word;\n}\n\n.std-size {\n    font-size: 18px;\n}\n\n.finding {\n    position: relative;\n}\n\n.finding:before {\n    color: #FFF;\n    content: \"\\f068\"; /* Fontawesome '+' */\n    left:5px;\n    position:absolute;\n    top:0;\n}\n\n\n.collapsed.finding:before {\n    color: #FFF;\n    content: \"\\f067\"; /* Fontawesome '-' */\n    left:5px;\n    position:absolute;\n    top:0;\n}\n\n#last_run {\n    width: 100%;\n}\n\n.list-group {\n    margin-bottom: 1em;\n}\n\n#double-column-left .list-group {\n    margin: 3px 0;\n}\n\n#double-column-left .active a,\n#double-column-left .active .fa {\n    color: #FFF !important;\n}\n\n#double-column-left .active .fa:hover {\n    color: #c41230 !important;\n}\n\n.finding-learn-more i {\n    font-size: 0.8em;\n}\n\n.finding_items {\n    font-size: 18px;\n}\n\n.list-group-item {\n    overflow: auto;\n    background: rgba(0,0,0,.05);\n}\n\n.list-group-item.list-group-item {\n    background: transparent;\n}\n\n.list-group-item.active {\n    border: 0;\n    background: #414042; \n}\n\n.bucket-name {\n    white-space: nowrap; \n    overflow: hidden;\n    text-overflow: ellipsis;\n    display: block;\n    width: 150px;\n}\n.bucket-name:hover {\n    cursor: pointer;\n}\n\n.table-padding > * {\n    padding: 10px;\n}\n\n@media only screen and (max-width: 1200px) {\n    #container-user {\n        margin-top: 5rem !important;\n    }\n}\n\n/* ------------------ Oliver CSS -------------------- */\n\n#account_id {\n    font-weight: bold;\n}\n\n#account_id .fa-cloud {\n    color: black;\n    margin-right: 5px;\n}\n\n#account_id .fa-chevron-right {\n    margin-left: 5px; \n    margin-right: 5px;\n}\n\n.navbar { \n    background: #414042 !important;\n    border-bottom: 10px solid #c41230;\n}\n\n.card-body {\n    margin-bottom: -1px;\n    padding: 0.75rem 1.25rem;\n    margin-bottom: 0;\n    color: inherit;\n    font-size: 14px;\n}\n\n.card-body:nth-of-type(even) {\n    background-color: #f7f7f7;\n}\n\n.card-header-dark {\n    background-color: #414042 !important;\n    color: #fff !important;\n    font-size: 16px !important;\n}\n\n.card-body:first-child {\n    border-radius: calc(0.25rem - 1px) calc(0.25rem - 1px) 0 0;\n}\n\n.dropdown-item {\n    line-height: 2;\n    font-size: 14px;\n    height: 2.5rem;\n    border-radius: unset !important;\n}\n\n.dropdown-item:hover {\n    background: transparent;\n    color: black;\n    border-left: 10px solid #c41230 ;\n    -webkit-transition: border 0.2s ease-in-out; /* Safari */\n    transition: border 0.2s ease-in-out;\n}\n\n.findings-filter {\n    padding: 0;\n}\n\n#section_title-h2 {\n    font-weight: bolder;\n}\n\n.show { \n    border-bottom: 1px solid #d8d5d5;\n}\n.fa-download:before {\n    padding-right: 6px !important;\n}\n\n.col-sm-9.w-100.pr-0 div .list-group .list-group-item {\n    overflow: unset;\n}\n\n.col-sm-9.w-100.pr-0 div .list-group .list-group-item {\n    overflow: auto;\n    max-height: 40rem;\n}\n\n.table-striped tbody tr:first-of-type td {\n    font-size: 16px;\n    font-weight: bold;\n    border-bottom: 1px solid #414042 ;\n} \n\n ::-webkit-scrollbar {\n   background: transparent;\n   padding: 2px;\n}\n\n::-webkit-scrollbar-corner {\n    background: transparent;\n  }\n\n::-webkit-scrollbar-thumb {\n    background-clip: padding-box;\n    background-color: rgba(0, 0, 0, 0.15);\n    -webkit-box-shadow: inset -1px -1px 0px rgba(0, 0, 0, 0.05), inset 1px 1px 0px rgba(0, 0, 0, 0.05);\n}\n::-webkit-scrollbar-button {\n    width: 0;\n    height: 0;\n    display: none;\n}\n\n.dropdown-header {\n    background: #f0f0f0b2;\n    color: black;\n    font-weight: bold;\n    font-size: 15px;\n}\n\n.dropdown-menu li span {\n    padding: 0.25rem 1.5rem;\n    padding-right: 0;\n}\n\n.finding_items {\n    color: black !important;\n}\n\n/* added scroll bar to filters as they were going off the page */\n#filters\\.list {\n    overflow-x: auto;\n    max-height: 90vh;\n}\n\nfooter a { \n    color: #c41230;\n}\n\nfooter a:hover { \n    color: #ee173a;\n}\n\n.code {\n    font-size: 87.5%;\n    color: #e83e8c;\n    word-break: break-word;\n}"
  },
  {
    "path": "ScoutSuite/output/data/inc-scoutsuite/helpers.js",
    "content": "/**********************\n * Handlebars helpers *\n **********************/\n\nHandlebars.registerHelper('displayPolicy', function (blob) {\n    var policy = '{<br/>'\n    for (let attr in blob) {\n        if (attr === 'Statement') {\n            policy += '&nbsp;&nbsp;\"Statement\": [<br/>'\n            for (let sid in blob['Statement']) {\n                policy += '<span id=\"foobar\">' + JSON.stringify(blob['Statement'][sid], null, 2) + '</span>,\\n'\n            }\n            policy += '  ]'\n        } else {\n            policy += '  \"' + attr + '\": ' + JSON.stringify(blob[attr], null, 2)\n        }\n        policy += ',\\n'\n    }\n\n    policy += '}'\n    return policy\n})\n\nHandlebars.registerHelper('add_policy_path', function () {\n    var policy = arguments[0]\n    var path = arguments[1]\n    for (var i = 2; i < arguments.length - 1; i++) {\n        path = path + '\\\\.' + arguments[i]\n    }\n    policy['policy_path'] = path\n    policy['policy_spath'] = path.replace(/\\\\/g, '')\n})\n\nHandlebars.registerHelper('jsonToString', function (obj) {\n    // TODO: find a better way to address Handlebars-specific indentation weirdness in <pre>\n    return JSON.stringify(obj, null, 2).replace(/\\r\\n/g, `\\r`).replace(/\\n/g, `\\r`)\n})\n\nHandlebars.registerHelper('has_profiles?', function (logins) {\n    if (typeof logins !== 'undefined' && logins !== '') {\n        return 'Yes'\n    } else {\n        return 'No'\n    }\n})\n\n// Required in addition to has_profiles to allow if conditions\nHandlebars.registerHelper('ifHasProfiles', function (logins, options) {\n    if (typeof logins !== 'undefined' && logins !== '') {\n        return options.fn(this)\n    } else {\n        return options.inverse(this)\n    }\n})\n\nHandlebars.registerHelper('has_access_keys?', function (accessKeys) {\n    if (typeof accessKeys !== 'undefined' && accessKeys !== '') {\n        return accessKeys.length\n    } else {\n        return 0\n    }\n})\n\nHandlebars.registerHelper('has_mfa?', function (mfaDevices) {\n    if (typeof mfaDevices !== 'undefined' && mfaDevices !== '' && mfaDevices.length > 0) {\n        return 'Yes'\n    } else {\n        return 'No'\n    }\n})\n\nHandlebars.registerHelper('list_permissions', function (permissions) {\n    var r = ''\n    if (typeof permissions !== 'undefined' && permissions !== '') {\n        r += parse_entities('group', permissions.groups)\n        r += parse_entities('role', permissions.roles)\n        r += parse_entities('user', permissions.users)\n    }\n    return r\n})\n\nHandlebars.registerHelper('good_bad_icon', function (finding, bucketId, keyId, suffix) {\n    var keyPath = 's3.buckets.' + bucketId + '.keys.' + keyId + '.' + suffix\n    var index = runResults['services']['s3']['findings'][finding]['items'].indexOf(keyPath)\n    var level = runResults['services']['s3']['findings'][finding]['level']\n    if (index > -1) {\n        return '<i class=\"fa fa-times finding-' + level + '\"></i>'\n    } else {\n        var keyDetails = runResults['services']['s3']['buckets'][bucketId]['keys'][keyId]\n        if ((finding === 's3-object-acls-mismatch-bucket') && ('grantees' in keyDetails)) {\n            return '<i class=\"fa fa-check finding-good\"></i>'\n        } else if ((finding == 's3-object-unencrypted') && ('ServerSideEncryption' in keyDetails)) {\n            return '<i class=\"fa fa-check finding-good\"></i>'\n        } else {\n            return '<i class=\"fa fa-question-circle\"></i></i>'\n        }\n    }\n})\n\nHandlebars.registerHelper('has_logging?', function (logging) {\n    return logging\n})\n\nHandlebars.registerHelper('finding_entity', function (prefix, entity) {\n    return finding_entity(prefix, entity)\n})\n\nHandlebars.registerHelper('count_in', function (service, path) {\n    var entities = path.split('.')\n    if (service === 'ec2') {\n        var input = runResults['services']['ec2']\n    } else if (service == 'cloudtrail') {\n        input = runResults['services']['cloudtrail']\n    } else {\n        return 0\n    }\n    return recursiveCount(input, entities)\n})\n\nHandlebars.registerHelper('count_in_new', function (path) {\n    var entities = path.split('.')\n    return recursiveCount(runResults, entities)\n})\n\nHandlebars.registerHelper('count_ec2_in_region', function (region, path) {\n    if (typeof runResults['services']['ec2'] != 'undefined') {\n        var count = 0\n        var entities = path.split('.')\n        for (let r in runResults['services']['ec2']['regions']) {\n            if (r === region) {\n                return recursiveCount(runResults['services']['ec2']['regions'][r], entities)\n            }\n        }\n    } else {\n        count = 'N/A'\n    }\n    return count\n})\n\nHandlebars.registerHelper('split_lines', function (text) {\n    return text ? text.split('\\n') : []\n})\n\nHandlebars.registerHelper('count_vpc_network_acls', function (vpcNetworkAcls) {\n    var counter = 0\n    for (let _ in vpcNetworkAcls) {\n        counter = counter + 1\n    }\n    return counter\n})\n\nHandlebars.registerHelper('count_vpc_instances', function (vpcInstances) {\n    var counter = 0\n    for (let _ in vpcInstances) {\n        counter = counter + 1\n    }\n    return counter\n})\n\nHandlebars.registerHelper('count_role_instances', function (instanceProfiles) {\n    var counter = 0\n    for (let ip in instanceProfiles) {\n        for (let _ in instanceProfiles[ip]['instances']) {\n            counter = counter + 1\n        }\n    }\n    return counter\n})\n\nvar recursiveCount = function (input, entities) {\n    var counter = 0\n    if (entities.length > 0) {\n        var entity = entities.shift()\n        for (let i in input[entity]) {\n            counter = counter + recursiveCount(input[entity][i], eval(JSON.stringify(entities)))\n        }\n    } else {\n        counter = counter + 1\n    }\n    return counter\n}\n\nHandlebars.registerHelper('find_ec2_object_attribute', function (path, id, attribute) {\n    return findEC2ObjectAttribute(runResults['services']['ec2'], path, id, attribute)\n})\n\nHandlebars.registerHelper('format_date', function (time) {\n    if (!time || time === '') {\n        return 'No date available'\n    }\n    else if (typeof time === 'number') {\n        return new Date(time * 1000).toString()\n    } else if (typeof time === 'string') {\n        return new Date(time)\n    } else {\n        return 'Invalid date format'\n    }\n})\n\nHandlebars.registerHelper('makeTitle', function (title) {\n    return makeTitle(title)\n})\n\nHandlebars.registerHelper('addMember', function (memberName, value) {\n    this[memberName] = value\n})\n\nHandlebars.registerHelper('ifShow', function (v1, v2, options) {\n    if (v1 !== v2) {\n        return options.fn(this)\n    }\n})\n\nHandlebars.registerHelper('ifType', function (v1, v2, options) {\n    if (typeof v1 === v2) {\n        return options.fn(v1)\n    } else {\n        return options.inverse(v1)\n    }\n})\n\nHandlebars.registerHelper('fixBucketName', function (bucketName) {\n    if (bucketName !== undefined) {\n        return bucketName.replace(/\\./g, '-')\n    }\n})\n\nHandlebars.registerHelper('dashboard_color', function (level, checked, flagged) {\n    if (checked === 0) {\n        return 'unknown disabled-link'\n    } else if (flagged === 0) {\n        return 'good disabled-link'\n    } else {\n        return level\n    }\n})\n\nHandlebars.registerHelper('ifEqual', function (v1, v2, options) {\n    if (v1 === v2) {\n        return options.fn(this)\n    } else {\n        return options.inverse(this)\n    }\n})\n\nHandlebars.registerHelper('ifLooseEqual', function (v1, v2, options) {\n    if (v1 == v2) {\n        return options.fn(this)\n    } else {\n        return options.inverse(this)\n    }\n})\n\nHandlebars.registerHelper('unlessEqual', function (v1, v2, options) {\n    if (v1 !== v2) {\n        return options.fn(this)\n    } else {\n        return options.inverse(this)\n    }\n})\n\nHandlebars.registerHelper('ifPositive', function (v1, options) {\n    if (!v1 || v1 === 'N/A' || v1 === 0) {\n        return options.inverse(this)\n    } else {\n        return options.fn(this)\n    }\n})\n\nHandlebars.registerHelper('greaterThan', function (v1, v2, options) {\n    'use strict';\n    if (v1 > v2) {\n        return options.fn(this);\n    }\n    return options.inverse(this);\n});\n\nHandlebars.registerHelper('hasKeys', function (obj, options) {\n    if (Object.keys(obj).length > 0) {\n        return options.fn(this);\n    } else {\n        return options.inverse(this);\n    }\n});\n\nHandlebars.registerHelper('has_condition', function (policyInfo) {\n    if (('condition' in policyInfo) && (policyInfo['condition'] != null)) {\n        return true\n    } else {\n        return false\n    }\n})\n\nHandlebars.registerHelper('escape_special_chars', function (value) {\n    return value.replace(/\\./g, 'nccdot').replace(/,/g, 'ncccoma')\n})\n\nHandlebars.registerHelper('getValueAt', function () {\n    var path = arguments[0]\n    for (var i = 1; i < arguments.length - 1; i++) {\n        path = path + '.' + arguments[i]\n    }\n    return getValueAt(path)\n})\n\nHandlebars.registerHelper('greaterLengthThan', function (v1, v2, options) {\n    'use strict';\n    if (v1.length>v2) {\n        return options.fn(this);\n    }\n    return options.inverse(this);\n});\n\nHandlebars.registerHelper('concat', function () {\n    var path = arguments[0]\n    for (var i = 1; i < arguments.length - 1; i++) {\n        path = path + '.' + arguments[i]\n    }\n    return path\n})\n\nHandlebars.registerHelper('append', function () {\n    var path = arguments[0]\n    for (var i = 1; i < arguments.length - 1; i++) {\n        path = path + arguments[i]\n    }\n    return path\n})\n\nHandlebars.registerHelper('concatWith', function (str1, str2, sep) {\n    return [str1, str2].join(sep);\n})\n\nHandlebars.registerHelper('jsonStringify', function () {\n    let body = arguments[0]\n    delete body['description']\n    delete body['args']\n    return JSON.stringify(body, null, 4)\n})\n\nHandlebars.registerHelper('get_key', function () {\n    let rule = arguments[1]\n    if (rule['key']) {\n        var key = rule['key']\n    } else {\n        key = arguments[0]\n    }\n    return key.replace('.', '')\n})\n\nHandlebars.registerHelper('other_level', function () {\n    if (arguments[0] === 'warning') {\n        return 'danger'\n    } else {\n        return 'warning'\n    }\n})\n\n// http://funkjedi.com/technology/412-every-nth-item-in-handlebars, slightly tweaked to work with a dictionary\nHandlebars.registerHelper('grouped_each', function (every, context, options) {\n    var out = ''\n    var i\n    var keys = Object.keys(context)\n    var count = keys.length\n    var subcontext = {}\n    if (context && count > 0) {\n        for (i = 0; i < count; i++) {\n            if (i > 0 && i % every === 0) {\n                out += options.fn(subcontext)\n                subcontext = {}\n            }\n            subcontext[keys[i]] = context[keys[i]]\n        }\n        out += options.fn(subcontext)\n    }\n    return out\n})\n\n// Takes a dict and returns a sorted list\n// The key for each element of the dict is added as an attribute of each list object\nHandlebars.registerHelper('each_dict_as_sorted_list', function (context, options) {\n    var ret = ''\n\n    var sortedFindingsKeys = Object.keys(context).sort(function (a, b) {\n        if (context[a].flagged_items === 0 && context[b].flagged_items === 0) {\n            if (context[a].checked_items === 0 && context[b].checked_items !== 0) return 1\n            if (context[a].checked_items !== 0 && context[b].checked_items === 0) return -1\n            if (context[a].description.toLowerCase() < context[b].description.toLowerCase()) return -1\n            if (context[a].description.toLowerCase() > context[b].description.toLowerCase()) return 1\n        }\n        if ((context[a].flagged_items == 0 && context[b].flagged_items > 0) ||\n            (context[a].flagged_items > 0 && context[b].flagged_items === 0)) {\n            if (context[a].flagged_items > context[b].flagged_items) return -1\n            return 1\n        }\n        if (context[a].flagged_items > 0 && context[b].flagged_items > 0) {\n            if (context[a].level === context[b].level) {\n                if (context[a].description.toLowerCase() < context[b].description.toLowerCase()) return -1\n                if (context[a].description.toLowerCase() > context[b].description.toLowerCase()) return 1\n            } else {\n                if (context[a].level.toLowerCase() === 'danger') return -1\n                if (context[b].level.toLowerCase() === 'danger') return 1\n                if (context[a].level.toLowerCase() === 'warning') return -1 // FIXME - these are duplicated for nothing?\n                if (context[b].level.toLowerCase() === 'warning') return 1\n                if (context[a].level.toLowerCase() === 'warning') return -1\n                if (context[b].level.toLowerCase() === 'warning') return 1\n            }\n        }\n        return 0\n    })\n\n    sortedFindingsKeys.forEach(function (key) {\n        var obj = context[key]\n        obj['key'] = key\n        // sorted_findings.push(obj)\n        ret += options.fn(obj)\n    })\n\n    return ret\n})\n\n// Sorts a dict by an arbitrary key\nHandlebars.registerHelper('each_dict_sorted', function (dict, key, opts) {\n    // convert dict to an array\n    var array = [];\n    for (var k in dict) {\n        if (dict.hasOwnProperty(k)) {\n            array.push(dict[k]);\n        }\n    }\n    // sort array\n    var output = '';\n    var contextSorted = array.concat().sort( function(a,b) { return a[key] - b[key] } );\n    for(var i=0, j=contextSorted.length; i<j; i++) {\n        output += opts.fn(contextSorted[i]);\n    }\n    // return resolt\n    return output;\n})\n\nHandlebars.registerHelper('escape_dots', function () {\n    return arguments[0].replace(/\\./g, '\\\\.') // lgtm [js/incomplete-sanitization]\n})\n\n/**\n * Converts a boolean value to 'Enabled' or 'Disabled'. If the value is undefined or null, then it returns 'Unknown'.\n */\nHandlebars.registerHelper('convert_bool_to_enabled', function (value) {\n    if (value === undefined || value === null) return 'Unknown'\n    return value ? 'Enabled' : 'Disabled'\n})\n\n/**\n * Checks if value is indefined/null and returns 'None', otherwise returns value\n */\nHandlebars.registerHelper('value_or_none', function (value) {\n    if (value === undefined || value === null || value === '' || value === [] || value === {}) return 'None'\n    return value\n})\n\n/*********************\n * Ruleset generator *\n *********************/\n\nHandlebars.registerHelper('get_rule', function (ruleFilename, attribute) {\n    if (attribute === 'service') {\n        return ruleFilename.split('-')[0]\n    } else {\n        let rule = runResults['rule_definitions'][ruleFilename]\n        // Clean up some ruleset generator artifacts\n        let attributeCleanup = ['file_name', 'file_path', 'rule_dirs', 'rule_types', 'rules_data_path', 'string_definition']\n        for (let ac in attributeCleanup) {\n            rule = ruleCleanup(rule, attributeCleanup[ac])\n        }\n        if (attribute === '') {\n            return rule\n        } else {\n            return rule[attribute]\n        }\n    }\n})\n\nvar ruleCleanup = function (rule, attribute) {\n    if (attribute in rule) {\n        delete rule[attribute]\n    }\n    return rule\n}\n\nHandlebars.registerHelper('get_arg_name', function (ruleFilename, argIndex) {\n    if ('arg_names' in runResults['rule_definitions'][ruleFilename]) {\n        return runResults['rule_definitions'][ruleFilename]['arg_names'][argIndex]\n    } else {\n        return ''\n    }\n})\n  \n"
  },
  {
    "path": "ScoutSuite/output/data/inc-scoutsuite/pagination.js",
    "content": "const defaultPageSize = 2\nvar reCount = new RegExp('_count$')\n\n/**\n * Loads a page based on which page we want to move to\n * @param {array} pathArray         The path of where the data is stored\n * @param {number} indexDiff        Difference between current and desired page index\n */\nfunction loadPage (pathArray, indexDiff) {\n  let pageInfo = getPageInfo(pathArray)\n  let pageSize = pageInfo[0]\n  let pageIndex = pageInfo[1]\n  pageIndex += indexDiff\n  // getResourcePageSqlite being called in both statements is intentional, I want events to happen in this order to\n  // prevent the user from cliking on next page multiple times and going out of bounds and I want to call loadConfig\n  // to regenerate the page after Iv'e loaded SQLite data\n  if (indexDiff === 0) {\n    if (pathArray[2] === 'regions') {\n      getResourcePageSqliteRegions(pageIndex, pageSize, pathArray[1], pathArray[3], pathArray[4])\n    } else {\n      getResourcePageSqlite(pageIndex, pageSize, pathArray[1], pathArray[2])\n    }\n  } else {\n    document.getElementById('page_backward').disabled = (pageIndex <= 0)\n    document.getElementById('page_forward').disabled = (pageIndex >= getLastPageIndex(pathArray, pageSize))\n    if (pathArray[2] === 'regions') {\n      for (let region in runResults['services'][pathArray[1]]['regions']) {\n        getResourcePageSqliteRegions(pageIndex, pageSize, pathArray[1], region, pathArray[4])\n      }\n      loadConfig('services.' + pathArray[1] + '.regions.' + pathArray[3] + '.' + pathArray[4], 2, true)\n    } else {\n      getResourcePageSqlite(pageIndex, pageSize, pathArray[1], pathArray[2])\n      loadConfig(pathArray[0] + '.' + pathArray[1] + '.' + pathArray[2], 2, true)\n    }\n  }\n}\n\n/**\n * Returns the current index of the page and it's size in number of resources\n * @param {array} pathArray         The path of where the data is stored\n * @returns {array}\n */\nfunction getPageInfo (pathArray) {\n  let pageSize, pageIndex\n   if (pathArray.length === 3) {\n    pageSize = runResults[pathArray[0]][pathArray[1]][pathArray[2] + '_page_size']\n    pageIndex = runResults[pathArray[0]][pathArray[1]][pathArray[2] + '_page_index']\n  } else if (pathArray.length === 5) {\n    // Instead of following the pathArray save the data to id since that's the path of pages with regions\n    if (runResults[pathArray[0]][pathArray[1]][pathArray[2]]['id'] !== undefined) {\n      pageSize = runResults[pathArray[0]][pathArray[1]][pathArray[2]]['id'][pathArray[4] + '_page_size']\n      pageIndex = runResults[pathArray[0]][pathArray[1]][pathArray[2]]['id'][pathArray[4] + '_page_index']\n    }\n  } \n  if (pageSize === undefined || pageSize === null) {\n    pageSize = defaultPageSize\n  }\n  if (pageIndex === undefined || pageIndex === null) {\n    pageIndex = 0\n  }\n  return [pageSize, pageIndex]\n}\n\n/**\n * Loads the first page for every resource or every resource of every region\n */\nfunction loadFirstPageEverywhere () {\n  for (let service in runResults['services']) {\n    // Check if the service we are dealing with contains regions (most AWS services do)\n    let regions = requestDb(createQuery('services', service, 'regions'))\n    if (regions !== null && regions.keys) {\n      regions = regions.keys\n      // Create a 'regions' key for each service, if you know a way to not have to add in this, please fixme\n      runResults['services'][service]['regions'] = {}\n      for (let region in regions) {\n        // Create an 'id' key for each region, this is were we will read the page index/size and load\n        // the proper template\n        runResults['services'][service]['regions'][regions[region]] = {id: null}\n        let resources = requestDb(createQuery('services', service, 'regions', regions[region]))\n        if (resources) {\n          getRegionsResourcesFirstPage([regions[region]], service, resources.keys)          \n        }\n      }\n    } else {\n      for (let resource in runResults['services'][service]) {\n        if (resource.match(reCount)) {\n          let pathArray = ['services', service, resource.replace(reCount, '')]\n          loadPage(pathArray, 0)\n        }\n      }\n    }\n  }  \n}\n\n/**\n * Loads the resources for the first page of each region in each service\n * @param {string} region           The current region we are fetching resources for \n * @param {string} service          The current service we are fetching resources for\n * @param {object} resources        The resources we need to fetch\n */\nfunction getRegionsResourcesFirstPage (region, service, resources) {\n  for (let resource in resources) {\n    // For everything that does not scale up with the ammount of resources fetch everything\n    if (resources[resource] === 'id' || resources[resource] === 'region' || \n      resources[resource] === 'name' || resources[resource].match(reCount)) {\n      runResults['services'][service]['regions'][region][resources[resource]] =\n        requestDb(createQuery('services', service, 'regions', region, [resources[resource]]), null)\n    // Else (if it scales) only fetch one page per region\n    } else {\n      let pathArray = ['services', service, 'regions', region, resources[resource]]\n      loadPage(pathArray, 0)\n    }\n  }\n}\n\n/**\n * Returns the maximal index for page selection\n * @param {array} pathArray         The path of where the data is stored\n * @param {number} pageSize         The amount of resources per page\n * @returns {number}\n */\nfunction getLastPageIndex (pathArray, pageSize) {\n  let resourceCount;\n  if (pathArray.length === 3) {\n    resourceCount = runResults[pathArray[0]][pathArray[1]][pathArray[2] + '_count']\n  } else {\n    resourceCount = getHighestResourceCount(pathArray)\n  }\n  return Math.ceil(resourceCount / pageSize - 1)\n}\n\n/**\n * Returns the highest value of a resource count throughout regions in order to restrict pagination\n * to the proper indexes\n * @param {array} pathArray\n * @returns {number}\n */\nfunction getHighestResourceCount (pathArray) {\n  let max = 0\n  for (let region in runResults[pathArray[0]][pathArray[1]][pathArray[2]]) {\n    if (max < runResults[pathArray[0]][pathArray[1]][pathArray[2]][region][pathArray[4] + '_count']) {\n      max = runResults[pathArray[0]][pathArray[1]][pathArray[2]][region][pathArray[4] + '_count']\n    }\n  }\n  return max\n}\n\n/**\n * Turns off or on the pagination buttons depending on the resource page currently consulted\n */\nfunction updateButtons () {\n  let pathArray = getPathArray()\n  if (pathArray.length > 1) {\n    if (getFormat() === resultFormats.json) {\n      hidePaginationButtons()\n    } else {\n      let pageInfo = getPageInfo(pathArray)\n      document.getElementById('page_backward').disabled = (pageInfo[1] <= 0)\n      document.getElementById('page_forward').disabled = (pageInfo[1] >= getLastPageIndex(pathArray, pageInfo[0]))\n    }\n  }\n}\n\n/**\n * Hides the pagination buttons\n */\nfunction hidePaginationButtons () {\n  document.getElementById('page_backward').hidden = true;\n  document.getElementById('page_forward').hidden = true;\n}"
  },
  {
    "path": "ScoutSuite/output/data/inc-scoutsuite/provider.js",
    "content": "/**\n * Get the whole config dictionary\n * @returns {{account_id, last_run, metadata, provider_code, provider_name, service_groups, service_list, services, sg_map, subnet_map}|*}\n */\nfunction getScoutsuiteResultsJson() {\n    return scoutsuite_results;\n}\n"
  },
  {
    "path": "ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js",
    "content": "// Globals\nconst resultFormats = {'invalid': 0, 'json': 1, 'sqlite': 2}\nObject.freeze(resultFormats)\nconst $ = window.$\nlet loadedConfigArray = []\nvar runResults\n\n/**\n * Event handlers\n */\n$(document).ready(function () {\n    onPageLoad()\n})\n\n/***\n * Generate a unique array\n * @param array\n * @returns {Array.<T>|string}\n */\nfunction arrayUnique(array) {\n    var a = array.concat();\n    for(var i=0; i<a.length; ++i) {\n        for(var j=i+1; j<a.length; ++j) {\n            if(a[i] === a[j])\n                a.splice(j--, 1);\n        }\n    }\n    return a;\n}\n\n/**\n * Implements page load functionality\n */\nfunction onPageLoad() {\n    showPageFromHash()\n\n    // when button is clicked, return CSV with finding\n    $('#findings_download_button').click(function (event) {\n        var buttonClicked = event.target.id\n        var anchor = window.location.hash.substr(1)\n        // Strip the # sign\n        var path = decodeURIComponent(anchor.replace('#', ''))\n        // Get resource path based on browsed-to path\n        var resourcePath = getResourcePath(path)\n\n        var item_indexes = getValueAt(path);\n        var resourcePathArray = resourcePath.split('.')\n        var splitPath = path.split('.')\n        var findingKey = splitPath[splitPath.length - 2]\n\n        // create array with item values\n        var items = [];\n        for (let i in item_indexes) {\n            // when path ends in '.items' (findings)\n            if (typeof item_indexes[i] === 'string') {\n                var idArray = item_indexes[i].split('.')\n                var id = 'services.' + idArray.slice(0, resourcePathArray.length).join('.')\n                var item = getValueAt(id)\n            } else {\n                var item = item_indexes[i]\n            }\n            items.push(item)\n        }\n\n        if (buttonClicked === 'findings_download_csv_button') {\n            var csvArray = []\n\n            // get a list of unique keys from all items\n            var unique_keys = [];\n            for (let i in items) {\n                unique_keys = arrayUnique(unique_keys.concat(Object.keys(items[i])));\n            }\n            // first row of csv file\n            csvArray.push(unique_keys);\n\n            for (let i in items) {\n\n                // put each value in array\n                var valuesArray = []\n                Object.keys(unique_keys).forEach(function (k) {\n                    if(unique_keys[k] in items[i])\n                    {\n                        valuesArray.push(JSON.stringify(items[i][unique_keys[k]]).replace(/^\"(.*)\"$/, '$1'));\n                    }\n                    else {\n                        valuesArray.push('');\n                    }\n                })\n\n                // append to csv array\n                csvArray.push(valuesArray)\n            }\n\n            downloadAsCsv(findingKey + '.csv', csvArray)\n        }\n\n        if (buttonClicked === 'findings_download_json_button') {\n            downloadAsJson(findingKey + '.json', items)\n        }\n    })\n\n    // When the button is clicked, load the desired page\n    $('#paging_buttons').click(function (event) {\n        let buttonClicked = event.target.id\n        let pathArray = getPathArray()\n        if (buttonClicked === 'page_forward') {\n            loadPage(pathArray, 1)\n        } else if (buttonClicked === 'page_backward') {\n            loadPage(pathArray, -1)\n        }\n    })\n}\n\n/**\n * Get an array containing the current path subdivided\n * @returns {object}\n */\nfunction getPathArray() {\n    let anchor = window.location.hash.substr(1)\n    // Strip the # sign\n    let path = decodeURIComponent(anchor.replace('#', ''))\n    // Get resource path based on browsed-to path\n    let resourcePath = getResourcePath(path)\n    return resourcePath.split('.')\n}\n\n/**\n * Display the account ID -- use of the generic function + templates result in the div not being at the top of the page\n */\nvar loadAccountId = function () {\n    var element = document.getElementById('account_id')\n    var value = '<i class=\"fa fa-cloud\"></i> ' + runResults['provider_name'] +\n        ' <i class=\"fa fa-chevron-right\"></i> ' + runResults['account_id']\n    if (('organization' in runResults) && (value in runResults['organization'])) {\n        value += ' (' + runResults['organization'][value]['Name'] + ')'\n    }\n    element.innerHTML = value\n}\n\n/**\n * Generic load JSON function\n * @param {string} scriptId\n * @param {number} cols\n * @param {boolean} force\n * @returns {number}\n */\nfunction loadConfig(scriptId, cols, force) {\n    if (!force && !scriptId.endsWith('.external_attack_surface')) {\n        console.log('Script ID: ' + scriptId);\n        // Abort if data was previously loaded\n        if (loadedConfigArray.indexOf(scriptId) > -1 ) {\n            // When the path does not contain .id.\n            console.log('Data was already loaded');\n            return 0\n        }\n        let pathArray = scriptId.split('.')\n        for (let i = 3; i < pathArray.length; i = i + 2) {\n            pathArray[i] = 'id'\n        }\n        let fixedPath = pathArray.join('.')\n        if (loadedConfigArray.indexOf(fixedPath) > -1) {\n            // When the loaded path contains id but browsed-to path contains a specific value\n            console.log('Fixed path: ' + fixedPath);\n            console.log('ID was already substituted');\n            return 0\n        }\n        pathArray[1] = 'id'\n        fixedPath = pathArray.join('.')\n        if (loadedConfigArray.indexOf(fixedPath) > 0) {\n            // Special case for services.id.findings\n            return 0\n        }\n    }\n\n    // Build the list based on the path, stopping at the first .id. value\n    let list = runResults;\n    let pathArray = scriptId.split('.id.')[0].split('.')\n    for (let i in pathArray) {\n        // Allows for creation of regions-filter etc...\n        if (pathArray[i].endsWith('-filters')) {\n            pathArray[i] = pathArray[i].replace('-filters', '')\n        }\n        list = list[pathArray[i]]\n        // Filters\n        if (pathArray[i] === 'items' && i > 3 && pathArray[i - 2] === 'filters') {\n            return 1\n        }\n    }\n\n    // Default # of columns is 2\n    if ((cols === undefined) || (cols === null)) {\n        cols = 2\n    }\n\n    // Update the DOM\n    hideAll();\n    if (cols === 0) {\n        // Metadata\n        scriptId = scriptId.replace('services.id.', '')\n        processTemplate(scriptId + '.list.template', scriptId + '.list', list, force)\n    } else if (cols === 1) {\n        // Single-column display\n        processTemplate(scriptId + '.details.template', 'single-column', list, force)\n    } else if (cols === 2) {\n        // Double-column display\n        processTemplate(scriptId + '.list.template', 'double-column-left', list, force)\n        processTemplate(scriptId + '.details.template', 'double-column-right', list, force)\n    }\n\n    // Update the list of loaded data\n    if (loadedConfigArray.indexOf(scriptId) === -1) {\n        loadedConfigArray.push(scriptId);\n    }\n    return 1\n}\n\n/**\n * Compile Handlebars templates and update the DOM\n * @param {string} id1\n * @param {string} containerId\n * @param {object} list\n * @param {boolean} replace\n */\nfunction processTemplate(id1, containerId, list, replace) {\n    id1 = id1.replace(/<|>/g, '')\n    if (document.getElementById(id1)) {\n        var templateToCompile = document.getElementById(id1).innerHTML\n        var compiledTemplate = Handlebars.compile(templateToCompile)\n        var innerHtml = compiledTemplate({items: list})\n        if (replace) {\n            document.getElementById(containerId).innerHTML = innerHtml\n        } else {\n            document.getElementById(containerId).innerHTML += innerHtml\n        }\n    }\n}\n\n/**\n * Hide all lists and details\n */\nfunction hideAll() {\n    $(\"[id$='.list']\").not(\"[id='metadata.list']\").not(\"[id='regions.list']\").not(\"[id='filters.list']\").hide()\n\n    $(\"[id*='.details']\").hide()\n    var element = document.getElementById('scout_display_account_id_on_all_pages')\n    if ((element !== undefined) && (element.checked === true)) {\n        showRow('account_id')\n    }\n    currentResourcePath = ''\n}\n\n/**\n * Show list and details' container for a given path\n * @param path\n */\nfunction showRow(path) {\n    path = path.replace(/.id./g, '.[^.]+.')\n    showList(path)\n    showDetails(path)\n}\n\n/**\n * Shows the list\n * @param {string} path\n */\nfunction showList(path) {\n    $('div').filter(function () {\n        return this.id.match(path + '.list')\n    }).show()\n}\n\n/**\n * Shows the details\n * @param {string} path\n */\nfunction showDetails(path) {\n    $('div').filter(function () {\n        return this.id.match(path + '.details')\n    }).show()\n}\n\n/**\n *  Hides the list\n * @param {string} path\n */\nfunction hideList(path) {\n    $(\"[id='\" + path + \"']\").hide()\n    path = path.replace('.list', '')\n    hideItems(path)\n}\n\n/**\n * Show links and views for a given path\n * @param path\n */\nfunction showItems(path) {\n    path = path.replace(/.id./g, '.[^.]+.') + '.[^.]+.'\n    $('div').filter(function () {\n        return this.id.match(path + 'link')\n    }).show()\n    $('div').filter(function () {\n        return this.id.match(path + 'view')\n    }).show()\n}\n\n/**\n * Hide resource views for a given path\n * @param resourcePath\n */\nfunction hideItems(resourcePath) {\n    let path = resourcePath.replace(/.id./g, '.[^.]+.') + '.[^.]+.view'\n    $('div').filter(function () {\n        return this.id.match(path)\n    }).hide()\n}\n\n/**\n * Hide resource links for a given path\n * @param resourcePath\n */\nfunction hideLinks(resourcePath) {\n    // TODO: Handle Region and VPC hiding...\n    let path = resourcePath.replace(/.id./g, '.[^.]+.') + '.[^.]+.link'\n    $('div').filter(function () {\n        return this.id.match(path)\n    }).hide()\n}\n\n/**\n * Updates the hash with a given path\n * @param path\n */\nfunction updateHash(path) {\n    window.location.hash = path;\n    showRowWithItems(path); // this handles the case where the hash is the same as that's being updated, e.g. when clicking \"Show All\"\n}\n\n/**\n * Show list, details' container, links, and view for a given path\n * @param path\n */\nfunction showRowWithItems(path) {\n    showRow(path)\n    showItems(path)\n}\n\n/**\n * Shows filters\n * @param {string} resourcePath\n */\nfunction showFilters(resourcePath) {\n    hideFilters()\n    // Show service filters\n    $('[id=\"' + resourcePath + '.id.filters\"]').show()\n    // show region filters\n    let service = resourcePath.split('.')[1]\n    $('[id*=\"regionfilters.' + service + '.regions\"]').show()\n}\n\n/**\n * Hides filters\n */\nfunction hideFilters() {\n    $('[id*=\".id.filters\"]').hide()\n    $('[id*=\"regionfilters\"]').hide()\n    // Reset dashboard filters\n    $('.dashboard-filter').val('')\n    $('.finding_items').filter(function () {\n        $(this).show()\n    })\n}\n\n/**\n * Show findings\n * @param {string} path\n * @param {string} resourcePath\n */\nfunction showFindings(path, resourcePath) {\n    let items = getValueAt(path)\n    let level = getValueAt(path.replace('items', 'level'))\n    let resourcePathArray = resourcePath.split('.')\n    let splitPath = path.split('.')\n    let findingService = splitPath[1]\n    let findingKey = splitPath[splitPath.length - 2]\n    for (let item in items) {\n        var idArray = items[item].split('.')\n        var id = 'services.' + idArray.slice(0, resourcePathArray.length).join('.')\n        showSingleItem(id)\n        if ($('[id=\"' + items[item] + '\"]').hasClass('badge')) {\n            $('[id=\"' + items[item] + '\"]').addClass('finding-title-' + level)\n        } else {\n            $('[id=\"' + items[item] + '\"]').addClass('finding-' + level)\n            $('[class=\"' + items[item] + '\"]').addClass('finding-' + level)\n        }\n        $('[id=\"' + items[item] + '\"]').removeClass('finding-hidden')\n        $('[id=\"' + items[item] + '\"]').attr('data-finding-service', findingService)\n        $('[id=\"' + items[item] + '\"]').attr('data-finding-key', findingKey)\n        $('[id=\"' + items[item] + '\"]').click(function (e) {\n            let findingId = getId(e.target);\n            if (!(findingService in exceptions)) {\n                exceptions[findingService] = {}\n            }\n            if (!(findingKey in exceptions[findingService])) {\n                exceptions[findingService][findingKey] = []\n            }\n            let isException = confirm('Mark this item as an exception ?')\n            if (isException && (exceptions[findingService][findingKey].indexOf(findingId) == -1)) {\n                exceptions[findingService][findingKey].push(findingId)\n            }\n        })\n    }\n}\n\n/**\n * Returns the ID from an element - if none is found, returns the ID of the closest parent that does\n * @param element\n */\nfunction getId(element) {\n    return $(element).closest('[id]').attr('id');\n}\n\n/**\n * Show a single item\n * @param id\n */\nfunction showSingleItem(id) {\n    if (!id.endsWith('.view')) {\n        id = id + '.view'\n    }\n    $(\"[id='\" + id + \"']\").show()\n    id = id.replace('.view', '.link')\n    $(\"[id='\" + id + \"']\").show()\n}\n\n/**\n * Toggles details\n * @param {string} keyword\n * @param {string} item\n */\nfunction toggleDetails(keyword, item) {\n    var id = '#' + keyword + '-' + item\n    $(id).toggle()\n}\n\n/**\n * Update the navigation bar\n * @param service\n */\nfunction updateNavbar(path) {\n    const navbarIdSuffix = '_navbar'\n    const subnavbarIdSuffix = '_subnavbar'\n\n    let splitPath = path.split('.')\n\n    $('[id*=\"navbar\"]').removeClass('active')\n\n    if (path === '') {\n        $('#scoutsuite_navbar').addClass('active')\n    } else if (splitPath[0] === 'services') {\n        const service = splitPath[1]\n        let element = $('#' + service + subnavbarIdSuffix)\n        while (element.length > 0 && (!element.attr('id') || !element.attr('id').endsWith(navbarIdSuffix))) {\n            element = element.parent()\n        }\n\n        if (element.length > 0) {\n            element.addClass('active')\n        }\n    } else if (splitPath[0] === 'service_groups' && splitPath.length >= 2) {\n        const group = splitPath[1]\n        $('#' + group + navbarIdSuffix).addClass('active')\n    }\n\n    $('[id*=\"navbar\"]').show()\n}\n\n/**\n * Tells if navbar has suff\n * @param {*} element\n */\nfunction hasNavbarSuffix(element) {\n    return element &&\n        (!element.attr('id') || element.attr('id') && !element.attr('id').endsWith(navbarIdSuffix))\n}\n\n/**\n * Toggles visibility\n * @param {string} id\n */\nfunction toggleVisibility(id) {\n    let id1 = '#' + id\n    $(id1).toggle()\n    let id2 = '#bullet-' + id\n    if ($(id1).is(':visible')) {\n        $(id2).html('<i class=\"fa fa-caret-square-o-down\"></i>')\n    } else {\n        $(id2).html('<i class=\"fa fa-caret-square-o-right\"></i>')\n    }\n}\n\n/**\n * Iterates through EC2 objects and calls\n * @param data\n * @param entities\n * @param callback\n * @param callbackArgs\n */\nfunction iterateEC2ObjectsAndCall(data, entities, callback, callbackArgs) {\n    if (entities.length > 0) {\n        var entity = entities.shift()\n        var recurse = entities.length\n        for (let i in data[entity]) {\n            if (recurse) {\n                iterateEC2ObjectsAndCall(data[entity][i], eval(JSON.stringify(entities)), callback, callbackArgs)\n            } else {\n                callback(data[entity][i], callbackArgs)\n            }\n        }\n    }\n}\n\n/**\n *\n * @param ec2Data\n * @param entities\n * @param id\n * @returns {*}\n */\nfunction findEC2Object(ec2Data, entities, id) {\n    if (entities.length > 0) {\n        var entity = entities.shift()\n        var recurse = entities.length\n        for (let i in ec2Data[entity]) {\n            if (recurse) {\n                var object = findEC2Object(ec2Data[entity][i], eval(JSON.stringify(entities)), id)\n                if (object) {\n                    return object\n                }\n            } else if (i === id) {\n                return ec2Data[entity][i]\n            }\n        }\n    }\n    return ''\n}\n\n/**\n * Finds EC2 object by attribute\n * @param ec2Data\n * @param entities\n * @param attributes\n * @returns {*}\n */\nfunction findEC2ObjectByAttr(ec2Data, entities, attributes) {\n    if (entities.length > 0) {\n        var entity = entities.shift()\n        var recurse = entities.length\n        for (let i in ec2Data[entity]) {\n            if (recurse) {\n                var object = findEC2ObjectByAttr(ec2Data[entity][i], eval(JSON.stringify(entities)), attributes)\n                if (object) {\n                    return object\n                }\n            } else {\n                var found = true\n                for (let attr in attributes) {\n                    // h4ck :: EC2 security groups in RDS are lowercased...\n                    if (ec2Data[entity][i][attr].toLowerCase() != attributes[attr].toLowerCase()) {\n                        found = false\n                    }\n                }\n                if (found) {\n                    return ec2Data[entity][i]\n                }\n            }\n        }\n    }\n    return ''\n}\n\n/**\n * Finds EC2 object attribute\n * @param ec2Info\n * @param path\n * @param id\n * @param attribute\n * @returns {*}\n */\nfunction findEC2ObjectAttribute(ec2Info, path, id, attribute) {\n    var entities = path.split('.')\n    var object = findEC2Object(ec2Info, entities, id)\n    if (object[attribute]) {\n        return object[attribute]\n    }\n    return ''\n}\n\n/**\n * Finds and shows EC2 object\n * @param path\n * @param id\n */\nfunction findAndShowEC2Object(path, id) {\n    let entities = path.split('.')\n    if (getFormat() === resultFormats.json) {\n        var object = findEC2Object(runResults['services']['ec2'], entities, id)\n    } else if (getFormat() === resultFormats.sqlite) {\n        console.log('TODO (SQlite) 1')\n    }\n    var etype = entities.pop()\n    if (etype === 'instances') {\n        showPopup(single_ec2_instance_template(object))\n    } else if (etype === 'security_groups') {\n        showPopup(single_ec2_security_group_template(object))\n    } else if (etype === 'vpcs') {\n        showPopup(single_vpc_template(object))\n    } else if (etype === 'network_acls') {\n        object['name'] = id\n        showPopup(single_vpc_network_acl_template(object))\n    }\n}\n\n/**\n * Finds and shows EC2 object by attribute\n * @param path\n * @param attributes\n */\nfunction findAndShowEC2ObjectByAttr(path, attributes) {\n    let entities = path.split('.')\n    if (getFormat() === resultFormats.json) {\n        var object = findEC2ObjectByAttr(runResults['services']['ec2'], entities, attributes)\n    } else if (getFormat() === resultFormats.sqlite) {\n        console.log('TODO (SQLite) 2')\n    }\n    var etype = entities.pop()\n    if (etype === 'security_groups') {\n        showPopup(single_ec2_security_group_template(object))\n    }\n}\n\n/**\n * Shows EC2 instance\n * @param data\n */\nfunction showEC2Instance2(data) {\n    showPopup(single_ec2_instance_template(data))\n}\n\n/**\n * Shows EC2 instance\n * @param region\n * @param vpc\n * @param id\n */\nfunction showEC2Instance(region, vpc, id) {\n    if (getFormat() === resultFormats.json) {\n        var data = runResults['services']['ec2']['regions'][region]['vpcs'][vpc]['instances'][id]\n    } else if (getFormat() === resultFormats.sqlite) {\n        console.log('TODO (SQLite) 3')\n    }\n    showPopup(single_ec2_instance_template(data))\n}\n\n/**\n * Shows EC2 security group\n * @param region\n * @param vpc\n * @param id\n */\nfunction showEC2SecurityGroup(region, vpc, id) {\n    if (getFormat() === resultFormats.json) {\n        var data = runResults['services']['ec2']['regions'][region]['vpcs'][vpc]['security_groups'][id]\n    } else if (getFormat() === resultFormats.sqlite) {\n        console.log('TODO (SQLite) 4')\n    }\n    showPopup(single_ec2_security_group_template(data))\n}\n\n/**\n * Shows object\n * @param {string} path\n * @param {string} attrName\n * @param {string} attrValue\n */\nfunction showObject(path, attrName, attrValue) {\n    const pathArray = path.split('.')\n    const pathLength = pathArray.length\n    let data = getResource(path)\n\n    // Adds the resource path values to the data context\n    for (let i = 0; i < pathLength - 1; i += 2) {\n        const attribute = makeResourceTypeSingular(pathArray[i])\n        data[attribute] = pathArray[i + 1]\n    }\n\n    // Filter if ...\n    let resourceType\n    if (attrName && attrValue) {\n        for (const resource in data) {\n            if (data[resource][attrName] !== attrValue) continue\n            data = data[resource]\n            break\n        }\n\n        resourceType = pathArray[1] + '_' + pathArray[pathLength - 1]\n    } else {\n        resourceType = pathArray[1] + '_' + pathArray[pathLength - 2]\n    }\n\n    let resource = makeResourceTypeSingular(resourceType)\n    let template = 'single_' + resource + '_template'\n    showPopup(window[template](data))\n}\n\n/**\n * Gets a resource from the run results.\n * @param {string} path\n */\nfunction getResource(path) {\n    let data = runResults\n    for (const attribute of path.split('.')) {\n        data = data[attribute]\n    }\n    return data\n}\n\n/**\n * Makes the resource type singular.\n * @param {string} resourceType\n */\nfunction makeResourceTypeSingular(resourceType) {\n    return resourceType.substring(0, resourceType.length - 1).replace(/\\.?ie$/, 'y')\n}\n\n/**\n * Displays IAM Managed Policy\n * @param policyId\n */\nfunction showIAMManagedPolicy(policyId) {\n    if (getFormat() === resultFormats.json) {\n        var data = runResults['services']['iam']['policies'][policyId]\n    } else if (getFormat() === resultFormats.sqlite) {\n        console.log('TODO (SQLite) 6')\n    }\n    data['policy_id'] = policyId\n    showIAMPolicy(data)\n}\n\n/**\n * Displays IAM Inline Policy\n * @param iamEntityType\n * @param iamEntityName\n * @param policyId\n */\nfunction showIAMInlinePolicy(iamEntityType, iamEntityName, policyId) {\n    if (getFormat() === resultFormats.json) {\n        var data = runResults['services']['iam'][iamEntityType][iamEntityName]['inline_policies'][policyId]\n    } else if (getFormat() === resultFormats.sqlite) {\n        console.log('TODO (SQLite) 7')\n    }\n    data['policy_id'] = policyId\n    showIAMPolicy(data)\n}\n\n/**\n * Displays IAM Policy\n * @param data\n */\nfunction showIAMPolicy(data) {\n    showPopup(single_iam_policy_template(data))\n    var id = '#iam_policy_details-' + data['report_id']\n    $(id).toggle()\n}\n\n/**\n * Display S3 bucket\n * @param bucketName\n */\nfunction showS3Bucket(bucketName) {\n    if (getFormat() === resultFormats.json) {\n        var data = runResults['services']['s3']['buckets'][bucketName]\n    } else if (getFormat() === resultFormats.sqlite) {\n        console.log('TODO (SQLite) 8')\n    }\n    showPopup(single_s3_bucket_template(data))\n}\n\n/**\n * Displays S3 object\n * @param bucketId\n * @param keyId\n */\nfunction showS3Object(bucketId, keyId) {\n    if (getFormat() === resultFormats.json) {\n        var data = runResults['services']['s3']['buckets'][bucketId]['keys'][keyId]\n    } else if (getFormat() === resultFormats.sqlite) {\n        console.log('TODO (SQLite) 9')\n    }\n    data['key_id'] = keyId\n    data['bucket_id'] = bucketId\n    showPopup(single_s3_object_template(data))\n}\n\n/**\n * Displays the popup\n * @param {*} content\n */\nfunction showPopup(content) {\n    $('#modal-container').html(content)\n    $('#modal-container').modal()\n}\n\n/**\n * Get the format of the results that Scout Suite is reading from\n */\nfunction getFormat() {\n    if (document.getElementById('sqlite_format')) {\n        return resultFormats.sqlite\n    } else if (document.getElementById('json_format')) {\n        return resultFormats.json\n    }\n    return resultFormats.invalid\n}\n\n/**\n * Set up dashboards and dropdown menus\n */\nfunction loadMetadata() {\n    if (getFormat() === resultFormats.json) {\n        runResults = getScoutsuiteResultsJson()\n    } else if (getFormat() === resultFormats.sqlite) {\n        runResults = requestDb()\n        loadFirstPageEverywhere()\n    }\n\n    loadAccountId()\n\n    loadConfig('last_run', 1, false)\n    loadConfig('metadata', 0, false)\n    loadConfig('services.id.findings', 1, false)\n    loadConfig('services.id.filters', 0, false) // service-specific filters\n    loadConfig('services.id.regions', 0, false) // region filters\n\n    for (let group in runResults['metadata']) {\n        for (let service in runResults['metadata'][group]) {\n            if (service === 'summaries') {\n                continue\n            }\n            for (let section in runResults['metadata'][group][service]) {\n                for (let resourceType in runResults['metadata'][group][service][section]) {\n                    addTemplates(group, service, section, resourceType,\n                        runResults['metadata'][group][service][section][resourceType]['path'],\n                        runResults['metadata'][group][service][section][resourceType]['cols'])\n                }\n            }\n        }\n    }\n    hidePleaseWait()\n}\n\n/**********************\n * Browsing functions *\n **********************/\n\n/**\n * Summary\n */\nfunction exportSummary() {\n    var anchor = window.location.hash.substr(1)\n    // Strip the # sign\n    // Get resource path based on browsed-to path\n    var item_indexes = getValueAt(\"\");\n\n    // create array with item values\n        var items = [];\n        var index = 0;\n        items[index] = [\"Service\", \"Description\", \"Affected resources\", \"Risk level\"]\n        Object.entries(item_indexes.services).forEach((service) =>{\n            Object.entries(service[1].findings).forEach((finding) => {\n                index++;\n                items[index] = [finding[1].service, finding[1].description, finding[1].flagged_items, finding[1].level];\n            })\n        });\n\n    downloadAsCsv('summary.csv', items)\n}\n\n\n/**\n * Show About Scout Suite modal\n */\nfunction showAbout() {\n    $('#modal-container').html(about_scoutsuite_template())\n    $('#modal-container').modal()\n}\n\n/**\n * Hides Please Wait modal\n */\nfunction hidePleaseWait () {\n    $('#please-wait-modal').fadeOut(500, () => { })\n\n\n    $('#please-wait-backdrop').fadeOut(500, () => { })\n}\n\n/**\n * Shows last run details modal\n */\nfunction showLastRunDetails() {\n    $('#modal-container').html(last_run_details_template(runResults))\n    $('#modal-container').modal()\n}\n\n/**\n * Shows resources details modal\n */\nfunction showResourcesDetails() {\n    $('#modal-container').html(resources_details_template(runResults));\n    $('#modal-container').modal()\n\n    $('#resources_details_download_csv_button').click(function(){\n            var anchor = window.location.hash.substr(1)\n            var item_indexes = getValueAt(\"\")\n            var items = []\n            var index = 0\n            items[index] = [\"Service\", \"Resource\", \"#\"]\n            var serviceName = \"\"\n            Object.entries(item_indexes.services).forEach((service) => {\n                serviceName = service[0]\n                Object.entries(service[1]).forEach((attr) => {\n                        if ((attr[0].split(\"_\")[1] == \"count\" || attr[0].split(\"_\")[2] == \"count\") && attr[1] != 0 && attr[0].split(\"_\")[0] != \"regions\"){\n                                index++;\n                                items[index] = [serviceName, attr[0].split(\"_\")[0], attr[1].toString()];\n                            }\n                })\n            })\n            downloadAsCsv('findings_summary.csv', items)\n        }\n    )\n}\n\n\n/**\n * Show main dashboard\n */\nfunction showMainDashboard() {\n    hideAll()\n    // Hide filters\n    hideFilters()\n    $('#findings_download_button').hide()\n    $('#paging_buttons').hide()\n    showRowWithItems('account_id')\n    showRowWithItems('last_run')\n    $('#section_title-h2').text('')\n    $('#section_paging-h2').text('')\n    // Remove URL hash\n    history.pushState('', document.title, window.location.pathname + window.location.search)\n    updateNavbar('')\n}\n\n/**\n * Make title from resource path\n * @param {string} resourcePath\n * @returns {string}\n */\nfunction makeTitleAcl(resourcePath) {\n    resourcePath = resourcePath.replace('service_groups.', '')\n    let service = getService(resourcePath)\n\n    const parts = resourcePath.split('.').pop().split('_').map(part => `${part.charAt(0).toUpperCase()}${part.substring(1).toLowerCase()}`)\n    let formatted = ''\n    do {\n        const part = parts.shift()\n        formatted += part.length > 1 ? ` ${part} ` : part\n    } while (parts.length > 0)\n\n    formatted = formatted.replace(/Acl/g, 'ACL').replace('Findings', 'Dashboard').replace(/</g, '').replace(/>/g, '').trim()\n\n    return service + ' ' + formatted\n}\n\n/**\n * Returns the service\n * @param {string} resourcePath\n * @returns {string}\n */\nfunction getService(resourcePath) {\n    if (resourcePath.startsWith('services')) {\n        var service = resourcePath.split('.')[1]\n    } else {\n        service = resourcePath.split('.')[0]\n    }\n    service = makeTitle(service)\n    return service\n}\n\n/**\n * Update title div's contents\n * @param {string} title\n */\nfunction updateTitle(title) {\n    $('#section_title-h2').text(title)\n}\n\n/**\n * Updates the Document Object Model\n */\nfunction showPageFromHash() {\n    myhash = location.hash.replace(/[^a-zA-Z|0-9|.#-_]/gi,'')\n    if (myhash) {\n        updateDOM(myhash)\n    } else {\n        updateDOM('')\n    }\n}\n\nwindow.onhashchange = showPageFromHash\n\n/**\n * Get value at given path\n * @param {string} path\n * @returns {string}\n */\nfunction getValueAt(path) {\n    return getValueAtRecursive(path, runResults)\n}\n\nfunction getValueAtRecursive(path, source) {\n    let value = source;\n    let current_path = path;\n    let key;\n    // iterate over each path elements\n    while (current_path) {\n        // check if there are more elements to the path\n        if(current_path.indexOf('.') != -1){\n            key = current_path.substr(0, current_path.indexOf('.'));\n        }\n        // last element\n        else {\n            key = current_path;\n        }\n\n        try {\n            // path containing an \".id\"\n            if(key == 'id')\n            {\n                let v = [];\n                let w;\n                for(let k in value){\n                    // process recursively\n                    w = getValueAtRecursive(k + current_path.substr(current_path.indexOf('.'), current_path.length), value);\n                    v = v.concat(\n                        Object.values(w) // get values from array, otherwise it will be an array of key/values\n                    );\n                }\n                return v;\n            }\n            // simple path, just return element in value\n            else {\n                value = value[key];\n            }\n        } catch (err) {\n            console.log('Error: ' + err)\n        }\n\n        // check if there are more elements to process\n        if(current_path.indexOf('.') != -1){\n            current_path = current_path.substr(current_path.indexOf('.')+1, current_path.length);\n        }\n        // otherwise we're done\n        else {\n            current_path = false;\n        }\n    }\n    return value;\n}\n\nvar currentResourcePath = ''\n\n/**\n * Updates the Document Object Model\n * @param {string} anchor\n */\nfunction updateDOM(anchor) {\n    // Enable or disable the buttons depending on which page you are\n    updateButtons()\n\n    // Strip the # sign\n    var path = decodeURIComponent(anchor.replace('#', ''))\n\n    // Get resource path based on browsed-to path\n    var resourcePath = getResourcePath(path)\n\n    updateNavbar(path)\n\n    const pathSuffixes = [\n        'findings',\n        'statistics',\n        'password_policy',\n        'security_policy',\n        'permissions',\n        '<root_account>',\n        'external_attack_surface',\n        'output',\n    ]\n\n    let show = true\n    for (const suffix of pathSuffixes) {\n        if (!path.endsWith(`.${suffix}`)) continue\n        show = false\n        break\n    }\n    if (show) {\n        $('#findings_download_button').show()\n        $('#paging_buttons').show()\n    } else {\n        $('#findings_download_button').hide()\n        $('#paging_buttons').hide()\n    }\n\n    // Update title\n    if (path.endsWith('.items')) {\n        let title = getValueAt(path.replace('items', 'description'))\n        updateTitle(title)\n    } else {\n        let title = makeTitleAcl(resourcePath)\n        updateTitle(title)\n    }\n\n    // Clear findings highlighting\n    $('span').removeClass('finding-danger')\n    $('span').removeClass('finding-warning')\n\n    // DOM Update\n    if (path === '') {\n        showMainDashboard()\n    } else if (path.endsWith('.items')) {\n        // Switch view for findings\n        lazyLoadingJson(resourcePath)\n        hideAll()\n        hideItems(resourcePath)\n        hideLinks(resourcePath)\n        showRow(resourcePath)\n        showFindings(path, resourcePath)\n        currentResourcePath = resourcePath\n        showFilters(resourcePath)\n    } else if (lazyLoadingJson(resourcePath) == 0) {\n        console.log(resourcePath + ' has already been loaded');\n        // 0 is returned when the data was already loaded, a DOM update is necessary then\n        if (path.endsWith('.view')) {\n            // Same details, one item\n            hideItems(currentResourcePath)\n            showSingleItem(path)\n        } else if (currentResourcePath !== '' && resourcePath.match(currentResourcePath.replace(/.id./g, '.[^.]+.'))) {\n            // Same details, multiple items\n            hideItems(currentResourcePath)\n            showItems(path)\n        } else {\n            // Switch view for resources\n            console.log('Switching view to ' + resourcePath);\n            hideAll()\n            showRowWithItems(resourcePath)\n            // showFilters(resourcePath)\n            currentResourcePath = resourcePath\n        }\n    } else {\n        // The DOM was updated by the lazy loading function, save the current resource path\n        console.log('View was updated via lazyloading');\n        showFilters(resourcePath)\n        currentResourcePath = resourcePath\n    }\n\n    // Scroll to the top\n    window.scrollTo(0, 0)\n}\n\n/**\n * Lazy loading\n * @param {string} path\n * @returns {number}\n */\nfunction lazyLoadingJson(path) {\n    var cols = 1\n    var resourcePathArray = path.split('.')\n    var service = resourcePathArray[1]\n    var resourceType = resourcePathArray[resourcePathArray.length - 1]\n    for (let group in runResults['metadata']) {\n        if (service in runResults['metadata'][group]) {\n            if (resourceType in runResults['metadata'][group][service]['resources']) {\n                cols = runResults['metadata'][group][service]['resources'][resourceType]['cols']\n            }\n            break\n        }\n    }\n    return loadConfig(path, cols, false);\n}\n\n/**\n * Get the resource path based on a given path\n * @param path\n * @returns {string}\n */\nfunction getResourcePath(path) {\n    if (path.endsWith('.items')) {\n        var resourcePath = getValueAt(path.replace('items', 'display_path'))\n        if (resourcePath === undefined) {\n            resourcePath = getValueAt(path.replace('items', 'path'))\n        }\n        let resourcePathArray = resourcePath.split('.')\n        resourcePathArray.pop()\n        resourcePath = 'services.' + resourcePathArray.join('.')\n    } else if (path.endsWith('.view')) {\n        // Resource path is not changed (this may break when using `back' button in browser)\n        resourcePath = currentResourcePath\n    } else {\n        resourcePath = path\n    }\n    return resourcePath\n}\n\n/**\n * Format title\n * @param title\n * @returns {string}\n */\nfunction makeTitle(title) {\n    if (typeof (title) !== 'string') {\n        console.log('Error: received title ' + title + ' (string expected).')\n        return title.toString()\n    }\n\n    const uppercaseTitles = [\n        'acm', 'aks', 'ec2', 'ecr', 'ecs', 'efs', 'eks', 'gke', 'iam', 'kms', 'rbac',\n        'rds', 'sns', 'ses', 'sqs', 'vpc', 'elb', 'elbv2', 'emr', 'dns', 'oss', 'ram',\n    ]\n\n    const formattedTitles = {\n        'cloudtrail': 'CloudTrail',\n        'cloudwatch': 'CloudWatch',\n        'cloudformation': 'CloudFormation',\n        'cloudfront': 'CloudFront',\n        'awslambda': 'Lambda',\n        'docdb': 'DocumentDB',\n        'dynamodb': 'DynamoDB',\n        'guardduty': 'GuardDuty',\n        'secretsmanager': 'Secrets Manager',\n        'ssm': 'Systems Manager',\n        'elasticache': 'ElastiCache',\n        'redshift': 'RedShift',\n        'cloudstorage': 'Cloud Storage',\n        'cloudsql': 'Cloud SQL',\n        'stackdriverlogging': 'Stackdriver Logging',\n        'stackdrivermonitoring': 'Stackdriver Monitoring',\n        'computeengine': 'Compute Engine',\n        'kubernetesengine': 'Kubernetes Engine',\n        'cloudmemorystore': 'Cloud Memorystore',\n        'aad': 'Azure Active Directory',\n        'storageaccounts': 'Storage Accounts',\n        'sqldatabase': 'SQL Database',\n        'virtualmachines': 'Virtual Machines',\n        'securitycenter': 'Security Center',\n        'keyvault': 'Key Vault',\n        'appgateway': 'Application Gateway',\n        'rediscache': 'Redis Cache',\n        'appservice': 'App Services',\n        'loadbalancer': 'Load Balancer',\n        'actiontrail': 'ActionTrail',\n        'objectstorage': 'Object Storage',\n\n        // Azure and Kubernetes\n        'loggingmonitoring': 'Azure Monitor',\n\n        // Kubernetes\n        'kubernetesengine': 'GKE'\n    }\n\n    title = title.toLowerCase()\n    if (uppercaseTitles.indexOf(title) !== -1) {\n        return title.toUpperCase()\n    } else if (formattedTitles[title.split('_')[0]]) {\n        return formattedTitles[title]\n    } else {\n        const parts = title.split('_').map(part => `${part.charAt(0).toUpperCase()}${part.substring(1).toLowerCase()}`)\n        let formatted = ''\n        do {\n            const part = parts.shift()\n            formatted += part.length > 1 ? ` ${part} ` : part\n        } while (parts.length > 0)\n        return formatted.trim()\n    }\n}\n\n/**\n * Toggles between truncated and full lenght bucket name\n * @param {string} name           Name of the bucket\n */\nfunction toggleName(name) {\n    if (name.style.display !== 'contents') {\n        name.style.display = 'contents'\n    } else {\n        name.style.display = 'block'\n    }\n}\n\n/**\n * Add one or multiple\n * @param group\n * @param service\n * @param section\n * @param resourceType\n * @param path\n * @param cols\n */\nfunction addTemplates(group, service, section, resourceType, path, cols) {\n    if (cols === undefined) {\n        cols = 2\n    }\n    addTemplate(group, service, section, resourceType, path, 'details')\n    if (cols > 1) {\n        addTemplate(group, service, section, resourceType, path, 'list')\n    }\n}\n\n/**\n * Add resource templates\n * @param group\n * @param service\n * @param section\n * @param resourceType\n * @param path\n * @param suffix\n */\nfunction addTemplate(group, service, section, resourceType, path, suffix) {\n    var template = document.createElement('script')\n    var partialName = ''\n    template.type = 'text/x-handlebars-template'\n    template.id = path + '.' + suffix + '.template'\n    if (section === 'resources') {\n        if (suffix === 'list') {\n            if (path.indexOf('.vpcs.id.') > 0) {\n                partialName = 'left_menu_for_vpc'\n            } else if (path.indexOf('.subscriptions.id.') > 0) {\n                partialName = 'left_menu_for_subscription'\n            } else if (path.indexOf('projects.id.zones.id.') > 0) {\n                partialName = 'left_menu_for_gcp_zone';\n            } else if (path.indexOf('projects.id.regions.id.') > 0) {\n                partialName = 'left_menu_for_gcp_region';\n            } else if (path.indexOf('.regions.id.') > 0) {\n                partialName = 'left_menu_for_region'\n            } else if (path.indexOf('.projects.id.') > 0) {\n                partialName = 'left_menu_for_project'\n            } else if (group === '_scout_suite_aggregation' || group.length === 1 && resourceType.startsWith('v')) {\n                // no real way to categorize Kubernetes resources\n                // hopefully in the future this huge JavaScript file will be decoupled\n                partialName = 'left_menu_for_kubernetes_resource'\n            } else {\n                partialName = 'left_menu'\n            }\n        } else if (suffix === 'details') {\n            if (path.indexOf('.vpcs.id.') > 0) {\n                partialName = 'details_for_vpc'\n            } else if (path.indexOf('.subscriptions.id.') > 0) {\n                partialName = 'details_for_subscription'\n            } else if (path.indexOf('projects.id.zones.id') > 0) {\n                partialName = 'details_for_gcp_zone';\n            } else if (path.indexOf('projects.id.regions.id') > 0) {\n                partialName = 'details_for_gcp_region';\n            } else if (path.indexOf('.regions.id.') > 0) {\n                partialName = 'details_for_region'\n            } else if (path.indexOf('.projects.id.') > 0) {\n                partialName = 'details_for_project'\n            } else if (group === '_scout_suite_aggregation' || group.length === 1 && resourceType.startsWith('v')) {\n                // no real way to categorize Kubernetes resources\n                // hopefully in the future this huge JavaScript file will be decoupled\n                partialName = 'details_for_kubernetes_resource'\n            } else {\n                partialName = 'details'\n            }\n        } else {\n            console.log('Invalid suffix (' + suffix + ') for resources template.')\n        }\n        template.innerHTML = '{{> ' + partialName + \" service_group = '\" + group + \"' service_name = '\" + service + \"' resource_type = '\" + resourceType + \"' partial_name = '\" + path + \"'}}\"\n        $('body').append(template)\n    }\n}\n\n/**\n * Rules generator\n * @param group\n * @param service\n */\nfunction filterRules(group, service) {\n    if (service === undefined) {\n        $(\"[id*='rule-']\").show()\n    } else {\n        $(\"[id*='rule-']\").not(\"[id*='rule-\" + service + \"']\").hide()\n        $(\"[id*='rule-\" + service + \"']\").show()\n    }\n    var id = 'groups.' + group + '.list'\n    $(\"[id='\" + id + \"']\").hide()\n}\n\n/**\n * Downloads the configuration\n * @param {object} configuration\n * @param {string} name\n * @param {string} prefix\n */\nfunction downloadConfiguration(configuration, name, prefix) {\n    var uriContent = 'data:text/json;charset=utf-8,' + encodeURIComponent(prefix + JSON.stringify(configuration, null, 4))\n    var dlAnchorElem = document.getElementById('downloadAnchorElem')\n    dlAnchorElem.setAttribute('href', uriContent)\n    dlAnchorElem.setAttribute('download', name + '.json')\n    dlAnchorElem.click()\n}\n\n/**\n * Downloads execptions\n */\nfunction downloadExceptions() {\n    var url = window.location.pathname\n    var profileName = url.substring(url.lastIndexOf('/') + 1).replace('report-', '').replace('.html', '')\n    console.log('Download exceptions: ' + exceptions)\n    downloadConfiguration(exceptions, 'exceptions-' + profileName, 'exceptions = \\n')\n}\n\n/**\n * Shows an element\n * @param {string} elementId\n */\nvar showElement = function (elementId) {\n    $('#' + elementId).show()\n}\n\n/**\n * Hides an element\n * @param {string} elementId\n */\nvar hideElement = function (elementId) {\n    $('#' + elementId).hide()\n}\n\n/**\n * Toggles an element\n * @param {string} elementId\n */\nvar toggleElement = function (elementId) {\n    $('#' + elementId).toggle()\n}\n\n/**\n * Sets the url to filter a specific region\n * @param {string} region\n */\nfunction setFilterUrl(region) {\n    let tmp = location.hash.split('.')\n    tmp[3] = region\n    location.hash = tmp.join('.')\n}\n\n/**\n * Returns a csv file to download\n *   example input:\n *   exportToCsv('export.csv', [\n *   ['name','description'],\n *   ['david','123'],\n *   ['jona','\"\"'],\n *   ['a','b'],\n *   ])\n * @param filename\n * @param rows\n */\nfunction downloadAsCsv(filename, rows) {\n    var processRow = function (row) {\n        var finalVal = ''\n        for (var j = 0; j < row.length; j++) {\n            var innerValue = row[j] === null ? '' : row[j].toString()\n            if (row[j] instanceof Date) {\n                innerValue = row[j].toLocaleString()\n            }\n\n            var result = innerValue.replace(/\"/g, '\"\"')\n            if (result.search(/(\"|,|\\n)/g) >= 0) {\n                result = '\"' + result + '\"'\n            }\n            if (j > 0) {\n                finalVal += ','\n            }\n            finalVal += result\n        }\n        return finalVal + '\\n'\n    }\n\n    var csvFile = ''\n    for (var i = 0; i < rows.length; i++) {\n        csvFile += processRow(rows[i])\n    }\n\n    var blob = new Blob([csvFile], {type: 'text/csv;charset=utf-8;'})\n    if (navigator.msSaveBlob) { // IE 10+\n        navigator.msSaveBlob(blob, filename)\n    } else {\n        var link = document.createElement('a')\n        if (link.download !== undefined) { // feature detection\n            // Browsers that support HTML5 download attribute\n            var url = URL.createObjectURL(blob)\n            link.setAttribute('href', url)\n            link.setAttribute('download', filename)\n            link.style.visibility = 'hidden'\n            document.body.appendChild(link)\n            link.click()\n            document.body.removeChild(link)\n        }\n    }\n}\n\n/**\n * Downloads the dictionary as a .json file\n * @param {string} filename\n * @param {object} dict\n */\nfunction downloadAsJson(filename, dict) {\n    var jsonStr = JSON.stringify(dict)\n\n    var blob = new Blob([jsonStr], {type: 'application/json;'})\n    if (navigator.msSaveBlob) { // IE 10+\n        navigator.msSaveBlob(blob, filename)\n    } else {\n        var link = document.createElement('a')\n        if (link.download !== undefined) { // feature detection\n            // Browsers that support HTML5 download attribute\n            var url = URL.createObjectURL(blob)\n            link.setAttribute('href', url)\n            link.setAttribute('download', filename)\n            link.style.visibility = 'hidden'\n            document.body.appendChild(link)\n            link.click()\n            document.body.removeChild(link)\n        }\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/output/data/inc-scoutsuite/sqlite.js",
    "content": "// TODO: Change this for something less goofy\nvar querySeparator = '¤'\nvar reQuerySeparator = new RegExp('\\\\' + querySeparator + '+$')\nvar defaultPort = 8000\n\n/**\n * Requests a list corresponding to the resource\n * @param {string} query            The suffix of the url\n * @param {number} pageSize         The amount of resources per page\n * @param {number} pageIndex        The index of the page [0, totalResources / pageSize - 1]\n * @returns {string}\n */\nfunction requestDb (query, pageSize, pageIndex) {\n  // TODO: Add the option of using a different port\n  let url = 'http://127.0.0.1:' + defaultPort + '/api/'\n  let response = ''\n\n  if (arguments.length === 0) {\n    url += 'summary'\n  } else if (arguments.length === 1) {\n    url += 'data?key=' + query\n  } else if (arguments.length === 2) {\n    url += 'full?key=' + query\n  } else {\n    url += 'page?pagesize=' + pageSize + '&page=' + pageIndex + '&key=' + query\n  }\n\n  $.ajax({\n    type: 'GET',\n    url: url,\n    async: false,\n    dataType: 'json',\n    success: function (result) {\n      response = result\n    } })\n\n  return response.data\n}\n\n/**\n * Inserts resource page info into runResults and wipes out the last resource page info from the memory\n * to make sure the memory never gets capped and crashes the browser, also updates page index of the resource\n * @param {number} pageSize         The amount of resources per page\n * @param {number} pageIndex        The index of the page [0, totalResources / pageSize - 1]\n * @param {string} service          The service targeted\n * @param {string} resource         The resource targeted\n */\nfunction getResourcePageSqlite (pageIndex, pageSize, service, resource) {\n  let resources = requestDb(createQuery('services', service, resource), pageSize, pageIndex)\n  // Create an object where to save data and overwrite the current content\n  runResults['services'][service][resource] = {}\n  for (let item in resources) {\n    runResults['services'][service][resource][item] =\n      requestDb(createQuery('services', service, resource, item), null)\n  }\n\n  // Save the current page index to remember which page we have saved\n  // Originally wanted to save that info under the precise resource, but the handlebar templates create slots for\n  // each entry under resource, therefore there were 2 empty slots always added\n  runResults['services'][service][resource + '_page_index'] = pageIndex\n  runResults['services'][service][resource + '_page_size'] = pageSize\n}\n\n/**\n * Acts like getResourcePageSqlite but when we're using regions, made a separate function since the order of\n * the variables are different and it was getting confusing\n * @param {number} pageSize         The amount of resources per page\n * @param {number} pageIndex        The index of the page [0, totalResources / pageSize - 1]\n * @param {string} service          The service targeted\n * @param {string} region           The region targeted\n * @param {string} resource         The resource targeted\n */\nfunction getResourcePageSqliteRegions (pageIndex, pageSize, service, region, resource) {\n  let resources = requestDb(createQuery('services', service, 'regions', region, resource), pageSize, pageIndex)\n  // Create a spot where to save data\n  runResults['services'][service]['regions'][region][resource] = {}\n  for (let item in resources) {\n    Object.assign(runResults['services'][service]['regions'][region][resource], { [item]: \n      requestDb(createQuery('services', service, 'regions', region, resource, item), null) })\n  }\n  if (runResults['services'][service]['regions']['id'] === undefined) {\n    runResults['services'][service]['regions']['id'] = {}\n  }\n  \n  // Save the current page index to remember which page we have saved\n  // Originally wanted to save that info under the precise resource, but the handlebar templates create slots for\n  // each entry under resource, therefore there were 2 empty slots always added\n  runResults['services'][service]['regions']['id'][resource + '_page_index'] = pageIndex\n  runResults['services'][service]['regions']['id'][resource + '_page_size'] = pageSize\n}\n\n/**\n * Creates a query using the query separator to request information from the server\n * Scales with the number of params given\n * @returns {string}\n */\nfunction createQuery () {\n  let query = ''\n  for (let i = 0; i < arguments.length; i++) {\n    query += arguments[i] + querySeparator\n  }\n  query = query.replace(reQuerySeparator, '')\n  return query\n}\n"
  },
  {
    "path": "ScoutSuite/output/data/inc-scoutsuite/theme.js",
    "content": "const DARK_BOOTSTRAP_THEME = 'inc-bootstrap/css/bootstrap-dark.min.css';\nconst LIGHT_BOOTSTRAP_THEME = 'inc-bootstrap/css/bootstrap-light.min.css';\n\nconst DARK_SCOUT_THEME = 'inc-scoutsuite/css/scoutsuite-dark.css';\nconst LIGHT_SCOUT_THEME = 'inc-scoutsuite/css/scoutsuite-light.css';\n\n$(document).ready(() => {\n  if (isDarkThemeEnabled()) {\n    document.getElementById('theme_checkbox').checked = true\n  }\n});\n\n/**\n * Load the last theme used by looking into localstorage\n */\nfunction loadLastTheme() {\n  if (isDarkThemeEnabled()) {\n    setBootstrapTheme(DARK_BOOTSTRAP_THEME)\n    setScoutTheme(DARK_SCOUT_THEME)\n  }\n}\n\n/**\n * Toggles between light and dark themes\n */\nfunction toggleTheme() {\n  localStorage.setItem('dark_theme_enabled', document.getElementById('theme_checkbox').checked)\n  if (document.getElementById('theme_checkbox').checked) {\n    this.setBootstrapTheme(DARK_BOOTSTRAP_THEME)\n    this.setScoutTheme(DARK_SCOUT_THEME)\n  }\n  else {\n    this.setBootstrapTheme(LIGHT_BOOTSTRAP_THEME)\n    this.setScoutTheme(LIGHT_SCOUT_THEME)\n  }\n};\n\n/**\n * Toggles between light and dark themes\n */\nfunction toggleTheme() {\n  const darkThemeEnabled = document.getElementById('theme_checkbox').checked\n  saveIsDarkThemeEnabled(darkThemeEnabled)\n\n  if (darkThemeEnabled) {\n    this.setBootstrapTheme(DARK_BOOTSTRAP_THEME)\n    this.setScoutTheme(DARK_SCOUT_THEME)\n  }\n  else {\n    this.setBootstrapTheme(LIGHT_BOOTSTRAP_THEME)\n    this.setScoutTheme(LIGHT_SCOUT_THEME)\n  }\n};\n\n/**\n * Sets the css file location received as the bootstrap theme\n * @param {string} file\n */\nfunction setBootstrapTheme(file) {\n  document.getElementById('bootstrap-theme').href = file\n}\n\n/**\n * Sets the css file location received as the scout theme\n * @param {string} file\n */\nfunction setScoutTheme(file) {\n  document.getElementById('scout-theme').href = file\n}\n\n/**\n * Tells us if the dark theme is enabled or not\n * @returns {boolean}\n */\nfunction isDarkThemeEnabled() {\n  return localStorage.getItem('dark_theme_enabled') === 'true'\n}\n\n/**\n * Saves which theme is selected within the localstorage\n * @param {boolean} isDarkThemeEnabled \n */\nfunction saveIsDarkThemeEnabled(isDarkThemeEnabled) {\n  localStorage.setItem('dark_theme_enabled', isDarkThemeEnabled)\n}"
  },
  {
    "path": "ScoutSuite/output/data/listall-configs/ec2.regions.id.vpcs.id.security_groups.id.json",
    "content": "{\n    \"keys\": [\n        \"ec2.regions.id\",\n        \"ec2.regions.id.vpcs.id\",\n        \"ec2.regions.id.vpcs.id.security_groups.id\",\n        \"name\"\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/output/html.py",
    "content": "import datetime\nimport os\nimport shutil\nimport zipfile\n\nimport dateutil.tz\n\nfrom ScoutSuite import DEFAULT_INCLUDES_DIRECTORY\nfrom ScoutSuite import DEFAULT_REPORT_DIRECTORY, DEFAULT_REPORT_RESULTS_DIRECTORY, DEFAULT_INCLUDES_DIRECTORY\nfrom ScoutSuite import ERRORS_LIST\nfrom ScoutSuite.core.console import print_info, print_exception\nfrom ScoutSuite.output.result_encoder import JavaScriptEncoder, SqlLiteEncoder\nfrom ScoutSuite.output.utils import get_filename, prompt_for_overwrite\n\n\nclass HTMLReport:\n    \"\"\"\n    Base HTML report\n    \"\"\"\n\n    def __init__(self, report_name=None, report_dir=None, timestamp=False, exceptions=None, result_format=None):\n\n        self.report_name = report_name\n        self.report_name = report_name.replace('/', '_').replace('\\\\', '_')  # Issue 111\n        self.report_dir = report_dir if report_dir else DEFAULT_REPORT_DIRECTORY\n        self.current_time = datetime.datetime.now(dateutil.tz.tzlocal())\n        self.timestamp = self.current_time.strftime(\"%Y-%m-%d_%Hh%M%z\") if not timestamp else timestamp\n\n        # exceptions = {} if exceptions is None else exceptions\n        self.exceptions = exceptions if exceptions else {}\n        self.scout_report_data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data')\n        self.html_data_path = os.path.join(self.scout_report_data_path, 'html')\n        self.exceptions_encoder = JavaScriptEncoder(self.report_name, report_dir, timestamp)\n\n        if result_format == \"sqlite\":\n            self.encoder = SqlLiteEncoder(self.report_name, report_dir, timestamp)\n        else:\n            self.encoder = JavaScriptEncoder(self.report_name, report_dir, timestamp)\n\n    def get_content_from_folder(self, templates_type):\n        contents = ''\n        template_dir = os.path.join(self.html_data_path, templates_type)\n        template_files = [os.path.join(template_dir, f) for f in os.listdir(template_dir) if\n                          os.path.isfile(os.path.join(template_dir, f))]\n        for filename in template_files:\n            try:\n                with open('%s' % filename) as f:\n                    contents = contents + f.read()\n            except Exception as e:\n                print_exception(f'Error reading filename {filename}: {e}')\n        return contents\n\n    def get_content_from_file(self, filename):\n        contents = ''\n        template_dir = os.path.join(self.html_data_path, 'conditionals')\n        filename = template_dir + filename\n        try:\n            with open('%s' % filename) as f:\n                contents = contents + f.read()\n        except Exception as e:\n            print_exception(f'Error reading filename {filename}: {e}')\n        return contents\n\n    def prepare_html_report_dir(self):\n        if not os.path.isdir(self.report_dir):\n            os.makedirs(self.report_dir)\n        run_results_dir = os.path.join(self.report_dir, DEFAULT_REPORT_RESULTS_DIRECTORY)\n        if not os.path.isdir(run_results_dir):\n            os.makedirs(run_results_dir)\n        # Copy static 3rd-party files\n        archive = os.path.join(self.scout_report_data_path, 'includes.zip')\n        zip_ref = zipfile.ZipFile(archive)\n        zip_ref.extractall(self.report_dir)\n        zip_ref.close()\n        # Copy static files\n        inc_scout_dir = os.path.join(self.report_dir, DEFAULT_INCLUDES_DIRECTORY)\n        src_inc_scout_dir = os.path.join(self.scout_report_data_path, DEFAULT_INCLUDES_DIRECTORY)\n        if os.path.isdir(inc_scout_dir):\n            shutil.rmtree(inc_scout_dir)\n        shutil.copytree(src_inc_scout_dir, inc_scout_dir)\n\n\nclass ScoutReport(HTMLReport):\n    \"\"\"\n    Scout HTML report\n    \"\"\"\n\n    def __init__(self, provider, report_name=None, report_dir=None, timestamp=False, exceptions=None,\n                 result_format='json'):\n        exceptions = {} if exceptions is None else exceptions\n        self.provider = provider\n        self.result_format = result_format\n\n        super().__init__(report_name, report_dir, timestamp, exceptions, result_format)\n\n    def save(self, config, exceptions, force_write=False, debug=False):\n        self.prepare_html_report_dir()\n        self.encoder.save_to_file(config, 'RESULTS', force_write, debug)\n        self.exceptions_encoder.save_to_file(exceptions, 'EXCEPTIONS', force_write, debug)\n        if ERRORS_LIST:\n            self.exceptions_encoder.save_to_file(ERRORS_LIST, 'ERRORS', force_write, debug=True)\n        return self.create_html_report(force_write)\n\n    def create_html_report(self, force_write):\n        contents = ''\n        # Use the script corresponding to the result format\n        contents += self.get_content_from_file('/%s_format.html' % self.result_format)\n        # Use all scripts under html/partials/\n        contents += self.get_content_from_folder('partials')\n        contents += self.get_content_from_folder('partials/%s' % self.provider)\n        # Use all scripts under html/summaries/\n        contents += self.get_content_from_folder('summaries')\n        contents += self.get_content_from_folder('summaries/%s' % self.provider)\n        new_file, first_line = get_filename('REPORT', self.report_name, self.report_dir)\n        print_info('Creating %s' % new_file)\n        if prompt_for_overwrite(new_file, force_write):\n            if os.path.exists(new_file):\n                os.remove(new_file)\n            with open(os.path.join(self.html_data_path, 'report.html')) as f:\n                with open(new_file, 'wt') as nf:\n                    for line in f:\n                        newline = line\n                        newline = newline.replace('<!-- CONTENTS PLACEHOLDER -->', contents)\n                        newline = newline.replace('<!-- RESULTS PLACEHOLDER -->',\n                                                  get_filename('RESULTS',\n                                                               self.report_name,\n                                                               self.report_dir,\n                                                               relative_path=True)[0])\n                        newline = newline.replace('<!-- EXCEPTIONS PLACEHOLDER -->',\n                                                  get_filename('EXCEPTIONS',\n                                                               self.report_name,\n                                                               self.report_dir,\n                                                               relative_path=True)[0])\n                        newline = newline.replace('<!-- SQLITE JS PLACEHOLDER -->',\n                                                  f'{DEFAULT_INCLUDES_DIRECTORY}/sqlite.js')\n                        nf.write(newline)\n        return new_file\n"
  },
  {
    "path": "ScoutSuite/output/result_encoder.py",
    "content": "import datetime\nimport json\nimport os\n\nimport dateutil\nfrom sqlitedict import SqliteDict\n\nfrom ScoutSuite import DEFAULT_REPORT_DIRECTORY\nfrom ScoutSuite.core.console import print_exception, print_info\nfrom ScoutSuite.output.utils import get_filename, prompt_for_overwrite\n\n\nclass ScoutJsonEncoder(json.JSONEncoder):\n    \"\"\"\n    JSON encoder class\n    \"\"\"\n\n    def default(self, o):\n        try:\n            if type(o) == datetime.datetime:\n                return str(o)\n            else:\n                # remove unwanted attributes from the provider object during conversion to json\n                if hasattr(o, 'profile'):\n                    del o.profile\n                if hasattr(o, 'credentials'):\n                    del o.credentials\n                if hasattr(o, 'metadata_path'):\n                    del o.metadata_path\n                if hasattr(o, 'services_config'):\n                    del o.services_config\n                return vars(o)\n        except Exception as e:\n            return str(o)\n\n\nclass ScoutResultEncoder:\n    def __init__(self, report_name=None, report_dir=None, timestamp=None):\n        self.report_name = report_name\n        if self.report_name:\n            self.report_name = report_name.replace('/', '_').replace('\\\\', '_')  # Issue 111\n        self.report_dir = report_dir if report_dir else DEFAULT_REPORT_DIRECTORY\n        self.current_time = datetime.datetime.now(dateutil.tz.tzlocal())\n        self.timestamp = self.current_time.strftime(\"%Y-%m-%d_%Hh%M%z\") if not timestamp else timestamp\n\n    @staticmethod\n    def to_dict(config):\n        return json.loads(json.dumps(config, separators=(',', ': '), cls=ScoutJsonEncoder))\n\n\nclass SqlLiteEncoder(ScoutResultEncoder):\n    def load_from_file(self, config_type, config_path=None):\n        if not config_path:\n            config_path, _ = get_filename(config_type, self.report_name, self.report_dir)\n        return SqliteDict(config_path, autocommit=True).data\n\n    def save_to_file(self, config, config_type, force_write, _debug):\n        config_path, first_line = get_filename(config_type, self.report_name, self.report_dir, file_extension=\"db\")\n        print_info('Saving data to %s' % config_path)\n        try:\n            with self.__open_file(config_path, force_write) as database:\n                result_dict = self.to_dict(config)\n                for k, v in result_dict.items():\n                    database[k] = v\n                database.commit()\n        except Exception as e:\n            print_exception(e)\n\n    @staticmethod\n    def __open_file(config_filename, force_write):\n        \"\"\"\n\n        :param config_filename:\n        :param force_write:\n        :param quiet:\n        :return:\n        \"\"\"\n        if prompt_for_overwrite(config_filename, force_write):\n            try:\n                config_dirname = os.path.dirname(config_filename)\n                if not os.path.isdir(config_dirname):\n                    os.makedirs(config_dirname)\n                if os.path.exists(config_filename):\n                    os.remove(config_filename)\n                return SqliteDict(config_filename)\n            except Exception as e:\n                print_exception(e)\n        else:\n            return None\n\n\nclass JavaScriptEncoder(ScoutResultEncoder):\n    \"\"\"\n    Reader/Writer for JS and JSON files\n    \"\"\"\n\n    def load_from_file(self, file_type, file_path=None, first_line=None):\n        if not file_path:\n            file_path, first_line = get_filename(file_type, self.report_name, self.report_dir)\n        with open(file_path) as f:\n            json_payload = f.readlines()\n            if first_line:\n                json_payload.pop(0)\n            json_payload = ''.join(json_payload)\n        return json.loads(json_payload)\n\n    def save_to_file(self, content, file_type, force_write, debug):\n        config_path, first_line = get_filename(file_type, self.report_name, self.report_dir)\n        print_info('Saving data to %s' % config_path)\n        try:\n            with self.__open_file(config_path, force_write) as f:\n                if first_line:\n                    print('%s' % first_line, file=f)\n                print('%s' % json.dumps(content, indent=4 if debug else None, separators=(',', ': '), sort_keys=True,\n                                        cls=ScoutJsonEncoder), file=f)\n        except AttributeError as e:\n            # __open_file returned None\n            pass\n        except Exception as e:\n            print_exception(e)\n\n    @staticmethod\n    def __open_file(config_filename, force_write):\n        \"\"\"\n\n        :param config_filename:\n        :param force_write:\n        :param quiet:\n        :return:\n        \"\"\"\n        if prompt_for_overwrite(config_filename, force_write):\n            try:\n                config_dirname = os.path.dirname(config_filename)\n                if not os.path.isdir(config_dirname):\n                    os.makedirs(config_dirname)\n                return open(config_filename, 'wt')\n            except Exception as e:\n                print_exception(e)\n        else:\n            return None\n"
  },
  {
    "path": "ScoutSuite/output/utils.py",
    "content": "import os\nimport sys\n\n\nfrom ScoutSuite import DEFAULT_REPORT_DIRECTORY, DEFAULT_REPORT_RESULTS_DIRECTORY\nfrom ScoutSuite.core.console import print_error\n\n\ndef prompt_for_yes_no(question):\n    \"\"\"\n    Ask a question and prompt for yes or no\n\n    :param question:                    Question to ask; answer is yes/no\n    :return:                            :boolean\n    \"\"\"\n\n    while True:\n        sys.stdout.write(question + ' (y/n)? ')\n        choice = input().lower()\n        if choice == 'yes' or choice == 'y':\n            return True\n        elif choice == 'no' or choice == 'n':\n            return False\n        else:\n            print_error('\\'%s\\' is not a valid answer. Enter \\'yes\\'(y) or \\'no\\'(n).' % choice)\n\n\ndef prompt_for_overwrite(filename, force_write):\n    \"\"\"\n    Confirm before overwriting existing files. Do not prompt if the file does not exist or force_write is set\n\n    :param filename:                    Name of the file to be overwritten\n    :param force_write:                 Do not ask for confirmation and automatically return True if set\n    :return:                            :boolean\n    \"\"\"\n    #\n    if not os.path.exists(filename) or force_write:\n        return True\n    return prompt_for_yes_no(f'File \\'{filename}\\' already exists. Do you want to overwrite it')\n\n\ndef get_filename(file_type, file_name=None, file_dir=None, relative_path=False, file_extension=None):\n    if file_type == 'REPORT':\n        name = file_name if file_name else 'report'\n        directory = file_dir if file_dir else DEFAULT_REPORT_DIRECTORY\n        extension = 'html'\n        first_line = None\n    elif file_type == 'RESULTS':\n        name = f'scoutsuite_results_{file_name}' if file_name else 'scoutsuite_results'\n        if not relative_path:\n            directory = os.path.join(file_dir if file_dir else DEFAULT_REPORT_DIRECTORY, DEFAULT_REPORT_RESULTS_DIRECTORY)\n        else:\n            directory = DEFAULT_REPORT_RESULTS_DIRECTORY\n        extension = 'js'\n        first_line = 'scoutsuite_results ='\n    elif file_type == 'EXCEPTIONS':\n        name = f'scoutsuite_exceptions_{file_name}' if file_name else 'scoutsuite_exceptions'\n        if not relative_path:\n            directory = os.path.join(file_dir if file_dir else DEFAULT_REPORT_DIRECTORY, DEFAULT_REPORT_RESULTS_DIRECTORY)\n        else:\n            directory = DEFAULT_REPORT_RESULTS_DIRECTORY\n        extension = 'js'\n        first_line = 'exceptions ='\n    elif file_type == 'ERRORS':\n        name = f'scoutsuite_errors_{file_name}' if file_name else 'scoutsuite_errors'\n        if not relative_path:\n            directory = os.path.join(file_dir if file_dir else DEFAULT_REPORT_DIRECTORY, DEFAULT_REPORT_RESULTS_DIRECTORY)\n        else:\n            directory = DEFAULT_REPORT_RESULTS_DIRECTORY\n        extension = 'json'\n        first_line = None\n    else:\n        raise Exception(f'Invalid file type provided: {file_type}')\n\n    full_path = os.path.join(directory,\n                             '{}.{}'.format(name,\n                                            file_extension if file_extension else extension))\n\n    return full_path, first_line\n"
  },
  {
    "path": "ScoutSuite/providers/__init__.py",
    "content": "providers_dict = {'aws': 'AWSProvider',\n                  'gcp': 'GCPProvider',\n                  'azure': 'AzureProvider',\n                  'aliyun': 'AliyunProvider',\n                  'oci': 'OracleProvider',\n                  'kubernetes': 'KubernetesProvider',\n                  'do': 'DigitalOceanProvider'}\n\n\ndef get_provider_object(provider):\n    provider_class = providers_dict.get(provider)\n    provider_module = __import__(f'ScoutSuite.providers.{provider}.provider', fromlist=[provider_class])\n    provider_object = getattr(provider_module, provider_class)\n    return provider_object\n\n\ndef get_provider(provider,\n                 profile=None,\n                 project_id=None, folder_id=None, organization_id=None,\n                 report_dir=None, timestamp=None, services=None, skipped_services=None, **kwargs):\n    \"\"\"\n    Returns an instance of the requested provider.\n\n    :param profile:             The name of the profile desired\n    :param project_id:          The identifier of the project\n    :param folder_id:           The identifier of the folder\n    :param organization_id:     The identifier of the organization\n    :param report_dir:          Where to save the report\n    :param timestamp:           Whether to print or not the timestamp on the report\n    :param services:            Exclusive list of services on which to run Scout Suite\n    :param skipped_services:    List of services not to run Scout Suite on\n    :param provider:            A string indicating the provider\n    :return:                    A child instance of the BaseProvider class or None if no object implemented\n    \"\"\"\n    services = [] if services is None else services\n    skipped_services = [] if skipped_services is None else skipped_services\n\n    provider_object = get_provider_object(provider)\n    provider_instance = provider_object(profile=profile,\n                                        project_id=project_id,\n                                        folder_id=folder_id,\n                                        organization_id=organization_id,\n                                        report_dir=report_dir,\n                                        timestamp=timestamp,\n                                        services=services,\n                                        skipped_services=skipped_services,\n                                        **kwargs)\n\n    return provider_instance\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aliyun/authentication_strategy.py",
    "content": "import json\nfrom getpass import getpass\n\nfrom aliyunsdkcore.auth.credentials import AccessKeyCredential\nfrom aliyunsdkcore.client import AcsClient\nfrom aliyunsdksts.request.v20150401 import GetCallerIdentityRequest\n\nfrom ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy, AuthenticationException\n\n\nclass AliyunCredentials:\n\n    def __init__(self, credentials, caller_details):\n        self.credentials = credentials\n        self.caller_details = caller_details\n\n\nclass AliyunAuthenticationStrategy(AuthenticationStrategy):\n    \"\"\"\n    Implements authentication for the AWS provider\n    \"\"\"\n\n    def authenticate(self, access_key_id=None, access_key_secret=None, **kwargs):\n\n        try:\n\n            access_key_id = access_key_id if access_key_id else input('Access Key ID:')\n            access_key_secret = access_key_secret if access_key_secret else getpass('Secret Access Key:')\n\n            credentials = AccessKeyCredential(access_key_id=access_key_id, access_key_secret=access_key_secret)\n\n            # get caller details\n            client = AcsClient(credential=credentials)\n            response = client.do_action_with_exception(\n                GetCallerIdentityRequest.GetCallerIdentityRequest())\n            response_decoded = json.loads(response)\n\n            return AliyunCredentials(credentials, response_decoded)\n\n        except Exception as e:\n            raise AuthenticationException(e)\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/facade/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aliyun/facade/actiontrail.py",
    "content": "from ScoutSuite.providers.aliyun.authentication_strategy import AliyunCredentials\nfrom ScoutSuite.providers.aliyun.facade.utils import get_response\n\nfrom aliyunsdkactiontrail.request.v20171204 import DescribeTrailsRequest\n\nfrom ScoutSuite.providers.aliyun.utils import get_client\n\n\nclass ActiontrailFacade:\n    def __init__(self, credentials: AliyunCredentials):\n        self._credentials = credentials\n        self._client = get_client(credentials=self._credentials)\n\n    async def get_trails(self):\n        \"\"\"\n        Get all users\n\n        :return: a list of all users\n        \"\"\"\n        response = await get_response(client=self._client,\n                                      request=DescribeTrailsRequest.DescribeTrailsRequest())\n        if response:\n            return response['TrailList']\n        else:\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/facade/base.py",
    "content": "from collections import Counter\n\nfrom aliyunsdkcore.endpoint.local_config_regional_endpoint_resolver import LocalConfigRegionalEndpointResolver\n\nfrom ScoutSuite.providers.aliyun.authentication_strategy import AliyunCredentials\nfrom ScoutSuite.providers.aliyun.facade.actiontrail import ActiontrailFacade\nfrom ScoutSuite.providers.aliyun.facade.ecs import ECSFacade\nfrom ScoutSuite.providers.aliyun.facade.kms import KMSFacade\nfrom ScoutSuite.providers.aliyun.facade.ram import RAMFacade\nfrom ScoutSuite.providers.aliyun.facade.rds import RDSFacade\nfrom ScoutSuite.providers.aliyun.facade.vpc import VPCFacade\nfrom ScoutSuite.providers.aliyun.facade.oss import OSSFacade\nfrom ScoutSuite.providers.utils import run_concurrently\n\n\nclass AliyunFacade:\n    def __init__(self, credentials: AliyunCredentials):\n        self._credentials = credentials\n        self._instantiate_facades()\n        self._resolver = LocalConfigRegionalEndpointResolver()\n\n    def _instantiate_facades(self):\n        self.actiontrail = ActiontrailFacade(self._credentials)\n        self.ram = RAMFacade(self._credentials)\n        self.ecs = ECSFacade(self._credentials)\n        self.rds = RDSFacade(self._credentials)\n        self.vpc = VPCFacade(self._credentials)\n        self.kms = KMSFacade(self._credentials)\n        self.oss = OSSFacade(self._credentials)\n\n    async def build_region_list(self, service: str, chosen_regions=None):\n\n        # TODO could need this for service ids\n        # service = 'ec2containerservice' if service == 'ecs' else service\n\n        # TODO does a similar endpoint exist?\n        # available_services = await run_concurrently(lambda: Session().get_available_services())\n        # if service not in available_services:\n        #     raise Exception('Service ' + service + ' is not available.')\n\n        regions = await run_concurrently(\n            lambda: self._resolver.get_valid_region_ids_by_product(product_code=service))\n\n        if chosen_regions:\n            return list((Counter(regions) & Counter(chosen_regions)).elements())\n        else:\n            return regions\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/facade/ecs.py",
    "content": "from aliyunsdkecs.request.v20140526 import DescribeInstancesRequest\nfrom ScoutSuite.providers.aliyun.utils import get_client\n\nfrom ScoutSuite.providers.aliyun.authentication_strategy import AliyunCredentials\nfrom ScoutSuite.providers.aliyun.facade.utils import get_response\n\n\nclass ECSFacade:\n    def __init__(self, credentials: AliyunCredentials):\n        self._credentials = credentials\n\n    async def get_instances(self, region):\n        \"\"\"\n        Get all instances\n\n        :return: a list of all instances\n        \"\"\"\n        client = get_client(credentials=self._credentials, region=region)\n        response = await get_response(client=client,\n                                      request=DescribeInstancesRequest.DescribeInstancesRequest())\n        if response:\n            return response['Instances']['Instance']\n        else:\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/facade/kms.py",
    "content": "from aliyunsdkkms.request.v20160120 import ListKeysRequest, DescribeKeyRequest\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.aliyun.authentication_strategy import AliyunCredentials\nfrom ScoutSuite.providers.aliyun.facade.utils import get_response\nfrom ScoutSuite.providers.aliyun.utils import get_client\n\n\nclass KMSFacade:\n    def __init__(self, credentials: AliyunCredentials):\n        self._credentials = credentials\n\n    async def get_keys(self, region):\n        \"\"\"\n        Get all keys\n\n        :return: a list of all keys\n        \"\"\"\n        try:\n            client = get_client(credentials=self._credentials, region=region)\n            response = await get_response(client=client,\n                                          request=ListKeysRequest.ListKeysRequest())\n            if response:\n                return response['Keys']['Key']\n            else:\n                return []\n        except Exception as e:\n            print_exception(f'Failed to get KMS keys: {e}')\n            return []\n\n    async def get_key_details(self, key_id, region):\n        \"\"\"\n        Gets details for a key\n\n        :return: a dictionary of details\n        \"\"\"\n        try:\n            client = get_client(credentials=self._credentials, region=region)\n            request = DescribeKeyRequest.DescribeKeyRequest()\n            request.set_KeyId(key_id)\n            response = await get_response(client=client,\n                                          request=request)\n            if response:\n                return response['KeyMetadata']\n            else:\n                return []\n        except Exception as e:\n            print_exception(f'Failed to get KMS key details: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/facade/oss.py",
    "content": "from ScoutSuite.providers.aliyun.authentication_strategy import AliyunCredentials\n\nfrom ScoutSuite.providers.aliyun.utils import get_oss_client\n\n\nclass OSSFacade:\n    def __init__(self, credentials: AliyunCredentials):\n        self._credentials = credentials\n\n    async def get_buckets(self):\n        \"\"\"\n        Get all instances\n\n        :return: a list of all instances\n        \"\"\"\n        client = get_oss_client(credentials=self._credentials)\n        response = client.list_buckets()  # TODO this doesn't follow standards\n        if response:\n            return response.buckets\n        else:\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/facade/ram.py",
    "content": "from ScoutSuite.providers.aliyun.authentication_strategy import AliyunCredentials\nfrom ScoutSuite.providers.aliyun.facade.utils import get_response\nfrom ScoutSuite.providers.aliyun.utils import get_client\n\nfrom ScoutSuite.core.console import print_exception\nfrom aliyunsdkram.request.v20150501 import \\\n    ListUsersRequest, GetUserRequest, \\\n    GetUserMFAInfoRequest, \\\n    ListAccessKeysRequest, GetAccessKeyLastUsedRequest, \\\n    GetPasswordPolicyRequest, GetSecurityPreferenceRequest, \\\n    ListGroupsRequest, ListUsersForGroupRequest, \\\n    ListRolesRequest, \\\n    ListPoliciesRequest, GetPolicyVersionRequest, ListEntitiesForPolicyRequest\n\n\nclass RAMFacade:\n    def __init__(self, credentials: AliyunCredentials):\n        self._credentials = credentials\n        self._client = get_client(credentials=self._credentials)\n\n    async def get_users(self):\n        \"\"\"\n        Get all users\n\n        :return: a list of all users\n        \"\"\"\n        response = await get_response(client=self._client,\n                                      request=ListUsersRequest.ListUsersRequest())\n        if response:\n            return response['Users']['User']\n        else:\n            return []\n\n    async def get_user_details(self, username):\n        \"\"\"\n        Get additional details for a user\n\n        :param username: The username of the user\n        :return: a dict with the user's details\n        \"\"\"\n        request = GetUserRequest.GetUserRequest()\n        request.set_UserName(username)\n        response = await get_response(client=self._client,\n                                      request=request)\n        if response:\n            return response['User']\n        else:\n            return []\n\n    async def get_user_api_keys(self, username):\n        \"\"\"\n        Get API keys for a user\n\n        :param username: The username of the user\n        :return: the list of API keys for that user\n        \"\"\"\n        request = ListAccessKeysRequest.ListAccessKeysRequest()\n        request.set_UserName(username)\n        response = await get_response(client=self._client,\n                                      request=request)\n        if response:\n            return response['AccessKeys']['AccessKey']\n        else:\n            return []\n\n    async def get_user_api_key_last_usage(self, username, key_id):\n        \"\"\"\n        Get last usage date for an API key\n\n        :param username: The username of the user\n        :param key_id: The API key id\n        :return: the list of API keys for that user\n        \"\"\"\n        request = GetAccessKeyLastUsedRequest.GetAccessKeyLastUsedRequest()\n        request.set_UserName(username)\n        request.set_UserAccessKeyId(key_id)\n        response = await get_response(client=self._client,\n                                      request=request)\n        if response:\n            return response['AccessKeyLastUsed']['LastUsedDate']\n        else:\n            return []\n\n    async def get_user_mfa_status(self, username):\n        \"\"\"\n        Check if user has MFA configured\n\n        :param username: The username of the user\n        :return: status and MFA serial number\n        \"\"\"\n        request = GetUserMFAInfoRequest.GetUserMFAInfoRequest()\n        request.set_UserName(username)\n        try:\n            response = await get_response(client=self._client,\n                                          request=request)\n        except Exception as e:\n            # TODO can't seem to differenciate between a user that has MFA disabled\n            # and a user that has MFA enabled but not configured\n            if e.error_code == 'EntityNotExist.User.MFADevice':\n                # ignore, MFA is not configured\n                return False, None\n            else:\n                print_exception('Unable to get MFA status for user {}: {}'.format(username,\n                                                                                  e))\n                return False, None\n        else:\n            return True, response['MFADevice']['SerialNumber']\n\n    async def get_password_policy(self):\n        \"\"\"\n        Get the account's password policy\n\n        :return: the password policy\n        \"\"\"\n        request = GetPasswordPolicyRequest.GetPasswordPolicyRequest()\n        response = await get_response(client=self._client,\n                                      request=request)\n        if response:\n            return response['PasswordPolicy']\n        else:\n            return []\n\n    async def get_security_policy(self):\n        \"\"\"\n        Get the account's security policy\n\n        :return: the security policy\n        \"\"\"\n        request = GetSecurityPreferenceRequest.GetSecurityPreferenceRequest()\n        response = await get_response(client=self._client,\n                                      request=request)\n        if response:\n            return response['SecurityPreference']\n        else:\n            return []\n\n    async def get_groups(self):\n        \"\"\"\n        Get all groups\n\n        :return: a list of all groups\n        \"\"\"\n        response = await get_response(client=self._client,\n                                      request=ListGroupsRequest.ListGroupsRequest())\n        if response:\n            return response['Groups']['Group']\n        else:\n            return []\n\n    async def get_group_users(self, group_name):\n        \"\"\"\n        Get all users in a group\n\n        :return: a list of users in groups\n        \"\"\"\n        request = ListUsersForGroupRequest.ListUsersForGroupRequest()\n        request.set_GroupName(group_name)\n        response = await get_response(client=self._client,\n                                      request=request)\n        if response:\n            return response['Users']['User']\n        else:\n            return []\n\n    async def get_roles(self):\n        \"\"\"\n        Get all roles\n\n        :return: a list of all roles\n        \"\"\"\n        response = await get_response(client=self._client,\n                                      request=ListRolesRequest.ListRolesRequest())\n        if response:\n            return response['Roles']['Role']\n        else:\n            return []\n\n    async def get_policies(self):\n        \"\"\"\n        Get all custom policies\n\n        :return: a list of all custom policies\n        \"\"\"\n        response = await get_response(client=self._client,\n                                      request=ListPoliciesRequest.ListPoliciesRequest())\n        if response:\n            return response['Policies']['Policy']\n        else:\n            return []\n\n    async def get_policy_version(self, name, type, version):\n        \"\"\"\n        Get all policies\n\n        :return: a list of all policies\n        \"\"\"\n        request = GetPolicyVersionRequest.GetPolicyVersionRequest()\n        request.set_PolicyName(name)\n        request.set_PolicyType(type)\n        request.set_VersionId(version)\n        response = await get_response(client=self._client,\n                                      request=request)\n        if response:\n            return response['PolicyVersion']\n        else:\n            return []\n\n    async def get_policy_entities(self, name, type):\n        \"\"\"\n        Get all entities for a policy\n\n        :return: a dict of all policy entities\n        \"\"\"\n        request = ListEntitiesForPolicyRequest.ListEntitiesForPolicyRequest()\n        request.set_PolicyName(name)\n        request.set_PolicyType(type)\n        response = await get_response(client=self._client,\n                                      request=request)\n        if response:\n            response.pop('RequestId')\n            return response\n        else:\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/facade/rds.py",
    "content": "from aliyunsdkrds.request.v20140815 import DescribeDBInstancesRequest\n\nfrom ScoutSuite.providers.aliyun.authentication_strategy import AliyunCredentials\nfrom ScoutSuite.providers.aliyun.facade.utils import get_response\nfrom ScoutSuite.providers.aliyun.utils import get_client\n\n\nclass RDSFacade:\n    def __init__(self, credentials: AliyunCredentials):\n        self._credentials = credentials\n\n    async def get_instances(self, region):\n        \"\"\"\n        Get all instances\n\n        :return: a list of all instances\n        \"\"\"\n        client = get_client(credentials=self._credentials, region=region)\n        response = await get_response(client=client,\n                                      request=DescribeDBInstancesRequest.DescribeDBInstancesRequest())\n        if response:\n            return response['Items']['DBInstance']\n        else:\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/facade/utils.py",
    "content": "import json\nfrom ScoutSuite.providers.utils import run_concurrently\nfrom aliyunsdkcore.acs_exception.exceptions import ClientException\nfrom aliyunsdkcore.acs_exception.exceptions import ServerException\nfrom ScoutSuite.core.console import print_exception\n\n\nasync def get_response(client, request):\n    try:\n        response = await run_concurrently(lambda: client.do_action_with_exception(request))\n        response_decoded = json.loads(response)\n\n        truncated = response_decoded.get('IsTruncated', False)\n\n        # handle truncated responses\n        while truncated:\n            request.set_Marker(response_decoded['Marker'])\n            response_latest = await run_concurrently(lambda: client.do_action_with_exception(request))\n            response_latest_decoded = json.loads(response_latest)\n            truncated = response_latest_decoded.get('IsTruncated', False)\n            response_decoded = await merge_responses(response_decoded, response_latest_decoded)\n\n        return response_decoded\n    except ServerException as e:\n        if False:  # TODO define exceptions to handle\n            print_exception(e)\n        else:\n            raise\n    except ClientException as e:\n        if False:  # TODO define exceptions to handle\n            print_exception(e)\n        else:\n            raise\n    except Exception as e:\n        print_exception(f'Unhandled exception {e} for request {request}')\n\n\nasync def merge_responses(response_1, response_2):\n    \"\"\"\n    Compares two responses and adds to the second one the content of the first one, unless they are specific fields\n    we don't want to overwrite.\n\n    :param response_1: the first response\n    :param response_2: the second (latest) response\n    :return: modified response_2\n    \"\"\"\n    ignored_fields = ['IsTruncated', 'RequestId', 'Marker']\n    for k in response_1:\n        if k not in response_2 and k not in ignored_fields:\n            response_2[k] = response_1[k]\n        elif k in response_2 and k not in ignored_fields:\n            if type(response_1[k]) == list and type(response_2[k]) == list:\n                response_2[k] += response_1[k]\n            # will recursively merge until it finds a list\n            elif type(response_1[k]) == dict and type(response_2[k]) == dict:\n                response_2[k] = await merge_responses(response_1[k], response_2[k])\n            else:\n                # TODO implement other cases (which ones?)\n                print_exception('Unhandled response merge')\n        else:\n            pass\n    return response_2\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/facade/vpc.py",
    "content": "from ScoutSuite.providers.aliyun.authentication_strategy import AliyunCredentials\nfrom ScoutSuite.providers.aliyun.facade.utils import get_response\nfrom ScoutSuite.providers.aliyun.utils import get_client\n\nfrom aliyunsdkvpc.request.v20160428 import DescribeVpcsRequest\n\n\nclass VPCFacade:\n    def __init__(self, credentials: AliyunCredentials):\n        self._credentials = credentials\n\n    async def get_vpcs(self, region):\n        \"\"\"\n        Get all VPCs\n\n        :return: a list of all VPCs\n        \"\"\"\n        client = get_client(credentials=self._credentials, region=region)\n        response = await get_response(client=client,\n                                      request=DescribeVpcsRequest.DescribeVpcsRequest())\n        if response:\n            return response['Vpcs']['Vpc']\n        else:\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/metadata.json",
    "content": "{\n  \"security\": {\n    \"ram\": {\n      \"resources\": {\n        \"users\": {\n          \"cols\": 2,\n          \"path\": \"services.ram.users\"\n        },\n        \"groups\": {\n          \"cols\": 2,\n          \"path\": \"services.ram.groups\"\n        },\n        \"roles\": {\n          \"cols\": 2,\n          \"path\": \"services.ram.roles\"\n        },\n        \"policies\": {\n          \"cols\": 2,\n          \"path\": \"services.ram.policies\"\n        }\n      },\n      \"summaries\": {\n        \"password_policy\": {\n          \"cols\": 1,\n          \"path\": \"services.ram.password_policy\"\n        },\n        \"security_policy\": {\n          \"cols\": 1,\n          \"path\": \"services.ram.security_policy\"\n        }\n      }\n    },\n    \"kms\": {\n      \"resources\": {\n        \"keys\": {\n          \"cols\": 2,\n          \"path\": \"services.kms.regions.id.keys\"\n        }\n      }\n    }\n  },\n  \"compute\": {\n    \"ecs\": {\n      \"resources\": {\n        \"instances\": {\n          \"cols\": 2,\n          \"path\": \"services.ecs.regions.id.instances\"\n        }\n      }\n    }\n  },\n  \"database\": {\n    \"rds\": {\n      \"resources\": {\n        \"instances\": {\n          \"cols\": 2,\n          \"path\": \"services.rds.regions.id.instances\"\n        }\n      }\n    }\n  },\n  \"storage\": {\n    \"oss\": {\n      \"resources\": {\n        \"buckets\": {\n          \"cols\": 2,\n          \"path\": \"services.oss.buckets\"\n        }\n      }\n    }\n  },\n  \"network\": {\n    \"vpc\": {\n      \"resources\": {\n        \"vpcs\": {\n          \"cols\": 2,\n          \"path\": \"services.vpc.regions.id.vpcs\"\n        }\n      }\n    }\n  },\n  \"management\": {\n    \"actiontrail\": {\n      \"resources\": {\n        \"trails\": {\n          \"cols\": 1,\n          \"path\": \"services.actiontrail.trails\"\n        }\n      }\n    }\n  }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/provider.py",
    "content": "import os\n\nfrom ScoutSuite.providers.aliyun.services import AliyunServicesConfig\nfrom ScoutSuite.providers.base.provider import BaseProvider\n\n\nclass AliyunProvider(BaseProvider):\n    \"\"\"\n    Implements provider for Azure\n    \"\"\"\n\n    def __init__(self,\n                 report_dir=None, timestamp=None, services=None, skipped_services=None, **kwargs):\n\n        services = [] if services is None else services\n        skipped_services = [] if skipped_services is None else skipped_services\n\n        self.metadata_path = '%s/metadata.json' % os.path.split(os.path.abspath(__file__))[0]\n\n        self.provider_code = 'aliyun'\n        self.provider_name = 'Alibaba Cloud'\n        self.environment = 'default'\n\n        self.services_config = AliyunServicesConfig\n\n        self.credentials = kwargs['credentials']\n        self.account_id = self.credentials.caller_details['AccountId']\n\n        super().__init__(report_dir, timestamp, services, skipped_services)\n\n    def get_report_name(self):\n        \"\"\"\n        Returns the name of the report using the provider's configuration\n        \"\"\"\n        if self.account_id:\n            return f'aliyun-{self.account_id}'\n        else:\n            return 'aliyun'\n\n    def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):\n\n        super().preprocessing()\n\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/actiontrail/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/actiontrail/base.py",
    "content": "from ScoutSuite.providers.aliyun.resources.base import AliyunCompositeResources\nfrom ScoutSuite.providers.aliyun.resources.actiontrail.trails import Trails\n\n\nclass ActionTrail(AliyunCompositeResources):\n    _children = [\n        (Trails, 'trails')\n    ]\n\n    async def fetch_all(self, **kwargs):\n        await self._fetch_children(resource_parent=self)\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/actiontrail/trails.py",
    "content": "from ScoutSuite.providers.aliyun.resources.base import AliyunResources\n\n\nclass Trails(AliyunResources):\n    async def fetch_all(self):\n        for raw_trail in await self.facade.actiontrail.get_trails():\n            id, trail = self._parse_trails(raw_trail)\n            self[id] = trail\n\n    def _parse_trails(self, raw_trail):\n        trail_dict = {}\n        trail_dict['id'] = raw_trail.get('Name')\n        trail_dict['name'] = raw_trail.get('Name')\n        trail_dict['role_name'] = raw_trail.get('RoleName')\n        trail_dict['home_region'] = raw_trail.get('HomeRegion')\n        trail_dict['oss_bucket_name'] = raw_trail.get('OssBucketName')\n        trail_dict['include_global_service_event'] = raw_trail.get('IncludeGlobalServiceEvent')\n        trail_dict['status'] = raw_trail.get('Status')\n        trail_dict['oss_key_prefix'] = raw_trail.get('OssKeyPrefix')\n        trail_dict['region'] = raw_trail.get('Region')\n        trail_dict['event_rw'] = raw_trail.get('EventRW')\n        trail_dict['type'] = raw_trail.get('Type')\n        trail_dict['sls_write_role_arn'] = raw_trail.get('SlsWriteRoleArn')\n        trail_dict['sls_project_arn'] = raw_trail.get('SlsProjectArn')\n        return trail_dict['id'], trail_dict\n\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/base.py",
    "content": "\"\"\"This module provides implementations for Resources and CompositeResources for Aliyun.\"\"\"\n\nimport abc\n\nfrom ScoutSuite.providers.base.resources.base import Resources, CompositeResources\n\n\nclass AliyunResources(Resources, metaclass=abc.ABCMeta):\n    \"\"\"This is the base class for Aliyun resources.\"\"\"\n\n    pass\n\n\nclass AliyunCompositeResources(AliyunResources, CompositeResources, metaclass=abc.ABCMeta):\n    \"\"\"This class represents a collection of composite Resources (resources that include nested resources referred as\n    their children). Classes extending AliyunCompositeResources have to define a '_children' attribute which consists of\n    a list of tuples describing the children. The tuples are expected to respect the following format:\n    (<child_class>, <child_name>). 'child_name' is used to indicate the name under which the child resources will be\n    stored in the parent object.\n    \"\"\"\n\n    pass\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/ecs/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/ecs/base.py",
    "content": "from ScoutSuite.providers.aliyun.facade.base import AliyunFacade\nfrom ScoutSuite.providers.aliyun.resources.regions import Regions\nfrom ScoutSuite.providers.aliyun.resources.ecs.instances import Instances\n\n\nclass ECS(Regions):\n    _children = [\n        (Instances, 'instances')\n    ]\n\n    def __init__(self, facade: AliyunFacade):\n        super().__init__('ecs', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/ecs/instances.py",
    "content": "from ScoutSuite.providers.aliyun.resources.base import AliyunResources\nfrom ScoutSuite.providers.aliyun.facade.base import AliyunFacade\n\n\nclass Instances(AliyunResources):\n    def __init__(self, facade: AliyunFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        for raw_instance in await self.facade.ecs.get_instances(region=self.region):\n            id, instance = await self._parse_instance(raw_instance)\n            self[id] = instance\n\n    async def _parse_instance(self, raw_instance):\n        instance_dict = {}\n        instance_dict['id'] = raw_instance.get('InstanceId')\n        instance_dict['name'] = raw_instance.get('InstanceName')\n        instance_dict['auto_release_time'] = raw_instance.get('AutoReleaseTime')\n        instance_dict['region_id'] = raw_instance.get('RegionId')\n        instance_dict['dedicated_instance_attribute'] = raw_instance.get('DedicatedInstanceAttribute')\n        instance_dict['serial_number'] = raw_instance.get('SerialNumber')\n        instance_dict['creation_time'] = raw_instance.get('CreationTime')\n        instance_dict['spot_price_limit'] = raw_instance.get('SpotPriceLimit')\n        instance_dict['expired_time'] = raw_instance.get('ExpiredTime')\n        instance_dict['io_optimized'] = raw_instance.get('IoOptimized')\n        instance_dict['memory'] = raw_instance.get('Memory')\n        instance_dict['os_type'] = raw_instance.get('OSType')\n        instance_dict['internet_charge_type'] = raw_instance.get('InternetChargeType')\n        instance_dict['vpc_attributes'] = raw_instance.get('VpcAttributes')\n        instance_dict['status'] = raw_instance.get('Status')\n        instance_dict['description'] = raw_instance.get('Description')\n        instance_dict['os_name_en'] = raw_instance.get('OSNameEn')\n        instance_dict['host_name'] = raw_instance.get('HostName')\n        instance_dict['cluster_id'] = raw_instance.get('ClusterId')\n        instance_dict['image_id'] = raw_instance.get('ImageId')\n        instance_dict['resource_group_id'] = raw_instance.get('ResourceGroupId')\n        instance_dict['instance_type_family'] = raw_instance.get('InstanceTypeFamily')\n        instance_dict['credit_specification'] = raw_instance.get('CreditSpecification')\n        instance_dict['instance_network_type'] = raw_instance.get('InstanceNetworkType')\n        instance_dict['instance_type'] = raw_instance.get('InstanceType')\n        instance_dict['network_interfaces'] = raw_instance.get('NetworkInterfaces')\n        instance_dict['eip_address'] = raw_instance.get('EipAddress')\n        instance_dict['inner_ip_address'] = raw_instance.get('InnerIpAddress')\n        instance_dict['gpu_amount'] = raw_instance.get('GPUAmount')\n        instance_dict['operation_locks'] = raw_instance.get('OperationLocks')\n        instance_dict['instance_charge_type'] = raw_instance.get('InstanceChargeType')\n        instance_dict['zone_id'] = raw_instance.get('ZoneId')\n        instance_dict['internet_max_bandwidth_out'] = raw_instance.get('InternetMaxBandwidthOut')\n        instance_dict['sale_cycle'] = raw_instance.get('SaleCycle')\n        instance_dict['spot_strategy'] = raw_instance.get('SpotStrategy')\n        instance_dict['security_group_ids'] = raw_instance.get('SecurityGroupIds')\n        instance_dict['ecs_capacity_reservation_attr'] = raw_instance.get('EcsCapacityReservationAttr')\n        instance_dict['cpu'] = raw_instance.get('Cpu')\n        instance_dict['public_ip_address'] = raw_instance.get('PublicIpAddress')\n        instance_dict['deletion_protection'] = raw_instance.get('DeletionProtection')\n        instance_dict['stopped_mode'] = raw_instance.get('StoppedMode')\n        instance_dict['internet_max_bandwidth_in'] = raw_instance.get('InternetMaxBandwidthIn')\n        instance_dict['deployment_set_id'] = raw_instance.get('DeploymentSetId')\n        instance_dict['os_name'] = raw_instance.get('OSName')\n        instance_dict['vlan_id'] = raw_instance.get('VlanId')\n        instance_dict['recyclable'] = raw_instance.get('Recyclable')\n        instance_dict['start_time'] = raw_instance.get('StartTime')\n        instance_dict['gpu_spec'] = raw_instance.get('GPUSpec')\n        instance_dict['device_available'] = raw_instance.get('DeviceAvailable')\n        instance_dict['dedicated_host_attribute'] = raw_instance.get('DedicatedHostAttribute')\n        return instance_dict['id'], instance_dict\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/kms/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/kms/base.py",
    "content": "from ScoutSuite.providers.aliyun.resources.regions import Regions\nfrom ScoutSuite.providers.aliyun.facade.base import AliyunFacade\nfrom ScoutSuite.providers.aliyun.resources.kms.keys import Keys\n\n\nclass KMS(Regions):\n    _children = [\n        (Keys, 'keys')\n    ]\n\n    def __init__(self, facade: AliyunFacade):\n        super().__init__('kms', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/kms/keys.py",
    "content": "from ScoutSuite.providers.aliyun.resources.base import AliyunResources\nfrom ScoutSuite.providers.aliyun.facade.base import AliyunFacade\n\n\nclass Keys(AliyunResources):\n    def __init__(self, facade: AliyunFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        for raw_key in await self.facade.kms.get_keys(region=self.region):\n            id, key = await self._parse_key(raw_key)\n            self[id] = key\n\n    async def _parse_key(self, raw_key):\n        key_dict = {}\n        key_dict['id'] = raw_key.get('KeyId')\n        key_dict['name'] = raw_key.get('KeyId')\n        key_dict['arn'] = raw_key.get('KeyArn')\n\n        # get additional details for the key\n        raw_key_details = await self.facade.kms.get_key_details(key_dict['id'], region=self.region)\n\n        key_dict['creation_date'] = raw_key_details.get('CreationDate')\n        key_dict['delete_date'] = raw_key_details.get('DeleteDate')\n        key_dict['origin'] = raw_key_details.get('Origin')\n        key_dict['description'] = raw_key_details.get('Description')\n        key_dict['creator'] = raw_key_details.get('Creator')\n        key_dict['usage'] = raw_key_details.get('KeyUsage')\n        key_dict['material_expire_time'] = raw_key_details.get('MaterialExpireTime')\n        key_dict['state'] = raw_key_details.get('KeyState')\n\n        if key_dict['delete_date'] == '':\n            key_dict['delete_date'] = None\n        if key_dict['material_expire_time'] == '':\n            key_dict['material_expire_time'] = None\n\n        return key_dict['id'], key_dict\n\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/oss/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/oss/base.py",
    "content": "from ScoutSuite.providers.aliyun.resources.base import AliyunCompositeResources\nfrom ScoutSuite.providers.aliyun.resources.oss.buckets import Buckets\n\n\nclass OSS(AliyunCompositeResources):\n    _children = [\n        (Buckets, 'buckets')\n    ]\n\n    async def fetch_all(self, **kwargs):\n        await self._fetch_children(resource_parent=self)\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/oss/buckets.py",
    "content": "from ScoutSuite.providers.aliyun.resources.base import AliyunResources\n\n\nclass Buckets(AliyunResources):\n    async def fetch_all(self):\n        for raw_bucket in await self.facade.oss.get_buckets():\n            id, bucket = self._parse_bucket(raw_bucket)\n            self[id] = bucket\n\n    def _parse_bucket(self, raw_bucket):\n        bucket_dict = {}\n        bucket_dict['name'] = bucket_dict['id'] = raw_bucket.name\n        bucket_dict['location'] = raw_bucket.location\n        bucket_dict['storage_class'] = raw_bucket.storage_class\n        bucket_dict['creation_date'] = raw_bucket.creation_date\n        return bucket_dict['id'], bucket_dict\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/ram/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/ram/api_keys.py",
    "content": "from ScoutSuite.providers.aliyun.resources.base import AliyunResources\nfrom ScoutSuite.providers.aliyun.facade.base import AliyunFacade\n\n\nclass ApiKeys(AliyunResources):\n    def __init__(self, facade: AliyunFacade, user):\n        super().__init__(facade)\n        self.user = user\n\n    async def fetch_all(self):\n        for raw_user_api_key in await self.facade.ram.get_user_api_keys(username=self.user['name']):\n            id, api_key = await self._parse_api_key(raw_user_api_key)\n            self[id] = api_key\n\n    async def _parse_api_key(self, raw_api_key):\n        api_key = {}\n        api_key['id'] = raw_api_key['AccessKeyId']\n        api_key['creation_datetime'] = raw_api_key['CreateDate']\n        api_key['status'] = raw_api_key['Status']\n\n        last_usage = await self.facade.ram.get_user_api_key_last_usage(self.user['name'], api_key['id'])\n        api_key['last_usage_datetime'] = last_usage if last_usage != 'N/A' else None\n\n        return api_key['id'], api_key\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/ram/base.py",
    "content": "from ScoutSuite.providers.aliyun.facade.base import AliyunFacade\nfrom ScoutSuite.providers.aliyun.resources.base import AliyunCompositeResources\nfrom ScoutSuite.providers.aliyun.resources.ram.groups import Groups\nfrom ScoutSuite.providers.aliyun.resources.ram.password_policy import PasswordPolicy\nfrom ScoutSuite.providers.aliyun.resources.ram.policies import Policies\nfrom ScoutSuite.providers.aliyun.resources.ram.roles import Roles\nfrom ScoutSuite.providers.aliyun.resources.ram.security_policy import SecurityPolicy\nfrom ScoutSuite.providers.aliyun.resources.ram.users import Users\n\n\nclass RAM(AliyunCompositeResources):\n    _children = [\n        (Users, 'users'),\n        (Groups, 'groups'),\n        (Roles, 'roles'),\n        (Policies, 'policies'),\n        (PasswordPolicy, 'password_policy'),\n        (SecurityPolicy, 'security_policy')\n    ]\n\n    def __init__(self, facade: AliyunFacade):\n        super().__init__(facade)\n        self.service = 'ram'\n\n    async def fetch_all(self, **kwargs):\n        await self._fetch_children(resource_parent=self)\n\n        # We do not want the report to count the password policies as resources,\n        # they aren't really resources.\n        self['password_policy_count'] = 0\n        self['security_policy_count'] = 0\n\n        # TODO for each user check last login & API key usage for \"last activity\"\n\n    async def finalize(self):\n        self._match_users_and_groups()\n        self._match_policies_and_entities()\n\n    def _match_users_and_groups(self):\n        \"\"\"\n        Parses the users and groups to match\n        :return: None\n        \"\"\"\n        for user in self['users']:\n            self['users'][user]['groups'] = []\n            for group in self['groups']:\n                if any(u['name'] == user for u in self['groups'][group]['users']):\n                    self['users'][user]['groups'].append(group)\n\n    def _match_policies_and_entities(self):\n        for policy in self['policies']:\n            for user in self['users']:\n                if not self['users'][user].get('policies'):\n                    self['users'][user]['policies'] = []\n                if self['users'][user]['name'] in self['policies'][policy]['entities'].get('users', []):\n                    self['users'][user]['policies'].append(self['policies'][policy]['id'])\n        for policy in self['policies']:\n            for group in self['groups']:\n                if not self['groups'][group].get('policies'):\n                    self['groups'][group]['policies'] = []\n                if self['groups'][group]['name'] in self['policies'][policy]['entities'].get('groups', []):\n                    self['groups'][group]['policies'].append(self['policies'][policy]['id'])\n        for policy in self['policies']:\n            for role in self['roles']:\n                if not self['roles'][role].get('policies'):\n                    self['roles'][role]['policies'] = []\n                if self['roles'][role]['name'] in self['policies'][policy]['entities'].get('roles', []):\n                    self['roles'][role]['policies'].append(self['policies'][policy]['id'])\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/ram/groups.py",
    "content": "from ScoutSuite.providers.aliyun.resources.base import AliyunResources\nfrom ScoutSuite.providers.aliyun.facade.base import AliyunFacade\n\n\nclass Groups(AliyunResources):\n    def __init__(self, facade: AliyunFacade):\n        super().__init__(facade)\n\n    async def fetch_all(self):\n        for raw_group in await self.facade.ram.get_groups():\n            id, group = await self._parse_group(raw_group)\n            self[id] = group\n\n    async def _parse_group(self, raw_group):\n        group_dict = {}\n        group_dict['id'] = group_dict['name'] = raw_group.get('GroupName')\n        group_dict['comments'] = raw_group.get('Comments')\n        group_dict['create_date'] = raw_group.get('CreateDate')\n        group_dict['update_date'] = raw_group.get('UpdateDate')\n\n        group_dict['users'] = []\n        for raw_user in await self.facade.ram.get_group_users(group_dict['name']):\n            group_dict['users'].append({\n                'name': raw_user.get('UserName'),\n                'display_name': raw_user.get('DisplayName'),\n                'join_date': raw_user.get('JoinDate')\n            })\n\n        return group_dict['id'], group_dict\n\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/ram/password_policy.py",
    "content": "from ScoutSuite.providers.aliyun.resources.base import AliyunResources\nfrom ScoutSuite.providers.aliyun.facade.base import AliyunFacade\n\n\nclass PasswordPolicy(AliyunResources):\n    def __init__(self, facade: AliyunFacade):\n        super().__init__(facade)\n\n    async def fetch_all(self):\n        raw_password_policy = await self.facade.ram.get_password_policy()\n        password_policy = self._parse_password_policy(raw_password_policy)\n        self.update(password_policy)\n\n    def _parse_password_policy(self, raw_password_policy):\n        password_policy_dict = {\n            'minimum_password_length': raw_password_policy.get('MinimumPasswordLength'),\n            'hard_expiry': raw_password_policy.get('HardExpiry'),\n            'max_login_attempts': raw_password_policy.get('MaxLoginAttemps'),\n            'max_password_age': raw_password_policy.get('MaxPasswordAge'),\n            'password_reuse_prevention': raw_password_policy.get('PasswordReusePrevention'),\n            'require_uppercase_characters': raw_password_policy.get('RequireUppercaseCharacters'),\n            'require_lowercase_characters': raw_password_policy.get('RequireLowercaseCharacters'),\n            'require_numbers': raw_password_policy.get('RequireNumbers'),\n            'require_symbols': raw_password_policy.get('RequireSymbols'),\n        }\n\n        if password_policy_dict['password_reuse_prevention'] == 0:\n            password_policy_dict['password_reuse_prevention'] = False\n        else:\n            password_policy_dict['password_reuse_prevention'] = True\n            password_policy_dict['password_reuse_count'] = raw_password_policy.get('PasswordReusePrevention')\n\n        return password_policy_dict\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/ram/policies.py",
    "content": "from ScoutSuite.providers.aliyun.resources.base import AliyunResources\nfrom ScoutSuite.providers.aliyun.facade.base import AliyunFacade\nimport json\n\n\nclass Policies(AliyunResources):\n    def __init__(self, facade: AliyunFacade):\n        super().__init__(facade)\n\n    async def fetch_all(self):\n        for raw_policy in await self.facade.ram.get_policies():\n            id, policy = await self._parse_policy(raw_policy)\n            if id:\n                self[id] = policy\n\n    async def _parse_policy(self, raw_policy):\n        \"\"\"\n        Only processing policies with an\n        :param raw_policy:\n        :return:\n        \"\"\"\n        if raw_policy.get('AttachmentCount') > 0:\n            policy_dict = {}\n            policy_dict['id'] = policy_dict['name'] = raw_policy.get('PolicyName')\n            policy_dict['description'] = raw_policy.get('Description')\n            policy_dict['create_date'] = raw_policy.get('CreateDate')\n            policy_dict['update_date'] = raw_policy.get('UpdateDate')\n            policy_dict['attachment_count'] = raw_policy.get('AttachmentCount')\n            policy_dict['type'] = raw_policy.get('PolicyType')\n            policy_dict['default_version'] = raw_policy.get('DefaultVersion')\n\n            policy_version = await self.facade.ram.get_policy_version(policy_dict['name'],\n                                                                      policy_dict['type'],\n                                                                      policy_dict['default_version'])\n            policy_version['PolicyDocument'] = json.loads(policy_version['PolicyDocument'])\n            # policy_dict['policy_document'] = policy_version['PolicyDocument']\n            policy_dict['policy_document'] = policy_version\n\n            policy_entities = await self.facade.ram.get_policy_entities(policy_dict['name'],\n                                                                      policy_dict['type'])\n            policy_dict['entities'] = {}\n            if policy_entities['Users']['User']:\n                policy_dict['entities']['users'] = []\n                for user in policy_entities['Users']['User']:\n                    policy_dict['entities']['users'].append(user['UserName'])\n            if policy_entities['Groups']['Group']:\n                policy_dict['entities']['groups'] = []\n                for group in policy_entities['Groups']['Group']:\n                    policy_dict['entities']['groups'].append(group['GroupName'])\n            if policy_entities['Roles']['Role']:\n                policy_dict['entities']['roles'] = []\n                for role in policy_entities['Roles']['Role']:\n                    policy_dict['entities']['roles'].append(role['RoleName'])\n\n            return policy_dict['id'], policy_dict\n        else:\n            return None, None\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/ram/roles.py",
    "content": "from ScoutSuite.providers.aliyun.resources.base import AliyunResources\nfrom ScoutSuite.providers.aliyun.facade.base import AliyunFacade\n\n\nclass Roles(AliyunResources):\n    def __init__(self, facade: AliyunFacade):\n        super().__init__(facade)\n\n    async def fetch_all(self):\n        for raw_role in await self.facade.ram.get_roles():\n            id, role = await self._parse_role(raw_role)\n            self[id] = role\n\n    async def _parse_role(self, raw_role):\n        role_dict = {}\n        role_dict['identifier'] = raw_role.get('RoleId')  # required as groups use the name as an ID\n        role_dict['id'] = role_dict['name'] = raw_role.get('RoleName')\n        role_dict['create_date'] = raw_role.get('CreateDate')\n        role_dict['description'] = raw_role.get('Description')\n        role_dict['arn'] = raw_role.get('Arn')\n        return role_dict['id'], role_dict\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/ram/security_policy.py",
    "content": "from ScoutSuite.providers.aliyun.resources.base import AliyunResources\nfrom ScoutSuite.providers.aliyun.facade.base import AliyunFacade\n\n\nclass SecurityPolicy(AliyunResources):\n    def __init__(self, facade: AliyunFacade):\n        super().__init__(facade)\n\n    async def fetch_all(self):\n        raw_security_policy = await self.facade.ram.get_security_policy()\n        security_policy = self._parse_security_policy(raw_security_policy)\n        self.update(security_policy)\n\n    def _parse_security_policy(self, raw_security_policy):\n        security_policy_dict = {\n            'login_network_masks':\n                raw_security_policy.get('LoginProfilePreference', {}).get('LoginNetworkMasks'),\n            'login_session_duration':\n                raw_security_policy.get('LoginProfilePreference', {}).get('LoginSessionDuration'),\n            'enable_save_mfa_ticket':\n                raw_security_policy.get('LoginProfilePreference', {}).get('EnableSaveMFATicket'),\n            'allow_user_change_password':\n                raw_security_policy.get('LoginProfilePreference', {}).get('AllowUserToChangePassword'),\n            'allow_user_manage_access_keys':\n                raw_security_policy.get('AccessKeyPreference', {}).get('AllowUserToManageAccessKeys'),\n            'allow_user_manage_mfa_devices':\n                raw_security_policy.get('MFAPreference', {}).get('AllowUserToManageMFADevices'),\n            'allow_user_manage_public_keys':\n                raw_security_policy.get('PublicKeyPreference', {}).get('AllowUserToManagePublicKeys'),\n        }\n\n        if security_policy_dict['login_network_masks'] == '':\n            security_policy_dict['login_network_masks'] = None\n\n        return security_policy_dict\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/ram/users.py",
    "content": "from ScoutSuite.providers.aliyun.resources.base import AliyunCompositeResources\n\nfrom .api_keys import ApiKeys\n\n\nclass Users(AliyunCompositeResources):\n    _children = [\n        (ApiKeys, 'api_keys')\n    ]\n\n    async def fetch_all(self):\n        for raw_user in await self.facade.ram.get_users():\n            id, user = await self._parse_user(raw_user)\n            self[id] = user\n\n        await self._fetch_children_of_all_resources(\n            resources=self,\n            scopes={user_id: {'user': user}\n                    for user_id, user in self.items()}\n        )\n\n    async def _parse_user(self, raw_user):\n        user = {}\n        user['identifier'] = raw_user['UserId']  # required as groups use the name as an ID\n        user['id'] = user['name'] = raw_user['UserName']\n        user['display_name'] = raw_user['DisplayName']\n        user['comments'] = raw_user['Comments']\n        user['creation_datetime'] = raw_user['CreateDate']\n        user['update_datetime'] = raw_user['CreateDate']\n        user['creation_date'] = raw_user['CreateDate']\n\n        # get additional details for the user\n        user_details = await self.facade.ram.get_user_details(user['name'])\n        user['email'] = user_details.get('Email')\n        user['mobile_phone'] = user_details.get('MobilePhone')\n        user['last_login_datetime'] = user_details.get('LastLoginDate') if user_details.get('LastLoginDate') != '' else None\n\n        user['console_access'] = True if user_details.get('LastLoginDate') else False  # TODO this isn't valid\n\n        # get the MFA status for the user\n        mfa_enabled, mfa_serial_number = await self.facade.ram.get_user_mfa_status(user['name'])\n        user['mfa_status'] = mfa_enabled\n        user['mfa_serial_number'] = mfa_serial_number\n\n        return user['id'], user\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/rds/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/rds/base.py",
    "content": "from ScoutSuite.providers.aliyun.resources.regions import Regions\nfrom ScoutSuite.providers.aliyun.resources.rds.instances import Instances\nfrom ScoutSuite.providers.aliyun.facade.base import AliyunFacade\n\n\nclass RDS(Regions):\n    _children = [\n        (Instances, 'instances')\n    ]\n\n    def __init__(self, facade: AliyunFacade):\n        super().__init__('rds', facade)\n\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/rds/instances.py",
    "content": "from ScoutSuite.providers.aliyun.resources.base import AliyunResources\nfrom ScoutSuite.providers.aliyun.facade.base import AliyunFacade\n\n\nclass Instances(AliyunResources):\n    def __init__(self, facade: AliyunFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        for raw_instance in await self.facade.rds.get_instances(region=self.region):\n            id, instance = await self._parse_instance(raw_instance)\n            self[id] = instance\n\n    async def _parse_instance(self, raw_instance):\n        instance_dict = {}\n\n        instance_dict['id'] = raw_instance.get('DBInstanceId')\n        instance_dict['name'] = raw_instance.get('DBInstanceDescription', raw_instance.get('DBInstanceId'))\n        instance_dict['create_time'] = raw_instance.get('CreateTime')\n        instance_dict['expire_time'] = raw_instance.get('ExpireTime')\n        instance_dict['ins_id'] = raw_instance.get('InsId')\n        instance_dict['lock_mode'] = raw_instance.get('LockMode')\n        instance_dict['db_instance_net_type'] = raw_instance.get('DBInstanceNetType')\n        instance_dict['read_only_db_instance_ids'] = raw_instance.get('ReadOnlyDBInstanceIds')\n        instance_dict['lock_reason'] = raw_instance.get('LockReason')\n        instance_dict['engine'] = raw_instance.get('Engine')\n        instance_dict['vpc_id'] = raw_instance.get('VpcId')\n        instance_dict['mutri_o_rsignle'] = raw_instance.get('MutriORsignle')\n        instance_dict['connection_mode'] = raw_instance.get('ConnectionMode')\n        instance_dict['region_id'] = raw_instance.get('RegionId')\n        instance_dict['resource_group_id'] = raw_instance.get('ResourceGroupId')\n        instance_dict['vswitch_id'] = raw_instance.get('VSwitchId')\n        instance_dict['instance_network_type'] = raw_instance.get('InstanceNetworkType')\n        instance_dict['db_instance_type'] = raw_instance.get('DBInstanceType')\n        instance_dict['db_instance_status'] = raw_instance.get('DBInstanceStatus')\n        instance_dict['zone_id'] = raw_instance.get('ZoneId')\n        instance_dict['engine_version'] = raw_instance.get('EngineVersion')\n        instance_dict['vpc_cloud_instance_id'] = raw_instance.get('VpcCloudInstanceId')\n        instance_dict['pay_type'] = raw_instance.get('PayType')\n        instance_dict['db_instance_class'] = raw_instance.get('DBInstanceClass')\n\n        return instance_dict['id'], instance_dict\n\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/regions.py",
    "content": "import abc\n\nfrom ScoutSuite.providers.aliyun.resources.base import AliyunCompositeResources\nfrom ScoutSuite.providers.aliyun.facade.base import AliyunFacade\n\n\nclass Regions(AliyunCompositeResources, metaclass=abc.ABCMeta):\n    def __init__(self, service: str, facade: AliyunFacade):\n        super().__init__(facade)\n        self.service = service\n\n    async def fetch_all(self, regions=None):\n        self['regions'] = {}\n        for region in await self.facade.build_region_list(self.service, regions):\n            self['regions'][region] = {\n                'id': region,\n                'region': region,\n                'name': region\n            }\n\n        await self._fetch_children_of_all_resources(\n            resources=self['regions'],\n            scopes={region: {'region': region} for region in self['regions']}\n        )\n\n        self._set_counts()\n\n    def _set_counts(self):\n        self['regions_count'] = len(self['regions'])\n        for _, key in self._children:\n            # VPCs should not be counted as resources. They exist whether you have resources or not,\n            # so counting them would make the report confusing.\n            if key == 'vpcs':\n                continue\n\n            self[key + '_count'] = sum([region[key + '_count'] for\n                                        region in self['regions'].values()])\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/vpc/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/vpc/base.py",
    "content": "from ScoutSuite.providers.aliyun.resources.regions import Regions\nfrom ScoutSuite.providers.aliyun.resources.vpc.vpcs import VPCs\nfrom ScoutSuite.providers.aliyun.facade.base import AliyunFacade\n\n\nclass VPC(Regions):\n    _children = [\n        (VPCs, 'vpcs')\n    ]\n\n    def __init__(self, facade: AliyunFacade):\n        super().__init__('vpc', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/resources/vpc/vpcs.py",
    "content": "from ScoutSuite.providers.aliyun.resources.base import AliyunResources\nfrom ScoutSuite.providers.aliyun.facade.base import AliyunFacade\n\n\nclass VPCs(AliyunResources):\n    def __init__(self, facade: AliyunFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        for raw_vpc in await self.facade.vpc.get_vpcs(region=self.region):\n            id, vpc = self._parse_vpcs(raw_vpc)\n            self[id] = vpc\n\n    def _parse_vpcs(self, raw_vpc):\n        vpc_dict = {}\n        vpc_dict['id'] = raw_vpc.get('VpcId')\n\n        if raw_vpc.get('VpcName') == '':\n            vpc_dict['name'] = raw_vpc.get('VpcId')\n        else:\n            vpc_dict['name'] = raw_vpc.get('VpcName')\n\n        vpc_dict['vrouter_id'] = raw_vpc.get('VRouterId')\n        vpc_dict['vswitch_ids'] = raw_vpc.get('VSwitchIds')\n        vpc_dict['description'] = raw_vpc.get('Description')\n        vpc_dict['status'] = raw_vpc.get('Status')\n        vpc_dict['nat_gateway_ids'] = raw_vpc.get('NatGatewayIds')\n        vpc_dict['user_cidrs'] = raw_vpc.get('UserCidrs')\n        vpc_dict['ipv6_cidr_block'] = raw_vpc.get('Ipv6CidrBlock')\n        vpc_dict['region_id'] = raw_vpc.get('RegionId')\n        vpc_dict['network_acl_num'] = raw_vpc.get('NetworkAclNum')\n        vpc_dict['creation_time'] = raw_vpc.get('CreationTime')\n        vpc_dict['router_table_ids'] = raw_vpc.get('RouterTableIds')\n        vpc_dict['resource_group_id'] = raw_vpc.get('ResourceGroupId')\n        vpc_dict['cen_status'] = raw_vpc.get('CenStatus')\n        vpc_dict['cidr_block'] = raw_vpc.get('CidrBlock')\n        vpc_dict['is_default'] = raw_vpc.get('IsDefault')\n\n        return vpc_dict['id'], vpc_dict\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/findings/actiontrail-not-configured.json",
    "content": "{\n    \"description\": \"Not Configured\",\n    \"rationale\": \"No trail is configured, which means that API activity is not being logged.\",\n    \"dashboard_name\": \"Trails\",\n    \"path\": \"actiontrail.trails\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"actiontrail.trails\",\n            \"empty\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/findings/actiontrail-not-enabled.json",
    "content": "{\n    \"description\": \"Not Enabled\",\n    \"rationale\": \"No trail is enabled, which means that API activity is not being logged.\",\n    \"dashboard_name\": \"Trails\",\n    \"path\": \"actiontrail.trails.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"actiontrail.trails.id.status\",\n            \"notEqual\",\n            \"Enable\"\n        ]\n    ],\n    \"id_suffix\": \"status\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/findings/ecs-instance-with-deletion-protection-disabled.json",
    "content": "{\n    \"description\": \"Instance without Deletion Protection\",\n    \"rationale\": \"It is good practice to enable this feature on production instances, to ensure that they may not be deleted by accident.\",\n    \"dashboard_name\": \"Instances\",\n    \"display_path\": \"ecs.regions.id.instances.id\",\n    \"path\": \"ecs.regions.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"ecs.regions.id.instances.id.deletion_protection\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"deletion_protection\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/findings/ecs-instance-with-public-ip.json",
    "content": "{\n    \"description\": \"Instance with a Public IP\",\n    \"rationale\": \"It is good practice to maintain a list of known, publicly accessible instances and flag all other instances that meet this criteria.\",\n    \"dashboard_name\": \"Instances\",\n    \"display_path\": \"ecs.regions.id.instances.id\",\n    \"path\": \"ecs.regions.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"ecs.regions.id.instances.id.public_ip_address\",\n            \"notNull\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"public_ip_address\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/findings/kms-no-key-rotation.json",
    "content": "{\n    \"description\": \"KMS Keys Are Not Being Rotated\",\n    \"rationale\": \"Keys should be routinely rotated to prevent usage of compromised keys.\",\n    \"dashboard_name\": \"Keys\",\n    \"display_path\": \"kms.regions.id.keys.id\",\n    \"path\": \"kms.regions.id.keys.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kms.regions.id.keys.id.state\",\n            \"equal\",\n            \"Enabled\"\n        ],\n        [\n            \"kms.regions.id.keys.id.creation_date\",\n            \"olderThan\",\n            [\n                \"_ARG_0_\",\n                \"days\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"creation_date\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-expiration-threshold.json",
    "content": "{\n    \"description\": \"Passwords Should Expire after _ARG_0_ Days\",\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"ram.password_policy.max_password_age\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"moreThan\",\n            \"_ARG_0_\"\n        ],\n        [\n            \"this\",\n            \"equal\",\n            \"0\"\n        ]\n    ],\n    \"arg_names\": [\n        \"Maximum password age\"\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-minimum-length.json",
    "content": "{\n    \"description\": \"Minimum Password Length Too Short\",\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"ram.password_policy.minimum_password_length\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"lessThan\",\n            \"_ARG_0_\"\n        ]\n    ],\n    \"arg_names\": [\n        \"Minimum password length\"\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-expiration.json",
    "content": "{\n    \"description\": \"Password Expiration Disabled\",\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"ram.password_policy.max_password_age\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"equal\",\n            \"0\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-lowercase-required.json",
    "content": "{\n    \"description\": \"Password Policy Lacks Lowercase Requirement\",\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"ram.password_policy.require_lowercase_characters\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-number-required.json",
    "content": "{\n    \"description\": \"Password Policy Lacks Number Requirement\",\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"ram.password_policy.require_numbers\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-symbol-required.json",
    "content": "{\n    \"description\": \"Password Policy Lacks Symbol Requirement\",\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"ram.password_policy.require_symbols\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-no-uppercase-required.json",
    "content": "{\n    \"description\": \"Password Policy Lacks Uppercase Requirement\",\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"ram.password_policy.require_uppercase_characters\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/findings/ram-password-policy-reuse-enabled.json",
    "content": "{\n    \"description\": \"Password Reuse Enabled\",\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"ram.password_policy.password_reuse_prevention\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/findings/ram-user-lacking-mfa.json",
    "content": "{\n    \"description\": \"User with Console Access Lacking MFA\",\n    \"rationale\": \"User with console access should have multi-factor authentication (MFA) enabled\",\n    \"dashboard_name\": \"Users\",\n    \"path\": \"ram.users.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"ram.users.id.console_access\",\n            \"true\",\n            \"\"\n        ],\n        [\n            \"ram.users.id.mfa_status\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"mfa_secure\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/findings/ram-user-unused-api-key.json",
    "content": "{\n    \"description\": \"User with Unused API Keys\",\n    \"rationale\": \"\",\n    \"dashboard_name\": \"Users\",\n    \"path\": \"ram.users.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"ram.users.id.api_keys.id.\",\n            \"lengthMoreThan\",\n            \"1\"\n        ]\n    ],\n    \"id_suffix\": \"multiple_api_keys\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/findings/ram-user-unused-console-password.json",
    "content": "{\n    \"description\": \"User with Unused Console Password\",\n    \"rationale\": \"\",\n    \"dashboard_name\": \"Users\",\n    \"path\": \"ram.users.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"ram.users.id.api_keys.id.\",\n            \"lengthMoreThan\",\n            \"1\"\n        ]\n    ],\n    \"id_suffix\": \"multiple_api_keys\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/findings/ram-user-with-multiple-api-keys.json",
    "content": "{\n    \"description\": \"User with Multiple API Keys\",\n    \"rationale\": \"It is recommended for users to only have one access key.\",\n    \"dashboard_name\": \"Users\",\n    \"path\": \"ram.users.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"ram.users.id.api_keys\",\n            \"lengthMoreThan\",\n            \"1\"\n        ]\n    ],\n    \"id_suffix\": \"multiple_api_keys\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/findings/ram-user-with-old-api-key.json",
    "content": "{\n    \"description\": \"User with Old API Keys\",\n    \"rationale\": \"\",\n    \"dashboard_name\": \"Users\",\n    \"path\": \"ram.users.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"ram.users.id.api_keys.id.\",\n            \"lengthMoreThan\",\n            \"1\"\n        ]\n    ],\n    \"id_suffix\": \"multiple_api_keys\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/rulesets/default.json",
    "content": "{\n    \"about\": \"Default ruleset for Alibaba Cloud.\",\n    \"rules\": {\n        \"actiontrail-not-configured.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"actiontrail-not-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ecs-instance-with-deletion-protection-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ecs-instance-with-public-ip.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kms-no-key-rotation.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ram-password-policy-expiration-threshold.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ram-password-policy-minimum-length.json\": [\n            {\n                \"args\": [\n                    \"8\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ram-password-policy-no-expiration.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ram-password-policy-no-lowercase-required.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ram-password-policy-no-number-required.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ram-password-policy-no-symbol-required.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ram-password-policy-no-uppercase-required.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ram-password-policy-reuse-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ram-user-lacking-mfa.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ram-user-unused-api-key.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ram-user-unused-console-password.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ram-user-with-multiple-api-keys.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ram-user-with-old-api-key.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"warning\"\n            }\n        ]\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/rules/rulesets/filters.json",
    "content": "{\n    \"about\": \"Default set of filters for Scout\",\n    \"rules\": {}\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/services.py",
    "content": "from ScoutSuite.providers.aliyun.facade.base import AliyunFacade\nfrom ScoutSuite.providers.base.services import BaseServicesConfig\nfrom ScoutSuite.providers.aliyun.resources.ram.base import RAM\nfrom ScoutSuite.providers.aliyun.resources.actiontrail.base import ActionTrail\nfrom ScoutSuite.providers.aliyun.resources.vpc.base import VPC\nfrom ScoutSuite.providers.aliyun.resources.ecs.base import ECS\nfrom ScoutSuite.providers.aliyun.resources.rds.base import RDS\nfrom ScoutSuite.providers.aliyun.resources.kms.base import KMS\nfrom ScoutSuite.providers.aliyun.resources.oss.base import OSS\n\n\n\nclass AliyunServicesConfig(BaseServicesConfig):\n    def __init__(self, credentials, **kwargs):\n        super().__init__(credentials)\n\n        facade = AliyunFacade(credentials)\n\n        self.actiontrail = ActionTrail(facade)\n        self.ram = RAM(facade)\n        self.ecs = ECS(facade)\n        self.rds = RDS(facade)\n        self.vpc = VPC(facade)\n        self.kms = KMS(facade)\n        self.oss = OSS(facade)\n\n    def _is_provider(self, provider_name):\n        return provider_name == 'aliyun'\n"
  },
  {
    "path": "ScoutSuite/providers/aliyun/utils.py",
    "content": "import oss2\nfrom aliyunsdkcore.client import AcsClient\n\nfrom ScoutSuite.core.console import print_exception\n\n\ndef get_client(credentials, region=None):\n    try:\n        client = AcsClient(credential=credentials.credentials, region_id=region if region else 'cn-hangzhou')\n        return client\n\n    except Exception as e:\n        print_exception(e)\n        return None\n\n\ndef get_oss_client(credentials, region=None):\n    try:\n        auth = oss2.Auth(credentials.credentials.access_key_id, credentials.credentials.access_key_secret)\n        client = oss2.Service(auth,\n                              endpoint=f'oss-{region}.aliyuncs.com' if region\n                              else 'oss-cn-hangzhou.aliyuncs.com')\n        return client\n\n    except Exception as e:\n        print_exception(e)\n        return None\n"
  },
  {
    "path": "ScoutSuite/providers/aws/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/authentication_strategy.py",
    "content": "import boto3\nimport logging\n\nfrom ScoutSuite import __version__\nfrom ScoutSuite.providers.aws.utils import get_caller_identity\nfrom ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy, AuthenticationException\n\n\nclass AWSCredentials:\n\n    def __init__(self, session):\n        self.session = session\n\n\nclass AWSAuthenticationStrategy(AuthenticationStrategy):\n    \"\"\"\n    Implements authentication for the AWS provider\n    \"\"\"\n\n    def authenticate(self,\n                     profile=None,\n                     aws_access_key_id=None, aws_secret_access_key=None, aws_session_token=None,\n                     **kwargs):\n\n        try:\n\n            # Set logging level to error for libraries as otherwise generates a lot of warnings\n            logging.getLogger('botocore').setLevel(logging.ERROR)\n            logging.getLogger('botocore.auth').setLevel(logging.ERROR)\n            logging.getLogger('urllib3').setLevel(logging.ERROR)\n\n            if profile:\n                session = boto3.Session(profile_name=profile)\n            elif aws_access_key_id and aws_secret_access_key:\n                if aws_session_token:\n                    session = boto3.Session(\n                        aws_access_key_id=aws_access_key_id,\n                        aws_secret_access_key=aws_secret_access_key,\n                        aws_session_token=aws_session_token,\n                    )\n                else:\n                    session = boto3.Session(\n                        aws_access_key_id=aws_access_key_id,\n                        aws_secret_access_key=aws_secret_access_key,\n                    )\n            else:\n                session = boto3.Session()\n\n            # Test querying for current user\n            get_caller_identity(session)\n\n            # Set custom user agent\n            session._session.user_agent_name = 'Scout Suite'\n            session._session.user_agent_extra = 'Scout Suite/{} (https://github.com/nccgroup/ScoutSuite)'.format(__version__)\n            session._session.user_agent_version = __version__\n\n            return AWSCredentials(session=session)\n\n        except Exception as e:\n            raise AuthenticationException(e)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/facade/acm.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.utils import map_concurrently, run_concurrently\n\n\nclass AcmFacade(AWSBaseFacade):\n    async def get_certificates(self, region):\n        try:\n            cert_list = await AWSFacadeUtils.get_all_pages('acm', region, self.session, 'list_certificates', 'CertificateSummaryList')\n            cert_arns = [cert['CertificateArn'] for cert in cert_list]\n        except Exception as e:\n            print_exception(f'Failed to get acm certificates: {e}')\n            return []\n        else:\n            return await map_concurrently(self._get_certificate, cert_arns, region=region)\n\n    async def _get_certificate(self, cert_arn: str, region: str):\n        client = AWSFacadeUtils.get_client('acm', self.session, region)\n        try:\n            return await run_concurrently(lambda: client.describe_certificate(CertificateArn=cert_arn)['Certificate'])\n        except Exception as e:\n            print_exception(f'Failed to describe acm certificate: {e}')\n            raise\n\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/awslambda.py",
    "content": "import json\n\nfrom ScoutSuite.core.console import print_exception, print_warning\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\n\n\nclass LambdaFacade(AWSBaseFacade):\n    async def get_functions(self, region):\n        try:\n            return await AWSFacadeUtils.get_all_pages('lambda', region, self.session, 'list_functions', 'Functions')\n        except Exception as e:\n            print_exception(f'Failed to get Lambda functions: {e}')\n            return []\n\n    async def get_access_policy(self, function_name, region):\n        client = AWSFacadeUtils.get_client('lambda', self.session, region)\n        try:\n            policy = client.get_policy(FunctionName=function_name)\n            if policy is not None and 'Policy' in policy:\n                return json.loads(policy['Policy'])\n        except Exception as e:\n            # If there's no policy, it will return this exception. Hence why we ignore.\n            if \"ResourceNotFoundException\" not in str(e):\n                print_exception('Failed to get Lambda access policy: {}'.format(e))\n            return None\n\n    async def get_role_with_managed_policies(self, role_name):\n        client = AWSFacadeUtils.get_client('iam', self.session)\n        try:\n            role = client.get_role(RoleName=role_name)['Role']\n            managed_policies = client.list_attached_role_policies(RoleName=role_name)['AttachedPolicies']\n            for policy in managed_policies:\n                policy_version = client.get_policy(PolicyArn=policy['PolicyArn'])\n                if 'Policy' in policy_version and 'DefaultVersionId' in policy_version['Policy']:\n                    policy_version = policy_version['Policy']['DefaultVersionId']\n                    document = client.get_policy_version(PolicyArn=policy['PolicyArn'], VersionId=policy_version)\n                    if 'PolicyVersion' in document and 'Document' in document['PolicyVersion']:\n                        policy['Document'] = document['PolicyVersion']['Document']\n            role['policies'] = managed_policies\n            return role\n        except Exception as e:\n            if 'NoSuchEntity' in str(e):\n                print_warning(f'Failed to get role from managed policies: {e}')\n            else:\n                print_exception(f'Failed to get role from managed policies: {e}')\n            return None\n\n    async def get_env_variables(self, function_name, region):\n        client = AWSFacadeUtils.get_client('lambda', self.session, region)\n        try:\n            function_configuration = client.get_function_configuration(FunctionName=function_name)\n            if \"Environment\" in function_configuration and \"Variables\" in function_configuration[\"Environment\"]:\n                return function_configuration[\"Environment\"][\"Variables\"]\n        except Exception as e:\n            if 'ResourceNotFoundException' in str(e):\n                print_warning('Failed to get Lambda function configuration: {}'.format(e))\n            else:\n                print_exception('Failed to get Lambda function configuration: {}'.format(e))\n        return []\n\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/base.py",
    "content": "from boto3.session import Session\n\nfrom ScoutSuite.providers.aws.facade.acm import AcmFacade\nfrom ScoutSuite.providers.aws.facade.awslambda import LambdaFacade\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.cloudformation import CloudFormation\nfrom ScoutSuite.providers.aws.facade.cloudtrail import CloudTrailFacade\nfrom ScoutSuite.providers.aws.facade.cloudwatch import CloudWatch\nfrom ScoutSuite.providers.aws.facade.cloudfront import CloudFront\nfrom ScoutSuite.providers.aws.facade.codebuild import CodeBuild\nfrom ScoutSuite.providers.aws.facade.config import ConfigFacade\nfrom ScoutSuite.providers.aws.facade.directconnect import DirectConnectFacade\nfrom ScoutSuite.providers.aws.facade.dynamodb import DynamoDBFacade\nfrom ScoutSuite.providers.aws.facade.ec2 import EC2Facade\nfrom ScoutSuite.providers.aws.facade.efs import EFSFacade\nfrom ScoutSuite.providers.aws.facade.elasticache import ElastiCacheFacade\nfrom ScoutSuite.providers.aws.facade.elb import ELBFacade\nfrom ScoutSuite.providers.aws.facade.elbv2 import ELBv2Facade\nfrom ScoutSuite.providers.aws.facade.emr import EMRFacade\nfrom ScoutSuite.providers.aws.facade.iam import IAMFacade\nfrom ScoutSuite.providers.aws.facade.kms import KMSFacade\nfrom ScoutSuite.providers.aws.facade.rds import RDSFacade\nfrom ScoutSuite.providers.aws.facade.redshift import RedshiftFacade\nfrom ScoutSuite.providers.aws.facade.route53 import Route53Facade\nfrom ScoutSuite.providers.aws.facade.s3 import S3Facade\nfrom ScoutSuite.providers.aws.facade.ses import SESFacade\nfrom ScoutSuite.providers.aws.facade.sns import SNSFacade\nfrom ScoutSuite.providers.aws.facade.sqs import SQSFacade\nfrom ScoutSuite.providers.aws.facade.secretsmanager import SecretsManagerFacade\nfrom ScoutSuite.providers.aws.utils import get_aws_account_id, get_partition_name\nfrom ScoutSuite.providers.utils import run_concurrently\n\nfrom ScoutSuite.core.conditions import print_error\n\n# Try to import proprietary facades\ntry:\n    from ScoutSuite.providers.aws.facade.cognito_private import CognitoFacade\nexcept ImportError:\n    pass\ntry:\n    from ScoutSuite.providers.aws.facade.docdb_private import DocDBFacade\nexcept ImportError:\n    pass\ntry:\n    from ScoutSuite.providers.aws.facade.ecs_private import ECSFacade\nexcept ImportError:\n    pass\ntry:\n    from ScoutSuite.providers.aws.facade.ecr_private import ECRFacade\nexcept ImportError:\n    pass\ntry:\n    from ScoutSuite.providers.aws.facade.eks_private import EKSFacade\nexcept ImportError:\n    pass\ntry:\n    from ScoutSuite.providers.aws.facade.guardduty_private import GuardDutyFacade\nexcept ImportError:\n    pass\ntry:\n    from ScoutSuite.providers.aws.facade.ssm_private import SSMFacade\nexcept ImportError:\n    pass\n\n\nclass AWSFacade(AWSBaseFacade):\n    def __init__(self, credentials=None):\n        super().__init__()\n        self.owner_id = get_aws_account_id(credentials.session)\n        self.partition = get_partition_name(credentials.session)\n        self.session = credentials.session\n        self._instantiate_facades()\n\n    async def build_region_list(self, service: str, chosen_regions=None, excluded_regions=None, partition_name='aws'):\n\n        available_services = None\n        try:\n            available_services = await run_concurrently(\n                lambda: Session(region_name='us-east-1').get_available_services())\n        except Exception as e:\n            # see https://github.com/nccgroup/ScoutSuite/issues/548\n            # If failed with the us-east-1 region, we'll try to use the region from the profile\n            try:\n                available_services = await run_concurrently(\n                    lambda: Session(region_name=self.session.region_name).get_available_services())\n            except Exception as e:\n                # see https://github.com/nccgroup/ScoutSuite/issues/685\n                # If above failed, and regions were explicitly specified, will try with those until one works\n                if chosen_regions:\n                    for region in chosen_regions:\n                        try:\n                            available_services = await run_concurrently(\n                                lambda: Session(region_name=region).get_available_services())\n                            break\n                        except Exception as e:\n                            exception = e\n                    if not available_services:\n                        raise exception\n                else:\n                    raise e\n\n        if service not in available_services:\n            # the cognito service is a composition of two boto3 services\n            if service == \"cognito\":\n                if \"cognito-idp\" not in available_services:\n                    raise Exception('Service cognito-idp is not available.')\n                elif \"cognito-identity\" not in available_services:\n                    raise Exception('Service cognito-identity is not available.')\n            else:\n                raise Exception('Service ' + service + ' is not available.')\n\n        regions = None\n        try:\n            # the cognito service is a composition of two boto3 services\n            if service != \"cognito\":\n                regions = await run_concurrently(\n                    lambda: Session(region_name='us-east-1').get_available_regions(service,\n                                                                                   partition_name))\n            else:\n                idp_regions = await run_concurrently(\n                    lambda: Session(region_name='us-east-1').get_available_regions(\"cognito-idp\",\n                                                                                   partition_name))\n                identity_regions = await run_concurrently(\n                    lambda: Session(region_name='us-east-1').get_available_regions(\"cognito-identity\",\n                                                                                   partition_name))\n                regions = [value for value in idp_regions if value in identity_regions]\n        except Exception as e:\n            # see https://github.com/nccgroup/ScoutSuite/issues/548\n            # If failed with the us-east-1 region, we'll try to use the region from the profile\n            try:\n                # the cognito service is a composition of two boto3 services\n                if service != \"cognito\":\n                    regions = await run_concurrently(\n                        lambda: Session(region_name=self.session.region_name).get_available_regions(service,\n                                                                                                    partition_name))\n                else:\n                    idp_regions = await run_concurrently(\n                        lambda: Session(region_name=self.session.region_name).get_available_regions(\"cognito-idp\",\n                                                                                                    partition_name))\n                    identity_regions = await run_concurrently(\n                        lambda: Session(region_name=self.session.region_name).get_available_regions(\"cognito-identity\",\n                                                                                                    partition_name))\n                    regions = [value for value in idp_regions if value in identity_regions]\n            except Exception as e:\n                # see https://github.com/nccgroup/ScoutSuite/issues/685\n                # If above failed, and regions were explicitly specified, will try with those until one works\n                if chosen_regions:\n                    for region in chosen_regions:\n                        try:\n                            # the cognito service is a composition of two boto3 services\n                            if service != \"cognito\":\n                                regions = await run_concurrently(\n                                    lambda: Session(region_name=region).get_available_regions(service,\n                                                                                              partition_name))\n                            else:\n                                idp_regions = await run_concurrently(\n                                    lambda: Session(region_name=region).get_available_regions(\n                                        \"cognito-idp\",\n                                        partition_name))\n                                identity_regions = await run_concurrently(\n                                    lambda: Session(region_name=region).get_available_regions(\n                                        \"cognito-identity\",\n                                        partition_name))\n                                regions = [value for value in idp_regions if value in identity_regions]\n                            break\n                        except Exception as e:\n                            exception = e\n                    if not regions:\n                        raise exception\n                else:\n                    raise e\n\n        if not regions:\n            # Could be an instance of https://github.com/boto/boto3/issues/1662\n            if service == 'eks':  # TODO fix when the issue is resolved\n                regions = ['ap-east-1',\n                           'ap-northeast-1',\n                           'ap-northeast-2',\n                           'ap-south-1',\n                           'ap-southeast-1',\n                           'ap-southeast-2',\n                           'ca-central-1',\n                           'eu-central-1',\n                           'eu-north-1',\n                           'eu-west-1',\n                           'eu-west-2',\n                           'eu-west-3',\n                           'me-south-1',\n                           'sa-east-1',\n                           'us-east-1',\n                           'us-east-2',\n                           # 'us-west-1',\n                           'us-west-2']\n            else:\n                print_error('\"get_available_regions\" returned an empty array for service \"{}\", '\n                            'something is wrong'.format(service))\n\n        # identify regions that are not opted-in\n        ec2_not_opted_in_regions = None\n        try:\n            ec2_not_opted_in_regions = self.session.client('ec2', 'us-east-1') \\\n                .describe_regions(AllRegions=True, Filters=[{'Name': 'opt-in-status', 'Values': ['not-opted-in']}])\n        except Exception as e:\n            # see https://github.com/nccgroup/ScoutSuite/issues/548\n            # If failed with the us-east-1 region, we'll try to use the region from the profile\n            try:\n                ec2_not_opted_in_regions = \\\n                    self.session.client('ec2', self.session.region_name). \\\n                        describe_regions(AllRegions=True,\n                                         Filters=[{'Name': 'opt-in-status',\n                                                   'Values': ['not-opted-in']}])\n            except Exception as e:\n                # see https://github.com/nccgroup/ScoutSuite/issues/685\n                # If above failed, and regions were explicitly specified, will try with those until\n                # one works\n                if chosen_regions:\n                    for region in chosen_regions:\n                        try:\n                            ec2_not_opted_in_regions = self.session.client('ec2', region).describe_regions(\n                                AllRegions=True,\n                                Filters=[{'Name': 'opt-in-status',\n                                          'Values': ['not-opted-in']}])\n                            break\n                        except Exception as e:\n                            exception = e\n                    if not ec2_not_opted_in_regions:\n                        raise exception\n                else:\n                    raise e\n\n        not_opted_in_regions = []\n        if ec2_not_opted_in_regions['Regions']:\n            for r in ec2_not_opted_in_regions['Regions']:\n                not_opted_in_regions.append(r['RegionName'])\n\n        # include specific regions\n        if chosen_regions:\n            regions = [r for r in regions if r in chosen_regions]\n        # exclude specific regions\n        if excluded_regions:\n            regions = [r for r in regions if r not in excluded_regions]\n        # exclude not opted in regions\n        if not_opted_in_regions:\n            regions = [r for r in regions if r not in not_opted_in_regions]\n\n        return regions\n\n    def _instantiate_facades(self):\n        self.ec2 = EC2Facade(self.session, self.owner_id)\n        self.acm = AcmFacade(self.session)\n        self.awslambda = LambdaFacade(self.session)\n        self.cloudformation = CloudFormation(self.session)\n        self.cloudtrail = CloudTrailFacade(self.session)\n        self.cloudwatch = CloudWatch(self.session)\n        self.config = ConfigFacade(self.session)\n        self.directconnect = DirectConnectFacade(self.session)\n        self.dynamodb = DynamoDBFacade(self.session)\n        self.efs = EFSFacade(self.session)\n        self.elasticache = ElastiCacheFacade(self.session)\n        self.route53 = Route53Facade(self.session)\n        self.cloudfront = CloudFront(self.session)\n        self.codebuild = CodeBuild(self.session)\n        self.elb = ELBFacade(self.session)\n        self.elbv2 = ELBv2Facade(self.session)\n        self.iam = IAMFacade(self.session)\n        self.kms = KMSFacade(self.session)\n        self.rds = RDSFacade(self.session)\n        self.redshift = RedshiftFacade(self.session)\n        self.s3 = S3Facade(self.session)\n        self.ses = SESFacade(self.session)\n        self.sns = SNSFacade(self.session)\n        self.sqs = SQSFacade(self.session)\n        self.secretsmanager = SecretsManagerFacade(self.session)\n        self.emr = EMRFacade(self.session)\n\n        # Instantiate facades for proprietary services\n        try:\n            self.cognito = CognitoFacade(self.session)\n        except NameError:\n            pass\n        try:\n            self.docdb = DocDBFacade(self.session)\n        except NameError:\n            pass\n        try:\n            self.ecs = ECSFacade(self.session)\n        except NameError:\n            pass\n        try:\n            self.ecr = ECRFacade(self.session)\n        except NameError:\n            pass\n        try:\n            self.eks = EKSFacade(self.session)\n        except NameError:\n            pass\n        try:\n            self.guardduty = GuardDutyFacade(self.session)\n        except NameError:\n            pass\n        try:\n            self.ssm = SSMFacade(self.session)\n        except NameError:\n            pass\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/basefacade.py",
    "content": "import boto3\n\n\nclass AWSBaseFacade:\n    def __init__(self, session: boto3.session.Session = None):\n        self.session = session\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/cloudformation.py",
    "content": "import json\n\nfrom ScoutSuite.core.console import print_exception, print_warning\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.utils import get_and_set_concurrently\nfrom ScoutSuite.providers.utils import run_concurrently\n\n\nclass CloudFormation(AWSBaseFacade):\n\n    async def get_stacks(self, region: str):\n        try:\n            stacks = await AWSFacadeUtils.get_all_pages(\n                'cloudformation', region, self.session, 'list_stacks', 'StackSummaries')\n        except Exception as e:\n            print_exception(f'Failed to get CloudFormation stack: {e}')\n            stacks = []\n        else:\n            stacks = [stack for stack in stacks if not CloudFormation._is_stack_deleted(stack)]\n            await get_and_set_concurrently(\n                [self._get_and_set_description, self._get_and_set_template, self._get_and_set_policy, self._get_stack_notifications],\n                stacks, region=region)\n        finally:\n            return stacks\n\n    async def _get_and_set_description(self, stack: {}, region: str):\n        client = AWSFacadeUtils.get_client('cloudformation', self.session, region)\n        try:\n            stack_description = await run_concurrently(\n                lambda: client.describe_stacks(StackName=stack['StackName'])['Stacks'][0])\n        except Exception as e:\n            if 'does not exist' in str(e):\n                print_warning(f'Failed to describe CloudFormation stack: {e}')\n            else:\n                print_exception(f'Failed to describe CloudFormation stack: {e}')\n        else:\n            stack.update(stack_description)\n\n    async def _get_and_set_template(self, stack: {}, region: str):\n        client = AWSFacadeUtils.get_client('cloudformation', self.session, region)\n        try:\n            stack['template'] = await run_concurrently(\n                lambda: client.get_template(StackName=stack['StackName'])['TemplateBody'])\n        except Exception as e:\n            if 'is not ready' not in str(e):\n                print_exception(f'Failed to get CloudFormation template: {e}')\n            stack['template'] = None\n\n    async def _get_and_set_policy(self, stack: {}, region: str):\n        client = AWSFacadeUtils.get_client('cloudformation', self.session, region)\n        try:\n            stack_policy = await run_concurrently(\n                lambda: client.get_stack_policy(StackName=stack['StackName']))\n        except Exception as e:\n            print_exception(f'Failed to get CloudFormation stack policy: {e}')\n        else:\n            if 'StackPolicyBody' in stack_policy:\n                stack['policy'] = json.loads(stack_policy['StackPolicyBody'])\n\n    async def _get_stack_notifications(self, stack: {}, region: str):\n        client = AWSFacadeUtils.get_client('cloudformation', self.session, region)\n        try:\n            stack_notifications = await run_concurrently(\n                lambda: client.describe_stacks(StackName=stack['StackName'])['Stacks'])\n        except Exception as e:\n            print_exception(f'Failed to describe CloudFormation stack: {e}')\n        else:\n            if 'NotificationARNs' in stack_notifications:\n                stack['NotificationARNs'] = stack_notifications['NotificationARNs']\n\n    @staticmethod\n    def _is_stack_deleted(stack):\n        return stack.get('StackStatus', None) == 'DELETE_COMPLETE'\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/cloudfront.py",
    "content": "import asyncio\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.utils import run_concurrently\n\nclass CloudFront(AWSBaseFacade):\n\n    async def get_distributions(self):\n        client = AWSFacadeUtils.get_client('cloudfront',self.session)\n        # When no cloudfront distribution exists, we first need to initiate the creation\n        # of a new distributions generate_credential_report by calling\n        # client.list_distributions and then check for COMPLETE status before trying to download it:\n        aws_cloudfront_api_called, n_attempts = False, 3\n        try:\n            while not aws_cloudfront_api_called and n_attempts > 0:\n                response = await run_concurrently(client.list_distributions)\n                if 'ResponseMetadata' in response:\n                    aws_cloudfront_api_called = True\n                else:\n                    n_attempts -= 1\n                    await asyncio.sleep(0.1)  # Wait for 100ms before doing a new attempt.\n        except Exception as e:\n            print_exception('Failed to call aws cloudfront api: {}'.format(e))\n            return []\n        finally:\n            if not aws_cloudfront_api_called and n_attempts == 0:\n                print_exception('Failed to call aws cloudfront api in {} attempts'.format(n_attempts))\n                return []\n\n        try:\n            return response.get('DistributionList', {}).get('Items', [])\n        except Exception as e:\n            print_exception(f'Failed to get CloudFront distribution lists: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/cloudtrail.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.utils import get_and_set_concurrently\nfrom ScoutSuite.providers.utils import run_concurrently\n\n\nclass CloudTrailFacade(AWSBaseFacade):\n    async def get_trails(self, region):\n        client = AWSFacadeUtils.get_client('cloudtrail', self.session, region)\n        try:\n            trails = await run_concurrently(\n                lambda: client.describe_trails()['trailList'])\n        except Exception as e:\n            print_exception(f'Failed to describe CloudTrail trail: {e}')\n            trails = []\n        else:\n            await get_and_set_concurrently(\n                [self._get_and_set_status, self._get_and_set_selectors], trails, region=region)\n        finally:\n            return trails\n\n    async def _get_and_set_status(self, trail: {}, region: str):\n        client = AWSFacadeUtils.get_client('cloudtrail', self.session, region)\n        try:\n            trail_status = await run_concurrently(\n                lambda: client.get_trail_status(Name=trail['TrailARN']))\n            trail.update(trail_status)\n        except Exception as e:\n            print_exception(f'Failed to get CloudTrail trail status: {e}')\n\n    async def _get_and_set_selectors(self, trail: {}, region: str):\n        client = AWSFacadeUtils.get_client('cloudtrail', self.session, region)\n        try:\n            # this call will fail for organization trails stored in another account\n            trail['EventSelectors'] = await run_concurrently(\n                lambda: client.get_event_selectors(TrailName=trail['TrailARN']).get('EventSelectors', []))\n        except Exception as e:\n            print_exception(f'Failed to get CloudTrail event selectors: {e}')\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/cloudwatch.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\n\n\nclass CloudWatch(AWSBaseFacade):\n\n    async def get_alarms(self, region):\n        try:\n            return await AWSFacadeUtils.get_all_pages('cloudwatch', region, self.session, 'describe_alarms',\n                                                      'MetricAlarms')\n        except Exception as e:\n            print_exception(f'Failed to get CloudWatch alarms: {e}')\n            return []\n\n    async def get_metric_filters(self, region):\n        try:\n            return await AWSFacadeUtils.get_all_pages('logs', region, self.session, 'describe_metric_filters',\n                                                      'metricFilters')\n        except Exception as e:\n            print_exception('Failed to get CloudWatch metric filters: {}'.format(e))\n            return []\n\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/codebuild.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.utils import run_concurrently, map_concurrently\n\n\nclass CodeBuild(AWSBaseFacade):\n    async def get_projects(self, region: str):\n        codebuild_client = AWSFacadeUtils.get_client('codebuild', self.session, region)\n        try:\n            projects = await run_concurrently(lambda: codebuild_client.list_projects()['projects'])\n        except Exception as e:\n            print_exception(f'Failed to get CodeBuild projects: {e}')\n            return []\n        else:\n            if not projects:\n                return []\n            return await map_concurrently(self._get_project_details, projects, region=region)\n        \n    async def _get_project_details(self, project: str, region: str):\n        codebuild_client = AWSFacadeUtils.get_client('codebuild', self.session, region)\n        try:\n            project_details = await run_concurrently(lambda: codebuild_client.batch_get_projects(names=[project]))\n        except Exception as e:\n            print_exception(f'Failed to get CodeBuild project details: {e}')\n            return {}\n        else:\n            project_details.pop('ResponseMetadata')\n            project_details.pop('projectsNotFound')\n            return project_details\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/config.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.utils import run_concurrently\n\n\nclass ConfigFacade(AWSBaseFacade):\n\n    async def get_rules(self, region):\n        try:\n            return await AWSFacadeUtils.get_all_pages('config', region, self.session, 'describe_config_rules', 'ConfigRules')\n        except Exception as e:\n            print_exception(f'Failed to get Config ruless: {e}')\n            return []\n\n    async def get_recorders(self, region: str):\n        client = AWSFacadeUtils.get_client('config', self.session, region)\n\n        try:\n            recorders = (await run_concurrently(client.describe_configuration_recorders))['ConfigurationRecorders']\n        except Exception as e:\n            print_exception(f'Failed to get Config recorders: {e}')\n            recorders = []\n\n        try:\n            recorder_statuses_list = \\\n                (await run_concurrently(client.describe_configuration_recorder_status))['ConfigurationRecordersStatus']\n        except Exception as e:\n            print_exception(f'Failed to get Config recorder statuses: {e}')\n        else:\n            # To accelerate the mapping of the statuses, we preprocess the data by creating a\n            # <recorder_name: recorder_status> map. This prevents having to iterate over the list of statuses for each\n            # recorder.\n            recorder_statuses_map = {recorder['name']: recorder for recorder in recorder_statuses_list}\n            for recorder in recorders:\n                recorder['ConfigurationRecordersStatus'] = recorder_statuses_map[recorder['name']]\n\n        return recorders\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/directconnect.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.utils import run_concurrently\n\n\nclass DirectConnectFacade(AWSBaseFacade):\n    async def get_connections(self, region):\n        client = AWSFacadeUtils.get_client('directconnect', self.session, region)\n        try:\n            return await run_concurrently(lambda: client.describe_connections()['connections'])\n        except Exception as e:\n            print_exception(f'Failed to describe Direct Connect connections: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/dynamodb.py",
    "content": "from ScoutSuite.core.console import print_exception, print_warning\nfrom ScoutSuite.providers.aws.facade.base import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently, map_concurrently\n\n\nclass DynamoDBFacade(AWSBaseFacade):\n    _GET_TABLES_BATCH_SIZE = 100\n\n    async def get_tables(self, region):\n        try:\n            tables_names = await AWSFacadeUtils.get_all_pages('dynamodb', region, self.session, 'list_tables',\n                                                              'TableNames')\n            return await map_concurrently(self._get_table, tables_names, region=region)\n        except Exception as e:\n            print_exception('Failed to get DynamoDB tables: {}'.format(e))\n            return []\n\n    async def _get_table(self, table_name: str, region: str):\n        client = AWSFacadeUtils.get_client('dynamodb', self.session, region)\n\n        try:\n            table = await run_concurrently(lambda: client.describe_table(TableName=table_name)['Table'])\n        except Exception as e:\n            if 'ResourceNotFoundException' in str(e):\n                print_warning('Failed to get DynamoDB table: {}'.format(e))\n            else:\n                print_exception('Failed to get DynamoDB table: {}'.format(e))\n        else:\n            await get_and_set_concurrently(\n                [self._get_and_set_backup, self._get_and_set_continuous_backups, self._get_and_set_tags],\n                [table],\n                region=region)\n\n        return table\n\n    async def _get_and_set_backup(self, table: {}, region: str):\n        client = AWSFacadeUtils.get_client('dynamodb', self.session, region)\n\n        try:\n            summaries = await run_concurrently(lambda: client.list_backups(TableName=table['TableName']))\n            table['BackupSummaries'] = summaries.get('BackupSummaries')\n        except Exception as e:\n            if 'ResourceNotFoundException' in str(e):\n                print_warning('Failed to list DynamoDB table backups: {}'.format(e))\n            else:\n                print_exception('Failed to list DynamoDB table backups: {}'.format(e))\n\n    async def _get_and_set_continuous_backups(self, table: {}, region: str):\n        client = AWSFacadeUtils.get_client('dynamodb', self.session, region)\n\n        try:\n            description = await run_concurrently(\n                lambda: client.describe_continuous_backups(TableName=table['TableName']))\n            table['ContinuousBackups'] = description.get('ContinuousBackupsDescription')\n        except Exception as e:\n            if 'ResourceNotFoundException' in str(e):\n                print_warning('Failed to describe DynamoDB table continuous backups: {}'.format(e))\n            else:\n                print_exception('Failed to describe DynamoDB table continuous backups: {}'.format(e))\n\n    async def _get_and_set_tags(self, table: {}, region: str):\n        client = AWSFacadeUtils.get_client('dynamodb', self.session, region)\n\n        try:\n            tags = await run_concurrently(\n                lambda: client.list_tags_of_resource(ResourceArn=table['TableArn']))\n            table['tags'] = tags.get('Tags')\n        except Exception as e:\n            if 'ResourceNotFoundException' in str(e):\n                print_warning('Failed to describe DynamoDB table tags: {}'.format(e))\n            else:\n                print_exception('Failed to describe DynamoDB table tags: {}'.format(e))\n\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/ec2.py",
    "content": "import asyncio\nimport base64\nimport boto3\nimport zlib\n\nfrom ScoutSuite.core.console import print_exception, print_warning\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.utils import get_and_set_concurrently\nfrom ScoutSuite.providers.utils import run_concurrently\n\n\nclass EC2Facade(AWSBaseFacade):\n    regional_flow_logs_cache_locks = {}\n    flow_logs_cache = {}\n\n    def __init__(self, session: boto3.session.Session, owner_id: str):\n        self.owner_id = owner_id\n\n        super().__init__(session)\n\n    async def get_instance_user_data(self, region: str, instance_id: str):\n        ec2_client = AWSFacadeUtils.get_client('ec2', self.session, region)\n        try:\n            user_data_response = await run_concurrently(\n                lambda: ec2_client.describe_instance_attribute(Attribute='userData', InstanceId=instance_id))\n        except Exception as e:\n            print_exception(\n                f'Failed to describe EC2 instance attributes: {e}')\n            return None\n        else:\n            if 'Value' not in user_data_response['UserData'].keys():\n                return None\n            else:\n                try:\n                    return await self._decode_user_data(user_data_response['UserData']['Value'])\n                except Exception as e:\n                    print_exception(f'Unable to decode EC2 instance user data: {e}')\n\n    async def _decode_user_data(self, user_data):\n        try:\n            value = base64.b64decode(user_data)\n        except base64.binascii.Error as e:\n            value = base64.b64decode(f'{user_data}===')\n        if value[0:2] == b'\\x1f\\x8b':  # GZIP magic number\n            return zlib.decompress(value, zlib.MAX_WBITS | 32).decode('utf-8')\n        else:\n            # Try another run of b64 decoding\n            try:\n                value = base64.b64decode(value)\n            except Exception as e:\n                value = value\n            # Return a string, not a byte string\n            try:\n                return value.decode('utf-8')\n            except UnicodeDecodeError:\n                return value.decode('latin-1')\n\n    async def get_instances(self, region: str, vpc: str):\n        filters = [{'Name': 'vpc-id', 'Values': [vpc]}]\n        try:\n            reservations = \\\n                await AWSFacadeUtils.get_all_pages(\n                    'ec2', region, self.session, 'describe_instances', 'Reservations', Filters=filters)\n\n            instances = []\n            for reservation in reservations:\n                for instance in reservation['Instances']:\n                    instance['ReservationId'] = reservation['ReservationId']\n                    instance['OwnerId'] = reservation['OwnerId']\n                    instances.append(instance)\n\n            return instances\n        except Exception as e:\n            print_exception(f'Failed to describe EC2 instances: {e}')\n            return []\n\n    async def get_security_groups(self, region: str, vpc: str):\n        filters = [{'Name': 'vpc-id', 'Values': [vpc]}]\n        try:\n            return await AWSFacadeUtils.get_all_pages(\n                'ec2', region, self.session, 'describe_security_groups', 'SecurityGroups', Filters=filters)\n        except Exception as e:\n            print_exception(f'Failed to describe EC2 security groups: {e}')\n            return []\n\n    async def get_vpcs(self, region: str):\n        ec2_client = AWSFacadeUtils.get_client('ec2', self.session, region)\n        try:\n            return await run_concurrently(lambda: ec2_client.describe_vpcs()['Vpcs'])\n        except Exception as e:\n            print_exception(f'Failed to describe EC2 VPC: {e}')\n            return []\n\n    async def get_images(self, region: str):\n        filters = [{'Name': 'owner-id', 'Values': [self.owner_id]}]\n        client = AWSFacadeUtils.get_client('ec2', self.session, region)\n        try:\n            return await run_concurrently(lambda: client.describe_images(Filters=filters)['Images'])\n        except Exception as e:\n            print_exception(f'Failed to get EC2 images: {e}')\n            return []\n\n    async def get_network_interfaces(self, region: str, vpc: str):\n        filters = [{'Name': 'vpc-id', 'Values': [vpc]}]\n        try:\n            return await AWSFacadeUtils.get_all_pages(\n                'ec2', region, self.session, 'describe_network_interfaces', 'NetworkInterfaces', Filters=filters)\n        except Exception as e:\n            print_exception(f'Failed to get EC2 network interfaces: {e}')\n            return []\n\n    async def get_volumes(self, region: str):\n        try:\n            volumes = await AWSFacadeUtils.get_all_pages('ec2', region, self.session, 'describe_volumes', 'Volumes')\n            await get_and_set_concurrently([self._get_and_set_key_manager], volumes, region=region)\n            return volumes\n        except Exception as e:\n            print_exception(f'Failed to get EC2 volumes: {e}')\n            return []\n\n    async def _get_and_set_key_manager(self, volume: {}, region: str):\n        kms_client = AWSFacadeUtils.get_client('kms', self.session, region)\n        if 'KmsKeyId' in volume:\n            key_id = volume['KmsKeyId']\n            try:\n                volume['KeyManager'] = await run_concurrently(\n                    lambda: kms_client.describe_key(KeyId=key_id)['KeyMetadata']['KeyManager'])\n            except Exception as e:\n                if 'NotFoundException' in e:\n                    print_warning(f'Failed to describe KMS key: {e}')\n                else:\n                    print_exception(f'Failed to describe KMS key: {e}')\n                volume['KeyManager'] = None\n        else:\n            volume['KeyManager'] = None\n\n    async def get_snapshots(self, region: str):\n        filters = [{'Name': 'owner-id', 'Values': [self.owner_id]}]\n\n        try:\n            snapshots = await AWSFacadeUtils.get_all_pages(\n                'ec2', region, self.session, 'describe_snapshots', 'Snapshots', Filters=filters)\n        except Exception as e:\n            print_exception(f'Failed to get snapshots: {e}')\n            snapshots = []\n        else:\n            await get_and_set_concurrently([self._get_and_set_snapshot_attributes], snapshots, region=region)\n        finally:\n            return snapshots\n\n    async def _get_and_set_snapshot_attributes(self, snapshot: {}, region: str):\n        ec2_client = AWSFacadeUtils.get_client('ec2', self.session, region)\n        try:\n            snapshot['CreateVolumePermissions'] = await run_concurrently(lambda: ec2_client.describe_snapshot_attribute(\n                Attribute='createVolumePermission',\n                SnapshotId=snapshot['SnapshotId'])['CreateVolumePermissions'])\n        except Exception as e:\n            if 'NotFound' in e:\n                print_warning(f'Failed to describe EC2 snapshot attributes: {e}')\n            else:\n                print_exception(f'Failed to describe EC2 snapshot attributes: {e}')\n\n    async def get_network_acls(self, region: str, vpc: str):\n        filters = [{'Name': 'vpc-id', 'Values': [vpc]}]\n        try:\n            return await AWSFacadeUtils.get_all_pages(\n                'ec2', region, self.session, 'describe_network_acls', 'NetworkAcls', Filters=filters)\n        except Exception as e:\n            print_exception(f'Failed to get EC2 network ACLs: {e}')\n            return []\n\n    async def get_flow_logs(self, region: str):\n        try:\n            await self.cache_flow_logs(region)\n            return self.flow_logs_cache[region]\n        except Exception as e:\n            print_exception(f'Failed to get EC2 flow logs: {e}')\n            return []\n\n    async def cache_flow_logs(self, region: str):\n        async with self.regional_flow_logs_cache_locks.setdefault(region, asyncio.Lock()):\n            if region in self.flow_logs_cache:\n                return\n\n            self.flow_logs_cache[region] = \\\n                await AWSFacadeUtils.get_all_pages('ec2', region, self.session, 'describe_flow_logs', 'FlowLogs')\n\n    async def get_subnets(self, region: str, vpc: str):\n        ec2_client = AWSFacadeUtils.get_client('ec2', self.session, region)\n        filters = [{'Name': 'vpc-id', 'Values': [vpc]}]\n        try:\n            subnets = await run_concurrently(lambda: ec2_client.describe_subnets(Filters=filters)['Subnets'])\n        except Exception as e:\n            print_exception(f'Failed to describe EC2 subnets: {e}')\n            return None\n        else:\n            await get_and_set_concurrently([self._get_and_set_subnet_flow_logs], subnets, region=region)\n            return subnets\n\n    async def _get_and_set_subnet_flow_logs(self, subnet: {}, region: str):\n        await self.cache_flow_logs(region)\n        subnet['flow_logs'] = \\\n            [flow_log for flow_log in self.flow_logs_cache[region]\n             if flow_log['ResourceId'] == subnet['SubnetId'] or flow_log['ResourceId'] == subnet['VpcId']]\n\n    async def get_peering_connections(self, region):\n        try:\n            peering_connections = await AWSFacadeUtils.get_all_pages('ec2', region, self.session, 'describe_vpc_peering_connections', 'VpcPeeringConnections')\n            return peering_connections\n        except Exception as e:\n            print_exception(f'Failed to get peering connections: {e}')\n            return []\n\n    async def get_route_tables(self, region):\n        try:\n            route_tables = await AWSFacadeUtils.get_all_pages('ec2', region, self.session, 'describe_route_tables', 'RouteTables')\n            return route_tables\n        except Exception as e:\n            print_exception('Failed to get route tables: {}'.format(e))\n            return []\n\n    async def get_ebs_encryption(self, region):\n        ec2_client = AWSFacadeUtils.get_client('ec2', self.session, region)\n        try:\n            encryption_settings = await run_concurrently(lambda: ec2_client.get_ebs_encryption_by_default())\n            return encryption_settings\n        except Exception as e:\n            print_exception(f'Failed to retrieve EBS encryption settings: {e}')\n\n    async def get_ebs_default_encryption_key(self, region):\n        ec2_client = AWSFacadeUtils.get_client('ec2', self.session, region)\n        try:\n            encryption_key = await run_concurrently(lambda: ec2_client.get_ebs_default_kms_key_id())\n            return encryption_key\n        except Exception as e:\n            print_exception(f'Failed to retrieve EBS encryption key ID: {e}')\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/efs.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently\n\n\nclass EFSFacade(AWSBaseFacade):\n    async def get_file_systems(self, region: str):\n\n        try:\n            file_systems = await AWSFacadeUtils.get_all_pages(\n                'efs', region, self.session, 'describe_file_systems', 'FileSystems')\n        except Exception as e:\n            print_exception(f'Failed to get EFS file systems: {e}')\n            file_systems = []\n        else:\n            await get_and_set_concurrently(\n                [self._get_and_set_tags, self._get_and_set_mount_targets], file_systems, region=region)\n        finally:\n            return file_systems\n\n    async def _get_and_set_tags(self, file_system: {}, region: str):\n        client = AWSFacadeUtils.get_client('efs', self.session, region)\n        try:\n            file_system['Tags'] = await run_concurrently(\n                lambda: client.describe_tags(FileSystemId=file_system['FileSystemId'])['Tags'])\n        except Exception as e:\n            print_exception(f'Failed to describe EFS tags: {e}')\n\n    async def _get_and_set_mount_targets(self, file_system: {}, region: str):\n\n        try:\n            file_system['MountTargets'] = {}\n            mount_targets = await AWSFacadeUtils.get_all_pages(\n                'efs', region, self.session, 'describe_mount_targets', 'MountTargets',\n                FileSystemId=file_system['FileSystemId'])\n        except Exception as e:\n            print_exception(f'Failed to get and set EFS mount targets: {e}')\n        else:\n            if len(mount_targets) == 0:\n                return\n\n            for mount_target in mount_targets:\n                mount_target_id = mount_target['MountTargetId']\n                file_system['MountTargets'][mount_target_id] = mount_target\n\n            await get_and_set_concurrently(\n                [self._get_and_set_mount_target_security_groups], mount_targets, region=region)\n\n    async def _get_and_set_mount_target_security_groups(self, mount_target: {}, region: str):\n        client = AWSFacadeUtils.get_client('efs', self.session, region)\n        try:\n            mount_target['SecurityGroups'] = \\\n                await run_concurrently(lambda: client.describe_mount_target_security_groups(\n                    MountTargetId=mount_target['MountTargetId'])['SecurityGroups'])\n        except Exception as e:\n            print_exception(f'Failed to describe EFS mount target security groups: {e}')\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/elasticache.py",
    "content": "from asyncio import Lock\n\nfrom botocore.exceptions import ClientError\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.aws.utils import ec2_classic\nfrom ScoutSuite.providers.utils import get_and_set_concurrently\n\n\nclass ElastiCacheFacade(AWSBaseFacade):\n    regional_clusters_cache_locks = {}\n    regional_subnets_cache_locks = {}\n    clusters_cache = {}\n    subnets_cache = {}\n\n    async def get_clusters(self, region, vpc):\n        await self.cache_clusters(region)\n        return [cluster for cluster in self.clusters_cache[region] if cluster['VpcId'] == vpc]\n\n    async def cache_clusters(self, region):\n        async with self.regional_clusters_cache_locks.setdefault(region, Lock()):\n            if region in self.clusters_cache:\n                return\n\n            self.clusters_cache[region] = await AWSFacadeUtils.get_all_pages(\n                'elasticache', region, self.session, 'describe_cache_clusters', 'CacheClusters')\n\n            await get_and_set_concurrently(\n                [self._get_and_set_cluster_vpc], self.clusters_cache[region], region=region)\n\n    async def _get_and_set_cluster_vpc(self, cluster: {}, region: str):\n        if 'CacheSubnetGroupName' not in cluster:\n            cluster['VpcId'] = ec2_classic\n        else:\n            subnets = await AWSFacadeUtils.get_all_pages(\n                'elasticache', region, self.session, 'describe_cache_subnet_groups', 'CacheSubnetGroups',\n                CacheSubnetGroupName=cluster['CacheSubnetGroupName'])\n            subnet_group = subnets[0]\n            cluster['VpcId'] = subnet_group['VpcId']\n\n    async def get_security_groups(self, region):\n        client = AWSFacadeUtils.get_client('elasticache', self.session, region)\n\n        try:\n            return await AWSFacadeUtils.get_all_pages(\n                'elasticache', region, self.session, 'describe_cache_security_groups', 'CacheSecurityGroups')\n        except client.exceptions.InvalidParameterValueException:\n            # Recent account are not allowed to use security groups at this level. Calling\n            # describe_cache_security_groups will throw an InvalidParameterValueException exception.\n            pass\n        except Exception as e:\n            print_exception(f'Failed to get ElastiCache security groups: {e}')\n\n        return []\n\n    async def get_subnet_groups(self, region, vpc):\n        await self.cache_subnets(region)\n        return [subnet for subnet in self.subnets_cache[region] if subnet['VpcId'] == vpc]\n\n    async def cache_subnets(self, region):\n        async with self.regional_subnets_cache_locks.setdefault(region, Lock()):\n            if region in self.subnets_cache:\n                return\n\n            self.subnets_cache[region] = await AWSFacadeUtils.get_all_pages(\n                'elasticache', region, self.session, 'describe_cache_subnet_groups', 'CacheSubnetGroups')\n\n    async def get_parameter_groups(self, region):\n\n        # If EC2-Classic isn't available (e.g., a new account)\n        # this method will fail with:\n        #   Code:    \"InvalidParameterValue\"\n        #   Message: \"Use of cache security groups is not permitted in\n        #             this API version for your account.\"\n        #   Type:    \"Sender\"\n        try:\n            return await AWSFacadeUtils.get_all_pages(\n                'elasticache', region, self.session, 'describe_cache_parameter_groups', 'CacheParameterGroups')\n        except ClientError as e:\n            if e.response['Error']['Code'] != 'InvalidParameterValue':\n                print_exception(f'Failed to describe cache parameter groups: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/elb.py",
    "content": "import asyncio\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.aws.utils import ec2_classic\nfrom ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently, map_concurrently\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass ELBFacade(AWSBaseFacade):\n    regional_load_balancers_cache_locks = {}\n    load_balancers_cache = {}\n    policies_cache = set()\n\n    async def get_load_balancers(self, region: str, vpc: str):\n        try:\n            await self.cache_load_balancers(region)\n            return [load_balancer for load_balancer in self.load_balancers_cache[region] if load_balancer['VpcId'] == vpc]\n        except Exception as e:\n            print_exception(f'Failed to get ELB load balancers: {e}')\n            return []\n\n    async def cache_load_balancers(self, region):\n        async with self.regional_load_balancers_cache_locks.setdefault(region, asyncio.Lock()):\n            if region in self.load_balancers_cache:\n                return\n\n            self.load_balancers_cache[region] = \\\n                await AWSFacadeUtils.get_all_pages('elb', region, self.session,\n                                                   'describe_load_balancers', 'LoadBalancerDescriptions')\n\n            for load_balancer in self.load_balancers_cache[region]:\n                load_balancer['VpcId'] = \\\n                    load_balancer['VPCId'] if 'VPCId' in load_balancer and load_balancer['VPCId'] else ec2_classic\n\n            await get_and_set_concurrently(\n                [self._get_and_set_load_balancer_attributes], self.load_balancers_cache[region], region=region)\n\n            await get_and_set_concurrently(\n                [self._get_and_set_load_balancer_tags], self.load_balancers_cache[region], region=region)\n\n    async def _get_and_set_load_balancer_attributes(self, load_balancer: {}, region: str):\n        elb_client = AWSFacadeUtils.get_client('elb', self.session, region)\n        try:\n            load_balancer['attributes'] = await run_concurrently(\n                lambda: elb_client.describe_load_balancer_attributes(\n                    LoadBalancerName=load_balancer['LoadBalancerName'])['LoadBalancerAttributes']\n            )\n        except Exception as e:\n            print_exception(f'Failed to describe ELB load balancer attributes: {e}')\n\n    async def _get_and_set_load_balancer_tags(self, load_balancer: {}, region: str):\n        elb_client = AWSFacadeUtils.get_client('elb', self.session, region)\n        try:\n            load_balancer['Tags'] = await run_concurrently(\n                lambda: elb_client.describe_tags(\n                    LoadBalancerNames=[load_balancer['LoadBalancerName']])['TagDescriptions'][0]['Tags']\n            )\n        except Exception as e:\n            print_exception(f'Failed to describe ELB load balancer tags: {e}')\n\n    async def get_policies(self, region: str):\n        try:\n            await self.cache_load_balancers(region)\n            for load_balancer in self.load_balancers_cache[region]:\n                load_balancer['policy_names'] = []\n                for listener_description in load_balancer['ListenerDescriptions']:\n                    for policy_name in listener_description['PolicyNames']:\n                        policy_id = get_non_provider_id(policy_name)\n                        if policy_id not in self.policies_cache:\n                            load_balancer['policy_names'].append(policy_name)\n                            self.policies_cache.add(policy_id)\n\n            policies = await map_concurrently(self._get_policies, self.load_balancers_cache[region], region=region)\n            # Because _get_policies returns a list, policies has to be flatten:\n            return [policy for nested_policy in policies for policy in nested_policy]\n        except Exception as e:\n            print_exception(f'Failed to describe ELB policies: {e}')\n            return []\n\n    async def _get_policies(self, load_balancer: dict, region: str):\n            if len(load_balancer['policy_names']) == 0:\n                return []\n\n            elb_client = AWSFacadeUtils.get_client('elb', self.session, region)\n            try:\n                return await run_concurrently(lambda: elb_client.describe_load_balancer_policies(\n                    LoadBalancerName=load_balancer['LoadBalancerName'],\n                    PolicyNames=load_balancer['policy_names'])['PolicyDescriptions']\n                )\n            except Exception as e:\n                print_exception(f'Failed to retrieve load balancer policies: {e}')\n                return []\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/elbv2.py",
    "content": "import asyncio\n\nfrom ScoutSuite.core.console import print_exception, print_warning\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.aws.utils import ec2_classic\nfrom ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently\n\n\nclass ELBv2Facade(AWSBaseFacade):\n    regional_load_balancers_cache_locks = {}\n    load_balancers_cache = {}\n\n    async def get_load_balancers(self, region: str, vpc: str):\n        try:\n            await self.cache_load_balancers(region)\n            return [load_balancer for load_balancer in self.load_balancers_cache[region] if load_balancer['VpcId'] == vpc]\n        except Exception as e:\n            print_exception(f'Failed to get ELBv2 load balancers: {e}')\n            return []\n\n    async def cache_load_balancers(self, region):\n        async with self.regional_load_balancers_cache_locks.setdefault(region, asyncio.Lock()):\n            if region in self.load_balancers_cache:\n                return\n\n            self.load_balancers_cache[region] = \\\n                await AWSFacadeUtils.get_all_pages('elbv2', region, self.session,\n                                                   'describe_load_balancers', 'LoadBalancers')\n\n            for load_balancer in self.load_balancers_cache[region]:\n                load_balancer['VpcId'] = \\\n                    load_balancer['VpcId'] if 'VpcId' in load_balancer and load_balancer['VpcId'] else ec2_classic\n\n            await get_and_set_concurrently(\n                [self._get_and_set_load_balancer_attributes], self.load_balancers_cache[region], region=region)\n\n            await get_and_set_concurrently(\n                [self._get_and_set_load_balancer_tags], self.load_balancers_cache[region], region=region)\n\n    async def _get_and_set_load_balancer_attributes(self, load_balancer: dict, region: str):\n        elbv2_client = AWSFacadeUtils.get_client('elbv2', self.session, region)\n        try:\n            load_balancer['attributes'] = await run_concurrently(\n                lambda: elbv2_client.describe_load_balancer_attributes(\n                    LoadBalancerArn=load_balancer['LoadBalancerArn'])['Attributes']\n            )\n        except Exception as e:\n            print_exception(f'Failed to describe ELBv2 attributes: {e}')\n\n    async def _get_and_set_load_balancer_tags(self, load_balancer: dict, region: str):\n        elbv2_client = AWSFacadeUtils.get_client('elbv2', self.session, region)\n        try:\n            load_balancer['Tags'] = await run_concurrently(\n                lambda: elbv2_client.describe_tags(\n                    ResourceArns=[load_balancer['LoadBalancerArn']])['TagDescriptions'][0]['Tags']\n            )\n        except Exception as e:\n            if 'LoadBalancerNotFound' in e:\n                print_warning(f'Failed to describe ELBv2 tags: {e}')\n            else:\n                print_exception(f'Failed to describe ELBv2 tags: {e}')\n\n    async def get_listeners(self, region: str, load_balancer_arn: str):\n        return await AWSFacadeUtils.get_all_pages(\n            'elbv2', region, self.session, 'describe_listeners', 'Listeners', LoadBalancerArn=load_balancer_arn)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/emr.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.utils import map_concurrently, run_concurrently\n\n\nclass EMRFacade(AWSBaseFacade):\n    async def get_clusters(self, region):\n\n        try:\n            cluster_list = await AWSFacadeUtils.get_all_pages('emr', region, self.session, 'list_clusters', 'Clusters')\n            cluster_ids = [cluster['Id'] for cluster in cluster_list]\n        except Exception as e:\n            print_exception(f'Failed to get EMR clusterss: {e}')\n            return []\n        else:\n            return await map_concurrently(self._get_cluster, cluster_ids, region=region)\n\n    async def _get_cluster(self, cluster_id: str, region: str):\n        client = AWSFacadeUtils.get_client('emr', self.session, region)\n        try:\n            return await run_concurrently(lambda: client.describe_cluster(ClusterId=cluster_id)['Cluster'])\n        except Exception as e:\n            print_exception(f'Failed to describe EMR cluster: {e}')\n            raise\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/iam.py",
    "content": "import asyncio\nimport functools\n\nfrom botocore.exceptions import ClientError\n\nfrom ScoutSuite.core.console import print_exception, print_warning\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.utils import get_non_provider_id, run_concurrently, get_and_set_concurrently\n\n\nclass IAMFacade(AWSBaseFacade):\n    async def get_credential_reports(self):\n        client = AWSFacadeUtils.get_client('iam', self.session)\n        # When no credential report exists, we first need to initiate the creation of a new report by calling\n        # client.generate_credential_report and then check for COMPLETE status before trying to download it:\n        report_generated, n_attempts = False, 3\n        try:\n            while not report_generated and n_attempts > 0:\n                response = await run_concurrently(client.generate_credential_report)\n                if response['State'] == 'COMPLETE':\n                    report_generated = True\n                else:\n                    n_attempts -= 1\n                    await asyncio.sleep(0.1)  # Wait for 100ms before doing a new attempt.\n        except Exception as e:\n            print_exception(f'Failed to generate credential report: {e}')\n            return []\n        finally:\n            if not report_generated and n_attempts == 0:\n                print_exception(f'Failed to complete credential report generation in {n_attempts} attempts')\n                return []\n\n        try:\n            report = await run_concurrently(lambda: client.get_credential_report()['Content'])\n\n            # The report is a CSV string. The first row contains the name of each column. The next rows\n            # each represent an individual account. This algorithm provides a simple initial parsing.\n            lines = report.splitlines()\n            keys = lines[0].decode('utf-8').split(',')\n\n            credential_reports = []\n            for line in lines[1:]:\n                credential_report = {}\n                values = line.decode('utf-8').split(',')\n                for key, value in zip(keys, values):\n                    credential_report[key] = value\n\n                credential_reports.append(credential_report)\n\n            return credential_reports\n        except Exception as e:\n            if 'ReportNotPresent' in e:\n                print_warning(f'Failed to download credential report: {e}')\n            else:\n                print_exception(f'Failed to download credential report: {e}')\n            return []\n\n    async def get_groups(self):\n        groups = await AWSFacadeUtils.get_all_pages('iam', None, self.session, 'list_groups', 'Groups')\n        await get_and_set_concurrently(\n            [self._get_and_set_group_users,\n             functools.partial(self._get_and_set_inline_policies, iam_resource_type='group')], groups)\n        return groups\n\n    async def get_policies(self):\n        policies = await AWSFacadeUtils.get_all_pages(\n            'iam', None, self.session, 'list_policies', 'Policies', OnlyAttached=True)\n        await get_and_set_concurrently([self._get_and_set_policy_details], policies)\n        return policies\n\n    async def _get_and_set_policy_details(self, policy):\n        client = AWSFacadeUtils.get_client('iam', self.session)\n        try:\n            policy_version = await run_concurrently(\n                lambda: client.get_policy_version(PolicyArn=policy['Arn'], VersionId=policy['DefaultVersionId']))\n            policy['PolicyDocument'] = policy_version['PolicyVersion']['Document']\n        except Exception as e:\n            print_exception(f'Failed to get policy version: {e}')\n        else:\n            policy['attached_to'] = {}\n            attached_entities = await AWSFacadeUtils.get_multiple_entities_from_all_pages(\n                'iam', None, self.session, 'list_entities_for_policy', ['PolicyGroups', 'PolicyRoles', 'PolicyUsers'],\n                PolicyArn=policy['Arn'])\n\n            for entity_type in attached_entities:\n                resource_type = entity_type.replace('Policy', '').lower()\n                if len(attached_entities[entity_type]):\n                    policy['attached_to'][resource_type] = []\n\n                for entity in attached_entities[entity_type]:\n                    name_field = entity_type.replace('Policy', '')[\n                                 :-1] + 'Name'\n                    resource_name = entity[name_field]\n                    id_field = entity_type.replace('Policy', '')[:-1] + 'Id'\n                    resource_id = entity[id_field]\n                    policy['attached_to'][resource_type].append(\n                        {'name': resource_name, 'id': resource_id})\n\n    async def get_users(self):\n        users = await AWSFacadeUtils.get_all_pages('iam', None, self.session, 'list_users', 'Users')\n        await get_and_set_concurrently(\n            [functools.partial(self._get_and_set_inline_policies, iam_resource_type='user'),\n             self._get_and_set_user_groups,\n             self._get_and_set_user_tags,\n             self._get_and_set_user_login_profile,\n             self._get_and_set_user_access_keys,\n             self._get_and_set_user_mfa_devices],\n            users)\n        return users\n\n    async def _get_and_set_user_login_profile(self, user: {}):\n        client = AWSFacadeUtils.get_client('iam', self.session)\n        try:\n            user['LoginProfile'] = await run_concurrently(\n                lambda: client.get_login_profile(UserName=user['UserName'])['LoginProfile'])\n        except ClientError as e:\n            if e.response[\"Error\"][\"Code\"] == \"NoSuchEntity\":\n                #  If the user has not been assigned a password, the operation returns a 404 (NoSuchEntity ) error.\n                pass\n            else:\n                print_exception(f'Failed to get login profile: {e}')\n        except Exception as e:\n            print_exception(f'Failed to get login profile: {e}')\n\n    async def _get_and_set_user_groups(self, user: {}):\n        groups = await AWSFacadeUtils.get_all_pages(\n            'iam', None, self.session, 'list_groups_for_user', 'Groups', UserName=user['UserName'])\n        user['groups'] = [group['GroupName'] for group in groups]\n\n    async def _get_and_set_user_tags(self, user: {}):\n        client = AWSFacadeUtils.get_client('iam', self.session)\n        user['tags'] = client.list_user_tags(UserName=user['UserName'])\n\n    async def get_roles(self):\n        roles = await AWSFacadeUtils.get_all_pages('iam', None, self.session, 'list_roles', 'Roles')\n        for role in roles:\n            role['instances_count'] = 'N/A'\n            # Get trust relationship\n            role['assume_role_policy'] = {}\n            role['assume_role_policy']['PolicyDocument'] = role.pop(\n                'AssumeRolePolicyDocument')\n        await get_and_set_concurrently(\n            [functools.partial(self._get_and_set_inline_policies, iam_resource_type='role'),\n             self._get_and_set_role_profiles,\n             self._get_and_set_role_tags], roles)\n\n        return roles\n\n    async def _get_and_set_role_tags(self, role: {}):\n        client = AWSFacadeUtils.get_client('iam', self.session)\n        role['tags'] = client.list_role_tags(RoleName=role['RoleName'])\n\n    async def _get_and_set_role_profiles(self, role: {}):\n        profiles = await AWSFacadeUtils.get_all_pages(\n            'iam', None, self.session, 'list_instance_profiles_for_role', 'InstanceProfiles',\n            RoleName=role['RoleName'])\n        role.setdefault('instance_profiles', {})\n        for profile in profiles:\n            profile_id = profile['InstanceProfileId']\n            role['instance_profiles'].setdefault(profile_id, {})\n            role['instance_profiles'][profile_id].setdefault(\n                'arn', profile['Arn'])\n            role['instance_profiles'][profile_id].setdefault(\n                'name', profile['InstanceProfileName'])\n\n    async def get_password_policy(self):\n        client = AWSFacadeUtils.get_client('iam', self.session)\n        try:\n            return (await run_concurrently(client.get_account_password_policy))['PasswordPolicy']\n        except ClientError as e:\n            if e.response['Error']['Code'] != 'NoSuchEntity':\n                print_exception(f'Failed to get account password policy: {e}')\n            return None\n\n    async def _get_and_set_user_access_keys(self, user: {}):\n        client = AWSFacadeUtils.get_client('iam', self.session)\n        try:\n            user['AccessKeys'] = await run_concurrently(\n                lambda: client.list_access_keys(UserName=user['UserName'])['AccessKeyMetadata'])\n        except Exception as e:\n            print_exception(f'Failed to list access keys: {e}')\n\n    async def _get_and_set_user_mfa_devices(self, user: {}):\n        user['MFADevices'] = await self.get_user_mfa_devices(user['UserName'])\n\n    async def get_user_mfa_devices(self, username: str):\n        client = AWSFacadeUtils.get_client('iam', self.session)\n        try:\n            return await run_concurrently(\n                lambda: client.list_mfa_devices(UserName=username)['MFADevices'])\n        except Exception as e:\n            print_exception(f'Failed to list MFA devices for user: {e}')\n\n    async def get_virtual_mfa_devices(self):\n        client = AWSFacadeUtils.get_client('iam', self.session)\n        try:\n            return await run_concurrently(\n                lambda: client.list_virtual_mfa_devices().get('VirtualMFADevices', []))\n        except Exception as e:\n            print_exception(f'Failed to list virtual MFA devices: {e}')\n            return []\n\n    async def _get_and_set_group_users(self, group: {}):\n        client = AWSFacadeUtils.get_client('iam', self.session)\n        try:\n            users = await run_concurrently(lambda: client.get_group(GroupName=group['GroupName'])['Users'])\n            group['Users'] = [user['UserId'] for user in users]\n        except Exception as e:\n            print_exception('Failed to get IAM group {}: {}'.format(group['GroupName'], e))\n\n    async def _get_and_set_inline_policies(self, resource, iam_resource_type):\n        client = AWSFacadeUtils.get_client('iam', self.session)\n        list_policy_method = getattr(client, 'list_' + iam_resource_type + '_policies')\n        resource_name = resource[iam_resource_type.title() + 'Name']\n        args = {iam_resource_type.title() + 'Name': resource_name}\n\n        resource['inline_policies'] = {}\n\n        try:\n            policy_names = await run_concurrently(lambda: list_policy_method(**args)['PolicyNames'])\n            if len(policy_names) == 0:\n                resource['inline_policies_count'] = 0\n        except Exception as e:\n            print_exception(f'Failed to list IAM policy: {e}')\n        else:\n            get_policy_method = getattr(client, 'get_' + iam_resource_type + '_policy')\n            try:\n                tasks = {\n                    asyncio.ensure_future(\n                        run_concurrently(lambda policy_name=policy_name:\n                                         get_policy_method(**dict(args, PolicyName=policy_name)))\n                    ) for policy_name in policy_names\n                }\n            except Exception as e:\n                print_exception(f'Failed to get policy methods: {e}')\n            else:\n                for task in asyncio.as_completed(tasks):\n                    policy = await task\n                    policy_name = policy['PolicyName']\n                    policy_id = get_non_provider_id(policy_name)\n                    policy_document = policy['PolicyDocument']\n\n                    resource['inline_policies'][policy_id] = {}\n                    resource['inline_policies'][policy_id]['PolicyDocument'] = self._normalize_statements(\n                        policy_document)\n                    resource['inline_policies'][policy_id]['name'] = policy_name\n                resource['inline_policies_count'] = len(resource['inline_policies'])\n\n    def _normalize_statements(self, policy_document):\n        if policy_document:\n            if type(policy_document['Statement']) == list:\n                pass\n                # for statement in policy_document['Statement']:\n                #     statement = self._normalize_single_statement(statement)\n            elif type(policy_document['Statement']) == dict:\n                policy_document['Statement'] = self._normalize_single_statement(policy_document['Statement'])\n            else:\n                print_exception('Failed to normalize policy document')\n        return policy_document\n\n    def _normalize_single_statement(self, statement):\n        # Action or NotAction\n        action_string = 'Action' if 'Action' in statement else 'NotAction'\n        if type(statement[action_string]) != list:\n            statement[action_string] = [statement[action_string]]\n        # Resource or NotResource\n        resource_string = 'Resource' if 'Resource' in statement else 'NotResource'\n        if type(statement[resource_string]) != list:\n            statement[resource_string] = [statement[resource_string]]\n        # Result\n        return statement\n\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/kms.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently\nimport json\n\n\n\nclass KMSFacade(AWSBaseFacade):\n\n    async def get_keys(self, region: str):\n\n        try:\n            keys = await AWSFacadeUtils.get_all_pages('kms', region, self.session, 'list_keys', 'Keys')\n            await get_and_set_concurrently(\n                [self._get_and_set_key_policy,\n                 self._get_and_set_key_metadata,\n                 self._get_and_set_key_aliases],\n                keys, region=region)\n        except Exception as e:\n            print_exception(f'Failed to get KMS keys: {e}')\n            keys = []\n        finally:\n            return keys\n\n    async def _get_and_set_key_policy(self, key: {}, region: str):\n        client = AWSFacadeUtils.get_client('kms', self.session, region)\n        try:\n            response = await run_concurrently(\n                lambda: client.get_key_policy(KeyId=key['KeyId'],\n                                              PolicyName='default'))\n            key['policy'] = json.loads(response.get('Policy'))\n        except Exception as e:\n            print_exception(f'Failed to get KMS key policy: {e}')\n\n    async def _get_and_set_key_metadata(self, key: {}, region: str):\n        client = AWSFacadeUtils.get_client('kms', self.session, region)\n        try:\n            key['metadata'] = await run_concurrently(lambda: client.describe_key(KeyId=key['KeyId']))\n        except Exception as e:\n            print_exception(f'Failed to describe KMS key: {e}')\n\n    async def _get_and_set_key_aliases(self, key: {}, region: str):\n        client = AWSFacadeUtils.get_client('kms', self.session, region)\n        try:\n            response = await run_concurrently(\n                lambda: client.list_aliases(KeyId=key['KeyId'])\n            )\n            key['aliases'] = response.get('Aliases')\n        except Exception as e:\n            print_exception(f'Failed to get KMS aliases: {e}')\n\n    async def get_grants(self, region: str, key_id: str):\n        try:\n            return await AWSFacadeUtils.get_all_pages('kms', region, self.session, 'list_grants', 'Grants',\n                                                      KeyId=key_id)\n        except Exception as e:\n            print_exception(f'Failed to list KMS Grants: {e}')\n            return []\n\n    async def get_key_rotation_status(self, region: str, key_id: str):\n        client = AWSFacadeUtils.get_client('kms', self.session, region)\n        try:\n            return await run_concurrently(\n                lambda: client.get_key_rotation_status(KeyId=key_id))\n        except Exception as e:\n            print_exception(f'Failed to get KMS key rotation: {e}')\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/rds.py",
    "content": "from asyncio import Lock\n\nfrom botocore.exceptions import ClientError\nfrom ScoutSuite.core.console import print_exception, print_warning\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.aws.utils import get_aws_account_id\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.utils import ec2_classic\nfrom ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently\n\n\nclass RDSFacade(AWSBaseFacade):\n    _regional_instances_cache_locks = {}\n    _instances_cache = {}\n    _regional_snapshots_cache_locks = {}\n    _snapshots_cache = {}\n    _regional_subnet_groups_cache_locks = {}\n    _subnet_groups_cache = {}\n\n    async def get_instances(self, region: str, vpc: str):\n        try:\n            await self._cache_instances(region)\n            return [instance for instance in self._instances_cache[region] if instance['VpcId'] == vpc]\n        except Exception as e:\n            print_exception(f'Failed to get RDS instances: {e}')\n            return []\n\n    async def _cache_instances(self, region: str):\n        async with self._regional_instances_cache_locks.setdefault(region, Lock()):\n            if region in self._instances_cache:\n                return\n\n            self._instances_cache[region] = await AWSFacadeUtils.get_all_pages(\n                'rds', region, self.session, 'describe_db_instances', 'DBInstances')\n\n            for instance in self._instances_cache[region]:\n                instance['VpcId'] = instance['DBSubnetGroup']['VpcId'] \\\n                    if 'DBSubnetGroup' in instance and 'VpcId' in instance['DBSubnetGroup'] \\\n                    and instance['DBSubnetGroup']['VpcId'] \\\n                    else ec2_classic\n\n            await get_and_set_concurrently(\n                [self._get_and_set_instance_clusters, self._get_and_set_instance_tags], self._instances_cache[region], region=region)\n\n\n    async def _get_and_set_instance_tags(self, instance: {}, region: str):\n        client = AWSFacadeUtils.get_client('rds', self.session, region)\n        account_id = get_aws_account_id(self.session)\n        try:\n            instance_tagset = await run_concurrently(lambda: client.list_tags_for_resource(\n                ResourceName=instance['DBInstanceArn']))\n            instance['Tags'] = {x['Key']: x['Value'] for x in instance_tagset['TagList']}\n        except ClientError as e:\n            if e.response['Error']['Code'] != 'NoSuchTagSet':\n                print_exception('Failed to get db instance tags for {}: {}'.format(instance['DBInstanceIdentifier'], e))\n        except Exception as e:\n            if 'DBInstanceNotFound' in e:\n                print_warning('Failed to get db instance tags for {}: {}'.format(instance['DBInstanceIdentifier'], e))\n            else:\n                print_exception('Failed to get db instance tags for {}: {}'.format(instance['DBInstanceIdentifier'], e))\n            instance['Tags'] = {}\n\n    async def _get_and_set_instance_clusters(self, instance: {}, region: str):\n        client = AWSFacadeUtils.get_client('rds', self.session, region)\n        if 'DBClusterIdentifier' in instance:\n            cluster_id = instance['DBClusterIdentifier']\n            try:\n                clusters = await run_concurrently(\n                    lambda: client.describe_db_clusters(DBClusterIdentifier=cluster_id))\n                cluster = clusters['DBClusters'][0]\n                instance['MultiAZ'] = cluster['MultiAZ']\n            except Exception as e:\n                print_exception(f'Failed to describe RDS clusters: {e}')\n\n    async def get_snapshots(self, region: str, vpc: str):\n        try:\n            await self._cache_snapshots(region)\n            return [snapshot for snapshot in self._snapshots_cache[region] if snapshot['VpcId'] == vpc]\n        except Exception as e:\n            print_exception(f'Failed to get RDS snapshots: {e}')\n            return []\n\n    async def _cache_snapshots(self, region: str):\n        async with self._regional_snapshots_cache_locks.setdefault(region, Lock()):\n            if region in self._snapshots_cache:\n                return\n\n            # First, fetch regular snapshots\n            self._snapshots_cache[region] = await AWSFacadeUtils.get_all_pages(\n                'rds', region, self.session, 'describe_db_snapshots', 'DBSnapshots')\n\n            for snapshot in self._snapshots_cache[region]:\n                snapshot['VpcId'] = snapshot['VpcId'] if 'VpcId' in snapshot else ec2_classic\n\n            await get_and_set_concurrently(\n                [self._get_and_set_snapshot_attributes], self._snapshots_cache[region], region=region)\n\n            # Now, Cluster snapshots, as they are a different resource on the API\n            cluster_snapshots_for_region = await AWSFacadeUtils.get_all_pages(\n                'rds', region, self.session, 'describe_db_cluster_snapshots', 'DBClusterSnapshots')\n\n            for snapshot in cluster_snapshots_for_region:\n                snapshot['VpcId'] = snapshot['VpcId'] if 'VpcId' in snapshot else ec2_classic\n\n            await get_and_set_concurrently(\n                [self._get_and_set_cluster_snapshot_attributes], cluster_snapshots_for_region, region=region)\n\n            self._snapshots_cache[region].extend(cluster_snapshots_for_region)\n\n    async def _get_and_set_snapshot_attributes(self, snapshot: {}, region: str):\n        client = AWSFacadeUtils.get_client('rds', self.session, region)\n        try:\n            attributes = await run_concurrently(\n                lambda: client.describe_db_snapshot_attributes(\n                    DBSnapshotIdentifier=snapshot['DBSnapshotIdentifier'])['DBSnapshotAttributesResult'])\n            snapshot['Attributes'] =\\\n                attributes['DBSnapshotAttributes'] if 'DBSnapshotAttributes' in attributes else {}\n        except Exception as e:\n            if 'DBSnapshotNotFound' in e:\n                print_warning(f'Failed to describe RDS snapshot attributes: {e}')\n            else:\n                print_exception(f'Failed to describe RDS snapshot attributes: {e}')\n            snapshot['Attributes'] = {}\n\n    async def _get_and_set_cluster_snapshot_attributes(self, snapshot: {}, region: str):\n        client = AWSFacadeUtils.get_client('rds', self.session, region)\n        try:\n            attributes = await run_concurrently(\n                lambda: client.describe_db_cluster_snapshot_attributes(\n                    DBClusterSnapshotIdentifier=snapshot['DBClusterSnapshotIdentifier'])['DBClusterSnapshotAttributesResult'])\n            snapshot['Attributes'] =\\\n                attributes['DBClusterSnapshotAttributes'] if 'DBClusterSnapshotAttributes' in attributes else {}\n        except Exception as e:\n            print_exception(f'Failed to describe RDS cluster snapshot attributes: {e}')\n            snapshot['Attributes'] = {}\n\n    async def get_subnet_groups(self, region: str, vpc: str):\n        try:\n            await self._cache_subnet_groups(region)\n            return [subnet_group for subnet_group in self._subnet_groups_cache[region] if subnet_group['VpcId'] == vpc]\n        except Exception as e:\n            print_exception(f'Failed to get RDS subnet groups: {e}')\n            return []\n\n    async def _cache_subnet_groups(self, region: str):\n        async with self._regional_subnet_groups_cache_locks.setdefault(region, Lock()):\n            if region in self._subnet_groups_cache:\n                return\n\n            self._subnet_groups_cache[region] = await AWSFacadeUtils.get_all_pages(\n                'rds', region, self.session, 'describe_db_subnet_groups', 'DBSubnetGroups')\n                \n    async def get_parameter_groups(self, region: str):\n        try:\n            parameter_groups = await AWSFacadeUtils.get_all_pages(\n                'rds', region, self.session, 'describe_db_parameter_groups', 'DBParameterGroups')\n            await get_and_set_concurrently(\n                [self._get_and_set_db_parameters], parameter_groups, region=region)\n        except Exception as e:\n            print_exception(f'Failed to get RDS parameter groups: {e}')\n            parameter_groups = []\n        finally:\n            return parameter_groups\n\n    async def _get_and_set_db_parameters(self, parameter_group: {}, region: str):\n        name = parameter_group['DBParameterGroupName']\n        try:\n            parameters = await AWSFacadeUtils.get_all_pages(\n                'rds', region, self.session, 'describe_db_parameters', 'Parameters', DBParameterGroupName=name)\n            parameter_group['Parameters'] = {}\n            for parameter in parameters:\n                # Discard non-modifiable parameters\n                if not parameter['IsModifiable']:\n                    continue\n                parameter_name = parameter.pop('ParameterName')\n                parameter_group['Parameters'][parameter_name] = parameter\n        except Exception as e:\n            print_exception(f'Failed fetching DB parameters for {name}: {e}')\n\n    async def get_security_groups(self, region: str) :\n        try:\n            return await AWSFacadeUtils.get_all_pages(\n                'rds', region, self.session, 'describe_db_security_groups', 'DBSecurityGroups')\n        except Exception as e:\n            print_exception(f'Failed to get RDS security groups: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/redshift.py",
    "content": "from asyncio import Lock\n\nfrom botocore.utils import ClientError\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.aws.utils import ec2_classic\n\n\nclass RedshiftFacade(AWSBaseFacade):\n    regional_cluster_cache_locks = {}\n    clusters_cache = {}\n\n    async def get_clusters(self, region: str, vpc: str):\n\n        try:\n            await self.cache_clusters(region)\n            return [cluster for cluster in self.clusters_cache[region] if cluster['VpcId'] == vpc]\n        except Exception as e:\n            print_exception(f'Failed to get Redshift clusters: {e}')\n            return []\n\n    async def cache_clusters(self, region):\n        async with self.regional_cluster_cache_locks.setdefault(region, Lock()):\n            if region in self.clusters_cache:\n                return\n\n            self.clusters_cache[region] = await AWSFacadeUtils.get_all_pages(\n                'redshift', region, self.session, 'describe_clusters', 'Clusters')\n\n            for cluster in self.clusters_cache[region]:\n                cluster['VpcId'] = \\\n                    cluster['VpcId'] if 'VpcId' in cluster and cluster['VpcId'] else ec2_classic\n\n    async def get_cluster_parameter_groups(self, region: str):\n        try:\n            return await AWSFacadeUtils.get_all_pages(\n                'redshift', region, self.session, 'describe_cluster_parameter_groups', 'ParameterGroups')\n        except Exception as e:\n            print_exception(f'Failed to get Redshift parameter groups: {e}')\n            return []\n\n    async def get_cluster_security_groups(self, region: str):\n        # For VPC-by-default customers, describe_cluster_parameters will throw an exception. Just try and ignore it:\n        try:\n            return await AWSFacadeUtils.get_all_pages(\n                'redshift', region, self.session, 'describe_cluster_security_groups', 'ClusterSecurityGroups')\n        except ClientError as e:\n            if e.response['Error']['Code'] != 'InvalidParameterValue':\n                print_exception(f'Failed to describe cluster security groups: {e}')\n            return []\n\n    async def get_cluster_parameters(self, region: str, parameter_group: str):\n        return await AWSFacadeUtils.get_all_pages(\n            'redshift', region, self.session, 'describe_cluster_parameters', 'Parameters',\n            ParameterGroupName=parameter_group)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/route53.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\n\n\nclass Route53Facade(AWSBaseFacade):\n    async def get_domains(self, region):\n        try:\n            return await AWSFacadeUtils.get_all_pages('route53domains', region, self.session,\n                                                      'list_domains', 'Domains')\n        except Exception as e:\n            print_exception(f'Failed to get Route53 domains: {e}')\n            return []\n\n    async def get_hosted_zones(self):\n        try:\n            return await AWSFacadeUtils.get_all_pages('route53', None, self.session,\n                                                      'list_hosted_zones', 'HostedZones')\n        except Exception as e:\n            print_exception(f'Failed to get Route53 hosted zones: {e}')\n\n    async def get_resource_records(self, hosted_zone_id):\n        try:\n            return await AWSFacadeUtils.get_all_pages('route53', None, self.session,\n                                                      'list_resource_record_sets', 'ResourceRecordSets',\n                                                      HostedZoneId=hosted_zone_id)\n        except Exception as e:\n            print_exception(f'Failed to get Route53 resource records: {e}')\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/s3.py",
    "content": "import json\n\nfrom botocore.exceptions import ClientError\n\nfrom ScoutSuite.core.console import print_exception, print_debug, print_warning\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently\n\n\nclass S3Facade(AWSBaseFacade):\n    async def get_buckets(self):\n        try:\n            # If there are regions specified, try for each of them until one works.\n            # Otherwise, try all the available regions until one works.\n            # This is required in case there's an IAM policy that denies access to APIs on a regional basis,\n            # as per https://github.com/nccgroup/ScoutSuite/issues/727\n            buckets = []\n            exception = None\n            region_list = self.regions if self.regions else await run_concurrently(lambda: self.session.get_available_regions('s3'))\n            for region in region_list:\n                try:\n                    client = AWSFacadeUtils.get_client('s3', self.session, region)\n                    buckets = await run_concurrently(lambda: client.list_buckets()['Buckets'])\n                except Exception as e:\n                    exception = e\n                else:\n                    exception = None  # Fix for https://github.com/nccgroup/ScoutSuite/issues/916#issuecomment-728783965\n                    break\n            if not buckets:\n                if exception:\n                    print_exception(f'Failed to list buckets: {exception}')\n                return []\n        except Exception as e:\n            print_exception(f'Failed to list buckets: {e}')\n            return []\n        else:\n            # We need first to retrieve bucket locations before retrieving bucket details\n            await get_and_set_concurrently([self._get_and_set_s3_bucket_location], buckets, region=region)\n\n            # Then we can retrieve bucket details concurrently\n            await get_and_set_concurrently(\n                [self._get_and_set_s3_bucket_logging,\n                 self._get_and_set_s3_bucket_versioning,\n                 self._get_and_set_s3_bucket_webhosting,\n                 self._get_and_set_s3_bucket_default_encryption,\n                 self._get_and_set_s3_acls,\n                 self._get_and_set_s3_bucket_policy,\n                 self._get_and_set_s3_bucket_tags,\n                 self._get_and_set_s3_bucket_block_public_access],\n                buckets)\n\n            # Non-async post-processing\n            for bucket in buckets:\n                self._set_s3_bucket_secure_transport(bucket)\n            # Try to update CreationDate of all buckets with the correct values from 'us-east-1'\n            self._get_and_set_s3_bucket_creationdate(buckets)\n\n            return buckets\n\n    async def _get_and_set_s3_bucket_location(self, bucket: {}, region=None):\n        client = AWSFacadeUtils.get_client('s3', self.session, region)\n        try:\n            location = await run_concurrently(lambda: client.get_bucket_location(Bucket=bucket['Name']))\n        except Exception as e:\n            if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e):\n                print_warning('Failed to get bucket location for {}: {}'.format(bucket['Name'], e))\n            else:\n                print_exception('Failed to get bucket location for {}: {}'.format(bucket['Name'], e))\n            location = None\n\n        if location:\n            region = location['LocationConstraint'] if location['LocationConstraint'] else 'us-east-1'\n\n            # Fixes issue #59: location constraint can be either EU or eu-west-1 for Ireland...\n            if region == 'EU':\n                region = 'eu-west-1'\n        else:\n            region = None\n\n        bucket['region'] = region\n\n    async def _get_and_set_s3_bucket_logging(self, bucket: {}):\n        client = AWSFacadeUtils.get_client('s3', self.session, bucket['region'], )\n        try:\n            logging = await run_concurrently(lambda: client.get_bucket_logging(Bucket=bucket['Name']))\n        except Exception as e:\n            if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e):\n                print_warning('Failed to get logging configuration for {}: {}'.format(bucket['Name'], e))\n            else:\n                print_exception('Failed to get logging configuration for {}: {}'.format(bucket['Name'], e))\n            bucket['logging'] = 'Unknown'\n        else:\n            if 'LoggingEnabled' in logging:\n                bucket['logging'] = \\\n                    logging['LoggingEnabled']['TargetBucket'] + '/' + logging['LoggingEnabled']['TargetPrefix']\n            else:\n                bucket['logging'] = 'Disabled'\n\n    async def _get_and_set_s3_bucket_versioning(self, bucket: {}):\n        client = AWSFacadeUtils.get_client('s3', self.session, bucket['region'])\n        try:\n            versioning = await run_concurrently(lambda: client.get_bucket_versioning(Bucket=bucket['Name']))\n            bucket['versioning_status_enabled'] = self._status_to_bool(versioning.get('Status'))\n            bucket['version_mfa_delete_enabled'] = self._status_to_bool(versioning.get('MFADelete'))\n        except Exception as e:\n            if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e):\n                print_warning('Failed to get versioning configuration for {}: {}'.format(bucket['Name'], e))\n            else:\n                print_exception('Failed to get versioning configuration for {}: {}'.format(bucket['Name'], e))\n            bucket['versioning_status_enabled'] = None\n            bucket['version_mfa_delete_enabled'] = None\n\n    async def _get_and_set_s3_bucket_webhosting(self, bucket: {}):\n        client = AWSFacadeUtils.get_client('s3', self.session, bucket['region'])\n        try:\n            result = await run_concurrently(lambda: client.get_bucket_website(Bucket=bucket['Name']))\n            bucket['web_hosting_enabled'] = 'IndexDocument' in result\n        except Exception as e:\n            if \"NoSuchWebsiteConfiguration\" in str(e):\n                bucket['web_hosting_enabled'] = False\n            else:\n                if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e):\n                    print_warning('Failed to get web hosting configuration for {}: {}'.format(bucket['Name'], e))\n                else:\n                    print_exception('Failed to get web hosting configuration for {}: {}'.format(bucket['Name'], e))\n\n    async def _get_and_set_s3_bucket_default_encryption(self, bucket: {}):\n        bucket_name = bucket['Name']\n        client = AWSFacadeUtils.get_client('s3', self.session, bucket['region'])\n        try:\n            config = await run_concurrently(lambda: client.get_bucket_encryption(Bucket=bucket['Name']))\n            bucket['default_encryption_enabled'] = True\n            bucket['default_encryption_algorithm'] = config.get('ServerSideEncryptionConfiguration', {})\\\n                .get('Rules', [{}])[0].get('ApplyServerSideEncryptionByDefault', {}).get('SSEAlgorithm')\n            bucket['default_encryption_key'] = config.get('ServerSideEncryptionConfiguration', {})\\\n                .get('Rules', [{}])[0].get('ApplyServerSideEncryptionByDefault', {}).get('KMSMasterKeyID')\n        except ClientError as e:\n            if 'ServerSideEncryptionConfigurationNotFoundError' in e.response['Error']['Code']:\n                bucket['default_encryption_enabled'] = False\n                bucket['default_encryption_algorithm'] = None\n                bucket['default_encryption_key'] = None\n            else:\n                bucket['default_encryption_enabled'] = None\n                bucket['default_encryption_algorithm'] = None\n                bucket['default_encryption_key'] = None\n                if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e):\n                    print_warning(f'Failed to get encryption configuration for {bucket_name}: {e}')\n                else:\n                    print_exception(f'Failed to get encryption configuration for {bucket_name}: {e}')\n        except Exception as e:\n            bucket['default_encryption'] = 'Unknown'\n            bucket['default_encryption_algorithm'] = None\n            bucket['default_encryption_key'] = None\n            if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e):\n                print_warning(f'Failed to get encryption configuration for {bucket_name}: {e}')\n            else:\n                print_exception(f'Failed to get encryption configuration for {bucket_name}: {e}')\n\n    async def _get_and_set_s3_acls(self, bucket: {}, key_name=None):\n        bucket_name = bucket['Name']\n        client = AWSFacadeUtils.get_client('s3', self.session, bucket['region'])\n        try:\n            grantees = {}\n            if key_name:\n                grants = await run_concurrently(lambda: client.get_object_acl(Bucket=bucket_name, Key=key_name))\n            else:\n                grants = await run_concurrently(lambda: client.get_bucket_acl(Bucket=bucket_name))\n            for grant in grants['Grants']:\n                if 'ID' in grant['Grantee']:\n                    grantee = grant['Grantee']['ID']\n                    display_name = grant['Grantee']['DisplayName'] if \\\n                        'DisplayName' in grant['Grantee'] else grant['Grantee']['ID']\n                elif 'URI' in grant['Grantee']:\n                    grantee = grant['Grantee']['URI'].split('/')[-1]\n                    display_name = self._s3_group_to_string(grant['Grantee']['URI'])\n                else:\n                    grantee = display_name = 'Unknown'\n                permission = grant['Permission']\n                grantees.setdefault(grantee, {})\n                grantees[grantee]['DisplayName'] = display_name\n                if 'URI' in grant['Grantee']:\n                    grantees[grantee]['URI'] = grant['Grantee']['URI']\n                grantees[grantee].setdefault('permissions', self._init_s3_permissions())\n                self._set_s3_permissions(grantees[grantee]['permissions'], permission)\n            bucket['grantees'] = grantees\n        except Exception as e:\n            if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e):\n                print_warning(f'Failed to get ACL configuration for {bucket_name}: {e}')\n            else:\n                print_exception(f'Failed to get ACL configuration for {bucket_name}: {e}')\n            bucket['grantees'] = {}\n\n    async def _get_and_set_s3_bucket_policy(self, bucket: {}):\n        client = AWSFacadeUtils.get_client('s3', self.session, bucket['region'])\n        try:\n            bucket_policy = await run_concurrently(lambda: client.get_bucket_policy(Bucket=bucket['Name']))\n            bucket['policy'] = json.loads(bucket_policy['Policy'])\n        except ClientError as e:\n            if e.response['Error']['Code'] != 'NoSuchBucketPolicy':\n                if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e):\n                    print_warning('Failed to get bucket policy for {}: {}'.format(bucket['Name'], e))\n                else:\n                    print_exception('Failed to get bucket policy for {}: {}'.format(bucket['Name'], e))\n        except Exception as e:\n            if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e):\n                print_warning('Failed to get bucket policy for {}: {}'.format(bucket['Name'], e))\n            else:\n                print_exception('Failed to get bucket policy for {}: {}'.format(bucket['Name'], e))\n            bucket['grantees'] = {}\n\n    async def _get_and_set_s3_bucket_tags(self, bucket: {}):\n        client = AWSFacadeUtils.get_client('s3', self.session, bucket['region'])\n        try:\n            bucket_tagset = await run_concurrently(lambda: client.get_bucket_tagging(Bucket=bucket['Name']))\n            bucket['tags'] = {x['Key']: x['Value'] for x in bucket_tagset['TagSet']}\n        except ClientError as e:\n            if e.response['Error']['Code'] != 'NoSuchTagSet':\n                if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e):\n                    print_warning('Failed to get bucket tags for {}: {}'.format(bucket['Name'], e))\n                else:\n                    print_exception('Failed to get bucket tags for {}: {}'.format(bucket['Name'], e))\n        except Exception as e:\n            if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e):\n                print_warning('Failed to get bucket tags for {}: {}'.format(bucket['Name'], e))\n            else:\n                print_exception('Failed to get bucket tags for {}: {}'.format(bucket['Name'], e))\n            bucket['tags'] = {}\n\n    async def _get_and_set_s3_bucket_block_public_access(self, bucket: {}):\n        client = AWSFacadeUtils.get_client('s3', self.session, bucket['region'])\n        try:\n            bucket_public_access_block_conf = await run_concurrently(lambda: client.get_public_access_block(Bucket=bucket['Name']))\n            bucket['public_access_block_configuration'] = bucket_public_access_block_conf['PublicAccessBlockConfiguration']\n        except ClientError as e:\n            # No such configuration found for the bucket, nothing to be done\n            pass\n        except Exception as e:\n            if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e):\n                print_warning('Failed to get the public access block configuration for {}: {}'.format(bucket['Name'], e))\n            else:\n                print_exception('Failed to get the public access block configuration for {}: {}'.format(bucket['Name'], e))\n\n    def _get_and_set_s3_bucket_creationdate(self, buckets):\n        # When using region other than 'us-east-1', the 'CreationDate' is the last modified time according to bucket's\n        # last replication in the respective region\n        # Source: https://github.com/aws/aws-cli/issues/3597#issuecomment-424167129\n        # Fixes issue https://github.com/nccgroup/ScoutSuite/issues/858\n        client = AWSFacadeUtils.get_client('s3', self.session, 'us-east-1')\n        try:\n            buckets_useast1 = client.list_buckets()['Buckets']\n            for bucket in buckets:\n                # Find the bucket with the same name and update 'CreationDate' from the 'us-east-1' region data,\n                # if doesn't exist keep the original value\n                bucket['CreationDate'] = next((b['CreationDate'] for b in buckets_useast1 if\n                                               b['Name'] == bucket['Name']), bucket['CreationDate'])\n        except Exception as e:\n            # Only output exception when in debug mode\n            print_debug('Failed to get bucket creation date from \"us-east-1\" region')\n\n    def _set_s3_bucket_secure_transport(self, bucket: {}):\n        try:\n            if 'policy' in bucket:\n                bucket['secure_transport_enabled'] = False\n                for statement in bucket['policy']['Statement']:\n                    # evaluate statement to see if it contains a condition disallowing HTTP transport\n                    # TODO this might not cover all cases\n                    if 'Condition' in statement and \\\n                            'Bool' in statement['Condition']:\n                        for key in statement['Condition']['Bool'].keys():\n                            if key.lower() == 'aws:securetransport' and \\\n                                    ((statement['Condition']['Bool'][key] == 'false' and\n                                    statement['Effect'] == 'Deny') or\n                                    (statement['Condition']['Bool'][key] == 'true' and\n                                    statement['Effect'] == 'Allow')):\n                                bucket['secure_transport_enabled'] = True\n                    elif 'Condition' in statement and \\\n                            'NumericLessThan' in statement['Condition']:\n                        for key in statement['Condition']['NumericLessThan'].keys():\n                            if key.lower() == 's3:tlsversion' and \\\n                                    ((statement['Condition']['NumericLessThan'][key] >= '1.2' and\n                                    statement['Effect'] == 'Deny') or\n                                    (statement['Condition']['NumericGreaterThan'][key] >= '1.1' and\n                                    statement['Effect'] == 'Allow')):\n                                bucket['secure_transport_enabled'] = True\n            else:\n                bucket['secure_transport_enabled'] = False\n        except Exception as e:\n            if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e):\n                print_warning('Failed to evaluate bucket policy for {}: {}'.format(bucket['Name'], e))\n            else:\n                print_exception('Failed to evaluate bucket policy for {}: {}'.format(bucket['Name'], e))\n            bucket['secure_transport'] = None\n\n    def get_s3_public_access_block(self, account_id):\n        # We need a region to generate the client\n        # However, the settings are global, so they are not region-dependent\n        region = 'us-east-1'\n        client = AWSFacadeUtils.get_client('s3control', self.session, region)\n        try:\n            s3_public_access_block = client.get_public_access_block(AccountId=account_id)\n            return s3_public_access_block['PublicAccessBlockConfiguration']\n        except ClientError:\n            # No public access block configuration at the S3 level, returning the default\n            return {\n                \"BlockPublicAcls\": False,\n                \"IgnorePublicAcls\": False,\n                \"BlockPublicPolicy\": False,\n                \"RestrictPublicBuckets\": False\n            }\n        except Exception as e:\n            if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e):\n                print_warning(\n                    f'Failed to get the public access block configuration for the account {account_id}: {e}')\n            else:\n                print_exception(\n                    f'Failed to get the public access block configuration for the account {account_id}: {e}')\n            return None\n\n    @staticmethod\n    def _init_s3_permissions():\n        permissions = {'read': False, 'write': False, 'read_acp': False, 'write_acp': False}\n        return permissions\n\n    @staticmethod\n    def _set_s3_permissions(permissions: str, name: str):\n        if name == 'READ' or name == 'FULL_CONTROL':\n            permissions['read'] = True\n        if name == 'WRITE' or name == 'FULL_CONTROL':\n            permissions['write'] = True\n        if name == 'READ_ACP' or name == 'FULL_CONTROL':\n            permissions['read_acp'] = True\n        if name == 'WRITE_ACP' or name == 'FULL_CONTROL':\n            permissions['write_acp'] = True\n\n    @staticmethod\n    def _s3_group_to_string(uri: str):\n        if uri == 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers':\n            return 'Authenticated users'\n        elif uri == 'http://acs.amazonaws.com/groups/global/AllUsers':\n            return 'Everyone'\n        elif uri == 'http://acs.amazonaws.com/groups/s3/LogDelivery':\n            return 'Log delivery'\n        else:\n            return uri\n\n    @staticmethod\n    def _status_to_bool(value: str):\n        \"\"\" Converts a string to True if it is equal to 'Enabled' or to False otherwise. \"\"\"\n        return value == 'Enabled'\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/secretsmanager.py",
    "content": "import json\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.utils import map_concurrently, run_concurrently, get_and_set_concurrently\n\n\nclass SecretsManagerFacade(AWSBaseFacade):\n    async def get_secrets(self, region):\n        try:\n            secrets_list = await AWSFacadeUtils.get_all_pages('secretsmanager', region, self.session,\n                                                              'list_secrets', 'SecretList')\n        except Exception as e:\n            print_exception(f'Failed to get Secrets Manager secrets: {e}')\n            return []\n        else:\n            secrets_list = await map_concurrently(self._describe_secrets, secrets_list, region=region)\n\n            await get_and_set_concurrently(\n                [\n                    self._get_and_set_secret_policy\n                ],\n                secrets_list,\n                region=region)\n\n            return secrets_list\n\n    async def _describe_secrets(self, secret: str, region: str):\n        client = AWSFacadeUtils.get_client('secretsmanager', self.session, region)\n\n        try:\n            secret_description = await run_concurrently(lambda: client.describe_secret(SecretId=secret.get('ARN')))\n        except Exception as e:\n            print_exception('Failed to get Secrets Manager secret details: {}'.format(e))\n            return secret\n        else:\n            secret_description.pop('ResponseMetadata')\n            return secret_description\n\n    async def _get_and_set_secret_policy(self, secret: {}, region: str):\n        client = AWSFacadeUtils.get_client('secretsmanager', self.session, region)\n\n        try:\n            policy = await run_concurrently(lambda: client.get_resource_policy(SecretId=secret.get('ARN')))\n            policy_json = policy.get('ResourcePolicy')\n            if policy_json:\n                secret['policy'] = json.loads(policy_json)\n            else:\n                secret['policy'] = {}\n        except Exception as e:\n            print_exception('Failed to get Secrets Manager secret policy: {}'.format(e))\n            secret['policy'] = {}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/ses.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.utils import map_concurrently\nfrom ScoutSuite.providers.utils import run_concurrently\n\n\nclass SESFacade(AWSBaseFacade):\n    async def get_identities(self, region: str):\n        try:\n            identity_names = await AWSFacadeUtils.get_all_pages(\n                'ses', region, self.session, 'list_identities', 'Identities')\n\n            return await map_concurrently(self._get_identity_dkim_attributes, identity_names, region=region)\n        except Exception as e:\n            print_exception(f'Failed to get SES identities: {e}')\n            return []\n\n    async def _get_identity_dkim_attributes(self, identity_name: str, region: str):\n        ses_client = AWSFacadeUtils.get_client('ses', self.session, region)\n        try:\n            dkim_attributes = await run_concurrently(\n                lambda: ses_client.get_identity_dkim_attributes(Identities=[identity_name])['DkimAttributes'][\n                    identity_name]\n            )\n        except Exception as e:\n            print_exception(f'Failed to get SES DKIM attributes: {e}')\n            raise\n        return identity_name, dkim_attributes\n\n    async def get_identity_policies(self, region: str, identity_name: str):\n        ses_client = AWSFacadeUtils.get_client('ses', self.session, region)\n        try:\n            policy_names = await run_concurrently(\n                lambda: ses_client.list_identity_policies(Identity=identity_name)['PolicyNames']\n            )\n        except Exception as e:\n            print_exception(f'Failed to list SES policies: {e}')\n            policy_names = []\n\n        if len(policy_names) == 0:\n            return {}\n\n        try:\n            return await run_concurrently(\n                lambda: ses_client.get_identity_policies(Identity=identity_name, PolicyNames=policy_names)['Policies']\n            )\n        except Exception as e:\n            print_exception(f'Failed to get SES policies: {e}')\n            return None\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/sns.py",
    "content": "import asyncio\n\nfrom ScoutSuite.core.console import print_exception, print_warning\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently\n\n\nclass SNSFacade(AWSBaseFacade):\n    regional_subscriptions_cache_locks = {}\n    subscriptions_cache = {}\n\n    async def get_topics(self, region: str):\n        try:\n            topics = await AWSFacadeUtils.get_all_pages('sns', region, self.session, 'list_topics', 'Topics')\n            await get_and_set_concurrently([self._get_and_set_topic_attributes], topics, region=region)\n        except Exception as e:\n            print_exception(f'Failed to get CloudWatch alarms: {e}')\n            topics = []\n        finally:\n            return topics\n\n    async def _get_and_set_topic_attributes(self, topic: {}, region: str):\n        sns_client = AWSFacadeUtils.get_client('sns', self.session, region)\n        try:\n            topic['attributes'] = await run_concurrently(\n                lambda: sns_client.get_topic_attributes(TopicArn=topic['TopicArn'])['Attributes']\n            )\n        except Exception as e:\n            if 'NotFound' in e:\n                print_warning(f'Failed to get SNS topic attributes: {e}')\n            else:\n                print_exception(f'Failed to get SNS topic attributes: {e}')\n\n    async def get_subscriptions(self, region: str, topic_name: str):\n        await self.cache_subscriptions(region)\n        return [subscription for subscription in self.subscriptions_cache[region]\n                if subscription['topic_name'] == topic_name]\n\n    async def cache_subscriptions(self, region: str):\n        async with self.regional_subscriptions_cache_locks.setdefault(region, asyncio.Lock()):\n            if region in self.subscriptions_cache:\n                return\n\n            self.subscriptions_cache[region] = \\\n                await AWSFacadeUtils.get_all_pages('sns', region, self.session, 'list_subscriptions', 'Subscriptions')\n\n            for subscription in self.subscriptions_cache[region]:\n                topic_arn = subscription.pop('TopicArn')\n                subscription['topic_name'] = topic_arn.split(':')[-1]\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/sqs.py",
    "content": "from ScoutSuite.core.console import print_exception, print_warning\nfrom ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.utils import run_concurrently, map_concurrently\n\n\nclass SQSFacade(AWSBaseFacade):\n    async def get_queues(self, region: str, attribute_names: []):\n        sqs_client = AWSFacadeUtils.get_client('sqs', self.session, region)\n        try:\n            raw_queues = await run_concurrently(sqs_client.list_queues)\n        except Exception as e:\n            print_exception(f'Failed to list SQS queues: {e}')\n            return []\n        else:\n            if 'QueueUrls' not in raw_queues:\n                return []\n            queue_urls = raw_queues['QueueUrls']\n\n            return await map_concurrently(\n                self._get_queue_attributes, queue_urls, region=region, attribute_names=attribute_names)\n\n    async def _get_queue_attributes(self, queue_url: str, region: str, attribute_names: []):\n        sqs_client = AWSFacadeUtils.get_client('sqs', self.session, region)\n        try:\n            queue_attributes = await run_concurrently(\n                lambda: sqs_client.get_queue_attributes(QueueUrl=queue_url, AttributeNames=attribute_names)[\n                    'Attributes']\n            )\n        except Exception as e:\n            if 'NonExistentQueue' in e:\n                print_warning(f'Failed to get SQS queue attributes: {e}')\n            else:\n                print_exception(f'Failed to get SQS queue attributes: {e}')\n\n        return queue_url, queue_attributes\n"
  },
  {
    "path": "ScoutSuite/providers/aws/facade/utils.py",
    "content": "import boto3\nfrom botocore.exceptions import ClientError\n\nfrom ScoutSuite.core.conditions import print_exception\nfrom ScoutSuite.providers.utils import run_concurrently\n\n\nclass AWSFacadeUtils:\n    _clients = {}\n\n    @staticmethod\n    async def get_all_pages(service: str, region: str, session: boto3.session.Session, paginator_name: str,\n                            entity: str, **paginator_args):\n        \"\"\"\n        Gets all the entities from a paginator given an entity key\n\n        :param service:str: Name of the AWS service (ec2, iam, etc.)\n        :param region:str: Region\n        :param session:boto3.session.Session: Boto3 session used to authenticate the client\n        :param paginator_name:str: Name of the paginator\n        :param entity:str: Key used to retreive the entities in the paginator's response\n        :param **paginator_args: Arguments passed to the paginator\n\n        :return: A list of the fetched entities.\n        \"\"\"\n\n        results = await AWSFacadeUtils.get_multiple_entities_from_all_pages(\n            service, region, session, paginator_name, [entity], **paginator_args)\n        if len(results) > 0:\n            return results[entity]\n        else:\n            return []\n\n    @staticmethod\n    async def get_multiple_entities_from_all_pages(service: str, region: str, session: boto3.session.Session,\n                                                   paginator_name: str, entities: list, **paginator_args):\n        \"\"\"\n        Gets all the entities from a paginator given multiple entitiy keys\n            :param service:str: Name of the AWS service (ec2, iam, etc.)\n            :param region:str: Region\n            :param session:boto3.session.Session: Boto3 session used to authenticate the client\n            :param paginator_name:str: Name of the paginator\n            :param entities:list: Keys used to retreive the entities in the paginator's response\n            :param **paginator_args: Arguments passed to the paginator\n\n            :return: A dictionary with the entity keys as keys, and the fetched entities lists as values.\n        \"\"\"\n\n        client = AWSFacadeUtils.get_client(service, session, region)\n\n        # Building a paginator doesn't require any API call so no need to do it concurrently:\n        paginator = client.get_paginator(\n            paginator_name).paginate(**paginator_args)\n\n        # Getting all pages from a paginator requires API calls so we need to do it concurrently:\n        try:\n            return await run_concurrently(lambda: AWSFacadeUtils._get_all_pages_from_paginator(paginator, entities))\n        except ClientError as e:\n            if e.response['Error']['Code'] in ['AccessDenied',\n                                               'AccessDeniedException',\n                                               'UnauthorizedOperation',\n                                               'AuthorizationError']:\n                print_exception(f'Failed to get all pages from paginator for the {service} service: {e}')\n                return []\n            else:\n                raise\n\n    @staticmethod\n    def _get_all_pages_from_paginator(paginator, entities: list):\n        resources = {entity: [] for entity in entities}\n\n        # There's an API call hidden behind each iteration:\n        for page in paginator:\n            for entity in entities:\n                resources[entity].extend(page[entity])\n\n        return resources\n\n    @staticmethod\n    def get_client(service: str, session: boto3.session.Session, region: str = None):\n        \"\"\"\n        Instantiates an AWS API client\n\n        :param service: Service targeted, e.g. ec2\n        :param session: The aws session\n        :param region:  Region desired, e.g. us-east-2\n\n        :return:\n        \"\"\"\n\n        try:\n            return AWSFacadeUtils._clients.setdefault(\n                (service, region),\n                session.client(service, region_name=region) if region else session.client(service))\n        except Exception as e:\n            print_exception(f'Failed to create client for the {service} service: {e}')\n            return None\n"
  },
  {
    "path": "ScoutSuite/providers/aws/metadata.json",
    "content": "{\n    \"analytics\": {\n        \"emr\": {\n            \"resources\": {\n                \"clusters\": {\n                    \"cols\": 2,\n                    \"path\": \"services.emr.regions.id.vpcs.id.clusters\",\n                    \"callbacks\": [\n                        [ \"match_security_groups_and_resources_callback\", {\"status_path\": [\"Status\", \"State\"], \"sg_list_attribute_name\": [\"Ec2InstanceAttributes\", \"EmrManagedMasterSecurityGroup\"], \"sg_id_attribute_name\": \"\"} ],\n                        [ \"match_security_groups_and_resources_callback\", {\"status_path\": [\"Status\", \"State\"], \"sg_list_attribute_name\": [\"Ec2InstanceAttributes\", \"EmrManagedSlaveSecurityGroup\"], \"sg_id_attribute_name\": \"\"} ]\n                    ]\n                }\n            }\n        }\n    },\n    \"management\": {\n        \"cloudformation\": {\n            \"resources\": {\n                \"stacks\": {\n                    \"cols\": 2,\n                    \"path\": \"services.cloudformation.regions.id.stacks\",\n                    \"callbacks\": [\n                        [ \"match_roles_and_cloudformation_stacks_callback\", {} ]\n                    ]\n                }\n            }\n        },\n        \"cloudtrail\": {\n            \"resources\": {\n                \"regions\": {\n                    \"cols\": 2,\n                    \"path\": \"services.cloudtrail.regions\"\n                },\n                \"trails\": {\n                    \"cols\": 2,\n                    \"path\": \"services.cloudtrail.regions.id.trails\"\n                }\n            }\n        },\n        \"cloudwatch\": {\n            \"resources\": {\n                \"alarms\": {\n                    \"cols\": 2,\n                    \"path\": \"services.cloudwatch.regions.id.alarms\"\n                },\n                \"metric_filters\": {\n                    \"cols\": 2,\n                    \"path\": \"services.cloudwatch.regions.id.metric_filters\"\n                }\n            }\n        },\n        \"config\": {\n            \"resources\": {\n                \"regions\": {\n                    \"cols\": 2,\n                    \"path\": \"services.config.regions\"\n                },\n                \"recorders\": {\n                    \"path\": \"services.config.regions.id.recorders\"\n                },\n                \"rules\": {\n                    \"path\": \"services.config.regions.id.rules\"\n                }\n            }\n        },\n        \"ssm\" : {\n            \"resources\": {\n                \"parameters\": {\n                    \"cols\": 2,\n                    \"path\": \"services.ssm.regions.id.parameters\"\n                }\n            }\n        }\n    },\n    \"messaging\": {\n        \"sns\": {\n            \"resources\": {\n                \"topics\": {\n                    \"cols\": 2,\n                    \"path\": \"services.sns.regions.id.topics\"\n                }\n            }\n        },\n        \"ses\": {\n            \"resources\": {\n                \"identities\": {\n                    \"cols\": 2,\n                    \"path\": \"services.ses.regions.id.identities\"\n                }\n            }\n        },\n        \"sqs\" : {\n            \"resources\": {\n                \"queues\": {\n                    \"cols\": 2,\n                    \"path\": \"services.sqs.regions.id.queues\"\n                }\n            }\n        }\n    },\n    \"network\": {\n        \"vpc\": {\n            \"resources\": {\n                \"network_acls\": {\n                    \"cols\": 2,\n                    \"path\": \"services.vpc.regions.id.vpcs.id.network_acls\",\n                    \"callbacks\": [\n                        [ \"match_network_acls_and_subnets_callback\", {} ],\n                        [ \"process_network_acls_callback\", {} ]\n                    ]\n                },\n                \"vpcs\": {\n                    \"cols\": 2,\n                    \"path\": \"services.vpc.regions.id.vpcs\"\n                },\n                \"flow_logs\": {\n                    \"path\": \"services.vpc.regions.id.flow_logs\",\n                    \"callbacks\": [\n                        [ \"sort_vpc_flow_logs_callback\", {} ],\n                        [ \"match_roles_and_vpc_flowlogs_callback\", {} ]\n                    ]\n                },\n                \"subnets\": {\n                    \"cols\": 2,\n                    \"path\": \"services.vpc.regions.id.vpcs.id.subnets\"\n                },\n                \"peering_connections\": {\n                    \"path\": \"services.vpc.regions.id.peering_connections\",\n                    \"callbacks\": [\n                        [ \"process_vpc_peering_connections_callback\", {} ]\n                    ]\n                }\n            }\n        },\n        \"route53\": {\n            \"resources\": {\n                \"domains\": {\n                    \"cols\": 2,\n                    \"path\": \"services.route53.regions.id.domains\"\n                },\n                \"hosted_zones\": {\n                    \"cols\": 2,\n                    \"path\": \"services.route53.regions.id.hosted_zones\"\n                }\n            }\n        },\n        \"directconnect\": {\n            \"resources\": {\n                \"connections\": {\n                    \"cols\": 2,\n                    \"path\": \"services.directconnect.connections\"\n                }\n            }\n        },\n        \"cloudfront\": {\n            \"resources\": {\n                \"distributions\": {\n                    \"cols\": 2,\n                    \"path\": \"services.cloudfront.distributions\"\n                }\n            }\n        }\n    },\n    \"compute\": {\n        \"summaries\": {\n            \"external attack surface\": {\n                \"cols\": 1,\n                \"path\": \"service_groups.compute.summaries.external_attack_surface\",\n                \"callbacks\": [\n                    [\n                        \"merge\",\n                        {\n                            \"attribute\": \"external_attack_surface\"\n                        }\n                    ]\n                ]\n            }\n        },\n        \"ec2\": {\n            \"resources\": {\n                \"instances\": {\n                    \"cols\": 2,\n                    \"path\": \"services.ec2.regions.id.vpcs.id.instances\",\n                    \"callbacks\": [  ]\n                },\n                \"security_groups\": {\n                    \"cols\": 2,\n                    \"path\": \"services.ec2.regions.id.vpcs.id.security_groups\"\n                },\n                \"volumes\": {\n                    \"cols\": 2,\n                    \"path\": \"services.ec2.regions.id.volumes\"\n                },\n                \"snapshots\": {\n                    \"cols\": 2,\n                    \"path\": \"services.ec2.regions.id.snapshots\"\n                },\n                \"network_interfaces\": {\n                    \"path\": \"services.ec2.regions.id.vpcs.id.network_interfaces\",\n                    \"hidden\": true,\n                    \"callbacks\": [\n                        [\n                            \"match_security_groups_and_resources_callback\",\n                            {\n                                \"sg_list_attribute_name\": [\n                                    \"Groups\"\n                                ],\n                                \"sg_id_attribute_name\": \"GroupId\"\n                            }\n                        ]\n                    ]\n                },\n                \"images\": {\n                    \"cols\": 2,\n                    \"path\": \"services.ec2.regions.id.images\"\n                },\n                \"regional_settings\": {\n                    \"cols\": 2,\n                    \"path\": \"services.ec2.regions.id.regional_settings\"\n                }\n            },\n            \"summaries\": {\n                \"external attack surface\": {\n                    \"cols\": 1,\n                    \"path\": \"services.ec2.external_attack_surface\",\n                    \"callbacks\": [\n                        [\n                            \"list_ec2_network_attack_surface_callback\",\n                            {\n                                \"path\": \"services.ec2.regions.id.vpcs.id.instances.id.network_interfaces.id.PrivateIpAddresses\"\n                            }\n                        ]\n                    ]\n                }\n            }\n        },\n        \"elb\": {\n            \"resources\": {\n                \"elbs\": {\n                    \"cols\": 2,\n                    \"path\": \"services.elb.regions.id.vpcs.id.elbs\",\n                    \"callbacks\": [\n                        [\n                            \"match_security_groups_and_resources_callback\",\n                            {\n                                \"status_path\": [\n                                    \"Scheme\"\n                                ],\n                                \"sg_list_attribute_name\": [\n                                    \"security_groups\"\n                                ],\n                                \"sg_id_attribute_name\": \"GroupId\"\n                            }\n                        ],\n                        [\n                            \"get_lb_attack_surface\",\n                            { }\n                        ]\n                    ]\n                },\n                \"elb_policies\": {\n                    \"cols\": 2,\n                    \"path\": \"services.elb.regions.id.elb_policies\"\n                }\n            },\n            \"summaries\": {\n                \"external attack surface\": {\n                    \"cols\": 1,\n                    \"path\": \"services.elb.external_attack_surface\"\n                }\n            }\n        },\n        \"elbv2\": {\n            \"resources\": {\n                \"lbs\": {\n                    \"cols\": 2,\n                    \"path\": \"services.elbv2.regions.id.vpcs.id.lbs\",\n                    \"callbacks\": [\n                        [\n                            \"match_security_groups_and_resources_callback\",\n                            {\n                                \"status_path\": [\n                                    \"State\",\n                                    \"Code\"\n                                ],\n                                \"sg_list_attribute_name\": [\n                                    \"security_groups\"\n                                ],\n                                \"sg_id_attribute_name\": \"GroupId\"\n                            }\n                        ],\n                        [\n                            \"get_lb_attack_surface\",\n                            { }\n                        ]\n                    ]\n                }\n            },\n            \"summaries\": {\n                \"external attack surface\": {\n                    \"cols\": 1,\n                    \"path\": \"services.elbv2.external_attack_surface\"\n                }\n            }\n        },\n        \"awslambda\": {\n            \"resources\": {\n                \"functions\": {\n                    \"path\": \"services.awslambda.regions.id.functions\",\n                    \"callbacks\": [\n                        [\n                            \"match_security_groups_and_resources_callback\",\n                            {\n                                \"status_path\": [\n                                    \"runtime\"\n                                ],\n                                \"sg_list_attribute_name\": [\n                                    \"VpcConfig\",\n                                    \"SecurityGroupIds\"\n                                ]\n                            }\n                        ]\n                    ]\n                }\n            }\n        }\n    },\n    \"containers\": {\n        \"ecr\": {\n            \"resources\": {\n                \"images\": {\n                    \"cols\": 2,\n                    \"path\": \"services.ecr.regions.id.images\"\n                },\n                \"repositories\": {\n                    \"cols\": 2,\n                    \"path\": \"services.ecr.regions.id.repositories\"\n                }\n            }\n        },\n        \"ecs\": {\n            \"resources\": {\n                \"regions\": {\n                    \"cols\": 2,\n                    \"path\": \"services.ecs.regions\"\n                },\n                \"clusters\": {\n                    \"cols\": 2,\n                    \"path\": \"services.ecs.regions.id.clusters\"\n                }\n            }\n        },\n        \"eks\": {\n            \"resources\": {\n                \"clusters\": {\n                    \"cols\": 2,\n                    \"path\": \"services.eks.regions.id.clusters\"\n                }\n            }\n        }\n    },\n    \"security\": {\n        \"iam\": {\n            \"resources\": {\n                \"groups\": {\n                    \"cols\": 2,\n                    \"path\": \"services.iam.groups\"\n                },\n                \"policies\": {\n                    \"cols\": 2,\n                    \"path\": \"services.iam.policies\"\n                },\n                \"roles\": {\n                    \"cols\": 2,\n                    \"path\": \"services.iam.roles\"\n                },\n                \"users\": {\n                    \"cols\": 2,\n                    \"path\": \"services.iam.users\"\n                },\n                \"credential_reports\": {\n                    \"cols\": 2,\n                    \"path\": \"services.iam.credential_reports\"\n                }\n            },\n            \"summaries\": {\n                \"permissions\": {\n                    \"cols\": 1,\n                    \"path\": \"services.iam.permissions\"\n                },\n                \"password_policy\": {\n                    \"cols\": 1,\n                    \"path\": \"services.iam.password_policy\"\n                }\n            }\n        },\n        \"cognito\": {\n            \"resources\": {\n                \"identity_pools\": {\n                    \"cols\": 2,\n                    \"path\": \"services.cognito.regions.id.identity_pools\"\n                },\n                \"user_pools\": {\n                    \"cols\": 2,\n                    \"path\": \"services.cognito.regions.id.user_pools\"\n                }\n            }\n        },\n        \"acm\": {\n            \"resources\": {\n                \"certificates\": {\n                    \"cols\": 2,\n                    \"path\": \"services.acm.regions.id.certificates\"\n                }\n            }\n        },\n        \"guardduty\": {\n            \"resources\": {\n                \"regions\": {\n                    \"cols\": 2,\n                    \"path\": \"services.guardduty.regions\"\n                },\n                \"detectors\": {\n                    \"path\": \"services.guardduty.regions.id.detectors\"\n                }\n            }\n        },\n        \"kms\": {\n            \"resources\": {\n                \"keys\": {\n                    \"path\": \"services.kms.regions.id.keys\"\n                }\n            }\n        },\n        \"secretsmanager\" : {\n            \"resources\": {\n                \"secrets\": {\n                    \"cols\": 2,\n                    \"path\": \"services.secretsmanager.regions.id.secrets\"\n                }\n            }\n        }\n    },\n    \"database\": {\n        \"summaries\": {\n            \"external attack surface\": {\n                \"cols\": 1,\n                \"path\": \"service_groups.database.summaries.external_attack_surface\",\n                \"callbacks\": [\n                    [ \"merge\", {\"attribute\": \"external_attack_surface\"} ]\n                ]\n            }\n        },\n        \"dynamodb\": {\n            \"resources\": {\n                \"tables\": {\n                    \"path\": \"services.dynamodb.regions.id.tables\"\n                }\n            }\n        },\n        \"docdb\": {\n            \"resources\": {\n                \"clusters\": {\n                    \"path\": \"services.docdb.regions.id.clusters\"\n                }\n            }\n        },\n        \"elasticache\": {\n            \"resources\": {\n                \"clusters\": {\n                    \"cols\": 2,\n                    \"path\": \"services.elasticache.regions.id.vpcs.id.clusters\",\n                    \"callbacks\": [\n                        [ \"match_security_groups_and_resources_callback\", {\"status_path\": [\"CacheClusterStatus\"], \"sg_list_attribute_name\": [\"SecurityGroups\"], \"sg_id_attribute_name\": \"SecurityGroupId\"} ],\n                        [ \"get_db_attack_surface\", {} ]\n                    ]\n                },\n                \"parameter_groups\": {\n                    \"cols\": 2,\n                    \"path\": \"services.elasticache.regions.id.parameter_groups\"\n                },\n                \"security_groups\": {\n                    \"no_exceptions\": true,\n                    \"cols\": 2,\n                    \"path\": \"services.elasticache.regions.id.security_groups\"\n                },\n                \"subnet_groups\": {\n                    \"cols\": 2,\n                    \"path\": \"services.elasticache.regions.id.vpcs.id.subnet_groups\"\n                }\n            }\n        },\n        \"rds\": {\n            \"resources\": {\n                \"instances\": {\n                    \"cols\": 2,\n                    \"path\": \"services.rds.regions.id.vpcs.id.instances\",\n                    \"callbacks\": [\n                        [ \"match_security_groups_and_resources_callback\", {\"status_path\": [\"DBInstanceStatus\"], \"sg_list_attribute_name\": [\"VpcSecurityGroups\"], \"sg_id_attribute_name\": \"VpcSecurityGroupId\"} ],\n                        [ \"get_db_attack_surface\", {} ]\n                    ]\n                },\n                \"security_groups\": {\n                    \"no_exceptions\": true,\n                    \"cols\": 2,\n                    \"path\": \"services.rds.regions.id.security_groups\"\n                },\n                \"snapshots\": {\n                    \"cols\": 2,\n                    \"path\": \"services.rds.regions.id.vpcs.id.snapshots\"\n                },\n                \"parameter_groups\": {\n                    \"cols\": 2,\n                    \"path\": \"services.rds.regions.id.parameter_groups\"\n                },\n                \"subnet_groups\": {\n                    \"cols\": 2,\n                    \"path\": \"services.rds.regions.id.vpcs.id.subnet_groups\"\n                }\n            },\n            \"summaries\": {\n                \"external attack surface\": {\n                    \"cols\": 1,\n                    \"path\": \"services.rds.external_attack_surface\"\n                }\n            }\n        },\n        \"redshift\": {\n            \"resources\": {\n                \"clusters\": {\n                    \"cols\": 2,\n                    \"path\": \"services.redshift.regions.id.vpcs.id.clusters\",\n                    \"callbacks\": [\n                        [ \"match_security_groups_and_resources_callback\", {\"status_path\": [\"ClusterStatus\"], \"sg_list_attribute_name\": [\"VpcSecurityGroups\"], \"sg_id_attribute_name\": \"VpcSecurityGroupId\"} ],\n                        [ \"get_db_attack_surface\", {} ]\n                    ]\n                },\n                \"parameter_groups\": {\n                    \"cols\": 2,\n                    \"path\": \"services.redshift.regions.id.parameter_groups\"\n                },\n                \"security_groups\": {\n                    \"cols\": 2,\n                    \"path\": \"services.redshift.regions.id.security_groups\"\n                }\n            },\n            \"summaries\": {\n                \"external attack surface\": {\n                    \"cols\": 1,\n                    \"path\": \"services.redshift.external_attack_surface\"\n                }\n            }\n        }\n    },\n    \"storage\": {\n        \"efs\": {\n            \"hidden\": true,\n            \"resources\": {\n                \"file_systems\": {\n                    \"path\": \"services.efs.regions.id.file_systems\",\n                    \"callbacks\": [\n                        [ \"match_security_groups_and_resources_callback\", {\"status_path\": [\"LifeCycleState\"], \"sg_list_attribute_name\": [\"security_groups\"]} ]\n                    ]\n                }\n            }\n        },\n        \"s3\": {\n            \"resources\": {\n                \"buckets\": {\n                    \"cols\": 2,\n                    \"path\": \"services.s3.buckets\"\n                }\n            }\n        }\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/provider.py",
    "content": "import copy\nimport os\n\nfrom ScoutSuite.core.console import print_error, print_exception, print_warning, print_debug\nfrom ScoutSuite.providers.aws.services import AWSServicesConfig\nfrom ScoutSuite.providers.aws.resources.vpc.base import put_cidr_name\nfrom ScoutSuite.providers.aws.utils import ec2_classic, get_aws_account_id, get_partition_name\nfrom ScoutSuite.providers.base.configs.browser import combine_paths, get_object_at, get_value_at\nfrom ScoutSuite.providers.base.provider import BaseProvider\nfrom ScoutSuite.utils import manage_dictionary\n\n\nclass AWSProvider(BaseProvider):\n    \"\"\"\n    Implements provider for AWS\n    \"\"\"\n\n    def __init__(self, profile='default', report_dir=None, timestamp=None, services=None, skipped_services=None,\n                 result_format='json', **kwargs):\n        services = [] if services is None else services\n        skipped_services = [] if skipped_services is None else skipped_services\n\n        self.metadata_path = '%s/metadata.json' % os.path.split(os.path.abspath(__file__))[0]\n\n        self.sg_map = {}\n        self.subnet_map = {}\n\n        self.profile = profile\n        self.services_config = AWSServicesConfig\n\n        self.provider_code = 'aws'\n        self.provider_name = 'Amazon Web Services'\n        self.environment = self.profile\n        self.result_format = result_format\n\n        self.credentials = kwargs['credentials']\n\n        self.partition = get_partition_name(self.credentials.session)\n\n        self.account_id = get_aws_account_id(self.credentials.session)\n\n        super().__init__(report_dir, timestamp,\n                                          services, skipped_services, result_format)\n\n    def get_report_name(self):\n        \"\"\"\n        Returns the name of the report using the provider's configuration\n        \"\"\"\n        if self.profile:\n            return f'aws-{self.profile}'\n        elif self.account_id:\n            return f'aws-{self.account_id}'\n        else:\n            return 'aws'\n\n    def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):\n        \"\"\"\n        Tweak the AWS config to match cross-service resources and clean any fetching artifacts\n\n        :param ip_ranges:\n        :param ip_ranges_name_key:\n        :return: None\n        \"\"\"\n        ip_ranges = [] if ip_ranges is None else ip_ranges\n\n        # Various data processing calls\n        # Note that order of processing can matter\n\n        # TODO - this should be moved to the `finalize` method of the base resource, as it's not cross-service\n        self._map_all_subnets()\n\n        # TODO - this should be moved to the `finalize` method of the base resource, as it's not cross-service\n        if 'ec2' in self.service_list:\n            self._map_all_sgs()\n            self._add_security_group_name_to_ec2_grants()\n            self._check_ec2_zone_distribution()\n            self._add_last_snapshot_date_to_ec2_volumes()\n\n        if 'ec2' in self.service_list and 'iam' in self.service_list:\n            self._match_instances_and_roles()\n        \n        if 'ec2' in self.service_list and 'vpc' in self.service_list:\n            self._match_instances_and_vpcs()\n            self._match_instances_and_subnets()\n        \n        if 'ec2' in self.service_list and 'codebuild' in self.service_list:\n            self._update_sg_usage_codebuild()\n\n        if 'awslambda' in self.service_list and 'iam' in self.service_list:\n            self._match_lambdas_and_roles()\n\n        if 'elbv2' in self.service_list and 'ec2' in self.service_list:\n            self._add_security_group_data_to_elbv2()\n\n        if 's3' in self.service_list and 'iam' in self.service_list:\n            self._match_iam_policies_and_buckets()\n\n        # TODO - this should be moved to the `finalize` method of the base resource, as it's not cross-service\n        if 'elb' in self.services:\n            self._parse_elb_policies()\n\n        if 'emr' in self.service_list and 'ec2' in self.service_list and 'vpc' in self.service_list:\n            self._set_emr_vpc_ids()\n\n        self._add_cidr_display_name(ip_ranges, ip_ranges_name_key)\n\n        super().preprocessing()\n\n    def _add_cidr_display_name(self, ip_ranges, ip_ranges_name_key):\n        if len(ip_ranges):\n            callback_args = {'ip_ranges': ip_ranges,\n                             'ip_ranges_name_key': ip_ranges_name_key}\n            self._go_to_and_do(self.services['ec2'],\n                               ['regions', 'vpcs', 'security_groups', 'rules', 'protocols', 'ports'],\n                               ['services', 'ec2'],\n                               put_cidr_name,\n                               callback_args)\n\n    def _add_security_group_name_to_ec2_grants(self):\n        \"\"\"\n        Github issue #24: display the security group names in the list of grants (added here to have ligher JS code)\n        \"\"\"\n        self._go_to_and_do(self.services['ec2'],\n                           ['regions', 'vpcs', 'security_groups', 'rules', 'protocols', 'ports', 'security_groups'],\n                           [],\n                           self.add_security_group_name_to_ec2_grants_callback,\n                           {'AWSAccountId': self.account_id})\n\n    def _add_security_group_data_to_elbv2(self):\n        def check_security_group_rules(lb, index, traffic_type):\n            none = 'N/A'\n            if traffic_type == 'ingress':\n                output = 'valid_inbound_rules'\n            elif traffic_type == 'egress':\n                output = 'valid_outbound_rules'\n            for protocol in lb['security_groups'][index]['rules'][traffic_type]['protocols']:\n                for port in lb['security_groups'][index]['rules'][traffic_type]['protocols'][protocol]['ports']:\n                    lb['security_groups'][index][output] = True\n                    if port not in lb['listeners'] and port != none:\n                        lb['security_groups'][index][output] = False\n\n        ec2_config = self.services['ec2']\n        elbv2_config = self.services['elbv2']\n        for region in elbv2_config['regions']:\n            for vpc in elbv2_config['regions'][region]['vpcs']:\n                for lb in elbv2_config['regions'][region]['vpcs'][vpc]['lbs']:\n                    for i in range(0, len(elbv2_config['regions'][region]['vpcs'][vpc]['lbs'][lb]['security_groups'])):\n                        for sg in ec2_config['regions'][region]['vpcs'][vpc]['security_groups']:\n                            group_id = elbv2_config['regions'][region]['vpcs'][vpc]['lbs'][lb]['security_groups'][i][\n                                'GroupId']\n                            if 'GroupId' in elbv2_config['regions'][region]['vpcs'][vpc]['lbs'][lb]['security_groups'][\n                                i] and group_id == sg:\n                                elbv2_config['regions'][region]['vpcs'][vpc]['lbs'][lb]['security_groups'][i] = \\\n                                    ec2_config['regions'][region]['vpcs'][vpc]['security_groups'][sg]\n                                elbv2_config['regions'][region]['vpcs'][vpc]['lbs'][lb]['security_groups'][i][\n                                    'GroupId'] = group_id\n\n                        check_security_group_rules(\n                            elbv2_config['regions'][region]['vpcs'][vpc]['lbs'][lb], i, 'ingress')\n                        check_security_group_rules(\n                            elbv2_config['regions'][region]['vpcs'][vpc]['lbs'][lb], i, 'egress')\n\n    def _check_ec2_zone_distribution(self):\n        regions = self.services['ec2']['regions'].values()\n        self.services['ec2']['number_of_regions_with_instances'] = sum(r['instances_count'] > 0 for r in regions)\n\n        for regions in self.services['ec2']['regions'].values():\n            instances_availability_zones = set()\n            for vpcs in regions['vpcs'].values():\n                for instance in vpcs['instances'].values():\n                    instances_availability_zones.add(instance.get('availability_zone'))\n            regions['instances_availability_zones'] = len(instances_availability_zones)\n\n    def _add_last_snapshot_date_to_ec2_volumes(self):\n        for region in self.services['ec2']['regions'].values():\n            for volumeId, volume in region.get('volumes').items():\n                completed_snapshots = [s for s in region['snapshots'].values() if\n                                       s['volume_id'] == volumeId and s['state'] == 'completed']\n                sorted_snapshots = sorted(\n                    completed_snapshots, key=lambda s: s['start_time'], reverse=True)\n                volume['LastSnapshotDate'] = sorted_snapshots[0]['start_time'] if len(\n                    sorted_snapshots) > 0 else None\n\n    def add_security_group_name_to_ec2_grants_callback(self, current_config, path, current_path, ec2_grant,\n                                                       callback_args):\n        sg_id = ec2_grant['GroupId']\n        if sg_id in current_path:\n            target = current_path[:(current_path.index(sg_id) + 1)]\n            ec2_grant['GroupName'] = get_value_at(self.services['ec2'], target, 'name')\n        elif 'UserId' in ec2_grant and ec2_grant['UserId'] == callback_args['AWSAccountId']:\n            if 'VpcId' in ec2_grant:\n                target = current_path[:(current_path.index('vpcs') + 1)]\n                target.append(ec2_grant['VpcId'])\n                target.append('security_groups')\n                target.append(sg_id)\n            else:\n                target = current_path[:(\n                        current_path.index('security_groups') + 1)]\n                target.append(sg_id)\n            ec2_grant['GroupName'] = get_value_at(self.services['ec2'], target, 'name')\n        elif 'PeeringStatus' in ec2_grant:\n            # Can't infer the name of the SG in the peered account\n            pass\n        else:\n            print_warning('Failed to handle EC2 grant: %s' % ec2_grant)\n\n    def process_network_acls_callback(self, current_config, path, current_path, privateip_id, callback_args):\n        # Check if the network ACL allows all traffic from all IP addresses\n        self._process_network_acls_check_for_allow_all(\n            current_config, 'ingress')\n        self._process_network_acls_check_for_allow_all(\n            current_config, 'egress')\n        # Check if the network ACL only has the default rules\n        self._process_network_acls_check_for_aws_default(\n            current_config, 'ingress')\n        self._process_network_acls_check_for_aws_default(\n            current_config, 'egress')\n\n    @staticmethod\n    def _process_network_acls_check_for_allow_all(network_acl, direction):\n        network_acl['allow_all_%s_traffic' % direction] = 0\n        for rule_number in network_acl['rules'][direction]:\n            rule = network_acl['rules'][direction][rule_number]\n            if rule['RuleAction'] == 'deny':\n                # If a deny rule appears before an allow all, do not raise the flag\n                break\n            if (rule['CidrBlock'] == '0.0.0.0/0') and (rule['RuleAction'] == 'allow') and (\n                    rule['port_range'] == '1-65535') and (rule['protocol'] == 'ALL'):\n                network_acl['allow_all_%s_traffic' % direction] = rule_number\n                break\n\n    @staticmethod\n    def _process_network_acls_check_for_aws_default(network_acl, direction):\n        if len(network_acl['rules'][direction]) == 2 and int(\n                network_acl['allow_all_%s_traffic' % direction]) > 0 and '100' in network_acl['rules'][direction]:\n            # Assume it is AWS' default rules because there are 2 rules (100 and 65535) and the first rule allows all\n            # traffic\n            network_acl['use_default_%s_rules' % direction] = True\n        else:\n            network_acl['use_default_%s_rules' % direction] = False\n\n    def list_ec2_network_attack_surface_callback(self, current_config, path, current_path, privateip_id, callback_args):\n        try:\n            manage_dictionary(self.services['ec2'], 'external_attack_surface', {})\n            if 'Association' in current_config and current_config['Association']:\n                public_ip = current_config['Association']['PublicIp']\n                self._security_group_to_attack_surface(self.services['ec2']['external_attack_surface'],\n                                                       public_ip, current_path,\n                                                       [g['GroupId']\n                                                        for g in current_config['Groups']],\n                                                       [])\n                self._complete_information_on_ec2_attack_surface(current_config, current_path, public_ip)\n\n            # IPv6\n            if 'Ipv6Addresses' in current_config and len(current_config['Ipv6Addresses']) > 0:\n                for ipv6 in current_config.get('Ipv6Addresses', []):\n                    ip = ipv6['Ipv6Address']\n                    self._security_group_to_attack_surface(self.services['ec2']['external_attack_surface'],\n                                                           ip, current_path,\n                                                           [g['GroupId'] for g in current_config['Groups']], [])\n                    self._complete_information_on_ec2_attack_surface(current_config, current_path, ip)\n        except Exception as e:\n            print_exception(f\"Error listing EC2 network attack surface: {e}\")\n\n    def _complete_information_on_ec2_attack_surface(self, current_config, current_path, public_ip):\n        try:\n            # Get the EC2 instance info\n            ec2_info = self.services\n            for p in current_path[1:-3]:\n                ec2_info = ec2_info[p]\n            # Fill the rest of the attack surface details on that IP\n            self.services['ec2']['external_attack_surface'][public_ip]['InstanceName'] = ec2_info.get('name')\n            if current_config is not None and 'PublicDnsName' in current_config.get('Association', {}):\n                self.services['ec2']['external_attack_surface'][public_ip]['PublicDnsName'] = \\\n                    current_config.get('Association', {}).get('PublicDnsName')\n        except Exception as e:\n            print_exception(f\"Error completing EC2 network attack surface information: {e}\")\n\n    def _map_all_sgs(self):\n        sg_map = dict()\n        self._go_to_and_do(self.services['ec2'],\n                           ['regions', 'vpcs', 'security_groups'],\n                           ['services', 'ec2'],\n                           self.map_resource,\n                           {'map': sg_map})\n        self.sg_map = sg_map\n\n    def _map_all_subnets(self):\n        subnet_map = dict()\n        self._go_to_and_do(self.services['vpc'],\n                           ['regions', 'vpcs', 'subnets'],\n                           ['services', 'vpc'],\n                           self.map_resource,\n                           {'map': subnet_map})\n        self.subnet_map = subnet_map\n\n    @staticmethod\n    def map_resource(current_config, path, current_path, resource_id, callback_args):\n        if resource_id not in callback_args['map']:\n            callback_args['map'][resource_id] = {'region': current_path[3]}\n            if len(current_path) > 5:\n                callback_args['map'][resource_id]['vpc_id'] = current_path[5]\n\n    def _match_iam_policies_and_buckets(self):\n        s3_info = self.services['s3']\n        iam_info = self.services['iam']\n        if 'Action' in iam_info['permissions']:\n            for action in (x for x in iam_info['permissions']['Action'] if\n                           ((x.startswith('s3:') and x != 's3:ListAllMyBuckets') or (x == '*'))):\n                for iam_entity in iam_info['permissions']['Action'][action]:\n                    if 'Allow' in iam_info['permissions']['Action'][action][iam_entity]:\n                        for allowed_iam_entity in iam_info['permissions']['Action'][action][iam_entity]['Allow']:\n                            # For resource statements, we can easily rely on the existing permissions structure\n                            if 'Resource' in \\\n                                    iam_info['permissions']['Action'][action][iam_entity]['Allow'][allowed_iam_entity]:\n                                for full_path in (x for x in\n                                                  iam_info['permissions']['Action'][action][iam_entity]['Allow'][\n                                                      allowed_iam_entity]['Resource'] if\n                                                  x.startswith('arn:aws:s3:') or x == '*'):\n                                    parts = full_path.split('/')\n                                    bucket_name = parts[0].split(':')[-1]\n                                    self._update_iam_permissions(s3_info, bucket_name, iam_entity, allowed_iam_entity,\n                                                                 iam_info['permissions']['Action'][action][iam_entity][\n                                                                     'Allow'][allowed_iam_entity]['Resource'][\n                                                                     full_path])\n                            # For notresource statements, we must fetch the policy document to determine which\n                            # buckets are not protected\n                            if 'NotResource' in iam_info['permissions']['Action'][action][iam_entity]['Allow'][\n                                allowed_iam_entity]:\n                                for full_path in (x for x in\n                                                  iam_info['permissions']['Action'][action][iam_entity]['Allow'][\n                                                      allowed_iam_entity]['NotResource'] if\n                                                  x.startswith('arn:aws:s3:') or x == '*'):\n                                    for policy_type in ['InlinePolicies', 'ManagedPolicies']:\n                                        if policy_type in \\\n                                                iam_info['permissions']['Action'][action][iam_entity]['Allow'][\n                                                    allowed_iam_entity]['NotResource'][full_path]:\n                                            for policy in \\\n                                                    iam_info['permissions']['Action'][action][iam_entity]['Allow'][\n                                                        allowed_iam_entity]['NotResource'][full_path][policy_type]:\n                                                self._update_bucket_permissions(s3_info, iam_info, action, iam_entity,\n                                                                                allowed_iam_entity, full_path,\n                                                                                policy_type,\n                                                                                policy)\n\n    def _update_bucket_permissions(self, s3_info, iam_info, action, iam_entity, allowed_iam_entity, full_path,\n                                   policy_type,\n                                   policy_name):\n        global policy\n        allowed_buckets = []\n        # By default, all buckets are allowed\n        for bucket_name in s3_info['buckets']:\n            allowed_buckets.append(bucket_name)\n        if policy_type == 'InlinePolicies':\n            policy = iam_info[iam_entity.title(\n            )][allowed_iam_entity]['Policies'][policy_name]['PolicyDocument']\n        elif policy_type == 'ManagedPolicies':\n            policy = iam_info['ManagedPolicies'][policy_name]['PolicyDocument']\n        else:\n            print_error('Error, found unknown policy type.')\n        for statement in policy['Statement']:\n            for target_path in statement['NotResource']:\n                parts = target_path.split('/')\n                bucket_name = parts[0].split(':')[-1]\n                path = '/' + '/'.join(parts[1:]) if len(parts) > 1 else '/'\n                if (path == '/' or path == '/*') and (bucket_name in allowed_buckets):\n                    # Remove bucket from list\n                    allowed_buckets.remove(bucket_name)\n                elif bucket_name == '*':\n                    allowed_buckets = []\n        policy_info = {policy_type: {}}\n        policy_info[policy_type][policy_name] = \\\n            iam_info['permissions']['Action'][action][iam_entity]['Allow'][allowed_iam_entity]['NotResource'][\n                full_path][\n                policy_type][policy_name]\n        for bucket_name in allowed_buckets:\n            self._update_iam_permissions(\n                s3_info, bucket_name, iam_entity, allowed_iam_entity, policy_info)\n\n    def _update_iam_permissions(self, s3_info, bucket_name, iam_entity, allowed_iam_entity, policy_info):\n        if 's3' in self.service_list and 'iam' in self.service_list:  # validate both services were included in run\n            if bucket_name != '*' and bucket_name in s3_info['buckets']:\n                bucket = s3_info['buckets'][bucket_name]\n                manage_dictionary(bucket, iam_entity, {})\n                manage_dictionary(bucket, iam_entity + '_count', 0)\n                if allowed_iam_entity not in bucket[iam_entity]:\n                    bucket[iam_entity][allowed_iam_entity] = {}\n                    bucket[iam_entity + '_count'] = bucket[iam_entity + '_count'] + 1\n\n                if 'inline_policies' in policy_info:\n                    manage_dictionary(\n                        bucket[iam_entity][allowed_iam_entity], 'inline_policies', {})\n                    bucket[iam_entity][allowed_iam_entity]['inline_policies'].update(\n                        policy_info['inline_policies'])\n                if 'policies' in policy_info:\n                    manage_dictionary(bucket[iam_entity]\n                                      [allowed_iam_entity], 'policies', {})\n                    bucket[iam_entity][allowed_iam_entity]['policies'].update(\n                        policy_info['policies'])\n            elif bucket_name == '*':\n                for bucket in s3_info['buckets']:\n                    self._update_iam_permissions(\n                        s3_info, bucket, iam_entity, allowed_iam_entity, policy_info)\n            else:\n                # Could be an error or cross-account access, ignore\n                pass\n\n    def match_network_acls_and_subnets_callback(self, current_config, path, current_path, acl_id, callback_args):\n        for association in current_config['Associations']:\n            subnet_path = current_path[:-1] + \\\n                          ['subnets', association['SubnetId']]\n            subnet = get_object_at(self, subnet_path)\n            subnet['network_acl'] = acl_id\n\n    def _match_instances_and_subnets(self):\n        ec2_instances = self._get_ec2_instances_details(['id', 'vpc', 'region', 'SubnetId'])  # fetch all EC2 instances with only required fields\n        for instance in ec2_instances.values():\n            subnet = self.services['vpc']['regions'][instance['region']]['vpcs'][instance['vpc']]['subnets'][instance['SubnetId']]  # find the subnet reference\n            manage_dictionary(subnet, 'instances', [])  # initialize instances list for the subnet (if not already set)\n            if instance['id'] not in subnet['instances']:  # if instance is not already mapped to the subnet\n                subnet['instances'].append(instance['id'])  # append EC2 instance ID to instance list in subnet\n\n    def _get_ec2_instances_details(self, details=None):\n        \"\"\"\n        Fetches a list of EC2 instances \n\n        :param details [str]:       (Optional) List of details to be included, if not specified, all details will be included\n        :return:                    A dictionary of EC2 instances with the specified details\n        \"\"\"\n        ec2_instances = {}\n        for ec2_region_id, ec2_region_data in self.services['ec2']['regions'].items():\n            if ec2_region_data['instances_count'] > 0:\n                for region_vpc_id, region_vpc_data in ec2_region_data['vpcs'].items():\n                    if region_vpc_data['instances_count'] > 0:\n                        for ec2_instance_id, ec2_instance_data in region_vpc_data['instances'].items():\n                            ec2_instances[ec2_instance_id] = ec2_instance_data.copy()\n                            ec2_instances[ec2_instance_id]['region'] = ec2_region_id\n                            ec2_instances[ec2_instance_id]['vpc'] = region_vpc_id\n        if details is not None:\n            for instance_key in ec2_instances.keys():\n                for detail in list(ec2_instances[instance_key].keys()):\n                    if detail not in details:\n                        ec2_instances[instance_key].pop(detail, None)\n        return ec2_instances\n\n    def _match_instances_and_vpcs(self):\n        ec2_instances = self._get_ec2_instances_details(['id', 'vpc', 'region'])  # fetch all EC2 instances with only required fields\n        for instance in ec2_instances.values():\n            vpc = self.services['vpc']['regions'][instance['region']]['vpcs'][instance['vpc']]  # find the VPC reference\n            manage_dictionary(vpc, 'instances', [])  # initialize instances list for the VPC (if not already set)\n            if instance['id'] not in vpc['instances']:  # if instance is not already mapped to the VPC\n                vpc['instances'].append(instance['id'])  # append EC2 instance ID to instance list in VPC\n\n    def _match_instances_and_roles(self):\n        if 'ec2' in self.service_list and 'iam' in self.service_list:  # validate both services were included in run\n            ec2_config = self.services['ec2']\n            iam_config = self.services['iam']\n            role_instances = {}\n            for r in ec2_config['regions']:\n                for v in ec2_config['regions'][r]['vpcs']:\n                    if 'instances' in ec2_config['regions'][r]['vpcs'][v]:\n                        for i in ec2_config['regions'][r]['vpcs'][v]['instances']:\n                            instance_profile = ec2_config['regions'][r]['vpcs'][v]['instances'][i]['IamInstanceProfile']\n                            instance_profile_id = instance_profile['Id'] if instance_profile else None\n                            if instance_profile_id:\n                                manage_dictionary(\n                                    role_instances, instance_profile_id, [])\n                                role_instances[instance_profile_id].append(i)\n            for role_id in iam_config['roles']:\n                iam_config['roles'][role_id]['instances_count'] = 0\n                for instance_profile_id in iam_config['roles'][role_id]['instance_profiles']:\n                    if instance_profile_id in role_instances:\n                        iam_config['roles'][role_id]['instance_profiles'][instance_profile_id]['instances'] = \\\n                            role_instances[instance_profile_id]\n                        iam_config['roles'][role_id]['instances_count'] += len(\n                            role_instances[instance_profile_id])\n\n    def _match_lambdas_and_roles(self):\n        if self.services.get('awslambda') and self.services.get('iam'):\n            awslambda_config = self.services['awslambda']\n            iam_config = self.services['iam']\n            awslambda_funtions = {}\n            for r in awslambda_config['regions']:\n                for lambda_function in awslambda_config['regions'][r]['functions']:\n                    awslambda_function = awslambda_config['regions'][r]['functions'][lambda_function]\n                    awslambda_function['region'] = r\n                    if awslambda_function['role_arn'] in awslambda_funtions:\n                        awslambda_funtions[awslambda_function['role_arn']][awslambda_function['name']] = awslambda_function\n                    else:\n                        awslambda_funtions[awslambda_function['role_arn']] = {awslambda_function['name']: awslambda_function}\n            for role_id in iam_config['roles']:\n                iam_config['roles'][role_id]['awslambdas_count'] = 0\n                if iam_config['roles'][role_id]['arn'] in awslambda_funtions:\n                    iam_config['roles'][role_id]['awslambdas'] = awslambda_funtions[iam_config['roles'][role_id]['arn']]\n                    iam_config['roles'][role_id]['awslambdas_count'] = len(awslambda_funtions[iam_config['roles'][role_id]['arn']])\n\n    def process_vpc_peering_connections_callback(self, current_config, path, current_path, pc_id, callback_args):\n\n        # Create a list of peering connection IDs in each VPC\n        info = 'AccepterVpcInfo' if current_config['AccepterVpcInfo'][\n                                        'OwnerId'] == self.account_id else 'RequesterVpcInfo'\n        region = current_path[current_path.index('regions') + 1]\n        vpc_id = current_config[info]['VpcId']\n        if vpc_id not in self.services['vpc']['regions'][region]['vpcs']:\n            region = current_config['AccepterVpcInfo']['Region']\n\n        # handle edge case where the region wasn't included in the execution\n        if region in self.services['vpc']['regions']:\n            target = self.services['vpc']['regions'][region]['vpcs'][vpc_id]\n            manage_dictionary(target, 'peering_connections', [])\n            if pc_id not in target['peering_connections']:\n                target['peering_connections'].append(pc_id)\n\n        # VPC information for the peer'd VPC\n        current_config['peer_info'] = copy.deepcopy(\n            current_config['AccepterVpcInfo' if info == 'RequesterVpcInfo' else 'RequesterVpcInfo'])\n        if 'PeeringOptions' in current_config['peer_info']:\n            current_config['peer_info'].pop('PeeringOptions')\n        if hasattr(self, 'organization') and current_config['peer_info']['OwnerId'] in self.organization:\n            current_config['peer_info']['name'] = self.organization[current_config['peer_info']['OwnerId']][\n                'Name']\n        else:\n            current_config['peer_info']['name'] = current_config['peer_info']['OwnerId']\n\n    def match_roles_and_cloudformation_stacks_callback(self,\n                                                       current_config, path, current_path, stack_id, callback_args):\n        try:\n            if 'RoleARN' not in current_config:\n                return\n            role_arn = current_config.pop('RoleARN')\n            current_config['iam_role'] = self._get_role_info('arn', role_arn)\n        except Exception as e:\n            print_exception(f'Unable to match roles and CloudFormation stacks: {e}')\n\n    def match_roles_and_vpc_flowlogs_callback(self, current_config, path, current_path, flowlog_id, callback_args):\n        if 'DeliverLogsPermissionArn' not in current_config:\n            return\n        delivery_role_arn = current_config.pop('DeliverLogsPermissionArn')\n        current_config['delivery_role'] = self._get_role_info(\n            'arn', delivery_role_arn)\n\n    def _get_role_info(self, attribute_name, attribute_value):\n        try:\n            iam_role_info = {'name': None, 'id': None}\n            for role_id in self.services['iam'].get('roles', []):\n                if self.services['iam']['roles'][role_id][attribute_name] == attribute_value:\n                    iam_role_info['name'] = self.services['iam']['roles'][role_id]['name']\n                    iam_role_info['id'] = role_id\n                    break\n            return iam_role_info\n        except Exception as e:\n            print_exception(f'Unable to get role info for attribute {attribute_name} with value {attribute_value}: {e}')\n\n    def match_security_groups_and_resources_callback(self, current_config, path, current_path, resource_id,\n                                                     callback_args):\n        if 'ec2' in self.service_list:  # validate that the service was included in run\n            service = current_path[1]\n            original_resource_path = combine_paths(\n                copy.deepcopy(current_path), [resource_id])\n            resource = get_object_at(self, original_resource_path)\n            if 'resource_id_path' not in callback_args:\n                resource_type = current_path[-1]\n                resource_path = copy.deepcopy(current_path)\n                resource_path.append(resource_id)\n            else:\n                resource_path = combine_paths(copy.deepcopy(\n                    current_path), callback_args['resource_id_path'])\n                resource_id = resource_path[-1]\n                resource_type = resource_path[-2]\n            if 'status_path' in callback_args:\n                status_path = combine_paths(copy.deepcopy(\n                    original_resource_path), callback_args['status_path'])\n                obj = get_object_at(self, status_path)\n                if obj:\n                    resource_status = obj.replace('.', '_')\n                else:\n                    resource_status = obj\n            else:\n                resource_status = None\n            unknown_vpc_id = True if current_path[4] != 'vpcs' else False\n            # Issue 89 & 91 : can instances have no security group?\n            try:\n                try:\n                    sg_attribute = get_object_at(\n                        resource, callback_args['sg_list_attribute_name'])\n                except Exception as e:\n                    return\n                if type(sg_attribute) != list:\n                    sg_attribute = [sg_attribute]\n                for resource_sg in sg_attribute:\n                    if type(resource_sg) == dict:\n                        sg_id = resource_sg[callback_args['sg_id_attribute_name']]\n                    else:\n                        sg_id = resource_sg\n                    if unknown_vpc_id and sg_id:\n                        vpc_id = self.sg_map[sg_id]['vpc_id']\n                        sg_base_path = copy.deepcopy(current_path[0:4])\n                        sg_base_path[1] = 'ec2'\n                        sg_base_path = sg_base_path + \\\n                                       ['vpcs', vpc_id, 'security_groups']\n                    else:\n                        sg_base_path = copy.deepcopy(current_path[0:6])\n                        sg_base_path[1] = 'ec2'\n                        sg_base_path.append('security_groups')\n                    sg_path = copy.deepcopy(sg_base_path)\n                    sg_path.append(sg_id)\n                    sg = get_object_at(self, sg_path)\n                    # Add usage information\n                    manage_dictionary(sg, 'used_by', {})\n                    manage_dictionary(sg['used_by'], service, {})\n                    manage_dictionary(sg['used_by'][service], 'resource_type', {})\n                    manage_dictionary(sg['used_by'][service]['resource_type'], resource_type, {\n                    } if resource_status else [])\n                    if resource_status:\n                        manage_dictionary(\n                            sg['used_by'][service]['resource_type'][resource_type], resource_status, [])\n                        if resource_id not in sg['used_by'][service]['resource_type'][resource_type][resource_status]:\n                            sg['used_by'][service]['resource_type'][resource_type][resource_status].append(\n                                {'id': resource_id, 'name': resource['name']})\n                    else:\n                        sg['used_by'][service]['resource_type'][resource_type].append(\n                            {'id': resource_id, 'name': resource['name']})\n            except Exception as e:\n                if resource_type == 'elbs' and current_path[5] == ec2_classic:\n                    pass\n                elif not self.services['ec2']:  # service not included in run\n                    pass\n                elif not str(e):\n                    print_exception(f'Failed to parse {resource_type}')\n                else:\n                    print_exception(f'Failed to parse {resource_type}: {e}')\n\n    def _set_emr_vpc_ids(self):\n        clear_list = []\n        self._go_to_and_do(self.services['emr'],\n                           ['regions', 'vpcs'],\n                           ['services', 'emr'],\n                           self.set_emr_vpc_ids_callback,\n                           {'clear_list': clear_list})\n        for region in clear_list:\n            self.services['emr']['regions'][region]['vpcs'].pop('EMR-UNKNOWN-VPC')\n\n    def set_emr_vpc_ids_callback(self, current_config, path, current_path, vpc_id, callback_args):\n        if vpc_id != 'EMR-UNKNOWN-VPC':\n            return\n        region = current_path[3]\n        vpc_id = sg_id = subnet_id = None\n        pop_list = []\n        for cluster_id in current_config['clusters']:\n            cluster = current_config['clusters'][cluster_id]\n            if 'EmrManagedMasterSecurityGroup' in cluster['Ec2InstanceAttributes']:\n                sg_id = cluster['Ec2InstanceAttributes']['EmrManagedMasterSecurityGroup']\n            elif 'RequestedEc2SubnetIds' in cluster['Ec2InstanceAttributes']:\n                subnet_id = cluster['Ec2InstanceAttributes']['RequestedEc2SubnetIds']\n            else:\n                print_warning('Unable to determine VPC id for EMR cluster %s' % str(cluster_id))\n                continue\n            if sg_id in self.sg_map:\n                vpc_id = self.sg_map[sg_id]['vpc_id']\n                pop_list.append(cluster_id)\n            else:\n                sid_found = False\n                if subnet_id:\n                    for sid in subnet_id:\n                        if sid in self.subnet_map:\n                            vpc_id = self.subnet_map[sid]['vpc_id']\n                            pop_list.append(cluster_id)\n                            sid_found = True\n                if not sid_found:\n                    print_warning('Unable to determine VPC id for %s' % (str(subnet_id) if subnet_id else str(sg_id)))\n                    continue\n            if vpc_id:\n                region_vpcs_config = get_object_at(self, current_path)\n                manage_dictionary(region_vpcs_config, vpc_id, {'clusters': {}})\n                region_vpcs_config[vpc_id]['clusters'][cluster_id] = cluster\n        for cluster_id in pop_list:\n            current_config['clusters'].pop(cluster_id)\n        if len(current_config['clusters']) == 0:\n            callback_args['clear_list'].append(region)\n\n    def sort_vpc_flow_logs_callback(self, current_config, path, current_path, flow_log_id, callback_args):\n        attached_resource = current_config['resource_id']\n        if attached_resource.startswith('vpc-'):\n            vpc_path = combine_paths(\n                current_path[0:4], ['vpcs', attached_resource])\n            try:\n                attached_vpc = get_object_at(self, vpc_path)\n            except Exception:\n                print_debug(\n                    'It appears that the flow log %s is attached to a resource that was previously deleted (%s).' % (\n                        flow_log_id, attached_resource))\n                return\n            manage_dictionary(attached_vpc, 'flow_logs', [])\n            if flow_log_id not in attached_vpc['flow_logs']:\n                attached_vpc['flow_logs'].append(flow_log_id)\n            for subnet_id in attached_vpc['subnets']:\n                manage_dictionary(\n                    attached_vpc['subnets'][subnet_id], 'flow_logs', [])\n                if flow_log_id not in attached_vpc['subnets'][subnet_id]['flow_logs']:\n                    attached_vpc['subnets'][subnet_id]['flow_logs'].append(\n                        flow_log_id)\n        elif attached_resource.startswith('subnet-'):\n            subnet_path = combine_paths(current_path[0:4],\n                                        ['vpcs', self.subnet_map[attached_resource]['vpc_id'], 'subnets',\n                                         attached_resource])\n            subnet = get_object_at(self, subnet_path)\n            manage_dictionary(subnet, 'flow_logs', [])\n            if flow_log_id not in subnet['flow_logs']:\n                subnet['flow_logs'].append(flow_log_id)\n        else:\n            print_warning('Resource %s attached to flow logs is not handled' % attached_resource)\n\n    def get_db_attack_surface(self, current_config, path, current_path, db_id, callback_args):\n        service = current_path[1]\n        service_config = self.services[service]\n        manage_dictionary(service_config, 'external_attack_surface', {})\n        if (service == 'redshift' or service == 'rds') and 'PubliclyAccessible' in current_config and current_config[\n            'PubliclyAccessible']:\n            public_dns = current_config['Endpoint']['Address']\n            listeners = [current_config['Endpoint']['Port']]\n            security_groups = current_config['VpcSecurityGroups']\n            self._security_group_to_attack_surface(service_config['external_attack_surface'], public_dns,\n                                                   current_path, [\n                                                       g['VpcSecurityGroupId'] for g in security_groups],\n                                                   listeners)\n        elif 'ConfigurationEndpoint' in current_config:\n            # TODO : get the proper addresss\n            public_dns = current_config['ConfigurationEndpoint']['Address'].replace(\n                '.cfg', '')\n            listeners = [current_config['ConfigurationEndpoint']['Port']]\n            security_groups = current_config.get('SecurityGroups', {})\n            self._security_group_to_attack_surface(service_config['external_attack_surface'], public_dns,\n                                                   current_path, [\n                                                       g['SecurityGroupId'] for g in security_groups],\n                                                   listeners)\n            # TODO :: Get Redis endpoint information\n\n    def get_lb_attack_surface(self, current_config, path, current_path, elb_id, callback_args):\n        try:\n            public_dns = current_config['DNSName']\n            elb_config = self.services[current_path[1]]\n            manage_dictionary(elb_config, 'external_attack_surface', {})\n            if current_path[1] == 'elbv2' and current_config['Type'] == 'network':\n                # Network LBs do not have a security group, lookup listeners instead\n                manage_dictionary(\n                    elb_config['external_attack_surface'], public_dns, {'protocols': {}})\n                for listener in current_config['listeners']:\n                    protocol = current_config['listeners'][listener]['Protocol']\n                    manage_dictionary(elb_config['external_attack_surface'][public_dns]['protocols'], protocol,\n                                      {'ports': {}})\n                    manage_dictionary(elb_config['external_attack_surface'][public_dns]['protocols'][protocol]['ports'],\n                                      listener, {'cidrs': []})\n                    elb_config['external_attack_surface'][public_dns]['protocols'][protocol]['ports'][listener][\n                        'cidrs'].append({'CIDR': '0.0.0.0/0'})\n            elif current_path[1] == 'elbv2' and current_config['Scheme'] == 'internet-facing':\n                elb_config['external_attack_surface'][public_dns] = {\n                    'protocols': {}}\n                security_groups = [g['GroupId']\n                                   for g in current_config['security_groups']]\n                listeners = []\n                for listener in current_config['listeners']:\n                    listeners.append(listener)\n                self._security_group_to_attack_surface(elb_config['external_attack_surface'], public_dns,\n                                                       current_path, security_groups, listeners)\n            elif current_config['Scheme'] == 'internet-facing':\n                # Classic ELbs do not have a security group, lookup listeners instead\n                public_dns = current_config['DNSName']\n                manage_dictionary(elb_config['external_attack_surface'], public_dns, {\n                    'protocols': {'TCP': {'ports': {}}}})\n                for listener in current_config['listeners']:\n                    manage_dictionary(elb_config['external_attack_surface'][public_dns]['protocols']['TCP']['ports'],\n                                      listener, {'cidrs': []})\n                    elb_config['external_attack_surface'][public_dns]['protocols']['TCP']['ports'][listener][\n                        'cidrs'].append({'CIDR': '0.0.0.0/0'})\n        except Exception as e:\n            print_exception(f'Failed to get LB attack surface: {e}')\n\n\n    def _security_group_to_attack_surface(self, attack_surface_config, public_ip, current_path,\n                                          security_groups, listeners=None):\n        try:\n            listeners = [] if listeners is None else listeners\n            manage_dictionary(attack_surface_config, public_ip, {'protocols': {}})\n            instance_path = current_path[:-3]\n            if 'ec2' in self.service_list:  # validate that the service was included in run\n                for sg_id in security_groups:\n                    sg_path = copy.deepcopy(current_path[0:6])\n                    sg_path[1] = 'ec2'\n                    sg_path.append('security_groups')\n                    sg_path.append(sg_id)\n                    sg_path.append('rules')\n                    sg_path.append('ingress')\n                    ingress_rules = get_object_at(self, sg_path)\n                    for p in ingress_rules['protocols']:\n                        for port in ingress_rules['protocols'][p]['ports']:\n                            if len(listeners) == 0 and 'cidrs' in ingress_rules['protocols'][p]['ports'][port]:\n                                manage_dictionary(\n                                    attack_surface_config[public_ip]['protocols'], p, {'ports': {}})\n                                manage_dictionary(attack_surface_config[public_ip]['protocols'][p]['ports'], port,\n                                                  {'cidrs': []})\n                                attack_surface_config[public_ip]['protocols'][p]['ports'][port]['cidrs'] += \\\n                                    ingress_rules['protocols'][p]['ports'][port]['cidrs']\n                            else:\n                                ports = port.split('-')\n                                if len(ports) > 1:\n                                    try:\n                                        if port[0]:\n                                            port_min = int(ports[0])\n                                        else:\n                                            port_min = None\n                                        if port[1]:\n                                            port_max = int(ports[1])\n                                        else:\n                                            port_max = None\n                                    except Exception as e:\n                                        port_min = None\n                                        port_max = None\n                                elif port == 'N/A':\n                                    port_min = port_max = None\n                                elif port == 'ALL':\n                                    port_min = 0\n                                    port_max = 65535\n                                elif p == 'ICMP':\n                                    port_min = port_max = None\n                                else:\n                                    port_min = port_max = int(port)\n                                for listener in listeners:\n                                    if (port_min and port_max) and port_min < int(listener) < port_max and \\\n                                            'cidrs' in ingress_rules['protocols'][p]['ports'][port]:\n                                        manage_dictionary(\n                                            attack_surface_config[public_ip]['protocols'], p, {'ports': {}})\n                                        manage_dictionary(attack_surface_config[public_ip]['protocols'][p]['ports'],\n                                                          str(listener), {'cidrs': []})\n                                        attack_surface_config[public_ip]['protocols'][p]['ports'][str(listener)]['cidrs'] += \\\n                                            ingress_rules['protocols'][p]['ports'][port]['cidrs']\n        except Exception as e:\n            print_exception(f'Failed to match SG to attack surface: {e}')\n\n    def _parse_elb_policies(self):\n        self._go_to_and_do(self.services['elb'],\n                           ['regions'],\n                           [],\n                           self.parse_elb_policies_callback,\n                           {})\n\n    def parse_elb_policies_callback(self, current_config, path, current_path, region_id, callback_args):\n        region_config = get_object_at(self, ['services', 'elb', ] + current_path + [region_id])\n        region_config['elb_policies'] = current_config['elb_policies']\n        for policy_id in region_config['elb_policies']:\n            if region_config['elb_policies'][policy_id]['PolicyTypeName'] != 'SSLNegotiationPolicyType':\n                continue\n            # protocols, options, ciphers\n            policy = region_config['elb_policies'][policy_id]\n            protocols = {}\n            options = {}\n            ciphers = {}\n            for attribute in policy['PolicyAttributeDescriptions']:\n                if attribute['AttributeName'] in ['Protocol-SSLv3', 'Protocol-TLSv1', 'Protocol-TLSv1.1',\n                                                  'Protocol-TLSv1.2']:\n                    protocols[attribute['AttributeName']] = attribute['AttributeValue']\n                elif attribute['AttributeName'] in ['Server-Defined-Cipher-Order']:\n                    options[attribute['AttributeName']] = attribute['AttributeValue']\n                elif attribute['AttributeName'] == 'Reference-Security-Policy':\n                    policy['reference_security_policy'] = attribute['AttributeValue']\n                else:\n                    ciphers[attribute['AttributeName']] = attribute['AttributeValue']\n                policy['protocols'] = protocols\n                policy['options'] = options\n                policy['ciphers'] = ciphers\n\n    def _update_sg_usage_codebuild(self):\n        try:\n            for region in self.services['codebuild']['regions']:\n                for codebuild_project in self.services['codebuild']['regions'][region]['build_projects']:\n                    if 'vpc' in self.services['codebuild']['regions'][region]['build_projects'][codebuild_project] and 'security_groups' in self.services['codebuild']['regions'][region]['build_projects'][codebuild_project]:\n                        cb_project = self.services['codebuild']['regions'][region]['build_projects'][codebuild_project]\n                        for cb_project_sg in cb_project['security_groups']:\n                            manage_dictionary(self.services['ec2']['regions'][region]['vpcs'][cb_project['vpc']]['security_groups'][cb_project_sg], 'used_by', {'resource_type': {'codebuild_project': []}})\n                            self.services['ec2']['regions'][region]['vpcs'][cb_project['vpc']]['security_groups'][cb_project_sg]['used_by']['resource_type']['codebuild_project'].append({\n                                'id': cb_project['arn'], 'name': cb_project['name']\n                            })\n        except Exception as e:\n            print_exception(f'Failed to update security group usage for CodeBuild: {e}')\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/acm/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/acm/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\nfrom .certificates import Certificates\n\n\nclass Certificates(Regions):\n    _children = [\n        (Certificates, 'certificates')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('acm', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/acm/certificates.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\n\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Certificates(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        raw_certificates = await self.facade.acm.get_certificates(self.region)\n        for raw_certificate in raw_certificates:\n            name, resource = self._parse_certificate(raw_certificate)\n            self[name] = resource\n\n    def _parse_certificate(self, raw_certificate):\n        raw_certificate['name'] = raw_certificate.get('DomainName')\n        raw_certificate['id'] = get_non_provider_id(raw_certificate['name'])\n        raw_certificate['arn'] = raw_certificate.get('DomainName')\n\n        return raw_certificate['id'], raw_certificate\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/awslambda/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/awslambda/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\nfrom .functions import Functions\n\n\nclass Lambdas(Regions):\n    _children = [\n        (Functions, 'functions')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('lambda', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/awslambda/functions.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Functions(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        raw_functions = await self.facade.awslambda.get_functions(self.region)\n        for raw_function in raw_functions:\n            name, resource = await self._parse_function(raw_function)\n            self[name] = resource\n\n    async def _parse_function(self, raw_function):\n\n        function_dict = {}\n        function_dict['name'] = raw_function.get('FunctionName')\n        function_dict['arn'] = raw_function.get('FunctionArn')\n        function_dict['runtime'] = raw_function.get('Runtime')\n        function_dict['handler'] = raw_function.get('Handler')\n        function_dict['code_size'] = raw_function.get('CodeSize')\n        function_dict['description'] = raw_function.get('Description')\n        function_dict['timeout'] = raw_function.get('Timeout')\n        function_dict['memory_size'] = raw_function.get('MemorySize')\n        function_dict['last_modified'] = raw_function.get('LastModified')\n        function_dict['code_sha256'] = raw_function.get('CodeSha256')\n        function_dict['version'] = raw_function.get('Version')\n        function_dict['tracing_config'] = raw_function.get('TracingConfig')\n        function_dict['revision_id'] = raw_function.get('RevisionId')\n\n        await self._add_role_information(function_dict, raw_function.get('Role'))\n        await self._add_access_policy_information(function_dict)\n        await self._add_env_variables(function_dict)\n\n        return get_non_provider_id(function_dict['name']), function_dict\n\n    async def _add_role_information(self, function_dict, role_id):\n        # Make it easier to build rules based on policies attached to execution roles\n        function_dict['role_arn'] = role_id\n        role_name = role_id.split(\"/\")[-1]\n        function_dict['execution_role'] = await self.facade.awslambda.get_role_with_managed_policies(role_name)\n        if function_dict.get('execution_role'):\n            statements = []\n            for policy in function_dict['execution_role'].get('policies'):\n                if 'Document' in policy and 'Statement' in policy['Document']:\n                    statements += policy['Document']['Statement']\n            function_dict['execution_role']['policy_statements'] = statements\n\n    async def _add_access_policy_information(self, function_dict):\n        access_policy = await self.facade.awslambda.get_access_policy(function_dict['name'], self.region)\n\n        if access_policy:\n            function_dict['access_policy'] = access_policy\n        else:\n            # If there's no policy, set an empty one\n            function_dict['access_policy'] = {'Version': '2012-10-17',\n                                              'Id': 'default',\n                                              'Statement': []}\n\n    async def _add_env_variables(self, function_dict):\n        env_variables = await self.facade.awslambda.get_env_variables(function_dict['name'], self.region)\n        function_dict[\"env_variables\"] = env_variables\n        # The following properties are for easier rule creation\n        if env_variables:\n            function_dict[\"env_variable_names\"] = list(env_variables.keys())\n            function_dict[\"env_variable_values\"] = list(env_variables.values())\n        else:\n            function_dict[\"env_variable_names\"] = []\n            function_dict[\"env_variable_values\"] = []\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/base.py",
    "content": "\"\"\"This module provides implementations for Resources and CompositeResources for AWS.\"\"\"\n\nimport abc\n\nfrom ScoutSuite.providers.base.resources.base import Resources, CompositeResources\n\n\nclass AWSResources(Resources, metaclass=abc.ABCMeta):\n    \"\"\"This is the base class for AWS resources.\"\"\"\n\n    pass\n\n\nclass AWSCompositeResources(AWSResources, CompositeResources, metaclass=abc.ABCMeta):\n    \"\"\"This class represents a collection of AWSResources. Classes extending AWSCompositeResources should define a\n    \"_children\" attribute which consists of a list of tuples describing the children. The tuples are expected to\n    respect the following format: (<child_class>, <child_name>). The child_name is used by indicates the name under\n    which the child will be stored in the parent object.\n    \"\"\"\n\n    pass\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/cloudformation/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/cloudformation/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\nfrom .stacks import Stacks\n\n\nclass CloudFormation(Regions):\n    _children = [\n        (Stacks, 'stacks')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('cloudformation', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/cloudformation/stacks.py",
    "content": "import re\n\nfrom ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Stacks(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        raw_stacks = await self.facade.cloudformation.get_stacks(self.region)\n        for raw_stack in raw_stacks:\n            name, stack = self._parse_stack(raw_stack)\n            self[name] = stack\n\n    def _parse_stack(self, raw_stack):\n        raw_stack['id'] = raw_stack.pop('StackId')\n        raw_stack['name'] = raw_stack.pop('StackName')\n        raw_stack['drifted'] = raw_stack.pop('DriftInformation')[\n                                   'StackDriftStatus'] == 'DRIFTED'\n        raw_stack['termination_protection'] = raw_stack.get('EnableTerminationProtection', False)\n        raw_stack['arn'] = raw_stack['id']\n        raw_stack['notificationARNs'] = raw_stack.get('NotificationARNs', [])\n        template = raw_stack.pop('template')\n        raw_stack['deletion_policy'] = self.has_deletion_policy(template)\n\n        if hasattr(template, 'keys'):\n            for group in template.keys():\n                if 'DeletionPolicy' in template[group]:\n                    raw_stack['deletion_policy'] = template[group]\n                    break\n\n        return get_non_provider_id(raw_stack['name']), raw_stack\n\n    @staticmethod\n    def has_deletion_policy(template):\n        \"\"\"\n        Return region to be used for global calls such as list bucket and get bucket location\n        :param template: The api response containing the stack's template\n        :return:\n        \"\"\"\n        has_dp = True\n        # If a ressource is found to not have a deletion policy or have it to delete, the boolean is switched to\n        # false to indicate that the ressource will be deleted once the stack is deleted\n        if isinstance(template, dict):\n            template = template['Resources']\n            for group in template.keys():\n                if 'DeletionPolicy' in template[group]:\n                    if template[group]['DeletionPolicy'] == 'Delete':\n                        has_dp = False\n                else:\n                    has_dp = False\n        if isinstance(template, str):\n            if re.match(r'\\\"DeletionPolicy\\\"\\s*:\\s*\\\"Delete\\\"', template):\n                has_dp = False\n            elif not re.match(r'\\\"DeletionPolicy\\\"', template):\n                has_dp = False\n        return has_dp\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/cloudfront/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/cloudfront/base.py",
    "content": "from ScoutSuite.providers.aws.resources.base import AWSCompositeResources\nfrom ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.cloudfront.distributions import Distributions\n\nfrom .distributions import Distributions\n\n\nclass CloudFront(AWSCompositeResources):\n    _children = [\n        (Distributions, 'distributions')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super(CloudFront, self).__init__(facade)\n        self.service = 'cloudfront'\n\n    async def fetch_all(self, partition_name='aws', **kwargs):\n        await self._fetch_children(self)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/cloudfront/distributions.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Distributions(AWSResources):\n    async def fetch_all(self):\n        list_distributions = await self.facade.cloudfront.get_distributions()\n        for distribution in list_distributions:\n            id, distro = self._parse_distributions(distribution)\n            self[id] = distro\n\n    def _parse_distributions(self, raw_distribution):\n        distribution_dict = {}\n        distribution_dict['id'] = distribution_dict['name'] = raw_distribution.get('Id')\n        distribution_dict['arn'] = raw_distribution.get('ARN')\n        distribution_dict['aliases'] = raw_distribution.get('Aliases')\n        distribution_dict['status'] = raw_distribution.get('Status')\n        distribution_dict['cache_behaviors'] = raw_distribution.get('CacheBehaviors')\n        distribution_dict['restrictions'] = raw_distribution.get('Restrictions')\n        distribution_dict['origins'] = raw_distribution.get('Origins')\n        distribution_dict['domain_name'] = raw_distribution.get('DomainName')\n        distribution_dict['web_acl_id'] = raw_distribution.get('WebACLId')\n        distribution_dict['price_class'] = raw_distribution.get('PriceClass')\n        distribution_dict['enabled'] = raw_distribution.get('Enabled')\n        distribution_dict['default_cache_behavior'] = raw_distribution.get('DefaultCacheBehavior')\n        distribution_dict['is_ipv6_enabled'] = raw_distribution.get('IsIPV6Enabled')\n        distribution_dict['comment'] = raw_distribution.get('Comment')\n        distribution_dict['http_version'] = raw_distribution.get('HttpVersion')\n        distribution_dict['viewer_certificate'] = raw_distribution.get('ViewerCertificate')\n        distribution_dict['custom_error_responses'] = raw_distribution.get('CustomErrorResponses')\n        distribution_dict['last_modified_time'] = raw_distribution.get('LastModifiedTime')\n        distribution_dict['origin_groups'] = raw_distribution.get('OriginGroups')\n        return distribution_dict['id'], distribution_dict\n\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/cloudtrail/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/cloudtrail/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\nfrom .trails import Trails\n\n\nclass CloudTrail(Regions):\n    _children = [\n        (Trails, 'trails')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('cloudtrail', facade)\n\n    async def finalize(self):\n        global_events_logging = []\n\n        for region in self['regions']:\n            for trail_id, trail in self['regions'][region]['trails'].items():\n                if 'HomeRegion' in trail and trail['HomeRegion'] != region:\n                    # Part of a multi-region trail, skip until we find the whole object\n                    continue\n                if trail['IncludeGlobalServiceEvents'] and trail['IsLogging']:\n                    global_events_logging.append((region, trail_id,))\n\n        self['IncludeGlobalServiceEvents'] = len(global_events_logging) > 0\n        self['DuplicatedGlobalServiceEvents'] = len(global_events_logging) > 1\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/cloudtrail/trails.py",
    "content": "import time\n\nfrom ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Trails(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        raw_trails = await self.facade.cloudtrail.get_trails(self.region)\n        for raw_trail in raw_trails:\n            name, resource = self._parse_trail(raw_trail)\n            self[name] = resource\n\n    def _parse_trail(self, raw_trail):\n        trail = {'name': raw_trail.pop('Name')}\n        trail_id = get_non_provider_id(trail['name'])\n        \n        trail['arn'] = raw_trail.get('TrailARN')\n        trail['is_organization_trail'] = raw_trail.get('IsOrganizationTrail')\n        trail['home_region'] = raw_trail.get('HomeRegion')\n\n        # Do not duplicate entries for multiregion trails\n        if 'IsMultiRegionTrail' in raw_trail and raw_trail['IsMultiRegionTrail'] and \\\n                raw_trail['HomeRegion'] != self.region:\n            for key in ['HomeRegion', 'TrailARN']:\n                trail[key] = raw_trail[key]\n            trail['scout_link'] = 'services.cloudtrail.regions.{}.trails.{}'.format(raw_trail['HomeRegion'], trail_id)\n            return trail_id, trail\n\n        for key in raw_trail:\n            trail[key] = raw_trail[key]\n        trail['bucket_id'] = get_non_provider_id(trail.pop('S3BucketName'))\n        for key in ['IsMultiRegionTrail', 'LogFileValidationEnabled']:\n            if key not in trail:\n                trail[key] = False\n\n        for key in ['KmsKeyId', 'IsLogging', 'LatestDeliveryTime', 'LatestDeliveryError', 'StartLoggingTime',\n                    'StopLoggingTime', 'LatestNotificationTime', 'LatestNotificationError',\n                    'LatestCloudWatchLogsDeliveryError', 'LatestCloudWatchLogsDeliveryTime']:\n            trail[key] = trail[key] if key in trail else None\n\n        # using trail ARN instead of name as with Organizations the trail would be located in another account\n        trail['wildcard_data_logging'] = self.data_logging_status(trail)\n\n        for event_selector in trail.get('EventSelectors', []):\n            trail['DataEventsEnabled'] = len(event_selector['DataResources']) > 0\n            trail['ManagementEventsEnabled'] = event_selector['IncludeManagementEvents']\n\n        return trail_id, trail\n\n    def data_logging_status(self, trail):\n        for event_selector in trail.get('EventSelectors', []):\n            has_wildcard = \\\n                {'Values': ['arn:aws:s3'], 'Type': 'AWS::S3::Object'} in event_selector['DataResources'] or \\\n                {'Values': ['arn:aws:lambda'], 'Type': 'AWS::Lambda::Function'} in event_selector['DataResources']\n            is_logging = trail['IsLogging']\n            if has_wildcard and is_logging and self.is_fresh(trail):\n                return True\n        return False\n\n    @staticmethod\n    def is_fresh(trail_details):\n        if trail_details.get('LatestCloudWatchLogsDeliveryTime'):\n            delivery_time = trail_details.get('LatestCloudWatchLogsDeliveryTime').strftime(\"%s\")\n            delivery_age = ((int(time.time()) - int(delivery_time)) / 1440)\n            return delivery_age <= 24\n        else:\n            return False\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/cloudwatch/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/cloudwatch/alarms.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Alarms(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        raw_alarms = await self.facade.cloudwatch.get_alarms(self.region)\n        for raw_alarm in raw_alarms:\n            name, resource = self._parse_alarm(raw_alarm)\n            self[name] = resource\n\n    def _parse_alarm(self, raw_alarm):\n        raw_alarm['arn'] = raw_alarm.pop('AlarmArn')\n        raw_alarm['name'] = raw_alarm.pop('AlarmName')\n\n        # Drop some data\n        for key in ['AlarmConfigurationUpdatedTimestamp', 'StateReason', 'StateReasonData', 'StateUpdatedTimestamp']:\n            if key in raw_alarm:\n                raw_alarm.pop(key)\n\n        alarm_id = get_non_provider_id(raw_alarm['arn'])\n        return alarm_id, raw_alarm\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/cloudwatch/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\nfrom .alarms import Alarms\nfrom .metric_filters import MetricFilters\n\n\nclass CloudWatch(Regions):\n    _children = [\n        (Alarms, 'alarms'),\n        (MetricFilters, 'metric_filters')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('cloudwatch', facade)\n\n    async def finalize(self):\n\n        # For each region, check if at least one metric filter covers the desired events\n        for region in self['regions']:\n            self['regions'][region]['metric_filters_pattern_checks'] = {}\n            # Initialize results at \"False\"\n            self['regions'][region]['metric_filters_pattern_checks']['unauthorized_api_calls'] = False\n            self['regions'][region]['metric_filters_pattern_checks']['console_login_mfa'] = False\n            self['regions'][region]['metric_filters_pattern_checks']['root_usage'] = False\n            self['regions'][region]['metric_filters_pattern_checks']['iam_policy_changes'] = False\n            self['regions'][region]['metric_filters_pattern_checks']['cloudtrail_configuration_changes'] = False\n            self['regions'][region]['metric_filters_pattern_checks']['console_authentication_failures'] = False\n            self['regions'][region]['metric_filters_pattern_checks']['cmk_deletion'] = False\n            self['regions'][region]['metric_filters_pattern_checks']['s3_policy_changes'] = False\n            self['regions'][region]['metric_filters_pattern_checks']['aws_configuration_changes'] = False\n            self['regions'][region]['metric_filters_pattern_checks']['security_group_changes'] = False\n            self['regions'][region]['metric_filters_pattern_checks']['nacl_changes'] = False\n            self['regions'][region]['metric_filters_pattern_checks']['network_gateways_changes'] = False\n            self['regions'][region]['metric_filters_pattern_checks']['route_table_changes'] = False\n            self['regions'][region]['metric_filters_pattern_checks']['vpc_changes'] = False\n            for metric_filter_id, metric_filter in self['regions'][region]['metric_filters'].items():\n                # Check events\n                if metric_filter['pattern'] == \"{ ($.errorCode = \\\"*UnauthorizedOperation\\\") || ($.errorCode = \\\"AccessDenied*\\\") }\":\n                    self['regions'][region]['metric_filters_pattern_checks']['unauthorized_api_calls'] = True\n                if metric_filter['pattern'] == \"{ ($.eventName = \\\"ConsoleLogin\\\") && ($.additionalEventData.MFAUsed != \\\"Yes\\\") }\":\n                    self['regions'][region]['metric_filters_pattern_checks']['console_login_mfa'] = True\n                if metric_filter['pattern'] == \"{ $.userIdentity.type = \\\"Root\\\" && $.userIdentity.invokedBy NOT EXISTS && $.eventType != \\\"AwsServiceEvent\\\" }\":\n                    self['regions'][region]['metric_filters_pattern_checks']['root_usage'] = True\n                if metric_filter['pattern'] == \"{ ($.eventName=DeleteGroupPolicy) || ($.eventName=DeleteRolePolicy) || ($.eventName=DeleteUserPolicy) || ($.eventName=PutGroupPolicy) || ($.eventName=PutRolePolicy) || ($.eventName=PutUserPolicy) || ($.eventName=CreatePolicy) || ($.eventName=DeletePolicy) || ($.eventName=CreatePolicyVersion) || ($.eventName=DeletePolicyVersion) || ($.eventName=AttachRolePolicy) || ($.eventName=DetachRolePolicy) || ($.eventName=AttachUserPolicy) || ($.eventName=DetachUserPolicy) || ($.eventName=AttachGroupPolicy) || ($.eventName=DetachGroupPolicy) }\":\n                    self['regions'][region]['metric_filters_pattern_checks']['iam_policy_changes'] = True\n                if metric_filter['pattern'] == \"{ ($.eventName = CreateTrail) || ($.eventName = UpdateTrail) || ($.eventName = DeleteTrail) || ($.eventName = StartLogging) || ($.eventName = StopLogging) }\":\n                    self['regions'][region]['metric_filters_pattern_checks']['cloudtrail_configuration_changes'] = True\n                if metric_filter['pattern'] == \"{ ($.eventName = ConsoleLogin) && ($.errorMessage = \\\"Failed authentication\\\") }\":\n                    self['regions'][region]['metric_filters_pattern_checks']['console_authentication_failures'] = True\n                if metric_filter['pattern'] == \"{ ($.eventSource = kms.amazonaws.com) && (($.eventName = DisableKey) || ($.eventName = ScheduleKeyDeletion)) }\":\n                    self['regions'][region]['metric_filters_pattern_checks']['cmk_deletion'] = True\n                if metric_filter['pattern'] == \"{ ($.eventSource = s3.amazonaws.com) && (($.eventName = PutBucketAcl) || ($.eventName = PutBucketPolicy) || ($.eventName = PutBucketCors) || ($.eventName = PutBucketLifecycle) || ($.eventName = PutBucketReplication) || ($.eventName = DeleteBucketPolicy) || ($.eventName = DeleteBucketReplication)) }\":\n                    self['regions'][region]['metric_filters_pattern_checks']['s3_policy_changes'] = True\n                if metric_filter['pattern'] == \"{ ($.eventSource = config.amazonaws.com) && (($.eventName = StopConfigurationRecorder) || ($.eventName = DeleteDeliveryChannel) || ($.eventName = PutDeliveryChannel) || ($.eventName = PutConfigurationRecorder)) }\":\n                    self['regions'][region]['metric_filters_pattern_checks']['aws_configuration_changes'] = True\n                if metric_filter['pattern'] == \"{ ($.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup) }\":\n                    self['regions'][region]['metric_filters_pattern_checks']['security_group_changes'] = True\n                if metric_filter['pattern'] == \"{ ($.eventName = CreateNetworkAcl) || ($.eventName = CreateNetworkAclEntry) || ($.eventName = DeleteNetworkAcl) || ($.eventName = DeleteNetworkAclEntry) || ($.eventName = ReplaceNetworkAclEntry) || ($.eventName = ReplaceNetworkAclAssociation) }\":\n                    self['regions'][region]['metric_filters_pattern_checks']['nacl_changes'] = True\n                if metric_filter['pattern'] == \"{ ($.eventName = CreateCustomerGateway) || ($.eventName = DeleteCustomerGateway) || ($.eventName = AttachInternetGateway) || ($.eventName = CreateInternetGateway) || ($.eventName = DeleteInternetGateway) || ($.eventName = DetachInternetGateway) }\":\n                    self['regions'][region]['metric_filters_pattern_checks']['network_gateways_changes'] = True\n                if metric_filter['pattern'] == \"{ ($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable) }\":\n                    self['regions'][region]['metric_filters_pattern_checks']['route_table_changes'] = True\n                if metric_filter['pattern'] == \"{ ($.eventName = CreateVpc) || ($.eventName = DeleteVpc) || ($.eventName = ModifyVpcAttribute) || ($.eventName = AcceptVpcPeeringConnection) || ($.eventName = CreateVpcPeeringConnection) || ($.eventName = DeleteVpcPeeringConnection) || ($.eventName = RejectVpcPeeringConnection) || ($.eventName = AttachClassicLinkVpc) || ($.eventName = DetachClassicLinkVpc) || ($.eventName = DisableVpcClassicLink) || ($.eventName = EnableVpcClassicLink) }\":\n                    self['regions'][region]['metric_filters_pattern_checks']['vpc_changes'] = True\n                   "
  },
  {
    "path": "ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\nfrom ScoutSuite.providers.aws.utils import format_arn\n\n\nclass MetricFilters(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super(MetricFilters, self).__init__(facade)\n        self.region = region\n        self.partition = facade.partition\n        self.service = 'cloudwatch'\n        self.resource_type = 'metric-filter'\n\n    async def fetch_all(self):\n        for raw_metric_filter in await self.facade.cloudwatch.get_metric_filters(self.region):\n            name, resource = self._parse_metric_filter(raw_metric_filter)\n            self[name] = resource\n\n    def _parse_metric_filter(self, raw_metric_filter):\n        metric_filter_dict = {}\n        metric_filter_dict['id'] = get_non_provider_id('{}{}'.format(raw_metric_filter.get('filterName'),\n                                                                     raw_metric_filter.get('creationTime')))\n        metric_filter_dict['name'] = raw_metric_filter.get('filterName')\n        metric_filter_dict['creation_time'] = raw_metric_filter.get('creationTime')\n        metric_filter_dict['pattern'] = raw_metric_filter.get('filterPattern')\n        metric_filter_dict['metric_transformations'] = raw_metric_filter.get('metricTransformations')\n        metric_filter_dict['log_group_name'] = raw_metric_filter.get('logGroupName')\n        metric_filter_dict['arn'] = format_arn(self.partition, self.service, self.region, '', raw_metric_filter.get('filterName'), self.resource_type)\n        return metric_filter_dict['id'], metric_filter_dict\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/codebuild/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/codebuild/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\nfrom .build_projects import BuildProjects\n\n\nclass CodeBuild(Regions):\n    _children = [\n        (BuildProjects, 'build_projects')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('codebuild', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/codebuild/build_projects.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass BuildProjects(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        raw_projects = await self.facade.codebuild.get_projects(self.region)\n        for list_raw_project in raw_projects:\n            for raw_project in list_raw_project.get('projects'):\n                id, build_project = self._parse_build_projects(raw_project)\n                self[id] = build_project\n\n    def _parse_build_projects(self, raw_build_project):\n        project_dict = {}\n        project_dict['id'] = raw_build_project.get('arn')\n        project_dict['arn'] = raw_build_project.get('arn')\n        project_dict['name'] = raw_build_project.get('name')\n        if 'vpcConfig' in raw_build_project:\n            project_dict['vpc'] = raw_build_project.get('vpcConfig').get('vpcId')\n            project_dict['subnets'] = raw_build_project.get('vpcConfig').get('subnets')\n            project_dict['security_groups'] = raw_build_project.get('vpcConfig').get('securityGroupIds')\n        return project_dict['id'], project_dict\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/config/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/config/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.config.recorders import Recorders\nfrom ScoutSuite.providers.aws.resources.config.rules import Rules\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\n\nclass Config(Regions):\n    _children = [\n        (Recorders, 'recorders'),\n        (Rules, 'rules')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('config', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/config/recorders.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Recorders(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        raw_recorders = await self.facade.config.get_recorders(self.region)\n        for raw_recorder in raw_recorders:\n            name, resource = self._parse_recorder(raw_recorder)\n            self[name] = resource\n\n    def _parse_recorder(self, raw_recorder):\n        recorder = {}\n        recorder['name'] = raw_recorder['name']\n        recorder['region'] = self.region\n        recorder['role_ARN'] = raw_recorder['roleARN']\n        recorder['recording_group'] = raw_recorder['recordingGroup']\n        recorder['enabled'] = raw_recorder['ConfigurationRecordersStatus']['recording']\n        recorder['last_status'] = raw_recorder['ConfigurationRecordersStatus'].get('lastStatus')\n        recorder['last_start_time'] = raw_recorder['ConfigurationRecordersStatus'].get('lastStartTime')\n        recorder['last_status_change_time'] = raw_recorder['ConfigurationRecordersStatus'].get('lastStatusChangeTime')\n        return get_non_provider_id(recorder['name']), recorder\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/config/rules.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Rules(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        raw_rules = await self.facade.config.get_rules(self.region)\n        for raw_rule in raw_rules:\n            name, resource = self._parse_rule(raw_rule)\n            self[name] = resource\n\n    def _parse_rule(self, raw_rule):\n        rule = {}\n        rule['id'] = raw_rule.pop('ConfigRuleId', None)\n        rule['arn'] = raw_rule.pop('ConfigRuleArn', None)\n        rule['name'] = raw_rule.pop('ConfigRuleName', None)\n        rule['description'] = raw_rule.pop('Description', None)\n        rule['scope'] = raw_rule.pop('Scope', None)\n        rule['source'] = raw_rule.pop('Source', None)\n        rule['input_parameters'] = raw_rule.pop('InputParameters', None)\n        rule['maximum_execution_frequency'] = raw_rule.pop('MaximumExecutionFrequency', None)\n        rule['state'] = raw_rule.pop('ConfigRuleState', None)\n        return get_non_provider_id(rule['name']), rule\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/directconnect/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/directconnect/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\nfrom .connections import Connections\n\n\nclass DirectConnect(Regions):\n    _children = [\n        (Connections, 'connections')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('directconnect', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/directconnect/connections.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.utils import format_arn\n\n\nclass Connections(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n        self.partition = facade.partition\n        self.service = 'directconnect'\n        self.resource_type = 'connection'\n\n    async def fetch_all(self):\n        raw_connections = await self.facade.directconnect.get_connections(self.region)\n        for raw_connection in raw_connections:\n            name, resource = self._parse_connection(raw_connection)\n            self[name] = resource\n\n    def _parse_connection(self, raw_connection):\n        raw_connection['id'] = raw_connection.pop('connectionId')\n        raw_connection['name'] = raw_connection.pop('connectionName')\n        raw_connection['arn'] = format_arn(self.partition, self.service, self.region, raw_connection.get('ownerAccount'), raw_connection.get('id'), self.resource_type)\n        return raw_connection['id'], raw_connection\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/dynamodb/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/dynamodb/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\nfrom .tables import Tables\n\n\nclass DynamoDB(Regions):\n    _children = [\n        (Tables, 'tables')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super(DynamoDB, self).__init__('dynamodb', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/dynamodb/tables.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\n\n\nclass Tables(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super(Tables, self).__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        raw_tables = await self.facade.dynamodb.get_tables(self.region)\n        for raw_table in raw_tables:\n            name, resource = self._parse_table(raw_table)\n            self[name] = resource\n\n    def _parse_table(self, raw_table):\n        table_dict = {}\n        table_dict['name'] = raw_table.get('TableName')\n        table_dict['id'] = raw_table.get('TableId')\n        table_dict['arn'] = raw_table.get('TableArn')\n        table_dict['attribute_definitions'] = raw_table.get('AttributeDefinitions')\n        table_dict['key_schema'] = raw_table.get('KeySchema')\n        table_dict['table_status'] = raw_table.get('TableStatus')\n        table_dict['creation_date_time'] = raw_table.get('CreationDateTime')\n        table_dict['provisioned_throughput'] = raw_table.get('ProvisionedThroughput')\n        table_dict['table_size_bytes'] = raw_table.get('TableSizeBytes')\n        table_dict['item_count'] = raw_table.get('ItemCount')\n        table_dict['backup_summaries'] = raw_table.get('BackupSummaries')\n        table_dict['continuous_backups'] = raw_table.get('ContinuousBackups')\n        table_dict['tags'] = raw_table.get('tags')\n\n        table_dict['automatic_backups_enabled'] = \\\n            raw_table['ContinuousBackups']['PointInTimeRecoveryDescription']['PointInTimeRecoveryStatus'] == 'ENABLED' \\\n                if 'ContinuousBackups' in raw_table else None\n\n        if \"SSEDescription\" in raw_table:\n            table_dict[\"sse_enabled\"] = True\n        else:\n            table_dict[\"sse_enabled\"] = False\n\n        return table_dict['id'], table_dict\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/ec2/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/ec2/ami.py",
    "content": "from ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.utils import format_arn\n\n\nclass AmazonMachineImages(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n        self.partition = facade.partition\n        self.service = 'ec2'\n        self.resource_type = 'amazon-machine-image'\n\n    async def fetch_all(self):\n        raw_images = await self.facade.ec2.get_images(self.region)\n        for raw_image in raw_images:\n            name, resource = self._parse_image(raw_image)\n            self[name] = resource\n\n    def _parse_image(self, raw_image):\n        raw_image['id'] = raw_image.get('ImageId')\n        raw_image['name'] = raw_image.get('Name')\n        raw_image['arn'] = format_arn(self.partition, self.service, self.region, raw_image.get('OwnerId'), raw_image.get('ImageId'), self.resource_type)\n        return raw_image['id'], raw_image\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/ec2/base.py",
    "content": "from ScoutSuite.providers.aws.resources.ec2.ami import AmazonMachineImages\nfrom ScoutSuite.providers.aws.resources.ec2.snapshots import Snapshots\nfrom ScoutSuite.providers.aws.resources.ec2.volumes import Volumes\nfrom ScoutSuite.providers.aws.resources.ec2.vpcs import Ec2Vpcs\nfrom ScoutSuite.providers.aws.resources.regions import Regions\nfrom ScoutSuite.providers.aws.resources.ec2.regional_settings import RegionalSettings\n\n\nclass EC2(Regions):\n    _children = [\n        (Ec2Vpcs, 'vpcs'),\n        (AmazonMachineImages, 'images'),\n        (Snapshots, 'snapshots'),\n        (Volumes, 'volumes'),\n        (RegionalSettings, 'regional_settings')\n    ]\n\n    def __init__(self, facade):\n        super().__init__('ec2', facade)\n\n    async def fetch_all(self, regions=None, excluded_regions=None, partition_name='aws', **kwargs):\n        await super().fetch_all(regions, excluded_regions, partition_name)\n\n        for region in self['regions']:\n            self['regions'][region]['instances_count'] =\\\n                sum([len(vpc['instances']) for vpc in self['regions'][region]['vpcs'].values()])\n            self['regions'][region]['security_groups_count'] =\\\n                sum([len(vpc['security_groups']) for vpc in self['regions'][region]['vpcs'].values()])\n            self['regions'][region]['network_interfaces_count'] =\\\n                sum([len(vpc['network_interfaces']) for vpc in self['regions'][region]['vpcs'].values()])\n\n        self['instances_count'] =\\\n            sum([region['instances_count'] for region in self['regions'].values()])\n        self['security_groups_count'] =\\\n            sum([region['security_groups_count'] for region in self['regions'].values()])\n        self['network_interfaces_count'] =\\\n            sum([region['network_interfaces_count'] for region in self['regions'].values()])\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/ec2/instances.py",
    "content": "from ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.utils import get_name, get_keys, format_arn\n\nimport re\n\n\nclass EC2Instances(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str, vpc: str):\n        super().__init__(facade)\n        self.region = region\n        self.vpc = vpc\n        self.partition = facade.partition\n        self.service = 'ec2'\n        self.resource_type = 'instance'\n\n    async def fetch_all(self):\n        raw_instances = await self.facade.ec2.get_instances(self.region, self.vpc)\n        for raw_instance in raw_instances:\n            name, resource = await self._parse_instance(raw_instance)\n            self[name] = resource\n\n    async def _parse_instance(self, raw_instance):\n        instance = {}\n        id = raw_instance['InstanceId']\n        instance['id'] = id\n        instance['arn'] = format_arn(self.partition, self.service, self.region, raw_instance['OwnerId'], raw_instance['InstanceId'], self.resource_type)\n        instance['reservation_id'] = raw_instance['ReservationId']\n        instance['availability_zone'] = raw_instance.get('Placement', {}).get('AvailabilityZone')\n        instance['monitoring_enabled'] = raw_instance['Monitoring']['State'] == 'enabled'\n        instance['user_data'] = await self.facade.ec2.get_instance_user_data(self.region, id)\n        instance['user_data_secrets'] = self._identify_user_data_secrets(instance['user_data'])\n\n        get_name(raw_instance, instance, 'InstanceId')\n        get_keys(raw_instance, instance,\n                 ['KeyName', 'LaunchTime', 'InstanceType', 'State', 'IamInstanceProfile', 'SubnetId', 'Tags'])\n\n        if \"IamInstanceProfile\" in raw_instance:\n            instance['iam_instance_profile_id'] = raw_instance['IamInstanceProfile']['Id']\n            instance['iam_instance_profile_arn'] = raw_instance['IamInstanceProfile']['Arn']\n        \n        instance['network_interfaces'] = {}\n        for eni in raw_instance['NetworkInterfaces']:\n            nic = {}\n            get_keys(eni, nic, ['Association', 'Groups', 'PrivateIpAddresses', 'SubnetId', 'Ipv6Addresses'])\n            instance['network_interfaces'][eni['NetworkInterfaceId']] = nic\n\n        instance['metadata_options'] = raw_instance.get('MetadataOptions', {})\n\n        if 'IamInstanceProfile' in raw_instance:\n            instance['iam_role'] = raw_instance['IamInstanceProfile']['Arn'].split('/')[-1]\n        else:\n            instance['iam_role'] = None\n\n        return id, instance\n\n    @staticmethod\n    def _identify_user_data_secrets(user_data):\n        \"\"\"\n        Parses EC2 user data in order to identify secrets and credentials..\n        \"\"\"\n        secrets = {}\n\n        if user_data:\n            aws_access_key_regex = re.compile(r'(?:^|[^0-9A-Z])(AKIA[0-9A-Z]{16})(?:[^0-9A-Z]|$)')\n            aws_secret_access_key_regex = re.compile(r'(?:^|[^0-9a-zA-Z/+])([0-9a-zA-Z/+]{40})(?:[^0-9a-zA-Z/+]|$)')\n            rsa_private_key_regex = re.compile('(?s)(-----BEGIN RSA PRIVATE KEY-----.+?-----END .+?-----)')\n            keywords = ['password', 'secret', 'aws_access_key_id', 'aws_secret_access_key', 'aws_session_token']\n\n            aws_access_key_list = aws_access_key_regex.findall(user_data)\n            if aws_access_key_list:\n                secrets['AWS Access Key IDs'] = aws_access_key_list\n            aws_secret_access_key_list = aws_secret_access_key_regex.findall(user_data)\n            if aws_secret_access_key_list:\n                secrets['AWS Secret Access Keys'] = aws_secret_access_key_list\n            rsa_private_key_list = rsa_private_key_regex.findall(user_data)\n            if rsa_private_key_list:\n                secrets['Private Keys'] = rsa_private_key_list\n            word_list = []\n            for word in keywords:\n                if word in user_data.lower():\n                    word_list.append(word)\n            if word_list:\n                secrets['Flagged Words'] = word_list\n\n        return secrets\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py",
    "content": "from ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.utils import format_arn\n\n\nclass NetworkInterfaces(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str, vpc: str):\n        super().__init__(facade)\n        self.region = region\n        self.vpc = vpc\n        self.partition = facade.partition\n        self.service = 'ec2'\n        self.resource_type = 'network-interface'\n\n    async def fetch_all(self):\n        raw_security_groups = await self.facade.ec2.get_network_interfaces(self.region, self.vpc)\n        for raw_security_groups in raw_security_groups:\n            name, resource = self._parse_network_interface(raw_security_groups)\n            self[name] = resource\n\n    def _parse_network_interface(self, raw_network_interface):\n        raw_network_interface['name'] = raw_network_interface['NetworkInterfaceId']\n        raw_network_interface['arn'] = format_arn(self.partition, self.service, self.region, raw_network_interface.get('OwnerId'), raw_network_interface.get('NetworkInterfaceId'), self.resource_type)\n        return raw_network_interface['NetworkInterfaceId'], raw_network_interface\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/ec2/regional_settings.py",
    "content": "from ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.utils import get_name, format_arn\n\n\nclass RegionalSettings(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n        self.partition = facade.partition\n        self.service = 'ec2'\n        self.resource_type = 'regional_setting'\n\n    async def fetch_all(self):\n        # These settings are associated directly with the service+region, not with any resource.\n        # However, ScoutSuite seems to assume that every setting is tied to a resource so we make \n        # up a fake resource to hold them.\n        self[0] = {}\n        self[0]['ebs_encryption_default'] = (await self.facade.ec2.get_ebs_encryption(self.region))['EbsEncryptionByDefault']\n        self[0]['ebs_default_encryption_key_id'] = (await self.facade.ec2.get_ebs_default_encryption_key(self.region))['KmsKeyId']\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/ec2/securitygroups.py",
    "content": "from ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.utils import format_arn\nfrom ScoutSuite.utils import manage_dictionary\nfrom ScoutSuite.core.fs import load_data\n\n\nclass SecurityGroups(AWSResources):\n    icmp_message_types_dict = load_data('icmp_message_types.json', 'icmp_message_types')\n\n    def __init__(self, facade: AWSFacade, region: str, vpc: str):\n        super().__init__(facade)\n        self.region = region\n        self.vpc = vpc\n        self.partition = facade.partition\n        self.service = 'ec2'\n        self.resource_type = 'security-group'\n\n    async def fetch_all(self):\n        raw_security_groups = await self.facade.ec2.get_security_groups(self.region, self.vpc)\n        for raw_security_groups in raw_security_groups:\n            name, resource = self._parse_security_group(raw_security_groups)\n            self[name] = resource\n\n    def _parse_security_group(self, raw_security_group):\n        security_group = {}\n        security_group['name'] = raw_security_group['GroupName']\n        security_group['id'] = raw_security_group['GroupId']\n        security_group['arn'] = format_arn(self.partition, self.service, self.region, raw_security_group.get('OwnerId'), raw_security_group.get('GroupId'), self.resource_type)\n        security_group['description'] = raw_security_group['Description']\n        security_group['owner_id'] = raw_security_group['OwnerId']\n\n        if 'Tags' in raw_security_group:\n            security_group['tags'] = {x['Key']: x['Value'] for x in raw_security_group['Tags']}\n\n        security_group['rules'] = {'ingress': {}, 'egress': {}}\n        ingress_protocols, ingress_rules_count = self._parse_security_group_rules(\n            raw_security_group['IpPermissions'])\n        security_group['rules']['ingress']['protocols'] = ingress_protocols\n        security_group['rules']['ingress']['count'] = ingress_rules_count\n\n        egress_protocols, egress_rules_count = self._parse_security_group_rules(\n            raw_security_group['IpPermissionsEgress'])\n        security_group['rules']['egress']['protocols'] = egress_protocols\n        security_group['rules']['egress']['count'] = egress_rules_count\n\n        security_group['is_default_configuration'] = \\\n            self._has_default_egress_rule(raw_security_group['IpPermissionsEgress']) and \\\n            self._has_default_ingress_rule(raw_security_group['IpPermissions'], raw_security_group['GroupId'])\n\n        return security_group['id'], security_group\n\n    def _has_default_egress_rule(self, rule_list):\n        for rule in rule_list:\n            if rule['IpProtocol'] == '-1':\n                for ip_range in rule['IpRanges']:\n                    if ip_range['CidrIp'] == '0.0.0.0/0':\n                        return True\n        return False\n\n    def _has_default_ingress_rule(self, rule_list, group_id):\n        for rule in rule_list:\n            if rule['IpProtocol'] == '-1':\n                for source_group in rule['UserIdGroupPairs']:\n                    if source_group['GroupId'] == group_id:\n                        return True\n        return False\n\n    def _parse_security_group_rules(self, rules):\n        protocols = {}\n        rules_count = 0\n        for rule in rules:\n            ip_protocol = rule['IpProtocol'].upper()\n            if ip_protocol == '-1':\n                ip_protocol = 'ALL'\n            protocols = manage_dictionary(protocols, ip_protocol, {})\n            protocols[ip_protocol] = manage_dictionary(\n                protocols[ip_protocol], 'ports', {})\n\n            # Save the port (single port or range)\n            port_value = '1-65535'\n            if 'FromPort' in rule and 'ToPort' in rule:\n                if ip_protocol == 'ICMP':\n                    # FromPort with ICMP is the type of message\n                    port_value = self.icmp_message_types_dict[str(\n                        rule['FromPort'])]\n                elif rule['FromPort'] == rule['ToPort']:\n                    port_value = str(rule['FromPort'])\n                else:\n                    port_value = '{}-{}'.format(rule['FromPort'], rule['ToPort'])\n            manage_dictionary(protocols[ip_protocol]['ports'], port_value, {})\n\n            # Save grants, values are either a CIDR or an EC2 security group\n            for grant in rule['UserIdGroupPairs']:\n                manage_dictionary(\n                    protocols[ip_protocol]['ports'][port_value], 'security_groups', [])\n                protocols[ip_protocol]['ports'][port_value]['security_groups'].append(\n                    grant)\n                rules_count = rules_count + 1\n            for grant in rule['IpRanges']:\n                manage_dictionary(\n                    protocols[ip_protocol]['ports'][port_value], 'cidrs', [])\n                protocols[ip_protocol]['ports'][port_value]['cidrs'].append(\n                    {'CIDR': grant['CidrIp']})\n                rules_count = rules_count + 1\n\n            # IPv6\n            for grant in rule['Ipv6Ranges']:\n                manage_dictionary(\n                    protocols[ip_protocol]['ports'][port_value], 'cidrs', [])\n                protocols[ip_protocol]['ports'][port_value]['cidrs'].append(\n                    {'CIDR': grant['CidrIpv6']})\n                rules_count = rules_count + 1\n\n        return protocols, rules_count\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/ec2/snapshots.py",
    "content": "from ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.utils import get_name, format_arn\n\n\nclass Snapshots(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n        self.partition = facade.partition\n        self.service = 'ec2'\n        self.resource_type = 'snapshot'\n\n    async def fetch_all(self):\n        raw_snapshots = await self.facade.ec2.get_snapshots(self.region)\n        for raw_snapshot in raw_snapshots:\n            name, resource = self._parse_snapshot(raw_snapshot)\n            self[name] = resource\n\n    def _parse_snapshot(self, raw_snapshot):\n        snapshot_dict = {}\n        snapshot_dict['id'] = raw_snapshot.get('SnapshotId')\n        snapshot_dict['name'] = get_name(raw_snapshot, raw_snapshot, 'SnapshotId')\n        snapshot_dict['description'] = raw_snapshot.get('Description')\n        snapshot_dict['public'] = self._is_public(raw_snapshot)\n        snapshot_dict['encrypted'] = raw_snapshot.get('Encrypted')\n        snapshot_dict['kms_key_id'] = raw_snapshot.get('KmsKeyId')\n        snapshot_dict['owner_id'] = raw_snapshot.get('OwnerId')\n        snapshot_dict['progress'] = raw_snapshot.get('Progress')\n        snapshot_dict['start_time'] = raw_snapshot.get('StartTime')\n        snapshot_dict['state'] = raw_snapshot.get('State')\n        snapshot_dict['volume_id'] = raw_snapshot.get('VolumeId')\n        snapshot_dict['volume_size'] = raw_snapshot.get('VolumeSize')\n        snapshot_dict['create_volume_permissions'] = raw_snapshot.get('CreateVolumePermissions')\n        snapshot_dict['arn'] = format_arn(self.partition, self.service, self.region, raw_snapshot.get('OwnerId'), raw_snapshot.get('SnapshotId'), self.resource_type)\n        return snapshot_dict['id'], snapshot_dict\n\n    @staticmethod\n    def _is_public(snapshot):\n        return any([permission.get('Group') == 'all' for permission in snapshot['CreateVolumePermissions']])\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/ec2/volumes.py",
    "content": "from ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.utils import get_name, format_arn\n\n\nclass Volumes(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n        self.partition = facade.partition\n        self.service = 'ec2'\n        self.resource_type = 'volume'\n\n    async def fetch_all(self):\n        raw_volumes = await self.facade.ec2.get_volumes(self.region)\n        for raw_volume in raw_volumes:\n            name, resource = self._parse_volume(raw_volume)\n            self[name] = resource\n\n    def _parse_volume(self, raw_volume):\n        raw_volume['id'] = raw_volume.pop('VolumeId')\n        raw_volume['name'] = get_name(raw_volume, raw_volume, 'id')\n        raw_volume['arn'] = format_arn(self.partition, self.service, self.region, self.facade.owner_id, raw_volume.get('id'), self.resource_type)\n        return raw_volume['id'], raw_volume\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/ec2/vpcs.py",
    "content": "from ScoutSuite.providers.aws.resources.vpcs import Vpcs\nfrom ScoutSuite.providers.aws.resources.ec2.instances import EC2Instances\nfrom ScoutSuite.providers.aws.resources.ec2.securitygroups import SecurityGroups\nfrom ScoutSuite.providers.aws.resources.ec2.networkinterfaces import NetworkInterfaces\n\n\nclass Ec2Vpcs(Vpcs):\n    _children = [\n        (EC2Instances, 'instances'),\n        (SecurityGroups, 'security_groups'),\n        (NetworkInterfaces, 'network_interfaces')\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/efs/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/efs/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\nfrom .filesystems import FileSystems\n\n\nclass EFS(Regions):\n    _children = [\n        (FileSystems, 'filesystems')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('efs', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/efs/filesystems.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.utils import format_arn\n\n\nclass FileSystems(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n        self.partition = facade.partition\n        self.service = 'elasticfilesystem'\n        self.resource_type = 'file-system'\n\n    async def fetch_all(self):\n        raw_file_systems = await self.facade.efs.get_file_systems(self.region)\n        for raw_file_system in raw_file_systems:\n            name, resource = self._parse_file_system(raw_file_system)\n            self[name] = resource\n\n    def _parse_file_system(self, raw_file_system):\n        fs_id = raw_file_system.pop('FileSystemId')\n        raw_file_system['name'] = raw_file_system.pop('Name') if 'Name' in raw_file_system else None\n        raw_file_system['tags'] = raw_file_system.pop('Tags')\n        raw_file_system['arn'] = format_arn(self.partition, self.service, self.region, raw_file_system.get('OwnerId'), fs_id, self.resource_type)\n        return fs_id, raw_file_system\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/elasticache/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/elasticache/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.elasticache.parametergroups import ParameterGroups\nfrom ScoutSuite.providers.aws.resources.elasticache.securitygroups import SecurityGroups\nfrom ScoutSuite.providers.aws.resources.elasticache.vpcs import ElastiCacheVpcs\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\n\nclass ElastiCache(Regions):\n    _children = [\n        (ElastiCacheVpcs, 'vpcs'),\n        (SecurityGroups, 'security_groups'),\n        (ParameterGroups, 'parameter_groups')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('elasticache', facade)\n\n    async def fetch_all(self, regions=None, excluded_regions=None, partition_name='aws', **kwargs):\n        await super().fetch_all(regions, excluded_regions, partition_name)\n\n        for region in self['regions']:\n            self['regions'][region]['clusters_count'] = \\\n                sum([len(vpc['clusters']) for vpc in self['regions'][region]['vpcs'].values()])\n            self['regions'][region]['subnet_groups_count'] = \\\n                sum([len(vpc['subnet_groups']) for vpc in self['regions'][region]['vpcs'].values()])\n        \n        self['clusters_count'] = sum([region['clusters_count'] for region in self['regions'].values()])\n\n        # We do not want the parameter groups to be part of the resources count, as it is usually in \n        # the three of four digits and would make the resources count confusing.\n        self.pop('parameter_groups_count')\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/elasticache/cluster.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Clusters(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str, vpc: str):\n        super().__init__(facade)\n        self.region = region\n        self.vpc = vpc\n        self.partition = facade.partition\n        self.service = 'elasticache'\n        self.resource_type = 'cluster'\n\n    async def fetch_all(self):\n        raw_clusters = await self.facade.elasticache.get_clusters(self.region, self.vpc)\n        for raw_cluster in raw_clusters:\n            name, resource = self._parse_cluster(raw_cluster)\n            self[name] = resource\n\n    def _parse_cluster(self, raw_cluster):\n        raw_cluster['name'] = raw_cluster.pop('CacheClusterId')\n        return get_non_provider_id(raw_cluster['name']), raw_cluster\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/elasticache/parametergroups.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\n\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\nclass ParameterGroups(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        raw_parameter_groups = await self.facade.elasticache.get_parameter_groups(self.region)\n        for raw_parameter_group in raw_parameter_groups:\n            name, resource = self._parse_parameter_group(raw_parameter_group)\n            self[name] = resource\n\n    def _parse_parameter_group(self, raw_parameter_group):\n        raw_parameter_group['name'] = raw_parameter_group.pop('CacheParameterGroupName')\n        raw_parameter_group['id'] = get_non_provider_id(raw_parameter_group['name'])\n        return raw_parameter_group['id'], raw_parameter_group\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/elasticache/securitygroups.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass SecurityGroups(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        raw_security_groups = await self.facade.elasticache.get_security_groups(self.region)\n\n        for raw_security_group in raw_security_groups:\n            name, resource = self._parse_security_group(raw_security_group)\n            self[name] = resource\n\n    def _parse_security_group(self, raw_security_group):\n        raw_security_group['name'] = raw_security_group.pop('CacheSecurityGroupName')\n        return get_non_provider_id(raw_security_group['name']), raw_security_group\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/elasticache/subnetgroups.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass SubnetGroups(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str, vpc: str):\n        super().__init__(facade)\n        self.region = region\n        self.vpc = vpc\n\n    async def fetch_all(self):\n        raw_subnet_groups = await self.facade.elasticache.get_subnet_groups(self.region, self.vpc)\n        for raw_subnet_group in raw_subnet_groups:\n            name, resource = self._parse_subnet_group(raw_subnet_group)\n            self[name] = resource\n\n    def _parse_subnet_group(self, raw_subnet_group):\n        raw_subnet_group['name'] = raw_subnet_group.pop('CacheSubnetGroupName')\n        return get_non_provider_id(raw_subnet_group['name']), raw_subnet_group\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/elasticache/vpcs.py",
    "content": "from ScoutSuite.providers.aws.resources.vpcs import Vpcs\nfrom ScoutSuite.providers.aws.resources.elasticache.cluster import Clusters\nfrom ScoutSuite.providers.aws.resources.elasticache.subnetgroups import SubnetGroups\n\n\nclass ElastiCacheVpcs(Vpcs):\n    _children = [\n        (Clusters, 'clusters'),\n        (SubnetGroups, 'subnet_groups')\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/elb/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/elb/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\nfrom .vpcs import ELBVpcs\nfrom .policies import Policies\n\n\nclass ELB(Regions):\n    _children = [\n        (ELBVpcs, 'vpcs'),\n        (Policies, 'elb_policies')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('elb', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/elb/load_balancers.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.utils import get_keys, format_arn\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass LoadBalancers(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str, vpc: str):\n        super().__init__(facade)\n        self.region = region\n        self.vpc = vpc\n        self.partition = facade.partition\n        self.service = 'elb'\n        self.resource_type = 'load-balancer'\n\n    async def fetch_all(self):\n        raw_load_balancers = await self.facade.elb.get_load_balancers(self.region, self.vpc)\n        for raw_load_balancer in raw_load_balancers:\n            id, load_balancer = self._parse_load_balancer(raw_load_balancer)\n            self[id] = load_balancer\n\n    def _parse_load_balancer(self, raw_load_balancer):\n        load_balancer = {'name': raw_load_balancer['LoadBalancerName']}\n        get_keys(raw_load_balancer, load_balancer,\n                 ['DNSName', 'CreatedTime', 'AvailabilityZones', 'Subnets', 'Scheme', 'attributes'])\n\n        load_balancer['security_groups'] = []\n        load_balancer['arn'] = format_arn(self.partition, self.service, self.region, self.facade.owner_id, raw_load_balancer.get('LoadBalancerName'), self.resource_type)\n        \n        for sg in raw_load_balancer['SecurityGroups']:\n            load_balancer['security_groups'].append({'GroupId': sg})\n\n        load_balancer['listeners'] = {}\n        for l in raw_load_balancer['ListenerDescriptions']:\n            listener = l['Listener']\n            load_balancer['listeners'][l['Listener']\n                                       ['LoadBalancerPort']] = listener\n\n        load_balancer['instances'] = []\n        for i in raw_load_balancer['Instances']:\n            load_balancer['instances'].append(i['InstanceId'])\n\n        if 'Tags' in raw_load_balancer and raw_load_balancer['Tags']:\n            load_balancer['tags'] = {x['Key']: x['Value'] for x in raw_load_balancer['Tags']}\n\n        return get_non_provider_id(load_balancer['name']), load_balancer\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/elb/policies.py",
    "content": "from ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.utils import format_arn\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Policies(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n        self.partition = facade.partition\n        self.service = 'elb'\n        self.resource_type = 'policy'\n\n    async def fetch_all(self):\n        raw_policies = await self.facade.elb.get_policies(self.region)\n        for raw_policy in raw_policies:\n            id, policy = self._parse_policy(raw_policy)\n            self[id] = policy\n\n    def _parse_policy(self, raw_policy):\n        raw_policy['name'] = raw_policy.pop('PolicyName')\n        policy_id = get_non_provider_id(raw_policy['name'])\n        raw_policy['arn'] = format_arn(self.partition, self.service, self.region, '', raw_policy['name'], self.resource_type)\n        return policy_id, raw_policy\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/elb/vpcs.py",
    "content": "from ScoutSuite.providers.aws.resources.vpcs import Vpcs\nfrom .load_balancers import LoadBalancers\n\n\nclass ELBVpcs(Vpcs):\n    _children = [\n        (LoadBalancers, 'elbs'),\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/elbv2/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/elbv2/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\nfrom .vpcs import ELBv2Vpcs\n\n\nclass ELBv2(Regions):\n    _children = [\n        (ELBv2Vpcs, 'vpcs')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('elbv2', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/elbv2/listeners.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\n\n\nclass Listeners(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str, load_balancer_arn: str):\n        super().__init__(facade)\n        self.region = region\n        self.load_balancer_arn = load_balancer_arn\n\n    async def fetch_all(self):\n        listeners = await self.facade.elbv2.get_listeners(self.region, self.load_balancer_arn)\n        for raw_listener in listeners:\n            id, listener = self._parse_listener(raw_listener)\n            self[id] = listener\n\n    def _parse_listener(self, raw_listener):\n            raw_listener.pop('ListenerArn')\n            raw_listener.pop('LoadBalancerArn')\n            port = raw_listener.pop('Port')\n            return port, raw_listener\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/elbv2/load_balancers.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSCompositeResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\nfrom .listeners import Listeners\n\n\nclass LoadBalancers(AWSCompositeResources):\n    _children = [\n        (Listeners, 'listeners')\n    ]\n\n    def __init__(self, facade: AWSFacade, region: str, vpc: str):\n        super().__init__(facade)\n        self.region = region\n        self.vpc = vpc\n\n    async def fetch_all(self):\n        raw_load_balancers = await self.facade.elbv2.get_load_balancers(self.region, self.vpc)\n        for raw_load_balancer in raw_load_balancers:\n            id, load_balancer = self._parse_load_balancer(raw_load_balancer)\n            self[id] = load_balancer\n\n        await self._fetch_children_of_all_resources(\n            resources=self,\n            scopes={load_balancer_id: {'region': self.region, 'load_balancer_arn': load_balancer['arn']}\n                    for (load_balancer_id, load_balancer) in self.items()}\n        )\n\n        # After loading the listener information, map the protocols used in a new field for easier usage in rules\n        for lb_id in self.keys():\n            if lb_id is not None and len(self[lb_id]['listeners']) > 0:\n                protocols = [x['Protocol'] for x in list(self[lb_id]['listeners'].values())]\n                self[lb_id]['listener_protocols'] = protocols\n\n    def _parse_load_balancer(self, load_balancer):\n        load_balancer['arn'] = load_balancer.pop('LoadBalancerArn')\n        load_balancer['name'] = load_balancer.pop('LoadBalancerName')\n        load_balancer['security_groups'] = []\n        load_balancer['listener_protocols'] = []\n        load_balancer['isNetwork'] = load_balancer[\"Type\"] == \"network\"\n\n        if 'SecurityGroups' in load_balancer:\n            for sg in load_balancer['SecurityGroups']:\n                load_balancer['security_groups'].append({'GroupId': sg})\n            load_balancer.pop('SecurityGroups')\n\n        if 'Tags' in load_balancer and load_balancer['Tags']:\n            load_balancer['tags'] = {x['Key']: x['Value'] for x in load_balancer['Tags']}\n            load_balancer.pop('Tags')\n\n        return get_non_provider_id(load_balancer['name']), load_balancer\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/elbv2/vpcs.py",
    "content": "from ScoutSuite.providers.aws.resources.vpcs import Vpcs\nfrom .load_balancers import LoadBalancers\n\n\nclass ELBv2Vpcs(Vpcs):\n    _children = [\n        (LoadBalancers, 'lbs'),\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/emr/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/emr/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\nfrom .vpcs import EMRVpcs\n\n\nclass EMR(Regions):\n    _children = [\n        (EMRVpcs, 'vpcs')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('emr', facade)\n\n    async def fetch_all(self, regions=None, excluded_regions=None, partition_name='aws', **kwargs):\n        await super().fetch_all(regions, excluded_regions, partition_name)\n\n        for region in self['regions']:\n            self['regions'][region]['clusters_count'] = sum(\n                [len(vpc['clusters']) for vpc in self['regions'][region]['vpcs'].values()])\n\n        self['clusters_count'] = sum(\n            [region['clusters_count'] for region in self['regions'].values()])\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/emr/clusters.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\n\n\nclass EMRClusters(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        raw_clusters = await self.facade.emr.get_clusters(self.region)\n        for raw_cluster in raw_clusters:\n            name, resource = self._parse_cluster(raw_cluster)\n            self[name] = resource\n\n    def _parse_cluster(self, raw_cluster):\n        raw_cluster['id'] = raw_cluster.pop('Id')\n        raw_cluster['name'] = raw_cluster.pop('Name')\n        raw_cluster['arn'] = raw_cluster.pop('ClusterArn')\n        return raw_cluster['id'], raw_cluster\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/emr/vpcs.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSCompositeResources\n\nfrom .clusters import EMRClusters\n\n\nclass EMRVpcs(AWSCompositeResources):\n    _children = [\n        (EMRClusters, 'clusters')\n    ]\n\n    def __init__(self, facade: AWSFacade, region: str):\n        self.region = region\n\n        super().__init__(facade)\n\n    async def fetch_all(self):\n        # EMR won't disclose its VPC, so we put everything in a VPC named \"EMR-UNKNOWN-VPC\", and we\n        # infer the VPC afterwards during the preprocessing.\n        tmp_vpc = 'EMR-UNKNOWN-VPC'\n        self[tmp_vpc] = {}\n        await self._fetch_children(self[tmp_vpc], {'region': self.region})\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/iam/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/iam/base.py",
    "content": "from ScoutSuite.providers.aws.resources.base import AWSCompositeResources\nfrom ScoutSuite.providers.aws.resources.iam.credentialreports import CredentialReports\nfrom ScoutSuite.providers.aws.resources.iam.groups import Groups\nfrom ScoutSuite.providers.aws.resources.iam.policies import Policies\nfrom ScoutSuite.providers.aws.resources.iam.users import Users\nfrom ScoutSuite.providers.aws.resources.iam.roles import Roles\nfrom ScoutSuite.providers.aws.resources.iam.passwordpolicy import PasswordPolicy\nfrom ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.core.console import print_exception\n\n\nclass IAM(AWSCompositeResources):\n    _children = [\n        (CredentialReports, 'credential_reports'),\n        (Groups, 'groups'),\n        (Policies, 'policies'),\n        (Users, 'users'),\n        (Roles, 'roles'),\n        (PasswordPolicy, 'password_policy')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__(facade)\n        self.service = 'iam'\n\n    async def fetch_all(self, partition_name='aws', **kwargs):\n        await self._fetch_children(self)\n\n        # We do not want the report to count the password policies as resources, they aren't really resources.\n        self['password_policy_count'] = 0\n\n    async def finalize(self):\n        try:\n            # Update permissions for managed policies\n            self['permissions'] = {}\n            policies = [policy for policy in self['policies'].values()]\n            self._parse_inline_policies_permissions('groups')\n            self._parse_inline_policies_permissions('users')\n            self._parse_inline_policies_permissions('roles')\n\n            for policy in policies:\n                policy_id = policy['id']\n                if 'attached_to' in policy and len(policy['attached_to']) > 0:\n                    for entity_type in policy['attached_to']:\n                        for entity in policy['attached_to'][entity_type]:\n                            try:\n                                entity['id'] = self._get_id_for_resource(entity_type, entity['name'])\n                                entities = self[entity_type]\n                                if entity['id'] is not None:\n                                    entities[entity['id']].setdefault('policies', [])\n                                    entities[entity['id']].setdefault('policies_counts', 0)\n                                    entities[entity['id']]['policies'].append(policy_id)\n                                    entities[entity['id']]['policies_counts'] += 1\n                                    self._parse_permissions(\n                                        policy_id, policy['PolicyDocument'], 'policies', entity_type, entity['id'])\n                            except Exception as e:\n                                print_exception(f'Error setting entity for ID {entity[\"id\"]}: {e}')\n                else:\n                    self._parse_permissions(\n                        policy_id, policy['PolicyDocument'], 'policies', None, None)\n        except Exception as e:\n            print_exception(f'Error finalizing IAM service: {e}')\n\n    def _parse_inline_policies_permissions(self, resource_type):\n        for resource_id in self[resource_type]:\n            resource = self[resource_type][resource_id]\n            if 'inline_policies' not in resource:\n                continue\n\n            for policy_id in resource['inline_policies']:\n                policy = resource['inline_policies'][policy_id]\n                self._parse_permissions(\n                    policy_id, policy['PolicyDocument'], 'inline_policies', resource_type, resource_id)\n\n    def _get_id_for_resource(self, iam_resource_type, resource_name):\n        for resource_id in self[iam_resource_type]:\n            if self[iam_resource_type][resource_id]['name'] == resource_name:\n                return resource_id\n\n    def _parse_permissions(self, policy_name, policy_document, policy_type, iam_resource_type, resource_name):\n        # Enforce list of statements (Github issue #99)\n        if type(policy_document['Statement']) != list:\n            policy_document['Statement'] = [policy_document['Statement']]\n        for statement in policy_document['Statement']:\n            self._parse_statement(policy_name, statement,\n                                  policy_type, iam_resource_type, resource_name)\n\n    def _parse_statement(self, policy_name, statement, policy_type, iam_resource_type, resource_name):\n        # Effect\n        effect = str(statement['Effect'])\n        # Action or NotAction\n        action_string = 'Action' if 'Action' in statement else 'NotAction'\n        if type(statement[action_string]) != list:\n            statement[action_string] = [statement[action_string]]\n        # Resource or NotResource\n        resource_string = 'Resource' if 'Resource' in statement else 'NotResource'\n        if type(statement[resource_string]) != list:\n            statement[resource_string] = [statement[resource_string]]\n        # Condition\n        condition = statement['Condition'] if 'Condition' in statement else None\n        self['permissions'].setdefault(action_string, {})\n        if iam_resource_type is None:\n            return\n        self._parse_actions(effect, action_string, statement[action_string], resource_string,\n                            statement[resource_string], iam_resource_type, resource_name, policy_name, policy_type,\n                            condition)\n\n    def _parse_actions(self, effect, action_string, actions, resource_string, resources, iam_resource_type,\n                       iam_resource_name, policy_name, policy_type, condition):\n        for action in actions:\n            self['permissions'][action_string].setdefault(action, {})\n            self['permissions'][action_string][action].setdefault(\n                iam_resource_type, {})\n            self['permissions'][action_string][action][iam_resource_type].setdefault(\n                effect, {})\n            self['permissions'][action_string][action][iam_resource_type][effect].setdefault(\n                iam_resource_name, {})\n            self._parse_action(effect, action_string, action, resource_string, resources, iam_resource_type,\n                               iam_resource_name, policy_name, policy_type, condition)\n\n    def _parse_action(self, effect, action_string, action, resource_string, resources, iam_resource_type,\n                      iam_resource_name, policy_name, policy_type, condition):\n        for resource in resources:\n            self._parse_resource(effect, action_string, action, resource_string, resource, iam_resource_type,\n                                 iam_resource_name, policy_name, policy_type, condition)\n\n    def _parse_resource(self, effect, action_string, action, resource_string, resource, iam_resource_type,\n                        iam_resource_name, policy_name, policy_type, condition):\n        self['permissions'][action_string][action][iam_resource_type][effect][iam_resource_name].setdefault(\n            resource_string, {})\n        self['permissions'][action_string][action][iam_resource_type][effect][iam_resource_name][resource_string].\\\n            setdefault(resource, {})\n        self['permissions'][action_string][action][iam_resource_type][effect][iam_resource_name][resource_string][\n            resource].setdefault(policy_type, {})\n        self['permissions'][action_string][action][iam_resource_type][effect][iam_resource_name][resource_string][\n            resource][policy_type].setdefault(policy_name, {})\n        self['permissions'][action_string][action][iam_resource_type][effect][iam_resource_name][resource_string][\n            resource][policy_type][policy_name].setdefault('condition', condition)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/iam/credentialreports.py",
    "content": "from ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\nfrom ScoutSuite.core.console import print_exception\n\n\nclass CredentialReports(AWSResources):\n    async def fetch_all(self):\n        raw_credential_reports = await self.facade.iam.get_credential_reports()\n        for raw_credential_report in raw_credential_reports:\n            name, resource = await self._parse_credential_reports(raw_credential_report)\n            self[name] = resource\n\n    async def _parse_credential_reports(self, raw_credential_report):\n        raw_credential_report['id'] = get_non_provider_id(raw_credential_report['user'])\n        raw_credential_report['name'] = raw_credential_report['user']\n        raw_credential_report['password_enabled'] = raw_credential_report['password_enabled']\n        raw_credential_report['password_last_used'] = self._sanitize_date(raw_credential_report['password_last_used'])\n        raw_credential_report['password_last_changed'] =\\\n            self._sanitize_date(raw_credential_report['password_last_changed'])\n        raw_credential_report['access_key_1_active'] = raw_credential_report['access_key_1_active']\n        raw_credential_report['access_key_1_last_used_date'] =\\\n            self._sanitize_date(raw_credential_report['access_key_1_last_used_date'])\n        raw_credential_report['access_key_1_last_rotated'] = \\\n            self._sanitize_date(raw_credential_report['access_key_1_last_rotated'])\n        raw_credential_report['access_key_2_active'] = raw_credential_report['access_key_2_active']\n        raw_credential_report['access_key_2_last_used_date'] =\\\n            self._sanitize_date(raw_credential_report['access_key_2_last_used_date'])\n        raw_credential_report['access_key_2_last_rotated'] = \\\n            self._sanitize_date(raw_credential_report['access_key_2_last_rotated'])\n        raw_credential_report['last_used'] = self._compute_last_used(raw_credential_report)\n        raw_credential_report['cert_1_active'] = raw_credential_report['cert_1_active']\n        raw_credential_report['cert_2_active'] = raw_credential_report['cert_2_active']\n\n        if raw_credential_report['mfa_active'] == 'true':\n            raw_credential_report['mfa_active_hardware'] = await \\\n                self._user_has_hardware_mfa_devices(raw_credential_report['name'])\n        else:\n            raw_credential_report['mfa_active_hardware'] = False\n\n        raw_credential_report['partition'] = self.facade.partition\n\n        return raw_credential_report['id'], raw_credential_report\n\n    async def _user_has_hardware_mfa_devices(self, username):\n        \"\"\"\n        For a given user, returns whether a hardware MFA device is configured.\n\n        For normal users, virtual devices have serial numbers starting with \"arn\", so it's easy to validate.\n\n        For the root user, it's not possible to list all the devices, so instead we check all the virtual devices\n        to confirm if one is for the root user. If this is not the case, we can infer a hardware device is configured\n        (since we know MFA is active for the root user but cannot find a virtual device).\n        \"\"\"\n        try:\n            if username == '<root_account>':\n                devices = await self.facade.iam.get_virtual_mfa_devices()\n                for device in devices:\n                    # If no EnableDate the device has been disabled\n                    if device.get('EnableDate') and device['User']['Arn'][-5:] == ':root':\n                        return False\n                return True\n            else:\n                devices = await self.facade.iam.get_user_mfa_devices(username)\n                if devices:\n                    for device in devices:\n                        if device['SerialNumber'][0:4] == 'arn:':\n                            return False\n                    return True\n                else:\n                    return False\n        except Exception as e:\n            print_exception(f'Failed to infer hardware MFA configuration for user {username}: {e}')\n\n    @staticmethod\n    def _sanitize_date(date):\n        \"\"\"\n        Returns the date if it is not equal to 'N/A' or 'no_information', else returns None\n        \"\"\"\n        return date if date != 'no_information' and date != 'N/A' else None\n\n    @staticmethod\n    def _compute_last_used(credential_report):\n        dates = [credential_report['password_last_used'],\n                 credential_report['access_key_1_last_used_date'],\n                 credential_report['access_key_2_last_used_date']]\n\n        dates = [date for date in dates if date is not None]\n        return max(dates) if len(dates) > 0 else None\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/iam/groups.py",
    "content": "from ScoutSuite.providers.aws.resources.base import AWSResources\n\n\nclass Groups(AWSResources):\n    async def fetch_all(self):\n        raw_groups = await self.facade.iam.get_groups()\n        for raw_group in raw_groups:\n            name, resource = self._parse_group(raw_group)\n            self[name] = resource\n\n    def _parse_group(self, raw_group):\n        if raw_group['GroupName'] in self:\n            return\n\n        raw_group['id'] = raw_group.pop('GroupId')\n        raw_group['name'] = raw_group.pop('GroupName')\n        raw_group['arn'] = raw_group.pop('Arn')\n        raw_group['users'] = raw_group.pop('Users')\n        return raw_group['id'], raw_group\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/iam/passwordpolicy.py",
    "content": "from ScoutSuite.providers.aws.resources.base import AWSResources\n\n\nclass PasswordPolicy(AWSResources):\n    async def fetch_all(self):\n        raw_password_policy = await self.facade.iam.get_password_policy()\n        password_policy = self._parse_password_policy(raw_password_policy)\n        self.update(password_policy)\n\n    def _parse_password_policy(self, raw_password_policy):\n        if raw_password_policy is None:\n            return {\n                    'MinimumPasswordLength': '1',\n                    'RequireUppercaseCharacters': False,\n                    'RequireLowercaseCharacters': False, \n                    'RequireNumbers': False,\n                    'RequireSymbols': False, \n                    'PasswordReusePrevention': False,\n                    'ExpirePasswords': False\n            }\n\n        if 'PasswordReusePrevention' not in raw_password_policy:\n            raw_password_policy['PasswordReusePrevention'] = False\n        else:\n            raw_password_policy['PreviousPasswordPrevented'] = raw_password_policy['PasswordReusePrevention']\n            raw_password_policy['PasswordReusePrevention'] = True\n        # There is a bug in the API: ExpirePasswords always returns false\n        if 'MaxPasswordAge' in raw_password_policy:\n            raw_password_policy['ExpirePasswords'] = True\n\n        return raw_password_policy\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/iam/policies.py",
    "content": "from ScoutSuite.providers.aws.resources.base import AWSResources\n\n\nclass Policies(AWSResources):\n    async def fetch_all(self):\n        raw_policies = await self.facade.iam.get_policies()\n        for raw_policy in raw_policies:\n            name, resource = self._parse_policy(raw_policy)\n            self[name] = resource\n\n    def _parse_policy(self, raw_policy):\n        policy = {}\n        policy['id'] = raw_policy.pop('PolicyId')\n        policy['name'] = raw_policy.pop('PolicyName')\n        policy['arn'] = raw_policy.pop('Arn')\n        policy['PolicyDocument'] = raw_policy.pop('PolicyDocument')\n        policy['attached_to'] = raw_policy.pop('attached_to')\n        policy['management'] = 'AWS' if policy['arn'].startswith(f\"arn:{self.facade.partition}:iam::aws:\") else 'Customer'\n\n        return policy['id'], policy\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/iam/roles.py",
    "content": "from ScoutSuite.providers.aws.resources.base import AWSResources\n\n\nclass Roles(AWSResources):\n    async def fetch_all(self):\n        raw_roles = await self.facade.iam.get_roles()\n        for raw_role in raw_roles:\n            name, resource = self._parse_role(raw_role)\n            self[name] = resource\n\n    def _parse_role(self, raw_role):\n        role_dict = {}\n        role_dict['id'] = raw_role.get('RoleId')\n        role_dict['name'] = raw_role.get('RoleName')\n        role_dict['arn'] = raw_role.get('Arn')\n        role_dict['description'] = raw_role.get('Description')\n        role_dict['path'] = raw_role.get('Path')\n        role_dict['create_date'] = raw_role.get('CreateDate')\n        role_dict['max_session_duration'] = raw_role.get('MaxSessionDuration')\n        role_dict['instance_profiles'] = raw_role.get('instance_profiles')\n        role_dict['instances_count'] = raw_role.get('instances_count')\n        role_dict['inline_policies'] = raw_role.get('inline_policies')\n        role_dict['inline_policies_count'] = raw_role.get('inline_policies_count')\n        role_dict['assume_role_policy'] = raw_role.get('assume_role_policy')\n        if len(raw_role.get('tags', {}).get('Tags')) > 0:\n            role_dict['Tags'] = raw_role.get('tags').get('Tags')\n        return role_dict['id'], role_dict\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/iam/users.py",
    "content": "from ScoutSuite.providers.aws.resources.base import AWSResources\n\n\nclass Users(AWSResources):\n    async def fetch_all(self):\n        raw_users = await self.facade.iam.get_users()\n        for raw_user in raw_users:\n            name, resource = self._parse_user(raw_user)\n              \n            if name in self:\n                continue\n\n            self[name] = resource\n\n    def _parse_user(self, raw_user):\n        raw_user['id'] = raw_user.pop('UserId')\n        raw_user['name'] = raw_user.pop('UserName')\n        raw_user['arn'] = raw_user.pop('Arn')\n        if (len(raw_user['tags']['Tags']) > 0):\n            raw_user['Tags'] = raw_user['tags']['Tags']\n        return raw_user['id'], raw_user\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/kms/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/kms/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\nfrom .keys import Keys\n\n\nclass KMS(Regions):\n    _children = [\n        (Keys, 'keys'),\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('kms', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/kms/grants.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.utils import format_arn\n\n\nclass Grants(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str, key_id: str):\n        super().__init__(facade)\n        self.region = region\n        self.key_id = key_id\n        self.partition = facade.partition\n        self.service = 'kms'\n        self.resource_type = 'grant'\n\n    async def fetch_all(self):\n        raw_grants = await self.facade.kms.get_grants(self.region, self.key_id)\n        for raw_grant in raw_grants:\n            id, grant = self._parse_grant(raw_grant)\n            self[id] = grant\n\n    def _parse_grant(self, raw_grant):\n        grant_dict = {\n            'key_id': raw_grant.get('KeyId'),\n            'grant_id': raw_grant.get('GrantId'),\n            'name': raw_grant.get('Name'),\n            'create_date': raw_grant.get('CreationDate'),\n            'grantee_principal': raw_grant.get('GranteePrincipal'),\n            'retiring_principal': raw_grant.get('ReitirngPrincipal'),\n            'issuing_account': raw_grant.get('IssuingAccount'),\n            'operations': raw_grant.get('Operations'),\n            'constraints': raw_grant.get('Constraints'),\n            'arn': format_arn(self.partition, self.service, self.region, raw_grant.get('IssuingAccount').split(':')[4], raw_grant.get('GrantId'), self.resource_type) if ':' in raw_grant.get('IssuingAccount') else format_arn(self.partition, self.service, self.region, raw_grant.get('IssuingAccount'), raw_grant.get('GrantId'), self.resource_type)\n        }\n        return grant_dict['grant_id'], grant_dict\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/kms/keys.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSCompositeResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\nfrom .grants import Grants\n\n\nclass Keys(AWSCompositeResources):\n    _children = [\n        (Grants, 'grants'),\n    ]\n\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        raw_keys = await self.facade.kms.get_keys(self.region)\n        for raw_key in raw_keys:\n            key_id, key = await self._parse_key(raw_key)\n            self[key_id] = key\n\n        await self._fetch_children_of_all_resources(\n            resources=self,\n            scopes={key_id: {'region': self.region, 'key_id': key['id']}\n                    for (key_id, key) in self.items()}\n        )\n\n    async def _parse_key(self, raw_key):\n        key_dict = {}\n        key_dict['id'] = key_dict['name'] = raw_key.get('KeyId')\n        key_dict['arn'] = raw_key.get('KeyArn')\n        key_dict['policy'] = raw_key.get('policy')\n\n        if 'metadata' in raw_key:\n            key_dict['creation_date'] = raw_key['metadata']['KeyMetadata']['CreationDate'] if \\\n                raw_key['metadata']['KeyMetadata']['CreationDate'] else None\n            key_dict['key_enabled'] = False if raw_key['metadata']['KeyMetadata']['KeyState'] in \\\n                ['Disabled', 'PendingDeletion'] else True\n            key_dict['description'] = raw_key['metadata']['KeyMetadata']['Description'] if len(\n                raw_key['metadata']['KeyMetadata']['Description'].strip()) > 0 else None\n            key_dict['origin'] = raw_key['metadata']['KeyMetadata']['Origin'] if len(\n                raw_key['metadata']['KeyMetadata']['Origin'].strip()) > 0 else None\n            key_dict['key_manager'] = raw_key['metadata']['KeyMetadata']['KeyManager'] if len(\n                raw_key['metadata']['KeyMetadata']['KeyManager'].strip()) > 0 else None\n\n        # Handle keys who don't have these keys - seen in the wild, unsure why\n        if 'origin' not in key_dict.keys() or 'key_manager' not in key_dict.keys():\n            key_dict['rotation_enabled'] = None\n        # Only call this on customer managed CMKs, otherwise the AWS set policies might disallow access and it's always\n        # enabled anyway\n        elif key_dict['origin'] == 'AWS_KMS' and key_dict['key_manager'] == 'CUSTOMER':\n            rotation_status = await self.facade.kms.get_key_rotation_status(self.region, key_dict['id'])\n            if rotation_status:\n                key_dict['rotation_enabled'] = rotation_status.get('KeyRotationEnabled', None)\n            else:\n                key_dict['rotation_enabled'] = None\n        else:\n            key_dict['rotation_enabled'] = True\n\n        key_dict['aliases'] = []\n        for raw_alias in raw_key.get('aliases', []):\n            key_dict['aliases'].append(self._parse_alias(raw_alias))\n\n        return key_dict['id'], key_dict\n\n    def _parse_alias(self, raw_alias):\n        alias_dict = {\n            # all KMS Aliases are prefixed with alias/, so we'll strip that off\n            'id': get_non_provider_id(raw_alias.get('AliasArn')),\n            'name': raw_alias.get('AliasName').split('alias/', 1)[-1],\n            'arn': raw_alias.get('AliasArn'),\n            'key_id': raw_alias.get('TargetKeyId')}\n        return alias_dict\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/rds/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/rds/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.rds.parametergroups import ParameterGroups\nfrom ScoutSuite.providers.aws.resources.rds.securitygroups import SecurityGroups\nfrom ScoutSuite.providers.aws.resources.rds.vpcs import RDSVpcs\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\n\nclass RDS(Regions):\n    _children = [\n        (RDSVpcs, 'vpcs'),\n        (ParameterGroups, 'parameter_groups'),\n        (SecurityGroups, 'security_groups')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('rds', facade)\n\n    async def fetch_all(self, regions=None, excluded_regions=None, partition_name='aws', **kwargs):\n        await super().fetch_all(regions, excluded_regions, partition_name)\n\n        for region in self['regions']:\n            self['regions'][region]['instances_count'] =\\\n                sum([len(vpc['instances']) for vpc in self['regions'][region]['vpcs'].values()])\n            self['regions'][region]['snapshots_count'] =\\\n                sum([len(vpc['snapshots']) for vpc in self['regions'][region]['vpcs'].values()])\n            self['regions'][region]['subnet_groups_count'] =\\\n                sum([len(vpc['subnet_groups']) for vpc in self['regions'][region]['vpcs'].values()])\n        \n        self['instances_count'] = sum([region['instances_count'] for region in self['regions'].values()])\n        self['snapshots_count'] = sum([region['snapshots_count'] for region in self['regions'].values()])\n        self['subnet_groups_count'] = sum([region['subnet_groups_count'] for region in self['regions'].values()])\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/rds/instances.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass RDSInstances(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str, vpc: str):\n        super().__init__(facade)\n        self.region = region\n        self.vpc = vpc\n\n    async def fetch_all(self):\n        raw_instances = await self.facade.rds.get_instances(self.region, self.vpc)\n        for raw_instance in raw_instances:\n            name, resource = self._parse_instance(raw_instance)\n            self[name] = resource\n\n    def _parse_instance(self, raw_instance):\n        instance = {}\n        instance['name'] = raw_instance.pop('DBInstanceIdentifier')\n        for key in ['InstanceCreateTime', 'Engine', 'DBInstanceStatus', 'AutoMinorVersionUpgrade',\n                    'DBInstanceClass', 'MultiAZ', 'Endpoint', 'BackupRetentionPeriod', 'PubliclyAccessible',\n                    'StorageEncrypted', 'VpcSecurityGroups', 'DBSecurityGroups', 'DBParameterGroups',\n                    'EnhancedMonitoringResourceArn', 'StorageEncrypted', 'CACertificateIdentifier', 'Tags']:\n            instance[key] = raw_instance[key] if key in raw_instance else None\n\n        instance['is_read_replica'] = self._is_read_replica(raw_instance)\n        instance['arn'] = raw_instance.get('DBInstanceArn')\n        return get_non_provider_id(instance['name']), instance\n\n    @staticmethod\n    def _is_read_replica(instance):\n        # The ReadReplicaSourceDBInstanceIdentifier attribute is only defined for read replicas. Ref.: https://bit.ly/2UhKPqP\n        return instance.get('ReadReplicaSourceDBInstanceIdentifier') is not None\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/rds/parametergroups.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass ParameterGroups(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        raw_parameter_groups = await self.facade.rds.get_parameter_groups(self.region)\n        for raw_parameter_group in raw_parameter_groups:\n            name, resource = self._parse_parameter_group(raw_parameter_group)\n            self[name] = resource\n\n    def _parse_parameter_group(self, raw_parameter_group):\n        raw_parameter_group['arn'] = raw_parameter_group.pop('DBParameterGroupArn')\n        raw_parameter_group['name'] = raw_parameter_group.pop('DBParameterGroupName')\n        raw_parameter_group['parameters'] = raw_parameter_group.pop('Parameters')\n        parameter_group_id = get_non_provider_id(raw_parameter_group['name'])\n        return parameter_group_id, raw_parameter_group\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/rds/securitygroups.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass SecurityGroups(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        raw_security_groups = await self.facade.rds.get_security_groups(self.region)\n        for raw_security_group in raw_security_groups:\n            name, resource = self._parse_security_group(raw_security_group)\n            self[name] = resource\n\n    def _parse_security_group(self, raw_security_group):\n        raw_security_group['arn'] = raw_security_group.pop('DBSecurityGroupArn')\n        raw_security_group['name'] = raw_security_group.pop('DBSecurityGroupName')\n        return get_non_provider_id(raw_security_group['name']), raw_security_group\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/rds/snapshots.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\n\n\nclass Snapshots(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str, vpc: str):\n        super().__init__(facade)\n        self.region = region\n        self.vpc = vpc\n\n    async def fetch_all(self):\n        raw_snapshots = await self.facade.rds.get_snapshots(self.region, self.vpc)\n        for raw_snapshot in raw_snapshots:\n            name, resource = self._parse_snapshot(raw_snapshot)\n            self[name] = resource\n\n    def _parse_snapshot(self, raw_snapshot):\n        is_cluster = 'DBClusterIdentifier' in raw_snapshot\n\n        snapshot_id = raw_snapshot.pop('DBClusterSnapshotIdentifier') if is_cluster \\\n            else raw_snapshot.pop('DBSnapshotIdentifier')\n\n        snapshot = {}\n        snapshot['arn'] = raw_snapshot.pop('DBClusterSnapshotArn') if is_cluster else raw_snapshot.pop('DBSnapshotArn')\n        snapshot['id'] = snapshot_id,\n        snapshot['name'] = snapshot_id,\n        snapshot['vpc_id'] = raw_snapshot['VpcId']\n        snapshot['attributes'] = raw_snapshot['Attributes']\n        snapshot['is_cluster'] = is_cluster\n\n        attributes = [\n            'DBInstanceIdentifier',\n            'SnapshotCreateTime',\n            'Encrypted',\n            'OptionGroupName'\n        ]\n        for attribute in attributes:\n            snapshot[attribute] = raw_snapshot[attribute] if attribute in raw_snapshot else None\n\n        if snapshot['is_cluster']:  # Map some fields to do more generic and simple rules\n            snapshot['DBClusterIdentifier'] = raw_snapshot['DBClusterIdentifier']\n            snapshot['Encrypted'] = raw_snapshot['StorageEncrypted']\n\n        return snapshot_id, snapshot\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/rds/subnetgroups.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass SubnetGroups(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str, vpc: str):\n        super().__init__(facade)\n        self.region = region\n        self.vpc = vpc\n\n    async def fetch_all(self):\n        raw_subnet_groups = await self.facade.rds.get_subnet_groups(self.region, self.vpc)\n        for raw_subnet_group in raw_subnet_groups:\n            name, resource = self._parse_subnet_group(raw_subnet_group)\n            self[name] = resource\n\n    def _parse_subnet_group(self, raw_subnet_group):\n        raw_subnet_group['name'] = raw_subnet_group['DBSubnetGroupName']\n        raw_subnet_group['ARN'] = raw_subnet_group.pop('DBSubnetGroupArn')\n        return get_non_provider_id(raw_subnet_group['name']), raw_subnet_group\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/rds/vpcs.py",
    "content": "from ScoutSuite.providers.aws.resources.vpcs import Vpcs\nfrom ScoutSuite.providers.aws.resources.rds.instances import RDSInstances\nfrom ScoutSuite.providers.aws.resources.rds.snapshots import Snapshots\nfrom ScoutSuite.providers.aws.resources.rds.subnetgroups import SubnetGroups\n\n\nclass RDSVpcs(Vpcs):\n    _children = [\n        (RDSInstances, 'instances'),\n        (Snapshots, 'snapshots'),\n        (SubnetGroups, 'subnet_groups'),\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/redshift/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/redshift/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\nfrom .cluster_parameter_groups import ClusterParameterGroups\nfrom .cluster_security_groups import ClusterSecurityGroups\nfrom .vpcs import RedshiftVpcs\n\n\nclass Redshift(Regions):\n    _children = [\n        (RedshiftVpcs, 'vpcs'),\n        (ClusterParameterGroups, 'parameter_groups'),\n        (ClusterSecurityGroups, 'security_groups')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('redshift', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSCompositeResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\nfrom ScoutSuite.providers.aws.utils import format_arn\n\nfrom .cluster_parameters import ClusterParameters\n\n\nclass ClusterParameterGroups(AWSCompositeResources):\n    _children = [\n        (ClusterParameters, 'parameters')\n    ]\n\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n        self.partition = facade.partition\n        self.service = 'redshift'\n        self.resource_type = 'parametergroup'\n\n    async def fetch_all(self):\n        raw_parameter_groups = await self.facade.redshift.get_cluster_parameter_groups(self.region)\n        for raw_parameter_group in raw_parameter_groups:\n            id, parameter_group = self._parse_parameter_group(raw_parameter_group)\n            self[id] = parameter_group\n\n        await self._fetch_children_of_all_resources(\n            resources=self,\n            scopes={parameter_group_id: {'region': self.region,\n                                         'parameter_group_name': parameter_group['name']}\n                    for (parameter_group_id, parameter_group) in self.items()}\n        )\n\n    def _parse_parameter_group(self, raw_parameter_group):\n        parameter_group = {}\n        parameter_group['name'] = raw_parameter_group.get('ParameterGroupName')\n        parameter_group['id'] = get_non_provider_id(parameter_group['name'])\n        parameter_group['arn'] = format_arn(self.partition, self.service, self.region, self.facade.owner_id, raw_parameter_group.get('ParameterGroupName'), self.resource_type)\n        parameter_group['family'] = raw_parameter_group.get('ParameterGroupFamily')\n        parameter_group['description'] = raw_parameter_group.get('Description')\n        parameter_group['is_default'] = self._is_default(raw_parameter_group)\n        parameter_group['tags'] = raw_parameter_group.get('Tags')\n        return parameter_group['id'], parameter_group\n\n    def _is_default(self, raw_parameter_group):\n        if 'Default parameter group for' in raw_parameter_group.get('Description') and \\\n                'default.' in raw_parameter_group.get('ParameterGroupName'):\n            return True\n        else:\n            return False\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.utils import format_arn\n\n\nclass ClusterParameters(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str, parameter_group_name: str):\n        super().__init__(facade)\n        self.region = region\n        self.parameter_group_name = parameter_group_name\n        self.partition = facade.partition\n        self.service = 'redshift'\n        self.resource_type = 'cluster-parameter'\n\n    async def fetch_all(self):\n        raw_parameters = await self.facade.redshift.get_cluster_parameters(\n            self.region, self.parameter_group_name)\n        for raw_parameter in raw_parameters:\n            id, parameter = self._parse_parameter(raw_parameter)\n            self[id] = parameter\n\n    def _parse_parameter(self, raw_parameter):\n        parameter = {'value': raw_parameter['ParameterValue'],\n                     'source': raw_parameter['Source']}\n        raw_parameter['arn'] = format_arn(self.partition, self.service, self.region, '', raw_parameter.get('ParameterName'), self.resource_type)\n        return raw_parameter['ParameterName'], parameter\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/redshift/cluster_security_groups.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\n\n\nclass ClusterSecurityGroups(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        raw_security_groups = await self.facade.redshift.get_cluster_security_groups(self.region)\n        for raw_security_group in raw_security_groups:\n            id, security_group = self._parse_security_group(raw_security_group)\n            self[id] = security_group\n\n    def _parse_security_group(self, raw_security_group):\n        name = raw_security_group.pop('ClusterSecurityGroupName')\n        raw_security_group['name'] = name\n        return name, raw_security_group\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/redshift/clusters.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.utils import format_arn\n\n\nclass Clusters(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str, vpc: str):\n        super().__init__(facade)\n        self.region = region\n        self.vpc = vpc\n        self.partition = facade.partition\n        self.service = 'redshift'\n        self.resource_type = 'cluster'\n\n    async def fetch_all(self):\n        raw_clusters = await self.facade.redshift.get_clusters(self.region, self.vpc)\n        for raw_cluster in raw_clusters:\n            id, cluster = self._parse_cluster(raw_cluster)\n            self[id] = cluster\n\n    def _parse_cluster(self, raw_cluster):\n        name = raw_cluster.pop('ClusterIdentifier')\n        raw_cluster['name'] = name\n        raw_cluster['arn'] = format_arn(self.partition, self.service, self.region, self.facade.owner_id, name, self.resource_type)\n        return name, raw_cluster\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/redshift/vpcs.py",
    "content": "from ScoutSuite.providers.aws.resources.vpcs import Vpcs\n\nfrom .clusters import Clusters\n\n\nclass RedshiftVpcs(Vpcs):\n    _children = [\n        (Clusters, 'clusters'),\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/regions.py",
    "content": "import abc\n\nfrom ScoutSuite.providers.aws.resources.base import AWSCompositeResources\nfrom ScoutSuite.providers.aws.facade.base import AWSFacade\n\n\nclass Regions(AWSCompositeResources, metaclass=abc.ABCMeta):\n    def __init__(self, service: str, facade: AWSFacade):\n        super().__init__(facade)\n        self.service = service\n\n    async def fetch_all(self, regions=None, excluded_regions=None, partition_name='aws', **kwargs):\n        self['regions'] = {}\n        for region in await self.facade.build_region_list(self.service, regions, excluded_regions, partition_name):\n            self['regions'][region] = {\n                'id': region,\n                'region': region,\n                'name': region\n            }\n\n        await self._fetch_children_of_all_resources(\n            resources=self['regions'],\n            scopes={region: {'region': region} for region in self['regions']}\n        )\n\n        self._set_counts()\n\n    def _set_counts(self):\n        self['regions_count'] = len(self['regions'])\n        for _, key in self._children:\n            # VPCs should not be counted as resources. They exist whether you have resources or not, so\n            # counting them would make the report confusing.\n            if key == 'vpcs':\n                continue\n            self[key + '_count'] = sum([region[key + '_count'] for region in self['regions'].values()])\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/route53/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/route53/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\nfrom .domains import Domains\nfrom .hosted_zones import HostedZones\n\n\nclass Route53(Regions):\n    _children = [\n        (Domains, 'domains'),\n        (HostedZones, 'hosted_zones')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('route53domains', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/route53/domains.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\nfrom ScoutSuite.providers.aws.utils import format_arn\n\n\nclass Domains(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n        self.partition = facade.partition\n        self.service = 'route53'\n        self.resource_type = 'domain'\n\n    async def fetch_all(self):\n        raw_domains = await self.facade.route53.get_domains(self.region)\n        for raw_domain in raw_domains:\n            id, domain = self._parse_domain(raw_domain)\n            self[id] = domain\n\n    def _parse_domain(self, raw_domain):\n        domain_dict = {}\n        domain_dict['id'] = get_non_provider_id(raw_domain.get('DomainName'))\n        domain_dict['name'] = raw_domain.get('DomainName')\n        domain_dict['auto_renew'] = raw_domain.get('AutoRenew')\n        domain_dict['transfer_lock'] = raw_domain.get('TransferLock')\n        domain_dict['expiry'] = raw_domain.get('Expiry')\n        domain_dict['arn'] = format_arn(self.partition, self.service, self.region, self.facade.owner_id, domain_dict.get('id'), self.resource_type)\n        return domain_dict['id'], domain_dict\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/route53/hosted_zones.py",
    "content": "from ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.utils import format_arn\n\n\nclass HostedZones(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n        self.partition = facade.partition\n        self.service = 'route53'\n        self.resource_type = 'hosted-zone'\n\n    async def fetch_all(self):\n        raw_hosted_zones = await self.facade.route53.get_hosted_zones()\n        for raw_hosted_zone in raw_hosted_zones:\n            hosted_zone_id, hosted_zone = await self._parse_hosted_zone(raw_hosted_zone)\n            self[hosted_zone_id] = hosted_zone\n\n    async def _parse_hosted_zone(self, raw_hosted_zone):\n        hosted_zone_dict = {}\n        hosted_zone_dict['id'] = raw_hosted_zone.get('Id')\n        hosted_zone_dict['name'] = raw_hosted_zone.get('Name')\n        hosted_zone_dict['caller_reference'] = raw_hosted_zone.get('CallerReference')\n        hosted_zone_dict['config'] = raw_hosted_zone.get('Config')\n        hosted_zone_dict['resource_record_sets'] = await self.facade.route53.get_resource_records(hosted_zone_dict['id'])\n        hosted_zone_dict['resource_record_set_count'] = raw_hosted_zone.get('ResourceRecordSetCount')\n        hosted_zone_dict['arn'] = format_arn(self.partition,  self.service, self.region, '', raw_hosted_zone.get('Id'), self.resource_type)\n        return hosted_zone_dict['id'], hosted_zone_dict\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/s3/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/s3/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSCompositeResources\nfrom .buckets import Buckets\n\n\nclass S3(AWSCompositeResources):\n    _children = [\n        (Buckets, 'buckets')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__(facade)\n        self.service = 's3'\n\n    async def fetch_all(self, partition_name='aws', **kwargs):\n        # Keep track of regions as S3 is both a global and regional service\n        self.facade.s3.regions = kwargs.get('regions')\n        self['public_access_block_configuration'] = self.facade.s3.get_s3_public_access_block(self.facade.owner_id)\n        await self._fetch_children(self)\n\n    async def finalize(self):\n        for bucket_id in self['buckets']:\n            if \"public_access_block_configuration\" in self['buckets'][bucket_id]:\n                # The resulting configuration will be the most restrictive\n                self['buckets'][bucket_id][\"public_access_block_configuration\"][\"BlockPublicAcls\"] = \\\n                self['buckets'][bucket_id][\"public_access_block_configuration\"][\"BlockPublicAcls\"] or \\\n                self['public_access_block_configuration'][\"BlockPublicAcls\"]\n                self['buckets'][bucket_id][\"public_access_block_configuration\"][\"IgnorePublicAcls\"] = \\\n                self['buckets'][bucket_id][\"public_access_block_configuration\"][\"IgnorePublicAcls\"] or \\\n                self['public_access_block_configuration'][\"IgnorePublicAcls\"]\n                self['buckets'][bucket_id][\"public_access_block_configuration\"][\"BlockPublicPolicy\"] = \\\n                self['buckets'][bucket_id][\"public_access_block_configuration\"][\"BlockPublicPolicy\"] or \\\n                self['public_access_block_configuration'][\"BlockPublicPolicy\"]\n                self['buckets'][bucket_id][\"public_access_block_configuration\"][\"RestrictPublicBuckets\"] = \\\n                self['buckets'][bucket_id][\"public_access_block_configuration\"][\"RestrictPublicBuckets\"] or \\\n                self['public_access_block_configuration'][\"RestrictPublicBuckets\"]\n            else:\n                # No bucket-level configuration, use account level configuration\n                self['buckets'][bucket_id][\"public_access_block_configuration\"] = self['public_access_block_configuration']\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/s3/buckets.py",
    "content": "from ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.utils import format_arn, get_partition_name\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Buckets(AWSResources):\n    async def fetch_all(self):\n        self.partition = get_partition_name(self.facade.session)\n        self.service = 's3'\n        \n        raw_buckets = await self.facade.s3.get_buckets()\n        for raw_bucket in raw_buckets:\n            name, resource = self._parse_bucket(raw_bucket)\n            self[name] = resource\n\n    def _parse_bucket(self, raw_bucket):\n        \"\"\"\n        Parse a single S3 bucket\n\n        TODO:\n        - CORS\n        - Lifecycle\n        - Notification ?\n        - Get bucket's policy\n\n        :param bucket:\n        :param params:\n        :return:\n        \"\"\"\n        raw_bucket['name'] = raw_bucket.pop('Name')\n        raw_bucket['CreationDate'] = str(raw_bucket['CreationDate'])\n\n        raw_bucket['id'] = get_non_provider_id(raw_bucket['name'])\n        # Passing empty strings for 'region' and 'account-id' since S3 bucket ARNs omit them\n        raw_bucket['arn'] = format_arn(self.partition, self.service, '', '', '*', raw_bucket['name'])\n        return raw_bucket['id'], raw_bucket\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/secretsmanager/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/secretsmanager/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\nfrom .secrets import Secrets\n\n\nclass SecretsManager(Regions):\n    _children = [\n        (Secrets, 'secrets')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('secretsmanager', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/secretsmanager/secrets.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Secrets(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        for raw_secret in await self.facade.secretsmanager.get_secrets(self.region):\n            id, secret = self._parse_secret(raw_secret)\n            self[id] = secret\n\n    def _parse_secret(self, raw_secret):\n        secret_dict = {}\n        secret_dict['id'] = get_non_provider_id(raw_secret.get('ARN'))\n        secret_dict['arn'] = raw_secret.get('ARN')\n        secret_dict['name'] = raw_secret.get('Name')\n        secret_dict['description'] = raw_secret.get('Description')\n        secret_dict['last_changed_date'] = raw_secret.get('LastChangedDate')\n        secret_dict['last_accessed_date'] = raw_secret.get('LastAccessedDate')\n        secret_dict['tags'] = raw_secret.get('Tags')\n        secret_dict['secret_versions_to_stages'] = raw_secret.get('SecretVersionsToStages')\n        secret_dict['kms'] = raw_secret.get('KmsKeyId')\n        secret_dict['policy'] = raw_secret.get('policy')\n        secret_dict['rotation'] = raw_secret.get('RotationEnabled', False)\n        secret_dict['rotation_lambda_arn'] = raw_secret.get('RotationLambdaARN')\n        secret_dict['rotation_interval'] = raw_secret.get('RotationRules', {}).get('AutomaticallyAfterDays')\n        return secret_dict['id'], secret_dict\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/ses/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/ses/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\nfrom .identities import Identities\n\n\nclass SES(Regions):\n    _children = [\n        (Identities, 'identities')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('ses', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/ses/identities.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSCompositeResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\nfrom ScoutSuite.providers.aws.utils import format_arn\n\nfrom .identity_policies import IdentityPolicies\n\n\nclass Identities(AWSCompositeResources):\n    _children = [\n        (IdentityPolicies, 'policies')\n    ]\n\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n        self.partition = facade.partition\n        self.service = 'ses'\n        self.resource_type = 'identity'\n\n    async def fetch_all(self):\n        raw_identities = await self.facade.ses.get_identities(self.region)\n        for raw_identity in raw_identities:\n            id, identity = self._parse_identity(raw_identity)\n            self[id] = identity\n\n        await self._fetch_children_of_all_resources(\n            resources=self,\n            scopes={identity_id: {'region': self.region, 'identity_name': identity['name']}\n                    for (identity_id, identity) in self.items()}\n        )\n\n    def _parse_identity(self, raw_identity):\n        identity_name, dkim_attributes = raw_identity\n        identity = {}\n        identity['name'] = identity_name\n        identity['DkimEnabled'] = dkim_attributes['DkimEnabled']\n        identity['DkimVerificationStatus'] = dkim_attributes['DkimVerificationStatus']\n        identity['arn'] = format_arn(self.partition, self.service, self.region, self.facade.owner_id, identity_name, self.resource_type)\n        return get_non_provider_id(identity_name), identity\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/ses/identity_policies.py",
    "content": "import json\n\nfrom ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.utils import format_arn\n\n\nclass IdentityPolicies(AWSResources):\n\n    def __init__(self, facade: AWSFacade, region: str, identity_name: str):\n        super().__init__(facade)\n        self.region = region\n        self.identity_name = identity_name\n        self.partition = facade.partition\n        self.service = 'ses'\n        self.resource_type = 'identity-policy'\n\n    async def fetch_all(self):\n        raw_policies = await self.facade.ses.get_identity_policies(self.region, self.identity_name)\n        for policy_name, raw_policy in raw_policies.items():\n            self[policy_name] = json.loads(raw_policy)\n            self[policy_name]['arn'] = format_arn(self.partition, self.service, self.region, '', policy_name, self.resource_type)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/sns/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/sns/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\nfrom .topics import Topics\n\n\nclass SNS(Regions):\n    _children = [\n        (Topics, 'topics')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('sns', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/sns/subscriptions.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\n\n\nclass Subscriptions(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str, topic_name: str):\n        super().__init__(facade)\n        self.region = region\n        self.topic_name = topic_name\n\n    async def fetch_all(self):\n        raw_subscriptions = await self.facade.sns.get_subscriptions(self.region, self.topic_name)\n        self['protocol'] = {}\n        self['subscriptions_count'] = 0\n        for raw_subscription in raw_subscriptions:\n            protocol, subscription = self._parse_subscription(raw_subscription)\n            if protocol in self['protocol']:\n                self['protocol'][protocol].append(subscription)\n            else:\n                self['protocol'][protocol] = [subscription]\n            self['subscriptions_count'] += 1\n\n    def _parse_subscription(self, raw_subscription):\n        protocol = raw_subscription.pop('Protocol')\n        raw_subscription['arn'] = raw_subscription.pop('SubscriptionArn')\n        return protocol, raw_subscription\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/sns/topics.py",
    "content": "import json\n\nfrom ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSCompositeResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\nfrom .subscriptions import Subscriptions\n\n\nclass Topics(AWSCompositeResources):\n    _children = [\n        (Subscriptions, 'subscriptions')\n    ]\n\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        raw_topics = await self.facade.sns.get_topics(self.region)\n        for raw_topic in raw_topics:\n            topic_name, topic = self._parse_topic(raw_topic)\n            self[topic_name] = topic\n\n        await self._fetch_children_of_all_resources(\n            resources=self,\n            scopes={topic_id: {'region': self.region, 'topic_name': topic['name']}\n                    for (topic_id, topic) in self.items()}\n        )\n\n        # Fix subscriptions count:\n        for topic in self.values():\n            topic['subscriptions_count'] = topic['subscriptions'].pop('subscriptions_count')\n\n    def _parse_topic(self, raw_topic):\n        raw_topic['arn'] = raw_topic.pop('TopicArn')\n        raw_topic['name'] = raw_topic['arn'].split(':')[-1]\n\n        attributes = raw_topic.pop('attributes')\n        for k in ['Owner', 'DisplayName']:\n            raw_topic[k] = attributes[k] if k in attributes else None\n        for k in ['Policy', 'DeliveryPolicy', 'EffectiveDeliveryPolicy']:\n            raw_topic[k] = json.loads(attributes[k]) if k in attributes else None\n\n        if \"KmsMasterKeyId\" in attributes:\n            raw_topic[\"KmsMasterKeyId\"] = attributes[\"KmsMasterKeyId\"]\n\n        return get_non_provider_id(raw_topic['name']), raw_topic\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/sqs/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/sqs/base.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\nfrom .queues import Queues\n\n\nclass SQS(Regions):\n    _children = [\n        (Queues, 'queues')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        super().__init__('sqs', facade)\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/sqs/queues.py",
    "content": "import json\n\nfrom ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Queues(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.region = region\n\n    async def fetch_all(self):\n        queues = await self.facade.sqs.get_queues(self.region,\n                                                  ['CreatedTimestamp', 'Policy', 'QueueArn', 'KmsMasterKeyId', 'SqsManagedSseEnabled'])\n        for queue_url, queue_attributes in queues:\n            id, queue = self._parse_queue(queue_url, queue_attributes)\n            self[id] = queue\n\n    def _parse_queue(self, queue_url, queue_attributes):\n        queue = {}\n        queue['arn'] = queue_attributes.get('QueueArn')\n        queue['name'] = queue['arn'].split(':')[-1]\n        queue['QueueUrl'] = queue_url\n        queue['kms_master_key_id'] = queue_attributes.get('KmsMasterKeyId', None)\n        queue['sqs_managed_sse_enabled'] = queue_attributes.pop('SqsManagedSseEnabled', None)\n        queue['CreatedTimestamp'] = queue_attributes.get('CreatedTimestamp', None)\n\n        if 'Policy' in queue_attributes:\n            queue['Policy'] = json.loads(queue_attributes['Policy'])\n        else:\n            queue['Policy'] = {'Statement': []}\n\n        return get_non_provider_id(queue['name']), queue\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/vpc/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/aws/resources/vpc/base.py",
    "content": "import netaddr\n\nfrom ScoutSuite.core.fs import read_ip_ranges\nfrom ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.regions import Regions\n\nfrom .flow_logs import FlowLogs\nfrom .vpcs import RegionalVpcs\nfrom .peering_connections import PeeringConnections\n\nknown_cidrs = {'0.0.0.0/0': 'All'}\naws_ip_ranges = {}\n\n\nclass VPC(Regions):\n    _children = [\n        (RegionalVpcs, 'vpcs'),\n        (FlowLogs, 'flow_logs'),\n        (PeeringConnections, 'peering_connections')\n    ]\n\n    def __init__(self, facade: AWSFacade):\n        # VPC is not a real service but a subset of ec2:\n        super().__init__('ec2', facade)\n\n\n# TODO: move these helpers elsewhere:\n\n\ndef put_cidr_name(current_config, path, current_path, resource_id, callback_args):\n    \"\"\"Add a display name for all known CIDRs.\"\"\"\n\n    if 'cidrs' in current_config:\n        cidr_list = []\n        for cidr in current_config['cidrs']:\n            if type(cidr) == dict:\n                cidr = cidr['CIDR']\n            if cidr in known_cidrs:\n                cidr_name = known_cidrs[cidr]\n            else:\n                cidr_name = get_cidr_name(\n                    cidr, callback_args['ip_ranges'], callback_args['ip_ranges_name_key'])\n                known_cidrs[cidr] = cidr_name\n            cidr_list.append({'CIDR': cidr, 'CIDRName': cidr_name})\n        current_config['cidrs'] = cidr_list\n\n\ndef get_cidr_name(cidr, ip_ranges_files, ip_ranges_name_key):\n    \"\"\"Read display name for CIDRs from ip-ranges files.\"\"\"\n\n    for filename in ip_ranges_files:\n        ip_ranges = read_ip_ranges(filename, local_file=True)\n        for ip_range in ip_ranges:\n            ip_prefix = netaddr.IPNetwork(ip_range['ip_prefix'])\n            cidr = netaddr.IPNetwork(cidr)\n            if cidr in ip_prefix:\n                return ip_range[ip_ranges_name_key].strip()\n    for ip_range in aws_ip_ranges:\n        ip_prefix = netaddr.IPNetwork(ip_range['ip_prefix'])\n        cidr = netaddr.IPNetwork(cidr)\n        if cidr in ip_prefix:\n            return 'Unknown CIDR in {} {}'.format(ip_range['service'], ip_range['region'])\n    return 'Unknown CIDR'\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/vpc/flow_logs.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.utils import get_name, format_arn\n\n\nclass FlowLogs(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.facade = facade\n        self.region = region\n        self.partition = facade.partition\n        self.service = 'vpc'\n        self.resource_type = 'flow-log'\n\n    async def fetch_all(self):\n        raw_logs = await self.facade.ec2.get_flow_logs(self.region)\n\n        for raw_log in raw_logs:\n            id, log = self._parse_log(raw_log)\n            self[id] = log\n\n    def _parse_log(self, raw_flow_log):\n        flow_log_dict = {}\n        flow_log_dict['name'] = flow_log_dict['id'] = raw_flow_log.get('FlowLogId')\n        flow_log_dict['creation_time'] = raw_flow_log.get('CreationTime')\n        flow_log_dict['deliver_logs_error_message'] = raw_flow_log.get('DeliverLogsErrorMessage')\n        flow_log_dict['deliver_logs_status'] = raw_flow_log.get('DeliverLogsStatus')\n        flow_log_dict['flow_log_status'] = raw_flow_log.get('FlowLogStatus')\n        flow_log_dict['resource_id'] = raw_flow_log.get('ResourceId')\n        flow_log_dict['traffic_type'] = raw_flow_log.get('TrafficType')\n        flow_log_dict['log_destination_type'] = raw_flow_log.get('LogDestinationType')\n        flow_log_dict['log_destination'] = raw_flow_log.get('LogDestination')\n        flow_log_dict['log_format'] = raw_flow_log.get('LogFormat')\n        flow_log_dict['tags'] = raw_flow_log.get('Tags')\n        flow_log_dict['max_aggregation_interval'] = raw_flow_log.get('MaxAggregationInterval')\n        flow_log_dict['arn'] = format_arn(self.partition, self.service, self.region, '', raw_flow_log.get('FlowLogId'), self.resource_type)\n        return flow_log_dict['id'], flow_log_dict\n\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/vpc/network_acls.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.utils import get_name, format_arn\nfrom ScoutSuite.core.fs import load_data\n\nprotocols_dict = load_data('protocols.json', 'protocols')\n\n\nclass NetworkACLs(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str, vpc: str):\n        self.region = region\n        self.vpc = vpc\n        self.partition = facade.partition\n        self.service = 'vpc'\n        self.resource_type = 'network-acl'\n\n        super().__init__(facade)\n\n    async def fetch_all(self):\n        raw_network_acls = await self.facade.ec2.get_network_acls(self.region, self.vpc)\n        for raw_network_acl in raw_network_acls:\n            id, network_acl = self._parse_network_acl(raw_network_acl)\n            self[id] = network_acl\n\n    def _parse_network_acl(self, raw_network_acl):\n        raw_network_acl['id'] = raw_network_acl.pop('NetworkAclId')\n        get_name(raw_network_acl, raw_network_acl, 'id')\n        raw_network_acl['rules'] = {}\n        raw_network_acl['rules']['ingress'] = self._parse_network_acl_entries(raw_network_acl['Entries'], False)\n        raw_network_acl['rules']['egress'] = self._parse_network_acl_entries(raw_network_acl['Entries'], True)\n        raw_network_acl.pop('Entries')\n        raw_network_acl['arn'] = format_arn(self.partition, self.service, self.region, raw_network_acl.get('OwnerId'), raw_network_acl.get('id'), self.resource_type)\n        return raw_network_acl['id'], raw_network_acl\n\n    @staticmethod\n    def _parse_network_acl_entries(entries, egress):\n        acl_dict = {}\n        for entry in entries:\n            if entry['Egress'] == egress:\n                acl = {}\n                for key in ['RuleAction', 'RuleNumber']:\n                    acl[key] = entry[key]\n                acl['CidrBlock'] = entry['CidrBlock'] if 'CidrBlock' in entry else entry['Ipv6CidrBlock']\n                acl['protocol'] = protocols_dict[entry['Protocol']]\n                if 'PortRange' in entry:\n                    from_port = entry['PortRange']['From'] if entry['PortRange']['From'] else 1\n                    to_port = entry['PortRange']['To'] if entry['PortRange']['To'] else 65535\n                    acl['port_range'] = from_port if from_port == to_port else str(from_port) + '-' + str(to_port)\n                else:\n                    acl['port_range'] = '1-65535'\n\n                acl_dict[acl.pop('RuleNumber')] = acl\n        return acl_dict\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/vpc/peering_connections.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.utils import format_arn\n\n\nclass PeeringConnections(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str):\n        super().__init__(facade)\n        self.facade = facade\n        self.region = region\n        self.partition = facade.partition\n        self.service = 'vpc'\n        self.resource_type = 'peering-connection'\n\n    async def fetch_all(self):\n        raw_peering_connections = await self.facade.ec2.get_peering_connections(self.region)\n\n        for raw_peering_connection in raw_peering_connections:\n            id, peering_connection = self._parse_peering_connections(raw_peering_connection)\n            self[id] = peering_connection\n\n    def _parse_peering_connections(self, raw_peering_connection):\n        raw_peering_connection['id'] = raw_peering_connection['name'] = raw_peering_connection['VpcPeeringConnectionId']\n        raw_peering_connection['arn'] = format_arn(self.partition, self.service, self.region, '', raw_peering_connection['VpcPeeringConnectionId'], self.resource_type)\n        return raw_peering_connection['id'], raw_peering_connection\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/vpc/subnets.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.base import AWSResources\nfrom ScoutSuite.providers.aws.utils import get_name\n\n\nclass Subnets(AWSResources):\n    def __init__(self, facade: AWSFacade, region: str, vpc: str):\n        self.region = region\n        self.vpc = vpc\n\n        super().__init__(facade)\n\n    async def fetch_all(self):\n        raw_subnets = await self.facade.ec2.get_subnets(self.region, self.vpc)\n        for raw_subnet in raw_subnets:\n            id, subnet = self._parse_subnet(raw_subnet)\n            self[id] = subnet\n\n    def _parse_subnet(self, raw_subnet):\n        raw_subnet['id'] = raw_subnet['SubnetId']\n        get_name(raw_subnet, raw_subnet, 'SubnetId')\n        raw_subnet.pop('SubnetId')\n        raw_subnet['arn'] = raw_subnet.pop('SubnetArn')\n\n        if raw_subnet['Ipv6CidrBlockAssociationSet']:\n            raw_subnet['CidrBlockv6'] = raw_subnet['Ipv6CidrBlockAssociationSet'][0]['Ipv6CidrBlock']\n        else:\n            raw_subnet['CidrBlockv6'] = None\n\n        return raw_subnet['id'], raw_subnet\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/vpc/vpcs.py",
    "content": "from ScoutSuite.providers.aws.resources.vpcs import Vpcs\n\nfrom .network_acls import NetworkACLs\nfrom .subnets import Subnets\n\n\nclass RegionalVpcs(Vpcs):\n    _children = [\n        (NetworkACLs, 'network_acls'),\n        (Subnets, 'subnets'),\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/aws/resources/vpcs.py",
    "content": "from ScoutSuite.providers.aws.resources.base import AWSCompositeResources\nfrom ScoutSuite.providers.aws.utils import format_arn\n\nclass Vpcs(AWSCompositeResources):\n    \"\"\"\n    Fetches resources inside the virtual private clouds (VPCs) defined in a region. \n    :param add_ec2_classic: Setting this parameter to True will add 'EC2-Classic' to the list of VPCs.\n    \"\"\"\n\n    def __init__(self, facade, region: str, add_ec2_classic=False):\n        super().__init__(facade)\n        self.region = region\n        self.add_ec2_classic = add_ec2_classic\n        self.partition = facade.partition\n        self.service = 'vpc'\n        self.resource_type = 'virtual-private-cloud'\n\n    async def fetch_all(self):\n        raw_vpcs = await self.facade.ec2.get_vpcs(self.region)\n\n        for raw_vpc in raw_vpcs:\n            vpc_id, vpc = self._parse_vpc(raw_vpc)\n            self[vpc_id] = vpc\n\n        await self._fetch_children_of_all_resources(\n            resources=self,\n            scopes={vpc_id: {'region': self.region, 'vpc': vpc_id}\n                    for vpc_id in self}\n        )\n\n    def _parse_vpc(self, raw_vpc):\n        vpc = {}\n        vpc['id'] = raw_vpc['VpcId']\n        vpc['cidr_block'] = raw_vpc['CidrBlock']\n        vpc['default'] = raw_vpc['IsDefault']\n        vpc['state'] = raw_vpc['State']\n        vpc['arn'] = format_arn(self.partition, self.service, self.region, raw_vpc.get('OwnerId'), raw_vpc.get('VpcId'), self.resource_type)\n        \n        # Pull the name from tags\n        name_tag = next((d for i, d in enumerate(raw_vpc.get('Tags', [])) if d.get('Key') == 'Name'), None)\n        if name_tag:\n            vpc['name'] = name_tag.get('Value')\n        else:\n            vpc['name'] = raw_vpc['VpcId']\n\n        return vpc['id'], vpc\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/conditions/cidr-is-all.json",
    "content": "{\n    \"conditions\": [ \"or\",\n        [ \"this\", \"equal\", \"0.0.0.0/0\" ],\n        [ \"this\", \"equal\", \"::/0\" ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/conditions/ec2-security-group-in-use.json",
    "content": "{\n    \"conditions\": [ \"ec2.regions.id.vpcs.id.security_groups.id.\", \"withKey\", \"used_by\" ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/conditions/ec2-security-group-not-used.json",
    "content": "{\n    \"conditions\": [ \"ec2.regions.id.vpcs.id.security_groups.id.\", \"withoutKey\", \"used_by\" ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/conditions/instance-with-open-nacls.json",
    "content": "{\n    \"conditions\": [\n        \"and\",\n        [\n            \"ec2.regions.id.vpcs.id.instances.id.network_interfaces.id\",\n            \"withKey\",\n            \"SubnetId\"\n        ],\n        [\n            \"vpc.regions.id.vpcs.id.network_acls._GET_VALUE_AT_(vpc.regions.id.vpcs.id.subnets._GET_VALUE_AT_(ec2.regions.id.vpcs.id.instances.id.network_interfaces.id.SubnetId).network_acl).allow_all_ingress_traffic\",\n            \"notEqual\",\n            \"0\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/conditions/instance-with-public-ip.json",
    "content": "{\n    \"conditions\": [ \"and\",\n        [ \"ec2.regions.id.vpcs.id.instances.id.network_interfaces.id.\", \"withKey\", \"Association\" ],\n        [ \"ec2.regions.id.vpcs.id.instances.id.network_interfaces.id.Association\", \"notNull\", \"\" ],\n        [ \"ec2.regions.id.vpcs.id.instances.id.network_interfaces.id.Association.PublicIp\", \"notNull\", \"\" ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/conditions/ip-not-in-private-space.json",
    "content": "{\n    \"conditions\": [ \"this\", \"notInSubnets\", [ \"10.0.0.0/8\", \"172.16.0.0/12\", \"192.168.0.0/16\" ] ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/conditions/policy-statement-any-principal.json",
    "content": "{\n    \"conditions\": [ \"or\",\n        [ \"_STATEMENT_.Principal\", \"containAtLeastOneOf\", \"*\" ],\n        [ \"and\",\n            [ \"_STATEMENT_.Principal\", \"withKeyCaseInsensitive\", \"AWS\" ],\n            [ \"_STATEMENT_.Principal.AWS\", \"containAtLeastOneOf\", \"*\" ]\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/conditions/policy-statement-any-resource.json",
    "content": "{\n    \"conditions\": [\n        \"and\",\n        [\n            \"_STATEMENT_.\",\n            \"withKey\",\n            \"Resource\"\n        ],\n        [\n            \"or\",\n            [\n                \"_STATEMENT_.Resource\",\n                \"containAtLeastOneOf\",\n                \"*\"\n            ],\n            [\n                \"_STATEMENT_.Resource\",\n                \"containAtLeastOneMatching\",\n                \".*\\/[*]$\"\n            ]\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json",
    "content": "{\n  \"conditions\": [ \"or\",\n    [ \"_STATEMENT_.\", \"withoutKey\", \"Condition\" ],\n    [ \"and\",\n      [ \"and\",\n        [ \"_STATEMENT_.Condition.\", \"withoutKey\", \"ArnEquals\" ],\n        [ \"_STATEMENT_.Condition.\", \"withoutKey\", \"ForAnyValue:ArnEquals\" ]\n      ],\n      [ \"and\",\n        [ \"_STATEMENT_.Condition.\", \"withoutKey\", \"ArnLike\" ],\n        [ \"_STATEMENT_.Condition.\", \"withoutKey\", \"ForAnyValue:ArnLike\" ]\n      ],\n      [ \"or\",\n        [ \"_STATEMENT_.Condition.\", \"withoutKey\", \"StringEquals\" ],\n        [ \"and\",\n          [ \"_STATEMENT_.Condition.StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:CalledVia\" ],\n          [ \"_STATEMENT_.Condition.StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:CalledViaFirst\" ],\n          [ \"_STATEMENT_.Condition.StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:CalledViaLast\" ],\n          [ \"_STATEMENT_.Condition.StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalAccount\" ],\n          [ \"_STATEMENT_.Condition.StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalArn\" ],\n          [ \"_STATEMENT_.Condition.StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalOrgPaths\" ],\n          [ \"_STATEMENT_.Condition.StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalOrgID\" ],\n          [ \"_STATEMENT_.Condition.StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalServiceName\" ],\n          [ \"_STATEMENT_.Condition.StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalServiceNamesList\" ],\n          [ \"_STATEMENT_.Condition.StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:ResourceTag\" ],\n          [ \"_STATEMENT_.Condition.StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:SourceAccount\" ],\n          [ \"_STATEMENT_.Condition.StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:SourceArn\" ],\n          [ \"_STATEMENT_.Condition.StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:SourceIdentity\" ],\n          [ \"_STATEMENT_.Condition.StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:SourceOwner\" ],\n          [ \"_STATEMENT_.Condition.StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:ViaAWSService\" ],\n          [ \"_STATEMENT_.Condition.StringEquals.\", \"withoutKeyCaseInsensitive\", \"iam:PassedToService\" ],\n          [ \"_STATEMENT_.Condition.StringEquals.\", \"withoutKeyCaseInsensitive\", \"kms:CallerAccount\" ],\n          [ \"_STATEMENT_.Condition.StringEquals.\", \"withoutKeyCaseInsensitive\", \"kms:ViaService\" ]\n        ]\n      ],\n      [ \"or\",\n        [ \"_STATEMENT_.Condition.\", \"withoutKey\", \"StringEqualsIgnoreCase\" ],\n        [ \"and\",\n          [ \"_STATEMENT_.Condition.StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:CalledVia\" ],\n          [ \"_STATEMENT_.Condition.StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:CalledViaFirst\" ],\n          [ \"_STATEMENT_.Condition.StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:CalledViaLast\" ],\n          [ \"_STATEMENT_.Condition.StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalAccount\" ],\n          [ \"_STATEMENT_.Condition.StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalArn\" ],\n          [ \"_STATEMENT_.Condition.StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalOrgPaths\" ],\n          [ \"_STATEMENT_.Condition.StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalOrgID\" ],\n          [ \"_STATEMENT_.Condition.StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalServiceName\" ],\n          [ \"_STATEMENT_.Condition.StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalServiceNamesList\" ],\n          [ \"_STATEMENT_.Condition.StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:ResourceTag\" ],\n          [ \"_STATEMENT_.Condition.StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:SourceAccount\" ],\n          [ \"_STATEMENT_.Condition.StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:SourceArn\" ],\n          [ \"_STATEMENT_.Condition.StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:SourceIdentity\" ],\n          [ \"_STATEMENT_.Condition.StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:SourceOwner\" ],\n          [ \"_STATEMENT_.Condition.StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:ViaAWSService\" ],\n          [ \"_STATEMENT_.Condition.StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"iam:PassedToService\" ],\n          [ \"_STATEMENT_.Condition.StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"kms:CallerAccount\" ],\n          [ \"_STATEMENT_.Condition.StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"kms:ViaService\" ]\n        ]\n      ],\n      [ \"or\",\n        [ \"_STATEMENT_.Condition.\", \"withoutKey\", \"StringLike\" ],\n        [ \"and\",\n          [ \"_STATEMENT_.Condition.StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:CalledVia\" ],\n          [ \"_STATEMENT_.Condition.StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:CalledViaFirst\" ],\n          [ \"_STATEMENT_.Condition.StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:CalledViaLast\" ],\n          [ \"_STATEMENT_.Condition.StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalAccount\" ],\n          [ \"_STATEMENT_.Condition.StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalArn\" ],\n          [ \"_STATEMENT_.Condition.StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalOrgPaths\" ],\n          [ \"_STATEMENT_.Condition.StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalOrgID\" ],\n          [ \"_STATEMENT_.Condition.StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalServiceName\" ],\n          [ \"_STATEMENT_.Condition.StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalServiceNamesList\" ],\n          [ \"_STATEMENT_.Condition.StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:ResourceTag\" ],\n          [ \"_STATEMENT_.Condition.StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:SourceAccount\" ],\n          [ \"_STATEMENT_.Condition.StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:SourceArn\" ],\n          [ \"_STATEMENT_.Condition.StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:SourceIdentity\" ],\n          [ \"_STATEMENT_.Condition.StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:SourceOwner\" ],\n          [ \"_STATEMENT_.Condition.StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:ViaAWSService\" ],\n          [ \"_STATEMENT_.Condition.StringLike.\", \"withoutKeyCaseInsensitive\", \"iam:PassedToService\" ],\n          [ \"_STATEMENT_.Condition.StringLike.\", \"withoutKeyCaseInsensitive\", \"kms:CallerAccount\" ],\n          [ \"_STATEMENT_.Condition.StringLike.\", \"withoutKeyCaseInsensitive\", \"kms:ViaService\" ]\n        ]\n      ],\n      [ \"or\",\n        [ \"_STATEMENT_.Condition.\", \"withoutKey\", \"ForAnyValue:StringEquals\" ],\n        [ \"and\",\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:CalledVia\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:CalledViaFirst\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:CalledViaLast\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalAccount\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalArn\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalOrgPaths\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalOrgID\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalServiceName\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalServiceNamesList\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:ResourceTag\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:SourceAccount\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:SourceArn\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:SourceIdentity\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:SourceOwner\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEquals.\", \"withoutKeyCaseInsensitive\", \"aws:ViaAWSService\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEquals.\", \"withoutKeyCaseInsensitive\", \"iam:PassedToService\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEquals.\", \"withoutKeyCaseInsensitive\", \"kms:CallerAccount\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEquals.\", \"withoutKeyCaseInsensitive\", \"kms:ViaService\" ]\n        ]\n      ],\n      [ \"or\",\n        [ \"_STATEMENT_.Condition.\", \"withoutKey\", \"ForAnyValue:StringEqualsIgnoreCase\" ],\n        [ \"and\",\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:CalledVia\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:CalledViaFirst\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:CalledViaLast\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalAccount\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalArn\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalOrgPaths\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalOrgID\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalServiceName\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalServiceNamesList\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:ResourceTag\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:SourceAccount\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:SourceArn\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:SourceIdentity\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:SourceOwner\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"aws:ViaAWSService\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"iam:PassedToService\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"kms:CallerAccount\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.\", \"withoutKeyCaseInsensitive\", \"kms:ViaService\" ]\n        ]\n      ],\n      [ \"or\",\n        [ \"_STATEMENT_.Condition.\", \"withoutKey\", \"ForAnyValue:StringLike\" ],\n        [ \"and\",\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:CalledVia\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:CalledViaFirst\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:CalledViaLast\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalAccount\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalArn\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalOrgPaths\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalOrgID\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalServiceName\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:PrincipalServiceNamesList\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:ResourceTag\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:SourceAccount\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:SourceArn\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:SourceIdentity\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:SourceOwner\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringLike.\", \"withoutKeyCaseInsensitive\", \"aws:ViaAWSService\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringLike.\", \"withoutKeyCaseInsensitive\", \"iam:PassedToService\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringLike.\", \"withoutKeyCaseInsensitive\", \"kms:CallerAccount\" ],\n          [ \"_STATEMENT_.Condition.ForAnyValue:StringLike.\", \"withoutKeyCaseInsensitive\", \"kms:ViaService\" ]\n\n        ]\n      ]\n    ]\n  ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/conditions/security-group-opens-all-ports.json",
    "content": "{\n    \"conditions\": [ \"and\",\n        [ \"or\",\n            [ \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id\", \"equal\", \"0-65535\" ],\n            [ \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id\", \"equal\", \"1-65535\" ],\n            [ \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id\", \"equal\", \"ALL\" ]\n        ],\n        [ \"ec2.regions.id.vpcs.id.security_groups.id.rules.id\", \"equal\", \"ingress\"] \n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/filters/ec2-instance-with-open-nacls.json",
    "content": "{\n    \"description\": \"Public instance with open NACLs\",\n    \"rationale\": \"\",\n    \"path\": \"ec2.regions.id.vpcs.id.instances.id.network_interfaces.id\",\n    \"dashboard_name\": \"ENIs\",\n    \"display_path\": \"ec2.regions.id.vpcs.id.instances.id\",\n    \"conditions\": [ \"and\",\n        [ \"_INCLUDE_(conditions/instance-with-public-ip.json)\", \"\", \"\" ],\n        [ \"_INCLUDE_(conditions/instance-with-open-nacls.json)\", \"\", \"\" ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/filters/ec2-security-group-with-public-cidr-grant.json",
    "content": "{\n    \"description\": \"Security group whitelists public CIDRs\",\n    \"path\": \"ec2.regions.id.vpcs.id.security_groups.id.rules.ingress.protocols.id.ports.id.cidrs.id.CIDR\",\n    \"display_path\": \"ec2.regions.id.vpcs.id.security_groups.id\",\n    \"dashboard_name\": \"Rules\",\n    \"conditions\": [ \"and\",\n        [ \"this\", \"notInSubnets\", [ \"10.0.0.0/8\", \"172.16.0.0/16\", \"192.168.0.0/24\" ] ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/filters/iam-role-for-aws-account.json",
    "content": "{\n    \"description\": \"Role for _ARG_0_ account\",\n    \"key\": \"iam-role-for-_ARG_0_-account\",\n    \"path\": \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id\",\n    \"display_path\": \"iam.roles.id\",\n    \"dashboard_name\": \"Roles\",\n    \"conditions\": [ \"and\",\n        [ \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Effect\", \"equal\", \"Allow\" ],\n        [ \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.\", \"containAction\", \"sts:AssumeRole\" ],\n        [ \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Principal\", \"withKey\", \"AWS\" ],\n        [ \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Principal.AWS\", \"_ARG_1_\", \"_ACCOUNT_ID_\" ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/filters/iam-role-for-service.json",
    "content": "{\n    \"description\": \"Role for _ARG_0_\",\n    \"key\": \"iam-role-for-_ARG_0_\",\n    \"path\": \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id\",\n    \"display_path\": \"iam.roles.id\",\n    \"dashboard_name\": \"Roles\",\n    \"conditions\": [ \"and\",\n        [ \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Effect\", \"equal\", \"Allow\" ],\n        [ \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.\", \"containAction\", \"sts:AssumeRole\" ],\n        [ \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Principal\", \"withKey\", \"Service\" ],\n        [ \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Principal.Service\", \"equal\", \"_ARG_1_\" ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/filters/s3-bucket-website-enabled.json",
    "content": "{\n    \"dashboard_name\": \"Buckets\",\n    \"description\": \"Bucket with static website enabled\",\n    \"path\": \"s3.buckets.id\",\n    \"display_path\": \"s3.buckets.id\",\n    \"conditions\": [ \"and\",\n        [ \"s3.buckets.id\", \"withKey\", \"web_hosting_enabled\" ],\n        [ \"s3.buckets.id.web_hosting_enabled\", \"true\", \"\" ]\n    ],\n    \"id_suffix\": \"web_hosting_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/acm-certificate-with-close-expiration-date.json",
    "content": "{\n    \"description\": \"ACM Certificate Expiring in Less Than _ARG_0_ Days\",\n    \"rationale\": \"Ensure that certificates which are in use are not about to expire.\",\n    \"dashboard_name\": \"Certificates\",\n    \"path\": \"acm.regions.id.certificates.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"acm.regions.id.certificates.id\",\n            \"withKey\",\n            \"NotAfter\"\n        ],\n        [\n            \"acm.regions.id.certificates.id.NotAfter\",\n            \"newerThan\",\n            [\n                \"_ARG_0_\",\n                \"days\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"NotAfter\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/acm-certificate-with-transparency-logging-disabled.json",
    "content": "{\n    \"description\": \"ACM Certificate with Transparency Logging Set to Disabled\",\n    \"rationale\": \"Disabling Transparency Logging may result in browsers not trusting your certificate. As of April 30 2018, Google Chrome no longer trusts public SSL/TLS certificates that are not recorded in a certificate transparency log. Transparency Logging should be enabled as a best practice.\",\n    \"references\": [\n        \"https://aws.amazon.com/blogs/security/how-to-get-ready-for-certificate-transparency/\"\n    ],\n    \"dashboard_name\": \"Certificates\",\n    \"path\": \"acm.regions.id.certificates.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"acm.regions.id.certificates.id.Options.CertificateTransparencyLoggingPreference\",\n            \"equal\",\n            \"DISABLED\"\n        ]\n    ],\n    \"id_suffix\": \"CertificateTransparencyLoggingPreference\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/cloudformation-stack-with-role.json",
    "content": "{\n    \"description\": \"Role Passed to Stack\",\n    \"rationale\": \"Passing a role to CloudFormation stacks may result in privilege escalation because IAM users with privileges within the CloudFormation scope implicitly inherit the stack's role's permissions. Consequently, it should be ensured that the IAM privileges assigned to the stack's role follow the principle of least privilege.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html\"\n    ],\n    \"dashboard_name\": \"Stacks\",\n    \"path\": \"cloudformation.regions.id.stacks.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"this\",\n            \"withKey\",\n            \"iam_role\"\n        ],\n        [\n            \"this.iam_role.id\",\n            \"notEmpty\",\n            \"\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-cleartext-origin.json",
    "content": "{\n    \"description\": \"Content Distribution with Clear-Text Origin TLS Policy\",\n    \"rationale\": \"Distributing content between AWS CloudFront distributions and their custom origins over clear-text HTTP, without using AWS encryption solutions, can potentially expose sensitive data.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customoriginconfig.html\"\n    ],\n    \"dashboard_name\": \"Distributions\",\n    \"path\": \"cloudfront.distributions.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cloudfront.distributions.id.origins\",\n            \"containString\",\n            \"http-only\"\n        ],\n        [\n            \"cloudfront.distributions.id.origins\",\n            \"containString\",\n            \"match-viewer\"\n        ]\n    ],\n    \"class_suffix\": \"config_policy\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json",
    "content": "{\n    \"description\": \"Content Distribution with Insecure Origin TLS Policy\",\n    \"rationale\": \"Distributing content between AWS CloudFront distributions and their custom origins over HTTPS using older SSL/TLS protocols can potentially expose sensitive data.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customoriginconfig.html\"\n    ],\n    \"dashboard_name\": \"Distributions\",\n    \"path\": \"cloudfront.distributions.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudfront.distributions.id.viewer_certificate.MinimumProtocolVersion.\",\n            \"containNoneOf\",\n            [\n                \"TLSv1.1\",\n                \"TLSv1.1_2016\",\n                \"TLSv1.2_2018\",\n                \"TLSv1.2_2019\",\n                \"TLSv1.2_2021\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"minimum_ssl_version\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insufficient-viewer-security.json",
    "content": "{\n    \"description\": \"Content Distribution with Insufficient Viewer Security Policy\",\n    \"rationale\": \"Distributing content between AWS CloudFront distributions and their custom origins without the use of a valid certificate, can potentially expose sensitive data.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-viewercertificate.html\"\n    ],\n    \"dashboard_name\": \"Distributions\",\n    \"path\": \"cloudfront.distributions.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"withoutKey\",\n            \"viewer_certificate\"\n        ]\n    ],\n    \"id_suffix\": \"viewer_certificate\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/cloudtrail-duplicated-global-services-logging.json",
    "content": "{\n    \"description\": \"Global Service Logging Duplicated\",\n    \"rationale\": \"Global service logging is enabled in multiple Trails. While this does not jeopardize the security of the environment, duplicated entries in logs increase the difficulty to investigate potential incidents.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-global-service-events\"\n    ],\n    \"dashboard_name\": \"Configurations\",\n    \"path\": \"cloudtrail.regions.id.trails.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudtrail.DuplicatedGlobalServiceEvents\",\n            \"true\",\n            \"\"\n        ],\n        [\n            \"this\",\n            \"withKey\",\n            \"IncludeGlobalServiceEvents\"\n        ],\n        [\n            \"IncludeGlobalServiceEvents\",\n            \"true\",\n            \"\"\n        ],\n        [\n            \"IsLogging\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"IncludeGlobalServiceEvents\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json",
    "content": "{\n    \"description\": \"Trail Is Not Integrated with CloudWatch\",\n    \"rationale\": \"The lack of integration with CloudWatch hinders real-time and historic activity logging as well as not allowing the configuration of alarms and notifications for anomalous account activity.\",\n    \"remediation\": \"Configure each Trail to have a CloudWatch Logs group attached\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"2.4\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.4\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"2.4\"\n        }\n    ],\n    \"dashboard_name\": \"Configurations\",\n    \"display_path\": \"cloudtrail.regions.id.trails.id\",\n    \"path\": \"cloudtrail.regions.id.trails.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudtrail.regions.id.trails.id.\",\n            \"withKey\",\n            \"LatestCloudWatchLogsDeliveryTime\"\n        ],\n        [\n            \"or\",\n            [\n                \"cloudtrail.regions.id.trails.id.LatestCloudWatchLogsDeliveryTime\",\n                \"null\",\n                \"\"\n            ],\n            [\n                \"cloudtrail.regions.id.trails.id.LatestCloudWatchLogsDeliveryTime\",\n                \"olderThan\",\n                [\n                    \"1\",\n                    \"days\"\n                ]\n            ]\n        ]\n    ],\n    \"id_suffix\": \"TrailCloudwatchNoIntegration\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/cloudtrail-no-data-logging.json",
    "content": "{\n    \"description\": \"Data Events Logging Not Configured\",\n    \"rationale\": \"CloudTrail Data Logging is not configured, which means that S3 access and Lambda invocations are not logged. <br><br>Note: S3 bucket logging can be used in place of CloudTrail data events for S3. If that is the case, logs for Lambda invocations may still be missing.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html\"\n    ],\n    \"dashboard_name\": \"Configurations\",\n    \"display_path\": \"cloudtrail.regions.id.trails.id\",\n    \"path\": \"cloudtrail.regions.id.trails.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"this\",\n            \"withKey\",\n            \"DataEventsEnabled\"\n        ],\n        [\n            \"DataEventsEnabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"cloudtrail-data-events-disabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json",
    "content": "{\n    \"description\": \"CloudTrail Logs Not Encrypted with KMS Customer Master Keys (CMKs)\",\n    \"rationale\": \"Not encrypting CloudTrail logs with SSE-KMS affects the confidentiality of the log data.\",\n    \"remediation\": \"Ensure each Trail is encrypted with a KMS key\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"2.7\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.7\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"2.7\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html\"\n    ],\n    \"dashboard_name\": \"Configurations\",\n    \"display_path\": \"cloudtrail.regions.id.trails.id\",\n    \"path\": \"cloudtrail.regions.id.trails.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudtrail.regions.id.trails.id.\",\n            \"withoutKey\",\n            \"scout_link\"\n        ],\n        [\n            \"or\",\n            [\n                \"cloudtrail.regions.id.trails.id.\",\n                \"withoutKey\",\n                \"KmsKeyId\"\n            ],\n            [\n                \"and\",\n                [\n                    \"cloudtrail.regions.id.trails.id.\",\n                    \"withKey\",\n                    \"KmsKeyId\"\n                ],\n                [\n                    \"cloudtrail.regions.id.trails.id.KmsKeyId\",\n                    \"null\",\n                    \"\"\n                ]\n            ]\n        ]\n    ],\n    \"id_suffix\": \"cloudtrail-kms-key-unused\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/cloudtrail-no-global-services-logging.json",
    "content": "{\n    \"description\": \"Global Service Logging Disabled\",\n    \"rationale\": \"API activity for global services such as IAM and STS is not logged. Investigation of incidents will be incomplete due to the lack of information.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-global-service-events\"\n    ],\n    \"dashboard_name\": \"Configurations\",\n    \"path\": \"cloudtrail.regions.id.trails.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudtrail.IncludeGlobalServiceEvents\",\n            \"false\",\n            \"\"\n        ],\n        [\n            \"this\",\n            \"withKey\",\n            \"IncludeGlobalServiceEvents\"\n        ]\n    ],\n    \"id_suffix\": \"IncludeGlobalServiceEvents\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json",
    "content": "{\n    \"description\": \"Log File Validation Is Disabled\",\n    \"rationale\": \"The lack of log file validation prevents from verifying the integrity of CloudTrail log files.\",\n    \"remediation\": \"Ensure that each Trail has Enable log file validation set to Yes\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"2.2\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.2\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"2.2\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html\"\n    ],\n    \"dashboard_name\": \"Configurations\",\n    \"display_path\": \"cloudtrail.regions.id.trails.id\",\n    \"path\": \"cloudtrail.regions.id.trails.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudtrail.regions.id.trails.id.\",\n            \"withKey\",\n            \"LogFileValidationEnabled\"\n        ],\n        [\n            \"cloudtrail.regions.id.trails.id.LogFileValidationEnabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"LogFileValidationDisabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json",
    "content": "{\n    \"description\": \"Disabled Trails\",\n    \"rationale\": \"Logging is disabled for a given Trail. Depending on the configuration, logs for important API activity may be missing.\",\n    \"remediation\": \"Configure all Trails to enable Logging, set Apply trail to all regions and ensure that Read/Write Events are set to ALL\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"2.1\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.1\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"2.1\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/best-practices-security.html\"\n    ],\n    \"dashboard_name\": \"Configurations\",\n    \"path\": \"cloudtrail.regions.id.trails.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudtrail.regions.id.trails.id.\",\n            \"withKey\",\n            \"IsLogging\"\n        ],\n        [\n            \"cloudtrail.regions.id.trails.id.IsLogging\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"class_suffix\": \"IsLogging\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/cloudtrail-not-configured.json",
    "content": "{\n    \"description\": \"CloudTrail Service Not Configured\",\n    \"rationale\": \"CloudTrail is not configured, which means that API activity is not logged.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/best-practices-security.html\"\n    ],\n    \"dashboard_name\": \"Regions\",\n    \"path\": \"cloudtrail.regions.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"trails_count\",\n            \"equal\",\n            \"0\"\n        ]\n    ],\n    \"id_suffix\": \"NotConfigured\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/cloudtrail-partial-data-logging.json",
    "content": "{\n    \"description\": \"Data Logging Configuration Not Covering All Resources\",\n    \"rationale\": \"CloudTrail Data Logging is not configured to cover all S3 or Lambda resources, which means that all S3 access and Lambda invocations are not logged. <br><br>Note: S3 bucket logging can be used in place of CloudTrail data events for S3. If that is the case, logs for Lambda invocations may still be missing.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html\"\n    ],\n    \"dashboard_name\": \"Configurations\",\n    \"display_path\": \"cloudtrail.regions.id.trails.id\",\n    \"path\": \"cloudtrail.regions.id.trails.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"this\",\n            \"withKey\",\n            \"wildcard_data_logging\"\n        ],\n        [\n            \"wildcard_data_logging\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"cloudtrail-data-events-disabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/cloudwatch-alarm-without-actions.json",
    "content": "{\n    \"description\": \"Alarm without Action\",\n    \"rationale\": \"Each alarm should have at least one action\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html\"\n    ],\n    \"dashboard_name\": \"Alarms\",\n    \"path\": \"cloudwatch.regions.id.alarms.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudwatch.regions.id.alarms.id.AlarmActions\",\n            \"empty\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"NoActions\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/config-recorder-not-configured.json",
    "content": "{\n    \"description\": \"AWS Config Not Enabled\",\n    \"rationale\": \"No AWS Config recorders are configured, which means that changes in AWS resource configuration are not logged. This hinders security analysis, resource change tracking and compliance auditing.\",\n    \"remediation\": \"Enable AWS Config in all regions, define the resources you want to record in each region and include global resources (IAM resources)\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"2.5\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.5\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"2.5\"\n        }\n    ],\n    \"references\": [\n        \"https://aws.amazon.com/blogs/mt/aws-config-best-practices/\"\n    ],\n    \"dashboard_name\": \"Regions\",\n    \"path\": \"config.regions.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"recorders_count\",\n            \"equal\",\n            \"0\"\n        ]\n    ],\n    \"id_suffix\": \"NotConfigured\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-ami-public.json",
    "content": "{\n    \"description\": \"Publicly Accessible AMI\",\n    \"rationale\": \"AMIs should never intentionally be made public. If they need to be shared this can be done with specific AWS accounts.\",\n    \"references\": [\n        \"https://aws.amazon.com/security/security-bulletins/reminder-about-safely-sharing-and-using-public-amis/\"\n    ],\n    \"dashboard_name\": \"Images\",\n    \"path\": \"ec2.regions.id.images.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"Public\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"image_is_public\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json",
    "content": "{\n    \"description\": \"Default Security Groups in Use\",\n    \"rationale\": \"The use of default security groups can indicate a lack of intentional enforcement of the principle of least privilege. Use custom security groups to ensure you are properly minimizing privilege and access.\",\n    \"remediation\": \"Ensure resources are not within default security groups. Instead, create a custom security group tailored to each resource needs.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.4\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"4.4\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.3\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-4.3\"\n    ],\n    \"dashboard_name\": \"Security groups\",\n    \"path\": \"ec2.regions.id.vpcs.id.security_groups.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.name\",\n            \"equal\",\n            \"default\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.\",\n            \"withKey\",\n            \"used_by\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.is_default_configuration\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"default_in_use\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json",
    "content": "{\n    \"description\": \"Non-empty Rulesets for Default Security Groups\",\n    \"rationale\": \"The default security group created in each VPC comes with rules allowing all inbound traffic from instances assigned to the same security group, as well as all outbound traffic. In order to improve system hardening, you should remove all rules from the default security groups so that they restricts all traffic. Should an instance be created without custom security groups, it will inherit the default security group and be unable to communicate with other instances within the VPC until the required custom security groups are assigned.\",\n    \"remediation\": \"Ensure the default security group of every VPC restricts all traffic\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.4\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"4.4\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.3\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-4.3\"\n    ],\n    \"dashboard_name\": \"Rulesets\",\n    \"display_path\": \"ec2.regions.id.vpcs.id.security_groups.id\",\n    \"path\": \"ec2.regions.id.vpcs.id.security_groups.id.rules.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.name\",\n            \"equal\",\n            \"default\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols\",\n            \"notEmpty\",\n            \"\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.is_default_configuration\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"default_with_rules\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-ebs-default-encryption-disabled.json",
    "content": "{\n    \"description\": \"EBS Encryption By Default Is Disabled\",\n    \"rationale\": \"Enabling EBS encryption by default ensures that all EBS Volumes created in the region are encrypted even if the operator neglects to opt into encryption when creating a Volume.\",\n    \"remediation\": \"Enable encryption by default for EBS volumes in all regions.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default\"\n    ],\n    \"dashboard_name\": \"Regions\",\n    \"path\": \"ec2.regions.id.regional_settings.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"ebs_encryption_default\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"NoDefaultEBSEncryption\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-not-encrypted.json",
    "content": "{\n    \"description\": \"EBS Snapshot Not Encrypted\",\n    \"rationale\": \"Data-at-rest should be encrypted.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html\"\n    ],\n    \"dashboard_name\": \"Snapshots\",\n    \"path\": \"ec2.regions.id.snapshots.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"encrypted\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"encrypted\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-public.json",
    "content": "{\n    \"description\": \"Public EBS Snapshot\",\n    \"rationale\": \"Snapshots should never be public, as this risks exposing sensitive data.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html\"\n    ],\n    \"dashboard_name\": \"Snapshots\",\n    \"path\": \"ec2.regions.id.snapshots.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"public\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"public\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-ebs-volume-not-encrypted.json",
    "content": "{\n    \"description\": \"EBS Volume Not Encrypted\",\n    \"rationale\": \"Enabling encryption of EBS volumes ensures that data is encrypted both at-rest and in-transit (between an instance and its attached EBS storage).\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html\"\n    ],\n    \"dashboard_name\": \"Volumes\",\n    \"path\": \"ec2.regions.id.volumes.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"Encrypted\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"encrypted\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-instance-in-security-group.json",
    "content": "{\n    \"description\": \"EC2 Instance Belongs to Specific Security Group\",\n    \"rationale\": \"This configuration goes against organizational policies.\",\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"ec2.regions.id.vpcs.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"ec2.regions.id.vpcs.id.instances.id.security_groups\",\n            \"match\",\n            \".*_ARG_0_.*\"\n        ]\n    ],\n    \"arg_names\": [\n        \"ID of the security group EC2 instances may not belong to.\"\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-instance-type.json",
    "content": "{\n    \"description\": \"Use of _ARG_0_ Instances\",\n    \"rationale\": \"Policies dictate EC2 instances of type _ARG_0_ should not be used in this environment\",\n    \"references\": [\n        \"https://aws.amazon.com/ec2/instance-types/\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"ec2.regions.id.vpcs.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"InstanceType\",\n            \"equal\",\n            \"_ARG_0_\"\n        ]\n    ],\n    \"key\": \"ec2-instance-type-_STRIPDOTS_(_ARG_0_)\",\n    \"arg_names\": [\n        \"Type of EC2 instance (e.g. t2.micro)\"\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-instance-types.json",
    "content": "{\n    \"description\": \"Use of _ARG_0_ Instances\",\n    \"rationale\": \"Policies dictate _ARG_0_ EC2 instances should not be used in this environment\",\n    \"references\": [\n        \"https://aws.amazon.com/ec2/instance-types/\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"ec2.regions.id.vpcs.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"InstanceType\",\n            \"containAtLeastOneOf\",\n            \"_ARG_1_\"\n        ]\n    ],\n    \"key\": \"ec2-instance-type-_STRIPDOTS_(_ARG_0_)\",\n    \"arg_names\": [\n        \"Display name of types of instances\",\n        \"Type of EC2 instances that may not be used.\"\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-instance-with-public-ip.json",
    "content": "{\n    \"description\": \"Instance with a Public IP Address\",\n    \"rationale\": \"It is good practice to maintain a list of known, publicly accessible instances and flag all other instances that meet this criteria.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html\"\n    ],\n    \"dashboard_name\": \"Network interfaces\",\n    \"display_path\": \"ec2.regions.id.vpcs.id.instances.id\",\n    \"path\": \"ec2.regions.id.vpcs.id.instances.id.network_interfaces.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"Association\",\n            \"notNull\",\n            \"\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.instances.id.network_interfaces.id.Association.PublicIp\",\n            \"notNull\",\n            \"\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-instance-with-user-data-secrets.json",
    "content": "{\n    \"description\": \"Potential Secret in Instance User Data\",\n    \"rationale\": \"It was detected that the EC2 instance was configured with user data, which could potentially include secrets. Although user data can only be accessed from within the instance itself, the data is not protected by cryptographic methods. Anyone who can access the instance can view its metadata. It should therefore be ensured that sensitive data, such as passwords and SSH keys, are not stored as user data.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"ec2.regions.id.vpcs.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"ec2.regions.id.vpcs.id.instances.id.user_data_secrets\",\n            \"notEmpty\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"potential_secrets\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-all-ports-to-all.json",
    "content": "{\n    \"description\": \"Security Group Opens All Ports to All\",\n    \"rationale\": \"It was detected that all ports in the security group are open, and any source IP address could send traffic to these ports, which creates a wider attack surface for resources assigned to it. Open ports should be reduced to the minimum needed to correctly operate and, when possible, source address restrictions should be implemented.\",\n    \"dashboard_name\": \"Rules\",\n    \"display_path\": \"ec2.regions.id.vpcs.id.security_groups.id\",\n    \"path\": \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id.cidrs.id.CIDR\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"_INCLUDE_(conditions/cidr-is-all.json)\",\n            \"\",\n            \"\"\n        ],\n        [\n            \"_INCLUDE_(conditions/security-group-opens-all-ports.json)\",\n            \"\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-all-ports-to-self.json",
    "content": "{\n    \"description\": \"Unrestricted Network Traffic within Security Group\",\n    \"rationale\": \"This configuration goes against organizational policies.\",\n    \"dashboard_name\": \"Rules\",\n    \"display_path\": \"ec2.regions.id.vpcs.id.security_groups.id\",\n    \"path\": \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id.security_groups.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"_INCLUDE_(conditions/security-group-opens-all-ports.json)\",\n            \"\",\n            \"\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id.security_groups.id.GroupId\",\n            \"equal\",\n            \"_GET_VALUE_AT_(ec2.regions.id.vpcs.id.security_groups.id)\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-all-ports.json",
    "content": "{\n    \"description\": \"Security Group Opens All Ports\",\n    \"rationale\": \"It was detected that all ports in the security group are open, which creates a wider attack surface for resources assigned to it. Open ports should be reduced to the minimum needed to correctly operate.\",\n    \"dashboard_name\": \"Rules\",\n    \"display_path\": \"ec2.regions.id.vpcs.id.security_groups.id\",\n    \"path\": \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"_INCLUDE_(conditions/security-group-opens-all-ports.json)\",\n            \"\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-icmp-to-all.json",
    "content": "{\n    \"description\": \"Security Group Allows ICMP Traffic to All\",\n    \"rationale\": \"ICMP traffic was allowed to the resources assigned to this security group without restriction of the source address. This could potentially be leveraged by an attacker trying to perform an attack or gather information about the deployed infrastructure.\",\n    \"dashboard_name\": \"Rules\",\n    \"display_path\": \"ec2.regions.id.vpcs.id.security_groups.id\",\n    \"path\": \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id.cidrs.id.CIDR\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"_INCLUDE_(conditions/cidr-is-all.json)\",\n            \"\",\n            \"\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.rules.id\",\n            \"equal\",\n            \"ingress\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id\",\n            \"equal\",\n            \"ICMP\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-known-port-to-all.json",
    "content": "{\n    \"description\": \"Security Group Opens _ARG_0_ Port to All\",\n    \"rationale\": \"The security group was found to be exposing a well-known port to all source addresses. Well-known ports are commonly probed by automated scanning tools, and could be an indicator of sensitive services exposed to Internet. If such services need to be exposed, a restriction on the source address could help to reduce the attack surface of the infrastructure.\",\n    \"remediation\": \"Remove the inbound rules that expose open ports\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.1\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.2\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"4.1\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"4.2\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.1\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.2\"\n        }\n    ],\n    \"dashboard_name\": \"Rules\",\n    \"display_path\": \"ec2.regions.id.vpcs.id.security_groups.id\",\n    \"path\": \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id.cidrs.id.CIDR\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"_INCLUDE_(conditions/cidr-is-all.json)\",\n            \"\",\n            \"\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.rules.id\",\n            \"equal\",\n            \"ingress\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id\",\n            \"equal\",\n            \"_ARG_1_\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id\",\n            \"equal\",\n            \"_ARG_2_\"\n        ]\n    ],\n    \"key\": \"ec2-security-group-opens-_ARG_0_-port-to-all\",\n    \"arg_names\": [\n        \"Network protocol name\",\n        \"Transport protocol name\",\n        \"Port number\"\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-plaintext-port.json",
    "content": "{\n    \"description\": \"Security Group Opens _ARG_0_ Port\",\n    \"rationale\": \"Ports associated with plaintext protocols have been found to be open in this security group. Plaintext protocols should be replaced with more secure alternatives, as the data in transit may be monitored and could, potentially, be subject to tampering.\",\n    \"dashboard_name\": \"Rules\",\n    \"display_path\": \"ec2.regions.id.vpcs.id.security_groups.id\",\n    \"path\": \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.rules.id\",\n            \"equal\",\n            \"ingress\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id\",\n            \"equal\",\n            \"_ARG_1_\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id\",\n            \"equal\",\n            \"_ARG_2_\"\n        ]\n    ],\n    \"key\": \"ec2-security-group-opens-plaintext-port-_ARG_0_\",\n    \"arg_names\": [\n        \"Network protocol name\",\n        \"Transport protocol name\",\n        \"Port number\"\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-range.json",
    "content": "{\n    \"description\": \"Security Group Uses Port Range\",\n    \"rationale\": \"It was found that the security group was using port ranges. Sometimes, ranges could include unintended ports that should not be exposed. As a result, when possible, explicit port lists should be used instead\",\n    \"dashboard_name\": \"Rules\",\n    \"display_path\": \"ec2.regions.id.vpcs.id.security_groups.id\",\n    \"path\": \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.rules.id\",\n            \"equal\",\n            \"ingress\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id\",\n            \"containAtLeastOneOf\",\n            [\n                \"ALL\",\n                \"UDP\",\n                \"TCP\"\n            ]\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id\",\n            \"match\",\n            \"[0-9]+-[0-9]+\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id\",\n            \"notEqual\",\n            \"0-65535\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id\",\n            \"notEqual\",\n            \"1-65535\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-to-all.json",
    "content": "{\n    \"description\": \"Security Group Opens _ARG_0_ Port to All\",\n    \"rationale\": \"The security group was found to be exposing a port to all source addresses. Ports are commonly probed by automated scanning tools, and could be an indicator of sensitive services exposed to Internet. If such services need to be exposed, a restriction on the source address could help to reduce the attack surface of the infrastructure.\",\n    \"dashboard_name\": \"Rules\",\n    \"display_path\": \"ec2.regions.id.vpcs.id.security_groups.id\",\n    \"path\": \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id.cidrs.id.CIDR\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"_INCLUDE_(conditions/cidr-is-all.json)\",\n            \"\",\n            \"\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.rules.id\",\n            \"equal\",\n            \"ingress\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id\",\n            \"equal\",\n            \"_ARG_0_\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id\",\n            \"containNoneOf\",\n            [\n                \"22\",\n                \"25\",\n                \"80\",\n                \"443\",\n                \"1433\",\n                \"1521\",\n                \"3306\",\n                \"3389\",\n                \"5432\",\n                \"27017\"\n            ]\n        ]\n    ],\n    \"key\": \"ec2-security-group-opens-_ARG_0_-port-to-all\",\n    \"arg_names\": [\n        \"Network transport protocol\"\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-aws-ip-from-banned-region.json",
    "content": "{\n    \"description\": \"Security Group Whitelists AWS IPs Outside the USA\",\n    \"rationale\": \"This configuration goes against organizational policies.\",\n    \"dashboard_name\": \"Rules\",\n    \"path\": \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id.cidrs.id.CIDR\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"this\",\n            \"inSubnets\",\n            \"_IP_RANGES_FROM_FILE_(aws/ip-ranges/aws.json, [])\"\n        ],\n        [\n            \"this\",\n            \"notInSubnets\",\n            \"_IP_RANGES_FROM_FILE_(aws/ip-ranges/aws-in-us.json, [])\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-aws.json",
    "content": "{\n    \"description\": \"Security Group Whitelists AWS CIDRs\",\n    \"rationale\": \"The AWS IP ranges contain addresses which can be assigned to EC2 instances in any AWS account, as well as services which can be used to interact with any AWS account. Consequently, allowing these ranges potentially exposes your AWS account to external interactions.\",\n    \"dashboard_name\": \"Rules\",\n    \"display_path\": \"ec2.regions.id.vpcs.id.security_groups.id\",\n    \"path\": \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id.cidrs.id.CIDR\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"this\",\n            \"inSubnets\",\n            \"_IP_RANGES_FROM_FILE_(aws/ip-ranges/aws.json, [])\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-non-elastic-ips.json",
    "content": "{\n    \"description\": \"Security Group Whitelists Non-Elastic IP Addresses\",\n    \"rationale\": \"This configuration goes against organizational policies.\",\n    \"dashboard_name\": \"Rules\",\n    \"path\": \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id.cidrs.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"this\",\n            \"inSubnets\",\n            \"_IP_RANGES_FROM_FILE_(ip-ranges-from-args, [])\"\n        ],\n        [\n            \"this\",\n            \"inSubnets\",\n            \"_IP_RANGES_FROM_FILE_(ip-ranges-from-args, [[\\\"is_elastic\\\", \\\"false\\\", \\\"\\\"]])\"\n        ]\n    ],\n    \"keys\": [\n        \"ec2.regions.id.vpcs.id.security_groups.id\",\n        \"this\"\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-unknown-aws.json",
    "content": "{\n    \"description\": \"Security Group Whitelists Unknown AWS CIDRs\",\n    \"rationale\": \"This configuration goes against organizational policies.\",\n    \"dashboard_name\": \"Rules\",\n    \"display_path\": \"ec2.regions.id.vpcs.id.security_groups.id\",\n    \"path\": \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id.cidrs.id.CIDR\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"this\",\n            \"inSubnets\",\n            \"_IP_RANGES_FROM_FILE_(aws/ip-ranges/aws.json, [])\"\n        ],\n        [\n            \"this\",\n            \"notInSubnets\",\n            \"_IP_RANGES_FROM_FILE_(ip-ranges-from-args, [])\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-security-group-whitelists-unknown-cidrs.json",
    "content": "{\n    \"description\": \"Security Group Whitelists Unknown CIDRs\",\n    \"rationale\": \"This configuration goes against organizational policies.\",\n    \"dashboard_name\": \"Rules\",\n    \"display_path\": \"ec2.regions.id.vpcs.id.security_groups.id\",\n    \"path\": \"ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id.cidrs.id.CIDR\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"this\",\n            \"notEqual\",\n            \"0.0.0.0/0\"\n        ],\n        [\n            \"this\",\n            \"notEqual\",\n            \"::/0\"\n        ],\n        [\n            \"this\",\n            \"notInSubnets\",\n            \"_IP_RANGES_FROM_FILE_(aws/ip-ranges/aws.json, [])\"\n        ],\n        [\n            \"this\",\n            \"notInSubnets\",\n            \"_IP_RANGES_FROM_FILE_(ip-ranges-from-args, [])\"\n        ],\n        [\n            \"_INCLUDE_(conditions/ip-not-in-private-space.json)\",\n            \"\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ec2-unused-security-group.json",
    "content": "{\n    \"description\": \"Unused Security Group\",\n    \"rationale\": \" Non-default security groups were defined which were unused and may not be required. This being the case, their existence in the configuration increases the risk that they may be inappropriately assigned. The unused security groups should be reviewed and removed if no longer required.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html\"\n    ],\n    \"dashboard_name\": \"Security groups\",\n    \"path\": \"ec2.regions.id.vpcs.id.security_groups.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.\",\n            \"withoutKey\",\n            \"used_by\"\n        ],\n        [\n            \"ec2.regions.id.vpcs.id.security_groups.id.name\",\n            \"notEqual\",\n            \"default\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/elb-listener-allowing-cleartext.json",
    "content": "{\n    \"description\": \"Load Balancer Allowing Clear Text (HTTP) Communication\",\n    \"rationale\": \"Use of a secure protocol (HTTPS or SSL) is best practice for encrypted communication. A load balancer without a listener using an encrypted protocol can be vulnerable to eavesdropping and man-in-the-middle attacks.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-listener-config.html\"\n    ],\n    \"dashboard_name\": \"Load Balancer Listeners\",\n    \"display_path\": \"elb.regions.id.vpcs.id.elbs.id\",\n    \"path\": \"elb.regions.id.vpcs.id.elbs.id.listeners.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"elb.regions.id.vpcs.id.elbs.id.listeners.id.Protocol\",\n            \"containNoneOf\",\n            [\n                \"HTTPS\",\n                \"SSL\"\n            ]\n        ],\n        [\n            \"elb.regions.id.vpcs.id.elbs.id.listeners.id.LoadBalancerPort\",\n            \"containNoneOf\",\n            [\n                443\n            ]\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/elb-no-access-logs.json",
    "content": "{\n    \"description\": \"Lack of ELB Access Logs\",\n    \"rationale\": \"Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Each log contains information such as the time the request was received, the client's IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and identify security issues.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html\"\n    ],\n    \"dashboard_name\": \"Load Balancers\",\n    \"path\": \"elb.regions.id.vpcs.id.elbs.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"elb.regions.id.vpcs.id.elbs.id.attributes.AccessLog.Enabled\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/elb-older-ssl-policy.json",
    "content": "{\n    \"description\": \"Older SSL/TLS Policy\",\n    \"rationale\": \"Use of the latest TLS policies is best practice. The recommended predefined security policies are:<ul><li>ELBSecurityPolicy-2016-08</li><li>ELBSecurityPolicy-FS-2018-06</li><li>ELBSecurityPolicy-TLS-1-1-2017-01</li><li>ELBSecurityPolicy-TLS-1-2-2017-01</li><li>ELBSecurityPolicy-TLS-1-2-Ext-2018-06</li><li>ELBSecurityPolicy-FS-1-1-2019-08</li><li>ELBSecurityPolicy-FS-1-2-2019-08</li><li>ELBSecurityPolicy-FS-1-2-Res-2019-08</li><li>ELBSecurityPolicy-FS-1-2-Res-2020-10</li></ul>\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html\"\n    ],\n    \"dashboard_name\": \"Load Balancer Listeners Security Policy\",\n    \"display_path\": \"elb.regions.id.elb_policies.id.reference_security_policy\",\n    \"path\": \"elb.regions.id.elb_policies.id.reference_security_policy\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"this\",\n            \"containNoneOf\",\n            [\n                \"ELBSecurityPolicy-2016-08\",\n                \"ELBSecurityPolicy-TLS-1-1-2017-01\",\n                \"ELBSecurityPolicy-TLS-1-2-2017-01\",\n                \"ELBSecurityPolicy-TLS-1-2-Ext-2018-06\",\n                \"ELBSecurityPolicy-FS-2018-06\",\n                \"ELBSecurityPolicy-FS-1-1-2019-08\",\n                \"ELBSecurityPolicy-FS-1-2-2019-08\",\n                \"ELBSecurityPolicy-FS-1-2-Res-2019-08\",\n                \"ELBSecurityPolicy-FS-1-2-Res-2020-10\",\n                \"ELBSecurityPolicy-TLS13-1-2-2021-06\",\n                \"ELBSecurityPolicy-TLS13-1-2-Res-2021-06\",\n                \"ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06\",\n                \"ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06\",\n                \"ELBSecurityPolicy-TLS13-1-1-2021-06\",\n                \"ELBSecurityPolicy-TLS13-1-0-2021-06\",\n                \"ELBSecurityPolicy-TLS13-1-3-2021-06\"\n            ]\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/elbv2-http-request-smuggling.json",
    "content": "{\n    \"description\": \"Drop Invalid Header Fields Disabled\",\n    \"rationale\": \"Dropping invalid header fields should be enabled in order to mitigate the risk of request smuggling attacks.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_LoadBalancerAttribute.html\",\n        \"https://medium.com/@emilefugulin/http-desync-attacks-with-python-and-aws-1ba07d2c860f\",\n        \"https://99designs.com/blog/engineering/request-smuggling/\",\n        \"https://portswigger.net/web-security/request-smuggling\"\n    ],\n    \"dashboard_name\": \"Load Balancer Attributes\",\n    \"display_path\": \"elbv2.regions.id.vpcs.id.lbs.id\",\n    \"path\": \"elbv2.regions.id.vpcs.id.lbs.id.attributes.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"Key\",\n            \"equal\",\n            \"routing.http.drop_invalid_header_fields.enabled\"\n        ],\n        [\n            \"Value\",\n            \"equal\",\n            \"false\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/elbv2-listener-allowing-cleartext.json",
    "content": "{\n    \"description\": \"Load Balancer Allowing Clear Text (HTTP) Communication\",\n    \"rationale\": \"Use of a secure protocol (HTTPS or SSL) is best practice for encrypted communication. A load balancer without a listener using an encrypted protocol can be vulnerable to eavesdropping and man-in-the-middle attacks.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-https-load-balancers.html\",\n        \"https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html\",\n        \"https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html\"\n    ],\n    \"dashboard_name\": \"Load Balancer Listeners\",\n    \"display_path\": \"elbv2.regions.id.vpcs.id.lbs.id\",\n    \"path\": \"elbv2.regions.id.vpcs.id.lbs.id.listeners.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"elbv2.regions.id.vpcs.id.lbs.id.listeners.id.Protocol\",\n            \"equal\",\n            \"HTTP\"\n        ],\n        [\"or\",\n            [\n                \"elbv2.regions.id.vpcs.id.lbs.id.listeners.id.DefaultActions\",\n                \"notContainString\",\n                \"'Type': 'redirect'\"\n            ],\n            [\n                \"elbv2.regions.id.vpcs.id.lbs.id.listeners.id.DefaultActions\",\n                \"notContainString\",\n                \"'Protocol': 'HTTPS'\"\n            ]\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/elbv2-no-access-logs.json",
    "content": "{\n    \"description\": \"Lack of ELBv2 Access Logs\",\n    \"rationale\": \"Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Each log contains information such as the time the request was received, the client's IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and identify security issues.<br><br>Note that for Network Load Balancers, access logs are created only if the load balancer has a TLS listener.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html\",\n        \"https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-access-logs.html\"\n    ],\n    \"dashboard_name\": \"Load Balancer Attributes\",\n    \"display_path\": \"elbv2.regions.id.vpcs.id.lbs.id\",\n    \"path\": \"elbv2.regions.id.vpcs.id.lbs.id.attributes.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"Key\",\n            \"equal\",\n            \"access_logs.s3.enabled\"\n        ],\n        [\n            \"Value\",\n            \"equal\",\n            \"false\"\n        ],\n        [\n            \"or\",\n            [\n                \"elbv2.regions.id.vpcs.id.lbs.id.Type\",\n                \"equal\",\n                \"application\"\n            ],\n            [\n                \"and\",\n                [\n                    \"elbv2.regions.id.vpcs.id.lbs.id.Type\",\n                    \"equal\",\n                    \"network\"\n                ],\n                [\n                    \"elbv2.regions.id.vpcs.id.lbs._GET_VALUE_AT_(elbv2.regions.id.vpcs.id.lbs.id).listener_protocols\",\n                    \"containAtLeastOneOf\",\n                    [\n                        \"TLS\"\n                    ]\n                ]\n            ]\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/elbv2-no-deletion-protection.json",
    "content": "{\n    \"description\": \"Lack of Deletion Protection\",\n    \"rationale\": \"Enabling deletion protection on load balancers mitigates risks of accidental deletion.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#deletion-protection\"\n    ],\n    \"dashboard_name\": \"Load Balancer Attributes\",\n    \"display_path\": \"elbv2.regions.id.vpcs.id.lbs.id\",\n    \"path\": \"elbv2.regions.id.vpcs.id.lbs.id.attributes.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"Key\",\n            \"equal\",\n            \"deletion_protection.enabled\"\n        ],\n        [\n            \"Value\",\n            \"equal\",\n            \"false\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/elbv2-older-ssl-policy.json",
    "content": "{\n    \"description\": \"Older SSL/TLS Policy\",\n    \"rationale\": \"Use of the latest TLS policies is best practice. The recommended predefined security policies are:<ul><li>ELBSecurityPolicy-2016-08</li><li>ELBSecurityPolicy-FS-2018-06</li><li>ELBSecurityPolicy-TLS-1-1-2017-01</li><li>ELBSecurityPolicy-TLS-1-2-2017-01</li><li>ELBSecurityPolicy-TLS-1-2-Ext-2018-06</li><li>ELBSecurityPolicy-FS-1-1-2019-08</li><li>ELBSecurityPolicy-FS-1-2-2019-08</li><li>ELBSecurityPolicy-FS-1-2-Res-2019-08</li><li>ELBSecurityPolicy-FS-1-2-Res-2020-10</li></ul>\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies\"\n    ],\n    \"dashboard_name\": \"Load Balancer Listeners\",\n    \"display_path\": \"elbv2.regions.id.vpcs.id.lbs.id\",\n    \"path\": \"elbv2.regions.id.vpcs.id.lbs.id.listeners.id.SslPolicy\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"this\",\n            \"containNoneOf\",\n            [\n                \"ELBSecurityPolicy-2016-08\",\n                \"ELBSecurityPolicy-TLS-1-1-2017-01\",\n                \"ELBSecurityPolicy-TLS-1-2-2017-01\",\n                \"ELBSecurityPolicy-TLS-1-2-Ext-2018-06\",\n                \"ELBSecurityPolicy-FS-2018-06\",\n                \"ELBSecurityPolicy-FS-1-1-2019-08\",\n                \"ELBSecurityPolicy-FS-1-2-2019-08\",\n                \"ELBSecurityPolicy-FS-1-2-Res-2019-08\",\n                \"ELBSecurityPolicy-FS-1-2-Res-2020-10\",\n                \"ELBSecurityPolicy-TLS13-1-2-2021-06\",\n                \"ELBSecurityPolicy-TLS13-1-2-Res-2021-06\",\n                \"ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06\",\n                \"ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06\",\n                \"ELBSecurityPolicy-TLS13-1-1-2021-06\",\n                \"ELBSecurityPolicy-TLS13-1-0-2021-06\",\n                \"ELBSecurityPolicy-TLS13-1-3-2021-06\"\n            ]\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-assume-role-lacks-external-id-and-mfa.json",
    "content": "{\n    \"description\": \"Cross-Account AssumeRole Policy Lacks External ID and MFA\",\n    \"rationale\": \"When authorizing cross-account role assumption, either an External ID or MFA should be required. If the role is intended for use by a service, an External ID can prevent \\\"confused deputy\\\" attacks. If the role is intended for use by an external user, then MFA will strengthen the authentication by requiring a second factor.\",\n    \"references\": [\n        \"https://research.nccgroup.com/2019/12/18/demystifying-aws-assumerole-and-stsexternalid/\",\n        \"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html\"\n    ],\n    \"dashboard_name\": \"Roles\",\n    \"display_path\": \"iam.roles.id\",\n    \"path\": \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Effect\",\n            \"equal\",\n            \"Allow\"\n        ],\n        [\n            \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.\",\n            \"containAction\",\n            \"sts:AssumeRole\"\n        ],\n        [\n            \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Principal\",\n            \"withKeyCaseInsensitive\",\n            \"AWS\"\n        ],\n        [\n            \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Principal.AWS\",\n            \"isCrossAccount\",\n            \"_ACCOUNT_ID_\"\n        ],\n        [\n            \"or\",\n            [\n                \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.\",\n                \"withoutKey\",\n                \"Condition\"\n            ],\n            [\n                \"and\",\n                [\n                    \"or\",\n                    [\n                        \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Condition\",\n                        \"withoutKey\",\n                        \"Bool\"\n                    ],\n                    [\n                        \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Condition.Bool.\",\n                        \"withoutKey\",\n                        \"aws:MultiFactorAuthPresent\"\n                    ],\n                    [\n                        \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Condition.Bool.aws:MultiFactorAuthPresent\",\n                        \"notTrue\",\n                        \"\"\n                    ]\n                ],\n                [\n                    \"or\",\n                    [\n                        \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Condition\",\n                        \"withoutKey\",\n                        \"BoolIfExists\"\n                    ],\n                    [\n                        \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Condition.BoolIfExists.\",\n                        \"withoutKey\",\n                        \"aws:MultiFactorAuthPresent\"\n                    ],\n                    [\n                        \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Condition.BoolIfExists.aws:MultiFactorAuthPresent\",\n                        \"notTrue\",\n                        \"\"\n                    ]\n                ]\n            ]\n        ],\n        [\n            \"or\",\n            [\n                \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.\",\n                \"withoutKey\",\n                \"Condition\"\n            ],\n            [\n                \"and\",\n                [\n                    \"or\",\n                    [\n                        \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Condition\",\n                        \"withoutKey\",\n                        \"StringEquals\"\n                    ],\n                    [\n                        \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Condition.StringEquals.\",\n                        \"withoutKey\",\n                        \"sts:ExternalId\"\n                    ],\n                    [\n                        \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Condition.StringEquals.sts:ExternalId\",\n                        \"empty\",\n                        \"\"\n                    ]\n                ],\n                [\n                    \"or\",\n                    [\n                        \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Condition\",\n                        \"withoutKey\",\n                        \"StringLike\"\n                    ],\n                    [\n                        \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Condition.StringLike.\",\n                        \"withoutKey\",\n                        \"sts:ExternalId\"\n                    ],\n                    [\n                        \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Condition.StringLike.sts:ExternalId\",\n                        \"empty\",\n                        \"\"\n                    ]\n                ]\n            ]\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-assume-role-no-mfa.json",
    "content": "{\n    \"description\": \"AssumeRole Policy Lacks MFA\",\n    \"rationale\": \"When authorizing assumption, MFA should be required.\",\n    \"references\": [\n        \"https://research.nccgroup.com/2019/12/18/demystifying-aws-assumerole-and-stsexternalid/\"\n    ],\n    \"dashboard_name\": \"Roles\",\n    \"display_path\": \"iam.roles.id\",\n    \"path\": \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Effect\",\n            \"equal\",\n            \"Allow\"\n        ],\n        [\n            \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.\",\n            \"containAction\",\n            \"sts:AssumeRole\"\n        ],\n        [\n            \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Principal\",\n            \"withKeyCaseInsensitive\",\n            \"AWS\"\n        ],\n        [\n            \"or\",\n            [\n                \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.\",\n                \"withoutKey\",\n                \"Condition\"\n            ],\n            [\n                \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Condition\",\n                \"withoutKey\",\n                \"Bool\"\n            ],\n            [\n                \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Condition.Bool.\",\n                \"withoutKey\",\n                \"aws:MultiFactorAuthPresent\"\n            ],\n            [\n                \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Condition.Bool.aws:MultiFactorAuthPresent\",\n                \"notTrue\",\n                \"\"\n            ]\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-assume-role-policy-allows-all.json",
    "content": "{\n    \"description\": \"AssumeRole Policy Allows All Principals\",\n    \"rationale\": \"Setting the AssumeRole policy's principal attribute to \\\"AWS:*\\\" means that anyone is authorized to assume the role and access the AWS account.\",\n    \"references\": [\n        \"https://research.nccgroup.com/2019/12/18/demystifying-aws-assumerole-and-stsexternalid/\"\n    ],\n    \"dashboard_name\": \"Roles\",\n    \"display_path\": \"iam.roles.id\",\n    \"path\": \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Effect\",\n            \"equal\",\n            \"Allow\"\n        ],\n        [\n            \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.\",\n            \"containAction\",\n            \"sts:AssumeRole\"\n        ],\n        [\n            \"_INCLUDE_(conditions/policy-statement-any-principal.json)\",\n            [\n                \"_STATEMENT_\"\n            ],\n            [\n                \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id\"\n            ]\n        ],\n        [\n            \"_INCLUDE_(conditions/policy-statement-poor-condition.json)\",\n            [\n                \"_STATEMENT_\"\n            ],\n            [\n                \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id\"\n            ]\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-ec2-role-without-instances.json",
    "content": "{\n    \"description\": \"Unused Role for EC2 Service\",\n    \"rationale\": \"An EC2 role is defined which is unused and may not be required. This being the case, its existence in the configuration increases the risk that it may be inappropriately assigned. The unused role should be reviewed and removed if no longer required.\",\n    \"references\": [\n        \"https://aws.amazon.com/about-aws/whats-new/2019/11/identify-unused-iam-roles-easily-and-remove-them-confidently-by-using-the-last-used-timestamp/\"\n    ],\n    \"dashboard_name\": \"Roles\",\n    \"display_path\": \"iam.roles.id\",\n    \"path\": \"iam.roles.id.assume_role_policy.Statement.id.Principal\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.roles.id.instances_count\",\n            \"equal\",\n            \"0\"\n        ],\n        [\n            \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Principal.\",\n            \"withKey\",\n            \"Service\"\n        ],\n        [\n            \"iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Principal.Service\",\n            \"equal\",\n            \"ec2.amazonaws.com\"\n        ]\n    ],\n    \"keys\": [\n        \"iam.roles.id.name\",\n        \"this\"\n    ],\n    \"id_suffix\": \"instances\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-group-with-inline-policies.json",
    "content": "{\n    \"description\": \"Group with Inline Policies\",\n    \"rationale\": \"An inline policy is a policy that's embedded in an IAM identity (a user, group, or role). These policies are harder to audit and manage, and should be deprecated in favor of managed policies.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#best-practice-managed-vs-inline\",\n        \"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html\"\n    ],\n    \"dashboard_name\": \"Groups\",\n    \"path\": \"iam.groups.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.groups.id.\",\n            \"withKey\",\n            \"inline_policies\"\n        ],\n        [\n            \"iam.groups.id.inline_policies\",\n            \"notEmpty\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"inline_policies\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-group-with-no-users.json",
    "content": "{\n    \"description\": \"Group with No Users\",\n    \"rationale\": \"Groups with no users should be reviewed and deleted if not necessary.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#use-groups-for-permissions\"\n    ],\n    \"dashboard_name\": \"groups\",\n    \"path\": \"iam.groups.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.groups.id.users\",\n            \"empty\",\n            \"\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-human-user-with-policies.json",
    "content": "{\n    \"description\": \"Human User with _ARG_1_ Policies\",\n    \"rationale\": \"This configuration goes against organizational policies.\",\n    \"dashboard_name\": \"Users\",\n    \"path\": \"iam.users.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.users.id.groups\",\n            \"containAtLeastOneOf\",\n            \"_ARG_0_\"\n        ],\n        [\n            \"iam.users.id.\",\n            \"withKey\",\n            \"_ARG_2_\"\n        ],\n        [\n            \"iam.users.id._ARG_2_\",\n            \"notEmpty\",\n            \"\"\n        ]\n    ],\n    \"key\": \"iam-human-user-with-_ARG_1_-policies\",\n    \"arg_names\": [\n        \"Name of IAM group\",\n        \"Type of policy\",\n        \"Path to policies\"\n    ],\n    \"id_suffix\": \"_ARG_1_\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-NotActions.json",
    "content": "{\n    \"description\": \"Inline _ARG_0_ Policy Allows \\\"NotActions\\\"\",\n    \"rationale\": \"The combination of \\\"effect = allow\\\" and \\\"NotAction\\\" results in the policy allowing every action except those listed in the statement. The target policy does not follow the principle of least privilege because thousands of actions exist in AWS and because this policy automatically authorizes users to perform new actions created, regardless of their nature.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html\",\n        \"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html\",\n        \"https://aws.amazon.com/blogs/security/back-to-school-understanding-the-iam-policy-grammar/\"\n    ],\n    \"dashboard_name\": \"Statements\",\n    \"display_path\": \"iam._ARG_0_s.id\",\n    \"path\": \"iam._ARG_0_s.id.inline_policies.id.PolicyDocument.Statement.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam._ARG_0_s.id.inline_policies.id.PolicyDocument.Statement.id.Effect\",\n            \"equal\",\n            \"Allow\"\n        ],\n        [\n            \"iam._ARG_0_s.id.inline_policies.id.PolicyDocument.Statement.id.\",\n            \"withKey\",\n            \"NotAction\"\n        ]\n    ],\n    \"key\": \"iam-inline-_ARG_0_-policy-allows-NotActions\",\n    \"arg_names\": [\n        \"IAM entity type\"\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-non-sts-action.json",
    "content": "{\n    \"description\": \"Inline _ARG_0_ Policy Allows Non STS Action\",\n    \"rationale\": \"When the principle of least privilege is implemented by exclusively using roles for privilege management, users should only be granted permissions to assume roles. This policy may violate that organizational standard.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html\"\n    ],\n    \"dashboard_name\": \"Statements\",\n    \"display_path\": \"iam._ARG_0_s.id\",\n    \"path\": \"iam._ARG_0_s.id.inline_policies.id.PolicyDocument.Statement.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam._ARG_0_s.id.inline_policies.id.PolicyDocument.Statement.id.Effect\",\n            \"equal\",\n            \"Allow\"\n        ],\n        [\n            \"or\",\n            [\n                \"iam._ARG_0_s.id.inline_policies.id.PolicyDocument.Statement.id.\",\n                \"withoutKey\",\n                \"Action\"\n            ],\n            [\n                \"iam._ARG_0_s.id.inline_policies.id.PolicyDocument.Statement.id.Action\",\n                \"containAtLeastOneDifferentFrom\",\n                \"sts:AssumeRole\"\n            ]\n        ]\n    ],\n    \"key\": \"iam-inline-_ARG_0_-policy-allows-non-sts-action\",\n    \"arg_names\": [\n        \"IAM entity type\",\n        \"Service\",\n        \"Action\"\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-inline-policy-for-role.json",
    "content": "{\n    \"description\": \"Inline _ARG_0_ Policy Allows \\\"_ARG_1_:_ARG_2_\\\" For All Resources\",\n    \"rationale\": \"Using \\\"*\\\" for the resource field might grant permissions to more resources than necessary, potentially introducing privilege escalation scenarios.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html\"\n    ],\n    \"dashboard_name\": \"Policies\",\n    \"display_path\": \"iam._ARG_0_s.id\",\n    \"path\": \"iam._ARG_0_s.id.inline_policies.id.PolicyDocument.Statement.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam._ARG_0_s.id.inline_policies.id.PolicyDocument.Statement.id.Effect\",\n            \"equal\",\n            \"Allow\"\n        ],\n        [\n            \"or\",\n            [\n                \"and\",\n                [\n                    \"iam._ARG_0_s.id.inline_policies.id.PolicyDocument.Statement.id.\",\n                    \"withKey\",\n                    \"Action\"\n                ],\n                [\n                    \"iam._ARG_0_s.id.inline_policies.id.PolicyDocument.Statement.id.Action\",\n                    \"containNoneOf\",\n                    [\n                        \"*\",\n                        \"*:*\"\n                    ]\n                ]\n            ],\n            [\n                \"iam._ARG_0_s.id.inline_policies.id.PolicyDocument.Statement.id.\",\n                \"withKey\",\n                \"NotAction\"\n            ]\n        ],\n        [\n            \"iam._ARG_0_s.id.inline_policies.id.PolicyDocument.Statement.id.\",\n            \"containAction\",\n            \"_ARG_1_:_ARG_2_\"\n        ],\n        [\n            \"_INCLUDE_(conditions/policy-statement-any-resource.json)\",\n            [\n                \"_STATEMENT_\"\n            ],\n            [\n                \"iam._ARG_0_s.id.inline_policies.id.PolicyDocument.Statement.id\"\n            ]\n        ],\n        [\n            \"_INCLUDE_(conditions/policy-statement-poor-condition.json)\",\n            [\n                \"_STATEMENT_\"\n            ],\n            [\n                \"iam._ARG_0_s.id.inline_policies.id.PolicyDocument.Statement.id\"\n            ]\n        ]\n    ],\n    \"key\": \"iam-inline-_ARG_0_-policy-allows-_ARG_1_-_ARG_2_\",\n    \"keys\": [\n        \"iam._ARG_0_s.id.inline_policies.id.name\"\n    ],\n    \"arg_names\": [\n        \"IAM entity type\",\n        \"Service\",\n        \"Action\"\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-lightspin-user-action-denied-for-group.json",
    "content": "{\n    \"description\": \"Policy with Denied User Actions for Group Objects\",\n    \"rationale\": \"When a deny policy is specified for User object actions on a group resource, this will only affect the specific IAM group but not the group members. This could lead to privilege escalation if the user can perform other privileged actions targeting the specific members of the group.\",\n    \"remediation\": \"Define all relevant users in the resource field of the affected policies to avoid ineffective IAM actions and deny all group actions. The alternative would be to use the condition \\\"iam:ResourceTag\\\" in the policy.\",\n    \"references\": [\n        \"https://blog.lightspin.io/aws-iam-groups-authorization-bypass\",\n        \"https://github.com/lightspin-tech/red-shadow\"\n    ],\n    \"dashboard_name\": \"Policies\",\n    \"display_path\": \"iam.policies.id\",\n    \"path\": \"iam.policies.id.PolicyDocument.Statement.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.policies.id.PolicyDocument.Statement.id.Effect\",\n            \"equal\",\n            \"Deny\"\n        ],\n        [\n            \"iam.policies.id.PolicyDocument.Statement.id.\",\n            \"withKey\",\n            \"Resource\"\n        ],\n        [\n            \"iam.policies.id.PolicyDocument.Statement.id.Resource\",\n            \"matchInList\",\n            \"arn:aws:iam::[0-9]+:group/.*\"\n        ],\n        [\n            \"and\",\n            [\n                \"iam.policies.id.PolicyDocument.Statement.id.\",\n                \"withKey\",\n                \"Action\"\n            ],\n            [\n                \"iam.policies.id.PolicyDocument.Statement.id.Action\",\n                \"containAtLeastOneOf\",\n                [\n                    \"*\",\n                    \"iam:CreateUser\",\n                    \"iam:GetUser\",\n                    \"iam:UpdateUser\",\n                    \"iam:DeleteUser\",\n                    \"iam:GetUserPolicy\",\n                    \"iam:PutUserPolicy\",\n                    \"iam:DeleteUserPolicy\",\n                    \"iam:ListUserPolicies\",\n                    \"iam:AttachUserPolicy\",\n                    \"iam:DetachUserPolicy\",\n                    \"iam:ListAttachedUserPolicies\",\n                    \"iam:SimulatePrincipalPolicy\",\n                    \"iam:GetContextKeysForPrincipalPolicy\",\n                    \"iam:TagUser\",\n                    \"iam:UpdateSSHPublicKey\",\n                    \"iam:UntagUser\",\n                    \"iam:GetSSHPublicKey\",\n                    \"iam:ListUserTags\",\n                    \"iam:DeleteSSHPublicKey\",\n                    \"iam:GetLoginProfile\",\n                    \"iam:GetAccessKeyLastUsed\",\n                    \"iam:UpdateLoginProfile\",\n                    \"iam:UploadSigningCertificate\",\n                    \"iam:DeleteLoginProfile\",\n                    \"iam:ListSigningCertificates\",\n                    \"iam:CreateLoginProfile\",\n                    \"iam:UpdateSigningCertificate\",\n                    \"iam:EnableMFADevice\",\n                    \"iam:DeleteSigningCertificate\",\n                    \"iam:ResyncMFADevice\",\n                    \"iam:ListServiceSpecificCredentials\",\n                    \"iam:ListMFADevices\",\n                    \"iam:ResetServiceSpecificCredential\",\n                    \"iam:DeactivateMFADevice\",\n                    \"iam:CreateServiceSpecificCredential\",\n                    \"iam:ChangePassword\",\n                    \"iam:UpdateServiceSpecificCredential\",\n                    \"iam:CreateAccessKey\",\n                    \"iam:DeleteServiceSpecificCredential\",\n                    \"iam:ListAccessKeys\",\n                    \"iam:PutUserPermissionsBoundary\",\n                    \"iam:UpdateAccessKey\",\n                    \"iam:DeleteUserPermissionsBoundary\",\n                    \"iam:DeleteAccessKey\",\n                    \"iam:ListGroupsForUser\",\n                    \"iam:ListSSHPublicKeys\",\n                    \"iam:UploadSSHPublicKey\"\n                ]\n            ]\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-NotActions.json",
    "content": "{\n    \"description\": \"Managed Policy Allows \\\"NotActions\\\"\",\n    \"rationale\": \"The combination of \\\"effect = allow\\\" and \\\"NotAction\\\" results in the policy allowing every action except those listed in the statement. The target policy does not follow the principle of least privilege because thousands of actions exist in AWS and because this policy automatically authorizes users to perform new actions created, regardless of their nature.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html\",\n        \"https://aws.amazon.com/blogs/security/back-to-school-understanding-the-iam-policy-grammar/\"\n    ],\n    \"dashboard_name\": \"Statements\",\n    \"display_path\": \"iam.policies.id\",\n    \"path\": \"iam.policies.id.PolicyDocument.Statement.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.policies.id.arn\",\n            \"notContainString\",\n            \"arn:aws:iam::aws:policy/aws-service-role\"\n        ],\n        [\n            \"iam.policies.id.PolicyDocument.Statement.id.Effect\",\n            \"equal\",\n            \"Allow\"\n        ],\n        [\n            \"iam.policies.id.PolicyDocument.Statement.id.\",\n            \"withKey\",\n            \"NotAction\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json",
    "content": "{\n    \"description\": \"Managed Policy Allows All Actions\",\n    \"rationale\": \"Providing full privileges instead of restricting to the minimum set of permissions that the principal requires exposes the resources to potentially unwanted actions.\",\n    \"remediation\": \"Ensure no managed policies are configured with <samp>Effect: Allow</samp>, <samp>Action: *</samp> and <samp>Resource: *</samp>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.24\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.22\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html\",\n        \"https://aws.amazon.com/blogs/security/back-to-school-understanding-the-iam-policy-grammar/\"\n    ],\n    \"dashboard_name\": \"Statements\",\n    \"display_path\": \"iam.policies.id\",\n    \"path\": \"iam.policies.id.PolicyDocument.Statement.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.policies.id.arn\",\n            \"notContainString\",\n            \"arn:aws:iam::aws:policy/aws-service-role\"\n        ],\n        [\n            \"iam.policies.id.PolicyDocument.Statement.id.Effect\",\n            \"equal\",\n            \"Allow\"\n        ],\n        [\n            \"and\",\n            [\n                \"iam.policies.id.PolicyDocument.Statement.id.\",\n                \"withKey\",\n                \"Action\"\n            ],\n            [\n                \"iam.policies.id.PolicyDocument.Statement.id.Action\",\n                \"containAtLeastOneOf\",\n                [\n                    \"*\",\n                    \"*:*\"\n                ]\n            ]\n        ],\n        [\n            \"_INCLUDE_(conditions/policy-statement-poor-condition.json)\",\n            [\n                \"_STATEMENT_\"\n            ],\n            [\n                \"iam.policies.id.PolicyDocument.Statement.id\"\n            ]\n        ],\n        [\n            \"iam.policies.id.PolicyDocument.Statement.id.Resource\",\n            \"containAtLeastOneOf\",\n            [\n                \"*\"\n            ]\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-non-sts-action.json",
    "content": "{\n    \"description\": \"Managed Policy Allows Non STS Action\",\n    \"rationale\": \"When the principle of least privilege is implemented by exclusively using roles for privilege management, users should only be granted permissions to assume roles. This policy may violate that organizational standard.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html\"\n    ],\n    \"dashboard_name\": \"Statements\",\n    \"display_path\": \"iam.policies.id\",\n    \"path\": \"iam.policies.id.PolicyDocument.Statement.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.policies.id.arn\",\n            \"notContainString\",\n            \"arn:aws:iam::aws:policy/aws-service-role\"\n        ],\n        [\n            \"iam.policies.id.PolicyDocument.Statement.id.Effect\",\n            \"equal\",\n            \"Allow\"\n        ],\n        [\n            \"or\",\n            [\n                \"iam.policies.id.PolicyDocument.Statement.id.\",\n                \"withoutKey\",\n                \"Action\"\n            ],\n            [\n                \"iam.policies.id.PolicyDocument.Statement.id.Action\",\n                \"containAtLeastOneDifferentFrom\",\n                \"sts:AssumeRole\"\n            ]\n        ]\n    ],\n    \"arg_names\": [\n        \"Service\",\n        \"Action\"\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-managed-policy-for-role.json",
    "content": "{\n    \"description\": \"Managed Policy Allows \\\"_ARG_0_:_ARG_1_\\\" For All Resources\",\n    \"rationale\": \"Using \\\"*\\\" for the resource field might grant permissions to more resources than necessary, potentially introducing privilege escalation scenarios.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html\"\n    ],\n    \"dashboard_name\": \"Statements\",\n    \"display_path\": \"iam.policies.id\",\n    \"path\": \"iam.policies.id.PolicyDocument.Statement.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.policies.id.arn\",\n            \"notContainString\",\n            \"arn:aws:iam::aws:policy/aws-service-role\"\n        ],\n        [\n            \"iam.policies.id.PolicyDocument.Statement.id.Effect\",\n            \"equal\",\n            \"Allow\"\n        ],\n        [\n            \"or\",\n            [\n                \"and\",\n                [\n                    \"iam.policies.id.PolicyDocument.Statement.id.\",\n                    \"withKey\",\n                    \"Action\"\n                ],\n                [\n                    \"iam.policies.id.PolicyDocument.Statement.id.Action\",\n                    \"containNoneOf\",\n                    [\n                        \"*\",\n                        \"*:*\"\n                    ]\n                ]\n            ],\n            [\n                \"iam.policies.id.PolicyDocument.Statement.id.\",\n                \"withKey\",\n                \"NotAction\"\n            ]\n        ],\n        [\n            \"iam.policies.id.PolicyDocument.Statement.id.\",\n            \"containAction\",\n            \"_ARG_0_:_ARG_1_\"\n        ],\n        [\n            \"_INCLUDE_(conditions/policy-statement-any-resource.json)\",\n            [\n                \"_STATEMENT_\"\n            ],\n            [\n                \"iam.policies.id.PolicyDocument.Statement.id\"\n            ]\n        ],\n        [\n            \"_INCLUDE_(conditions/policy-statement-poor-condition.json)\",\n            [\n                \"_STATEMENT_\"\n            ],\n            [\n                \"iam.policies.id.PolicyDocument.Statement.id\"\n            ]\n        ]\n    ],\n    \"key\": \"iam-managed-policy-allows-_ARG_0_-_ARG_1_\",\n    \"keys\": [\n        \"iam.policies.id.name\"\n    ],\n    \"arg_names\": [\n        \"Service\",\n        \"Action\"\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-managed-policy-no-attachments.json",
    "content": "{\n    \"description\": \"Managed Policy Not Attached to Any Entity\",\n    \"rationale\": \"Customer Managed policies should be reviewed and deleted if not necessary.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#customer-managed-policies\"\n    ],\n    \"dashboard_name\": \"Policies\",\n    \"display_path\": \"iam.policies.id\",\n    \"path\": \"iam.policies.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.policies.id.attached_to\",\n            \"empty\",\n            \"\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-no-support-role.json",
    "content": "{\n    \"description\": \"No Authorized User to Manage Incidents with AWS Support\",\n    \"rationale\": \"The <samp>arn:aws:iam::aws:policy/AWSSupportAccess</samp> AWS Managed Policy was not found to be attached to any principal. There should be at least one user authorized to manage incidents with AWS Support.\",\n    \"remediation\": \"Attach the AWSSupportAccess to a role or group\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.22\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.20\"\n        }\n    ],\n    \"dashboard_name\": \"Policies\",\n    \"display_path\": \"iam.policies.id\",\n    \"path\": \"iam.policies.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.policies.id.arn\",\n            \"equal\",\n            \"arn:aws:iam::aws:policy/AWSSupportAccess\"\n        ],\n        [\n            \"iam.policies.id.attached_to\",\n            \"empty\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-password-policy-expiration-threshold.json",
    "content": "{\n    \"description\": \"Passwords Expire after _ARG_0_ Days\",\n    \"rationale\": \"Password expiration is disabled, or expiration time is set to a too high value. As a result, compromised credentials could be used by potential attackers for a larger period of time. Periodic password change enforced with an appropriate password expiration policy could help to mitigate this issue.\",\n    \"remediation\": \"Enable password expiration and set the expiration period to 90 days or less\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.11\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.11\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.11\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.11\"\n    ],\n    \"dashboard_name\": \"Password policy\",\n    \"display_path\": \"iam.password_policy.MaxPasswordAge\",\n    \"path\": \"iam.password_policy\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"iam.password_policy.ExpirePasswords\",\n            \"false\",\n            \"\"\n        ],\n        [\n            \"iam.password_policy.MaxPasswordAge\",\n            \"moreThan\",\n            \"_ARG_0_\"\n        ]\n    ],\n    \"arg_names\": [\n        \"Maximum password age\"\n    ],\n    \"id_suffix\": \"MaxPasswordAge\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-password-policy-minimum-length.json",
    "content": "{\n    \"description\": \"Minimum Password Length Too Short\",\n    \"rationale\": \"The password policy did not enforce a minimum of _ARG_0_ characters. As a result, password complexity requirements were not in line with security best practice.\",\n    \"remediation\": \"Ensure the password policy is configured to require a minimum length\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.9\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.9\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.9\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.9\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_complex-password\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/best-practices_member-acct.html#best-practices_mbr-acct_complex-password\"\n    ],\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"iam.password_policy.MinimumPasswordLength\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"lessThan\",\n            \"_ARG_0_\"\n        ]\n    ],\n    \"arg_names\": [\n        \"Minimum password length\"\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-expiration.json",
    "content": "{\n    \"description\": \"Password Expiration Disabled\",\n    \"rationale\": \"Password expiration is disabled. As a result, compromised credentials could be used by potential attackers for a indefinite amount of time. Periodic password change enforced with an appropriate password expiration policy could help to mitigate this issue.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.11\"\n    ],\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"iam.password_policy.ExpirePasswords\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-lowercase-required.json",
    "content": "{\n    \"description\": \"Password Policy Lacks Lowercase Requirement\",\n    \"rationale\": \"The password policy did not require the use of at least one lowercase character. As a result, password complexity requirements were not in line with security best practice.\",\n    \"remediation\": \"Ensure the password policy is configured to require at least one lowercase letter\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.6\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.6\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.6\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.6\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_complex-password\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/best-practices_member-acct.html#best-practices_mbr-acct_complex-password\"\n    ],\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"iam.password_policy.RequireLowercaseCharacters\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-number-required.json",
    "content": "{\n    \"description\": \"Password Policy Lacks Number Requirement\",\n    \"rationale\": \"The password policy did not require the use of at least one number. As a result, password complexity requirements were not in line with security best practice.\",\n    \"remediation\": \"Ensure the password policy is configured to require at least one number\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.8\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.8\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.8\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.8\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_complex-password\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/best-practices_member-acct.html#best-practices_mbr-acct_complex-password\"\n    ],\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"iam.password_policy.RequireNumbers\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-symbol-required.json",
    "content": "{\n    \"description\": \"Password Policy Lacks Symbol Requirement\",\n    \"rationale\": \"The password policy did not require the use of at least one special character. As a result, password complexity requirements were not in line with security best practice.\",\n    \"remediation\": \"Ensure the password policy is configured to require at least one symbol\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.7\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.7\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.7\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.7\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_complex-password\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/best-practices_member-acct.html#best-practices_mbr-acct_complex-password\"\n    ],\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"iam.password_policy.RequireSymbols\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-uppercase-required.json",
    "content": "{\n    \"description\": \"Password Policy Lacks Uppercase Requirement\",\n    \"rationale\": \"The password policy did not require the use of at least one uppercase character. As a result, password complexity requirements were not in line with security best practice.\",\n    \"remediation\": \"Ensure the password policy is configured to require at least one uppercase letter\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.5\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.5\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.5\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.5\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_complex-password\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/best-practices_member-acct.html#best-practices_mbr-acct_complex-password\"\n    ],\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"iam.password_policy.RequireUppercaseCharacters\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-password-policy-reuse-enabled.json",
    "content": "{\n    \"description\": \"Password Policy Allows the Reuse of Passwords\",\n    \"rationale\": \"The password policy allowed password reuse. As a result, password complexity requirements were not in line with security best practice.\",\n    \"remediation\": \"Ensure the password policy is configured to prevent password reuse\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.10\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.10\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.10\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.10\"\n    ],\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"iam.password_policy.PasswordReusePrevention\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-role-with-inline-policies.json",
    "content": "{\n    \"description\": \"Role with Inline Policies\",\n    \"rationale\": \"An inline policy is a policy that's embedded in an IAM identity (a user, group, or role). These policies are harder to audit and manage, and should be deprecated in favor of managed policies.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#best-practice-managed-vs-inline\",\n        \"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html\"\n    ],\n    \"dashboard_name\": \"Roles\",\n    \"path\": \"iam.roles.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.roles.id.\",\n            \"withKey\",\n            \"inline_policies\"\n        ],\n        [\n            \"iam.roles.id.inline_policies\",\n            \"notEmpty\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"inline_policies\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json",
    "content": "{\n    \"description\": \"Root Account without Hardware MFA\",\n    \"rationale\": \"The root account is the most privileged user in an account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled, when a user signs in to an AWS website, they're prompted for their user name and password and for an authentication code from their AWS MFA device.\",\n    \"remediation\": \"Enable MFA for the root account\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.13\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.14\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.14\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.13\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_mfa\"\n    ],\n    \"dashboard_name\": \"Accounts\",\n    \"path\": \"iam.credential_reports.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.credential_reports.id.name\",\n            \"equal\",\n            \"<root_account>\"\n        ],\n        [\n            \"or\",\n            [\n                \"iam.credential_reports.id.mfa_active\",\n                \"notTrue\",\n                \"\"\n            ],\n            [\n                \"iam.credential_reports.id.mfa_active_hardware\",\n                \"false\",\n                \"\"\n            ]\n        ],\n        [\n            \"iam.credential_reports.id.partition\",\n            \"notEqual\",\n            \"aws-us-gov\"\n        ]\n    ],\n    \"keys\": [\n        \"this\"\n    ],\n    \"id_suffix\": \"mfa_active_hardware\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json",
    "content": "{\n    \"description\": \"Root Account without MFA\",\n    \"rationale\": \"The root account is the most privileged user in an account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled, when a user signs in to an AWS website, they're prompted for their user name and password and for an authentication code from their AWS MFA device.\",\n    \"remediation\": \"Enable MFA for the root account\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.13\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.13\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.13\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_mfa\"\n    ],\n    \"dashboard_name\": \"Accounts\",\n    \"path\": \"iam.credential_reports.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.credential_reports.id.name\",\n            \"equal\",\n            \"<root_account>\"\n        ],\n        [\n            \"iam.credential_reports.id.mfa_active\",\n            \"notTrue\",\n            \"\"\n        ],\n        [\n            \"iam.credential_reports.id.partition\",\n            \"notEqual\",\n            \"aws-us-gov\"\n        ]\n    ],\n    \"keys\": [\n        \"this\"\n    ],\n    \"id_suffix\": \"mfa_active\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json",
    "content": "{\n    \"description\": \"Root Account Used Recently\",\n    \"rationale\": \"The root account is the most privileged user in an account. As a best practice, the root account should only be used when required for root-only tasks.\",\n    \"remediation\": \"Follow the remediation instructions of the Ensure IAM policies are attached only to groups or roles recommendation\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.1\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.1\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.1\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-standards-cis-controls-1.1\",\n        \"https://docs.aws.amazon.com/general/latest/gr/aws_tasks-that-require-root.html\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-use\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_review-access\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_document-processes\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_monitor-access\"\n    ],\n    \"dashboard_name\": \"Root account\",\n    \"path\": \"iam.credential_reports.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.credential_reports.id.password_last_used\",\n            \"notNull\",\n            \"\"\n        ],\n        [\n            \"iam.credential_reports.id.password_last_used\",\n            \"newerThan\",\n            [\n                \"90\",\n                \"days\"\n            ]\n        ],\n        [\n            \"iam.credential_reports.id.name\",\n            \"equal\",\n            \"<root_account>\"\n        ]\n    ],\n    \"id_suffix\": \"password_last_used\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-certs.json",
    "content": "{\n    \"description\": \"Root Account Has Active X.509 Certs\",\n    \"rationale\": \"Root account X.509 certificates should be deleted as they may be used to make SOAP-protocol requests in the context of the root account.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-standards-cis-controls-1.1\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-use\"\n    ],\n    \"dashboard_name\": \"Root account\",\n    \"path\": \"iam.credential_reports.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.credential_reports.id.name\",\n            \"equal\",\n            \"<root_account>\"\n        ],\n        [\n            \"or\",\n            [\n                \"iam.credential_reports.id.cert_1_active\",\n                \"true\",\n                \"\"\n            ],\n            [\n                \"iam.credential_reports.id.cert_2_active\",\n                \"true\",\n                \"\"\n            ]\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json",
    "content": "{\n    \"description\": \"Root Account Has Active Keys\",\n    \"rationale\": \"AWS root account access keys should be deleted as they provide unrestricted access to the AWS Account.\",\n    \"remediation\": \"Delete or disable active root account access keys\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.12\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.12\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.12\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-standards-cis-controls-1.1\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-use\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_review-access\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_document-processes\"\n    ],\n    \"dashboard_name\": \"Root account\",\n    \"path\": \"iam.credential_reports.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.credential_reports.id.name\",\n            \"equal\",\n            \"<root_account>\"\n        ],\n        [\n            \"or\",\n            [\n                \"iam.credential_reports.id.access_key_1_active\",\n                \"true\",\n                \"\"\n            ],\n            [\n                \"iam.credential_reports.id.access_key_2_active\",\n                \"true\",\n                \"\"\n            ]\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-service-user-with-password.json",
    "content": "{\n    \"description\": \"Service User with Password Enabled\",\n    \"rationale\": \"A user meant to be used for a service or application not hosted in AWS was found to have password authentication enabled. This goes against security best practice, which recommends that these types of users should only have API authentication enabled, to minimize the likeliness of account compromise.\",\n    \"dashboard_name\": \"Users\",\n    \"path\": \"iam.users.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.users.id.\",\n            \"withKey\",\n            \"LoginProfile\"\n        ],\n        [\n            \"iam.users.id.groups\",\n            \"containAtLeastOneOf\",\n            \"_ARG_0_\"\n        ]\n    ],\n    \"arg_names\": [\n        \"Group for service users\"\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json",
    "content": "{\n    \"description\": \"Credentials Unused for _ARG_0_ Days or Greater Are Not Disabled\",\n    \"rationale\": \"Disabling or removing unnecessary credentials will reduce the window of opportunity for compromised accounts to be used.\",\n    \"remediation\": \"Ensure that all credentials (including passwords and access keys) have been used and changed in the last _ARG_0_ days\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.3\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.3\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.3\"\n        }\n    ],\n    \"dashboard_name\": \"Users\",\n    \"path\": \"iam.credential_reports.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"and\",\n            [\n                \"iam.credential_reports.id.password_enabled\",\n                \"true\",\n                \"\"\n            ],\n            [\n                \"and\",\n                [\n                    \"iam.credential_reports.id.password_last_used\",\n                    \"notNull\",\n                    \"\"\n                ],\n                [\n                    \"iam.credential_reports.id.password_last_used\",\n                    \"olderThan\",\n                    [\n                        \"_ARG_0_\",\n                        \"days\"\n                    ]\n                ]\n            ]\n        ],\n        [\n            \"and\",\n            [\n                \"iam.credential_reports.id.access_key_1_active\",\n                \"true\",\n                \"\"\n            ],\n            [\n                \"and\",\n                [\n                    \"iam.credential_reports.id.access_key_1_last_used_date\",\n                    \"notNull\",\n                    \"\"\n                ],\n                [\n                    \"iam.credential_reports.id.access_key_1_last_used_date\",\n                    \"olderThan\",\n                    [\n                        \"_ARG_0_\",\n                        \"days\"\n                    ]\n                ]\n            ]\n        ],\n        [\n            \"and\",\n            [\n                \"iam.credential_reports.id.access_key_2_active\",\n                \"true\",\n                \"\"\n            ],\n            [\n                \"and\",\n                [\n                    \"iam.credential_reports.id.access_key_2_last_used_date\",\n                    \"notNull\",\n                    \"\"\n                ],\n                [\n                    \"iam.credential_reports.id.access_key_2_last_used_date\",\n                    \"olderThan\",\n                    [\n                        \"_ARG_0_\",\n                        \"days\"\n                    ]\n                ]\n            ]\n        ]\n    ],\n    \"arg_names\": [\n        \"Period in days\"\n    ],\n    \"class_suffix\": \"unused_credentials\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-user-no-key-rotation.json",
    "content": "{\n    \"description\": \"Lack of Key Rotation for _ARG_1_ Days (Key Status: _ARG_0_)\",\n    \"rationale\": \"In case of access key compromise, the lack of credential rotation increases the period during which an attacker has access to the AWS account.\",\n    \"remediation\": \"Rotate access keys that have not been changed recently\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.4\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.4\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.4\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#rotate-credentials\"\n    ],\n    \"dashboard_name\": \"Access keys\",\n    \"display_path\": \"iam.users.id\",\n    \"path\": \"iam.users.id.AccessKeys.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.users.id.AccessKeys.id.Status\",\n            \"equal\",\n            \"_ARG_0_\"\n        ],\n        [\n            \"iam.users.id.AccessKeys.id.CreateDate\",\n            \"olderThan\",\n            [\n                \"_ARG_1_\",\n                \"days\"\n            ]\n        ]\n    ],\n    \"key\": \"iam-user-no-_ARG_0_-key-rotation.json\",\n    \"arg_names\": [\n        \"Key status\",\n        \"Rotation period\"\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-user-not-in-category-group.json",
    "content": "{\n    \"description\": \"User Not in Category Group\",\n    \"rationale\": \"This configuration goes against organizational policies.\",\n    \"dashboard_name\": \"Users\",\n    \"path\": \"iam.users.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.users.id.groups\",\n            \"containNoneOf\",\n            \"_ARG_0_\"\n        ]\n    ],\n    \"arg_names\": [\n        \"Category groups\"\n    ],\n    \"id_suffix\": \"user_groups\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-user-not-in-common-group.json",
    "content": "{\n    \"description\": \"User Not in Common Group\",\n    \"rationale\": \"This configuration goes against organizational policies.\",\n    \"dashboard_name\": \"Users\",\n    \"path\": \"iam.users.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.users.id.groups\",\n            \"containNoneOf\",\n            \"_ARG_0_\"\n        ]\n    ],\n    \"arg_names\": [\n        \"Common group\"\n    ],\n    \"id_suffix\": \"user_groups\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-user-unused-access-key-initial-setup.json",
    "content": "{\n    \"description\": \"Users with Access Keys Created during Initial Setup and Not Used\",\n    \"rationale\": \"Not creating access keys during initial user setup will avoid unnecessary management work and give more control over keys used somewhere in the organization.\",\n    \"remediation\": \"Do not setup access keys during initial user setup. Instead, require users to create the keys themselves or put in a support ticket to have them created\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.23\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.21\"\n        }\n    ],\n    \"dashboard_name\": \"Users\",\n    \"path\": \"iam.credential_reports.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"and\",\n            [\n                \"iam.credential_reports.id.access_key_1_active\",\n                \"true\",\n                \"\"\n            ],\n            [\n                \"iam.credential_reports.id.access_key_1_last_used_date\",\n                \"equal\",\n                \"None\"\n            ]\n        ],\n        [\n            \"and\",\n            [\n                \"iam.credential_reports.id.access_key_2_active\",\n                \"true\",\n                \"\"\n            ],\n            [\n                \"iam.credential_reports.id.access_key_2_last_used_date\",\n                \"equal\",\n                \"None\"\n            ]\n        ]\n    ],\n    \"class_suffix\": \"unused_access_keys\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-user-with-multiple-access-keys.json",
    "content": "{\n    \"description\": \"User with Multiple API Keys\",\n    \"rationale\": \"The user was configured to have more than one active API keys associated with the account. Redundant or unused API keys should be removed.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html\"\n    ],\n    \"dashboard_name\": \"Users\",\n    \"path\": \"iam.users.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.users.id.AccessKeys\",\n            \"lengthMoreThan\",\n            \"1\"\n        ],\n        [\n            \"iam.users.id.AccessKeys.0.Status\",\n            \"equal\",\n            \"Active\"\n        ],\n        [\n            \"iam.users.id.AccessKeys.1.Status\",\n            \"equal\",\n            \"Active\"\n        ]\n    ],\n    \"keys\": [\n        \"iam.users.id.name\",\n        \"iam.users.id.AccessKeys\"\n    ],\n    \"id_suffix\": \"multiple_api_keys\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-user-with-password-and-key.json",
    "content": "{\n    \"description\": \"User with Password and Keys Enabled\",\n    \"rationale\": \"The user was found to have configured with both password and API keys for authentication. This is considered against security best practice.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html\",\n        \"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html\"\n    ],\n    \"dashboard_name\": \"Users\",\n    \"path\": \"iam.users.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.users.id.\",\n            \"withKey\",\n            \"LoginProfile\"\n        ],\n        [\n            \"iam.users.id.AccessKeys\",\n            \"notEmpty\",\n            \"\"\n        ]\n    ],\n    \"keys\": [\n        \"iam.users.id.name\"\n    ],\n    \"id_suffix\": \"password_and_keys\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-user-with-policies.json",
    "content": "{\n    \"description\": \"User with _ARG_0_ Policies\",\n    \"rationale\": \"The user was found to be attached to inline policies. This can increase the complexity in user and policy management, and increase the risk of the user being assigned or retaining excessive permissions.\",\n    \"remediation\": \"Ensure IAM policies are only attached to groups or roles\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.15\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.16\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.16\"\n        }\n    ],\n    \"dashboard_name\": \"Users\",\n    \"path\": \"iam.users.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.users.id.\",\n            \"withKey\",\n            \"_ARG_1_\"\n        ],\n        [\n            \"iam.users.id._ARG_1_\",\n            \"notEmpty\",\n            \"\"\n        ]\n    ],\n    \"key\": \"iam-user-with-_ARG_0_-policies\",\n    \"arg_names\": [\n        \"Type of policy\",\n        \"Path to policies\"\n    ],\n    \"id_suffix\": \"_ARG_1_\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json",
    "content": "{\n    \"description\": \"User without MFA\",\n    \"rationale\": \"All IAM users should have MFA. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled, when a user signs in to an AWS website, they're prompted for their user name and password and for an authentication code from their AWS MFA device.\",\n    \"remediation\": \"Enable MFA for all users in the AWS account\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.2\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.2\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.2\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#enable-mfa-for-privileged-users\",\n        \"https://docs.aws.amazon.com/organizations/latest/userguide/best-practices_member-acct.html#best-practices_mbr-acct_mfa\"\n    ],\n    \"dashboard_name\": \"Users\",\n    \"path\": \"iam.users.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.users.id.\",\n            \"withKey\",\n            \"LoginProfile\"\n        ],\n        [\n            \"iam.users.id.MFADevices\",\n            \"empty\",\n            \"\"\n        ]\n    ],\n    \"keys\": [\n        \"iam.users.id.name\"\n    ],\n    \"id_suffix\": \"mfa_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/kms-cmk-rotation-disabled.json",
    "content": "{\n    \"description\": \"KMS Customer Master Keys (CMKs) with Rotation Disabled\",\n    \"rationale\": \"Cryptographic best practices discourage extensive reuse of encryption keys. Consequently, Customer Master Keys (CMKs) should be rotated to prevent usage of compromised keys.<br><br>Note that AWS KMS supports optional automatic key rotation only for customer managed CMKs.\",\n    \"remediation\": \"For every KMS Customer Master Keys (CMKs), ensure that Rotate this key every year is enabled\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"2.8\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.8\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"2.8\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html\"\n    ],\n    \"dashboard_name\": \"Keys\",\n    \"display_path\": \"kms.regions.id.keys.id\",\n    \"path\": \"kms.regions.id.keys.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kms.regions.id.keys.id.rotation_enabled\",\n            \"false\",\n            \"\"\n        ],\n        [\n            \"kms.regions.id.keys.id.origin\",\n            \"equal\",\n            \"AWS_KMS\"\n        ],\n        [\n            \"kms.regions.id.keys.id.key_manager\",\n            \"equal\",\n            \"CUSTOMER\"\n        ],\n        [\n            \"kms.regions.id.keys.id.key_enabled\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"rotation_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/logs-no-alarm-aws-configuration-changes.json",
    "content": "{\n    \"description\": \"No CloudWatch Alarm for \\\"AWS Configuration Changes\\\"\",\n    \"rationale\": \"There was no CloudWatch alarm to monitor AWS configuration changes. Monitoring for AWS configuration changes will help ensure sustained visibility to changes performed in the AWS account.\",\n    \"remediation\": \"Enable a CloudWatch alarm to detect AWS configuration changes.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"3.9\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.9\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.9\"\n        }\n    ],\n    \"dashboard_name\": \"Alarms\",\n    \"path\": \"cloudwatch.regions.id.metric_filters.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cloudwatch.regions.id.metric_filters_pattern_checks.aws_configuration_changes\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/logs-no-alarm-cloudtrail-configuration-changes.json",
    "content": "{\n    \"description\": \"No CloudWatch Alarm for \\\"CloudTrail Configuration Changes\\\"\",\n    \"rationale\": \"There was no CloudWatch alarm to monitor CloudTrail configuration changes. Monitoring for CloudTrail policy changes will help ensure sustained visibility to activities performed in the AWS account.\",\n    \"remediation\": \"Enable a CloudWatch alarm to monitor CloudTrail configuration changes.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"3.5\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.5\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.5\"\n        }\n    ],\n    \"dashboard_name\": \"Alarms\",\n    \"path\": \"cloudwatch.regions.id.metric_filters.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cloudwatch.regions.id.metric_filters_pattern_checks.cloudtrail_configuration_changes\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/logs-no-alarm-cmk-deletion.json",
    "content": "{\n    \"description\": \"No CloudWatch Alarm for \\\"Disabled or Deleted Master Keys\\\"\",\n    \"rationale\": \"There was no CloudWatch alarm to alert about disabled or deleted master keys. Monitoring for disabled or deleted master keys can prevent permanent loss of data encrypted with such keys.\",\n    \"remediation\": \"Enable a CloudWatch alarm to detect recently disabled or deleted master keys.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"3.7\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.7\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.7\"\n        }\n    ],\n    \"dashboard_name\": \"Alarms\",\n    \"path\": \"cloudwatch.regions.id.metric_filters.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cloudwatch.regions.id.metric_filters_pattern_checks.cmk_deletion\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/logs-no-alarm-console-authentication-failures.json",
    "content": "{\n    \"description\": \"No CloudWatch Alarm for \\\"Failed Console Authentications\\\"\",\n    \"rationale\": \"There was no CloudWatch alarm for failed console authentication requests. Monitoring for failed console authentications can decrease the lead time to detect brute force attacks.\",\n    \"remediation\": \"Enable a CloudWatch alarm to monitor failed authentication attempts.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"3.6\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.6\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.6\"\n        }\n    ],\n    \"dashboard_name\": \"Alarms\",\n    \"path\": \"cloudwatch.regions.id.metric_filters.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cloudwatch.regions.id.metric_filters_pattern_checks.console_authentication_failures\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/logs-no-alarm-iam-policy-changes.json",
    "content": "{\n    \"description\": \"No CloudWatch Alarm for \\\"IAM Policy Changes\\\"\",\n    \"rationale\": \"There was no CloudWatch alarm to monitor IAM policy changes. Monitoring for IAM policy changes will help ensure authentication and authorization control remain intact.\",\n    \"remediation\": \"Enable a CloudWatch alarm to monitor the usage of the root account.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"3.4\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.4\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.4\"\n        }\n    ],\n    \"dashboard_name\": \"Alarms\",\n    \"path\": \"cloudwatch.regions.id.metric_filters.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cloudwatch.regions.id.metric_filters_pattern_checks.iam_policy_changes\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/logs-no-alarm-nacl-changes.json",
    "content": "{\n    \"description\": \"No CloudWatch Alarm for \\\"Network Access Control Lists Changes\\\"\",\n    \"rationale\": \"There was no CloudWatch alarm to detect changes to NACL. Monitoring for NACL changes will help ensure that no service or resource is unintentionally exposed.\",\n    \"remediation\": \"Enable a CloudWatch alarm to detect NACL changes.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"3.11\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.11\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.11\"\n        }\n    ],\n    \"dashboard_name\": \"Alarms\",\n    \"path\": \"cloudwatch.regions.id.metric_filters.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cloudwatch.regions.id.metric_filters_pattern_checks.nacl_changes\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/logs-no-alarm-network-gateways-changes.json",
    "content": "{\n    \"description\": \"No CloudWatch Alarm for \\\"Network Gateways Changes\\\"\",\n    \"rationale\": \"There was no CloudWatch alarm to monitor changes in network gateways. Monitoring for network gateways changes will help ensure that all traffic traverses the VPC border via a controlled path.\",\n    \"remediation\": \"Enable a CloudWatch alarm to detect network gateways changes.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"3.12\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.12\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.12\"\n        }\n    ],\n    \"dashboard_name\": \"Alarms\",\n    \"path\": \"cloudwatch.regions.id.metric_filters.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cloudwatch.regions.id.metric_filters_pattern_checks.network_gateways_changes\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/logs-no-alarm-root-usage.json",
    "content": "{\n    \"description\": \"No CloudWatch Alarm for \\\"Root Account Usage\\\"\",\n    \"rationale\": \"There was no CloudWatch alarm for the usage of the root account. Monitoring for root account log ins will provide visibility into the use of a fully privileged account.\",\n    \"remediation\": \"Enable a CloudWatch alarm to monitor the usage of the root account.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"3.3\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.3\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.3\"\n        }\n    ],\n    \"dashboard_name\": \"Alarms\",\n    \"path\": \"cloudwatch.regions.id.metric_filters.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cloudwatch.regions.id.metric_filters_pattern_checks.root_usage\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/logs-no-alarm-route-table-changes.json",
    "content": "{\n    \"description\": \"No CloudWatch Alarm for \\\"Route Table Changes\\\"\",\n    \"rationale\": \"There was no CloudWatch alarm to monitor changes in route tables. Monitoring for route table changes will help ensure that all VPC traffic flows thorough an expected path.\",\n    \"remediation\": \"Enable a CloudWatch alarm to detect route table changes.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"3.13\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.13\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.13\"\n        }\n    ],\n    \"dashboard_name\": \"Alarms\",\n    \"path\": \"cloudwatch.regions.id.metric_filters.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cloudwatch.regions.id.metric_filters_pattern_checks.route_table_changes\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/logs-no-alarm-s3-policy-changes.json",
    "content": "{\n    \"description\": \"No CloudWatch Alarm for \\\"S3 Bucket Policy Changes\\\"\",\n    \"rationale\": \"There was no CloudWatch alarm to detect changes in S3 bucket policy changes. Monitoring for changes in S3 bucket policy changes may reduce the time to detect and fix permissive policies on sensitive S3 buckets.\",\n    \"remediation\": \"Enable a CloudWatch alarm to detect policy changes in S3 buckets.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"3.8\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.8\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.8\"\n        }\n    ],\n    \"dashboard_name\": \"Alarms\",\n    \"path\": \"cloudwatch.regions.id.metric_filters.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cloudwatch.regions.id.metric_filters_pattern_checks.s3_policy_changes\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/logs-no-alarm-security-group-changes.json",
    "content": "{\n    \"description\": \"No CloudWatch Alarm for \\\"Security Group Changes\\\"\",\n    \"rationale\": \"There was no CloudWatch alarm to monitor changes to security groups. Monitoring for security group changes will help ensure that no service or resource is unintentionally exposed.\",\n    \"remediation\": \"Enable a CloudWatch alarm to monitor security group changes.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"3.10\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.10\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.10\"\n        }\n    ],\n    \"dashboard_name\": \"Alarms\",\n    \"path\": \"cloudwatch.regions.id.metric_filters.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cloudwatch.regions.id.metric_filters_pattern_checks.security_group_changes\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/logs-no-alarm-signin-without-mfa.json",
    "content": "{\n    \"description\": \"No CloudWatch Alarm for \\\"Console Logins without MFA\\\"\",\n    \"rationale\": \"There was no CloudWatch alarm for console log ins without MFA. Monitoring for console log ins without MFA will provide visibility into the use of accounts not protected by Multi Factor Authentication (MFA).\",\n    \"remediation\": \"Enable a CloudWatch alarm to monitor console log ins without MFA.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"3.2\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.2\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.2\"\n        }\n    ],\n    \"dashboard_name\": \"Alarms\",\n    \"path\": \"cloudwatch.regions.id.metric_filters.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cloudwatch.regions.id.metric_filters_pattern_checks.console_login_mfa\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/logs-no-alarm-unauthorized-api-calls.json",
    "content": "{\n    \"description\": \"No CloudWatch Alarm for \\\"Unauthorized API Calls\\\"\",\n    \"rationale\": \"There was no CloudWatch alarm for unauthorized API calls. Monitoring for unauthorized API calls helps reveal application errors and detect malicious activity.\",\n    \"remediation\": \"Enable a CloudWatch alarm to monitor unauthorized API calls.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"3.1\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.1\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.1\"\n        }\n    ],\n    \"dashboard_name\": \"Alarms\",\n    \"path\": \"cloudwatch.regions.id.metric_filters.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cloudwatch.regions.id.metric_filters_pattern_checks.unauthorized_api_calls\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/logs-no-alarm-vpc-changes.json",
    "content": "{\n    \"description\": \"No CloudWatch Alarm for \\\"VPC Changes\\\"\",\n    \"rationale\": \"There was no CloudWatch alarm to monitor VPC changes. Monitoring for VPC changes will help ensure authentication and authorization controls remain intact.\",\n    \"remediation\": \"Enable a CloudWatch alarm to detect VPC changes.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"3.14\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.14\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.14\"\n        }\n    ],\n    \"dashboard_name\": \"Alarms\",\n    \"path\": \"cloudwatch.regions.id.metric_filters.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cloudwatch.regions.id.metric_filters_pattern_checks.vpc_changes\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/rds-instance-backup-disabled.json",
    "content": "{\n    \"description\": \"Instance Backups Disabled\",\n    \"rationale\": \"The backup retention period is a period of time between 0 and 35 days for which you can perform a point-in-time restore. Setting the backup retention period to 0 disables automated backups. Backups should be enabled to enable disaster recovery.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html\",\n        \"https://aws.amazon.com/rds/details/backup/\",\n        \"https://aws.amazon.com/rds/faqs/\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"rds.regions.id.vpcs.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"rds.regions.id.vpcs.id.instances.id.is_read_replica\",\n            \"false\",\n            \"\"\n        ],\n        [\n            \"rds.regions.id.vpcs.id.instances.id.BackupRetentionPeriod\",\n            \"lessThan\",\n            \"1\"\n        ]\n    ],\n    \"id_suffix\": \"BackupRetentionPeriod\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/rds-instance-ca-certificate-deprecated.json",
    "content": "{\n    \"description\": \"Deprecated Certificate Authority Assigned to RDS Instance\",\n    \"rationale\": \"Amazon Web Services is deprecating the RDS Certificate Authority created in 2015 (rds-ca-2015). Any endpoints using TLS to protect RDS communications will fail after March 5th, 2020.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"rds.regions.id.vpcs.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"rds.regions.id.vpcs.id.instances.id.CACertificateIdentifier\",\n            \"containAtLeastOneOf\",\n            [\n                \"rds-ca-2015\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"CACertificateIdentifier\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/rds-instance-no-minor-upgrade.json",
    "content": "{\n    \"description\": \"Auto Minor Version Upgrade Disabled\",\n    \"rationale\": \"Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available. Minor version upgrades often patch security vulnerabilities and fix bugs, and therefor should be applied.\",\n    \"references\": [\n        \"https://aws.amazon.com/blogs/database/best-practices-for-upgrading-amazon-rds-to-major-and-minor-versions-of-postgresql/\",\n        \"https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-rds-enhances-auto-minor-version-upgrades/\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"rds.regions.id.vpcs.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"rds.regions.id.vpcs.id.instances.id.AutoMinorVersionUpgrade\",\n            \"false\",\n            \"\"\n        ],\n        [\n            \"rds.regions.id.vpcs.id.instances.id.Engine\",\n            \"notEqual\",\n            \"sqlserver-se\"\n        ]\n    ],\n    \"id_suffix\": \"AutoMinorVersionUpgrade\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/rds-instance-publicly-accessible.json",
    "content": "{\n    \"description\": \"RDS Instance Publicly Accessible\",\n    \"rationale\": \"Instances should not be publicly accessible as this risks exposing sensitive data.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Hiding\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"rds.regions.id.vpcs.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"rds.regions.id.vpcs.id.instances.id.PubliclyAccessible\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"PubliclyAccessible\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/rds-instance-short-backup-retention-period.json",
    "content": "{\n    \"description\": \"Short Backup Retention Period\",\n    \"rationale\": \"The backup retention period is a period of time between 0 and 35 days for which you can perform a point-in-time restore. Setting the backup retention period to 0 disables automated backups.<br><br>It is recommended that the retention period is set to at least 30 days. Having a short retention period will impact how far back in time the database can be restored to, and may affect integrity and availability of data.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html\",\n        \"https://aws.amazon.com/rds/details/backup/\",\n        \"https://aws.amazon.com/rds/faqs/\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"rds.regions.id.vpcs.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"rds.regions.id.vpcs.id.instances.id.BackupRetentionPeriod\",\n            \"moreThan\",\n            \"0\"\n        ],\n        [\n            \"rds.regions.id.vpcs.id.instances.id.BackupRetentionPeriod\",\n            \"lessThan\",\n            \"30\"\n        ]\n    ],\n    \"id_suffix\": \"BackupRetentionPeriod\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/rds-instance-single-az.json",
    "content": "{\n    \"description\": \"Single AZ RDS Instance\",\n    \"rationale\": \"In case of failure, with a single-AZ deployment configuration, should an availability zone specific database failure occur, Amazon RDS can not automatically fail over to the standby availability zone.\",\n    \"references\": [\n        \"https://aws.amazon.com/rds/features/multi-az/\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"rds.regions.id.vpcs.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"rds.regions.id.vpcs.id.instances.id.MultiAZ\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"MultiAZ\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/rds-instance-storage-not-encrypted.json",
    "content": "{\n    \"description\": \"Instance Storage Not Encrypted\",\n    \"rationale\": \"Data-at-rest should be encrypted.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"rds.regions.id.vpcs.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"rds.regions.id.vpcs.id.instances.id.StorageEncrypted\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"StorageEncrypted\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/rds-postgres-instance-with-invalid-certificate.json",
    "content": "{\n    \"description\": \"Legacy SSL Certificate (PostgreSQL)\",\n    \"rationale\": \"This instance was created prior to August 5, 2014. Consequently, it uses the DB instance endpoint in the Common Name (CN) field of the SSL certificate. Prior to August 5, 2014, SSL certificate verification was not available for VPC-based SQL Server instances. If you have a VPC-based SQL Server DB instance that was created before August 5, 2014, and you want to use SSL certificate verification and ensure that the instance endpoint is included as the CN for the SSL certificate for that DB instance, then rename the instance. When you rename a DB instance, a new certificate is deployed and the instance is rebooted to enable the new certificate.\",\n    \"references\": [\n        \"https://aws.amazon.com/about-aws/whats-new/2017/02/amazon-rds-for-sql-server-supports-forced-ssl/\",\n        \"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/SQLServer.Concepts.General.SSL.Using.html\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"rds.regions.id.vpcs.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"rds.regions.id.vpcs.id.instances.id.Engine\",\n            \"equal\",\n            \"postgres\"\n        ],\n        [\n            \"rds.regions.id.vpcs.id.instances.id.DBInstanceStatus\",\n            \"notEqual\",\n            \"creating\"\n        ],\n        [\n            \"rds.regions.id.vpcs.id.instances.id.InstanceCreateTime\",\n            \"priorToDate\",\n            \"08/05/2014\"\n        ]\n    ],\n    \"id_suffix\": \"pgsslcert\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/rds-security-group-allows-all.json",
    "content": "{\n    \"description\": \"Security Group Allows All IP Addresses\",\n    \"rationale\": \"The security group allows access to RDS instances from any source address, which creates a wider attack surface for resources assigned to it. Source address restrictions should be implemented\",\n    \"dashboard_name\": \"Security Groups\",\n    \"display_path\": \"rds.regions.id.vpcs.id.security_groups.id\",\n    \"path\": \"rds.regions.id.vpcs.id.security_groups.id.ip_ranges\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"rds.regions.id.vpcs.id.security_groups.id.ip_ranges\",\n            \"containAtLeastOneOf\",\n            [\n                \"0.0.0.0/0\",\n                \"::/0\"\n            ]\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/rds-snapshot-public.json",
    "content": "{\n    \"description\": \"Publicly Accessible Snapshot\",\n    \"rationale\": \"Snapshots should never be public, as this risks exposing sensitive data.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ShareSnapshot.html\"\n    ],\n    \"dashboard_name\": \"Snapshots\",\n    \"display_path\": \"rds.regions.id.vpcs.id.snapshots.id\",\n    \"path\": \"rds.regions.id.vpcs.id.snapshots.id.attributes.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"rds.regions.id.vpcs.id.snapshots.id.attributes.id.AttributeName\",\n            \"equal\",\n            \"restore\"\n        ],\n        [\n            \"rds.regions.id.vpcs.id.snapshots.id.attributes.id.AttributeValues\",\n            \"containAtLeastOneOf\",\n            \"all\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/redshift-cluster-database-not-encrypted.json",
    "content": "{\n    \"description\": \"Cluster Database Encryption Disabled\",\n    \"rationale\": \"Data-at-rest should be encrypted.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"redshift.regions.id.vpcs.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"redshift.regions.id.vpcs.id.clusters.id.Encrypted\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"Encrypted\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/redshift-cluster-no-version-upgrade.json",
    "content": "{\n    \"description\": \"Version Upgrade Disabled\",\n    \"rationale\": \"Version upgrade is necessary to ensure major version upgrades will be applied automatically to the cluster within the maintenance window.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyCluster.html\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"redshift.regions.id.vpcs.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"redshift.regions.id.vpcs.id.clusters.id.AllowVersionUpgrade\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"AllowVersionUpgrade\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/redshift-cluster-publicly-accessible.json",
    "content": "{\n    \"description\": \"Cluster Publicly Accessible\",\n    \"rationale\": \"Redshift clusters should never be public, as this increases the risk of exposing sensitive data. Public accessibility means that other AWS users can access your cluster and the data stored in it.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/redshift/latest/gsg/getting-started.html\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"redshift.regions.id.vpcs.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"redshift.regions.id.vpcs.id.clusters.id.PubliclyAccessible\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"PubliclyAccessible\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/redshift-parameter-group-logging-disabled.json",
    "content": "{\n    \"description\": \"User Activity Logging Disabled\",\n    \"rationale\": \"Audit logging is not enabled by default in Amazon Redshift. A lack of user activity logging could impede the ability to investigate issues involving misuse, malicious access or performance.<br><br><b>Note</b> that this rule will only flag non-default parameter groups, as default parameter groups cannot be modified. It is recommended to use custom groups and configure them according to security best practice.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html\"\n    ],\n    \"dashboard_name\": \"Parameter Groups\",\n    \"path\": \"redshift.regions.id.parameter_groups.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"redshift.regions.id.parameter_groups.id.is_default\",\n            \"false\",\n            \"\"\n        ],\n        [\n            \"redshift.regions.id.parameter_groups.id.parameters.enable_user_activity_logging.value\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"enable_user_activity_logging\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/redshift-parameter-group-ssl-not-required.json",
    "content": "{\n    \"description\": \"SSL Not Required\",\n    \"rationale\": \"Parameter groups associated with Redshift clusters should have the \\\"require_ssl\\\" parameter enabled, to ensure that data in transit is encrypted.<br><br><b>Note</b> that this rule will only flag non-default parameter groups, as default parameter groups cannot be modified. It is recommended to use custom groups and configure them according to security best practice.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/redshift/latest/mgmt/connecting-ssl-support.html\"\n    ],\n    \"dashboard_name\": \"Parameter Groups\",\n    \"path\": \"redshift.regions.id.parameter_groups.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"redshift.regions.id.parameter_groups.id.is_default\",\n            \"false\",\n            \"\"\n        ],\n        [\n            \"redshift.regions.id.parameter_groups.id.parameters.require_ssl.value\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"require_ssl\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/redshift-security-group-whitelists-all.json",
    "content": "{\n    \"description\": \"Security Group Allows All Traffic\",\n    \"rationale\": \"The security group allows access to Redshift instances from any source address, which creates a wider attack surface for resources assigned to it. Source address restrictions should be implemented\",\n    \"dashboard_name\": \"Security Groups\",\n    \"display_path\": \"redshift.regions.id.vpcs.id.security_groups.id\",\n    \"path\": \"redshift.regions.id.vpcs.id.security_groups.id.IPRanges.id.CIDRIP\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"this\",\n            \"equal\",\n            \"0.0.0.0/0\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/route53-domain-no-autorenew.json",
    "content": "{\n    \"description\": \"Automatic Renewal Not Set for Domain\",\n    \"rationale\": \"Enable automatic renewal to remove the risk of losing control over your domain names.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-enable-disable-auto-renewal.html\"\n    ],\n    \"dashboard_name\": \"Domains\",\n    \"path\": \"route53.regions.id.domains.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"auto_renew\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"auto_renew\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/route53-domain-no-transferlock.json",
    "content": "{\n    \"description\": \"Domain Transfer Not Locked\",\n    \"rationale\": \"A domain lock prevents someone from transferring your domain to another registrar without your permission.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-lock.html\"\n    ],\n    \"dashboard_name\": \"Domains\",\n    \"path\": \"route53.regions.id.domains.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"transfer_lock\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"transfer_lock\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/route53-domain-transferlock-not-authorized.json",
    "content": "{\n    \"description\": \"Domain Transfer Lock Not Supported by TLD\",\n    \"rationale\": \"A domain lock prevents someone from transferring your domain to another registrar without your permission. Your domain's TLD does not support this feature.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/registrar-tld-list.html\"\n    ],\n    \"dashboard_name\": \"Domains\",\n    \"path\": \"route53.regions.id.domains.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"name\",\n            \"match\",\n            [\n                \".*\\\\.ch$\",\n                \".*\\\\.cl$\",\n                \".*\\\\.co.nz$\",\n                \".*\\\\.co.za$\",\n                \".*\\\\.com.ar$\",\n                \".*\\\\.com.au$\",\n                \".*\\\\.de$\",\n                \".*\\\\.es$\",\n                \".*\\\\.eu$\",\n                \".*\\\\.fi$\",\n                \".*\\\\.fr$\",\n                \".*\\\\.it$\",\n                \".*\\\\.jp$\",\n                \".*\\\\.net.au$\",\n                \".*\\\\.net.nz$\",\n                \".*\\\\.nl$\",\n                \".*\\\\.org.nz$\",\n                \".*\\\\.qa$\",\n                \".*\\\\.ru$\",\n                \".*\\\\.se$\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"transfer_lock\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/s3-bucket-allowing-cleartext.json",
    "content": "{\n    \"description\": \"Bucket Allowing Clear Text (HTTP) Communication\",\n    \"rationale\": \"If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network|Internet.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html\"\n    ],\n    \"dashboard_name\": \"Buckets\",\n    \"path\": \"s3.buckets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"s3.buckets.id.secure_transport_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"secure_transport_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/s3-bucket-no-default-encryption.json",
    "content": "{\n    \"description\": \"Bucket without Default Encryption Enabled\",\n    \"rationale\": \"Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html\",\n        \"https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html\"\n    ],\n    \"dashboard_name\": \"Buckets\",\n    \"path\": \"s3.buckets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"s3.buckets.id.default_encryption_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"default_encryption_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json",
    "content": "{\n    \"description\": \"Bucket Access Logging Disabled\",\n    \"rationale\": \"Server access logging provides detailed records of the requests that are made to a bucket. Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill. <br><br>Note: CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.\",\n    \"remediation\": \"Ensure that S3 buckets have Logging enabled\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"2.6\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.6\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"2.6\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html\"\n    ],\n    \"dashboard_name\": \"Buckets\",\n    \"path\": \"s3.buckets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"s3.buckets.id.logging\",\n            \"equal\",\n            \"Disabled\"\n        ]\n    ],\n    \"id_suffix\": \"logging\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/s3-bucket-no-mfa-delete.json",
    "content": "{\n    \"description\": \"Bucket without MFA Delete\",\n    \"rationale\": \"Enable MFA delete to help protect objects from accidental or unauthorized deletion. It should be noted that MFA Delete can only be configured on buckets that have versioning enabled.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html\"\n    ],\n    \"dashboard_name\": \"Buckets\",\n    \"path\": \"s3.buckets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"s3.buckets.id.version_mfa_delete_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"mfa_delete\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/s3-bucket-no-versioning.json",
    "content": "{\n    \"description\": \"Bucket without Versioning\",\n    \"rationale\": \"Versioning is a means of keeping multiple variants of an object in the same bucket. With versioning, you can easily recover from both unintended user actions and application failures.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html\"\n    ],\n    \"dashboard_name\": \"Buckets\",\n    \"path\": \"s3.buckets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"s3.buckets.id.versioning_status_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"versioning\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/s3-bucket-world-acl.json",
    "content": "{\n    \"description\": \"_ARG_2_\",\n    \"rationale\": \"An S3 bucket has been found that was accessible for _ARG_0_. If sensitive information is stored in this bucket, it could be at risk of being accessed by potential attackers.\",\n    \"dashboard_name\": \"Bucket ACLs\",\n    \"display_path\": \"s3.buckets.id\",\n    \"path\": \"s3.buckets.id.grantees.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"s3.buckets.id.grantees.id.\",\n            \"withKey\",\n            \"URI\"\n        ],\n        [\n            \"s3.buckets.id.grantees.id.URI\",\n            \"equal\",\n            \"http://acs.amazonaws.com/groups/global/_ARG_0_\"\n        ],\n        [\n            \"s3.buckets.id.grantees.id.permissions._ARG_1_\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"key\": \"s3-bucket-_ARG_0_-_ARG_1_\",\n    \"arg_names\": [\n        \"Grantee\",\n        \"Permission\",\n        \"Description\",\n        \"Level\"\n    ],\n    \"id_suffix\": \"_ARG_1_\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-arg.json",
    "content": "{\n    \"description\": \"_ARG_0_ Actions Authorized to All Principals\",\n    \"rationale\": \"Allowing IAM actions to all principals is contrary to the principle of least privilege and presents an opportunity for abuse. This policy should be reviewed to ensure it is secure and in line with the resource's intended use.\",\n    \"dashboard_name\": \"Bucket Policy Statements\",\n    \"display_path\": \"s3.buckets.id\",\n    \"path\": \"s3.buckets.id.policy.Statement.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"s3.buckets.id.\",\n            \"withKey\",\n            \"policy\"\n        ],\n        [\n            \"s3.buckets.id.policy.Statement.id.Effect\",\n            \"equal\",\n            \"Allow\"\n        ],\n        [\n            \"s3.buckets.id.policy.Statement.id.\",\n            \"withoutKey\",\n            \"Condition\"\n        ],\n        [\n            \"s3.buckets.id.policy.Statement.id.\",\n            \"containAction\",\n            \"_ARG_1_\"\n        ],\n        [\n            \"s3.buckets.id.policy.Statement.id.Action\",\n            \"containNoneOf\",\n            [\n                \"s3:*\",\n                \"*\"\n            ]\n        ],\n        [\n            \"_INCLUDE_(conditions/policy-statement-any-principal.json)\",\n            [\n                \"_STATEMENT_\"\n            ],\n            [\n                \"s3.buckets.id.policy.Statement.id\"\n            ]\n        ],\n        [\n            \"_INCLUDE_(conditions/policy-statement-poor-condition.json)\",\n            [\n                \"_STATEMENT_\"\n            ],\n            [\n                \"s3.buckets.id.policy.Statement.id\"\n            ]\n        ]\n    ],\n    \"key\": \"s3-bucket-world-_ARG_0_-policy\",\n    \"keys\": [\n        \"s3.buckets.id\",\n        \"this\",\n        \"s3.buckets.id.policy.Statement.id.Principal\"\n    ],\n    \"arg_names\": [\n        \"Action shortname\",\n        \"Service:Action\"\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json",
    "content": "{\n    \"description\": \"All Actions Authorized to All Principals\",\n    \"rationale\": \"Allowing IAM actions to all principals is contrary to the principle of least privilege and presents an opportunity for abuse. This policy should be reviewed to ensure it is secure and in line with the resource's intended use.\",\n    \"remediation\": \"Remove any Statement having an Effect set to Allow and a Principal set to \\\"*\\\" or {\\\"AWS\\\":\\\"*\\\"} in the affected bucket policy\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"2.3\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.3\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"2.3\"\n        }\n    ],\n    \"dashboard_name\": \"Bucket Policy Statements\",\n    \"display_path\": \"s3.buckets.id\",\n    \"path\": \"s3.buckets.id.policy.Statement.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"s3.buckets.id.\",\n            \"withKey\",\n            \"policy\"\n        ],\n        [\n            \"s3.buckets.id.policy.Statement.id.Effect\",\n            \"equal\",\n            \"Allow\"\n        ],\n        [\n            \"s3.buckets.id.policy.Statement.id.Action\",\n            \"containAtLeastOneOf\",\n            [\n                \"s3:*\",\n                \"*\"\n            ]\n        ],\n        [\n            \"_INCLUDE_(conditions/policy-statement-any-principal.json)\",\n            [\n                \"_STATEMENT_\"\n            ],\n            [\n                \"s3.buckets.id.policy.Statement.id\"\n            ]\n        ],\n        [\n            \"_INCLUDE_(conditions/policy-statement-poor-condition.json)\",\n            [\n                \"_STATEMENT_\"\n            ],\n            [\n                \"s3.buckets.id.policy.Statement.id\"\n            ]\n        ]\n    ],\n    \"arg_names\": [\n        \"Action shortname\",\n        \"Service:Action\"\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ses-identity-dkim-not-enabled.json",
    "content": "{\n    \"description\": \"DKIM Not Enabled\",\n    \"rationale\": \"DKIM signing is not enabled for emails sent from the identity.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-dkim.html\"\n    ],\n    \"dashboard_name\": \"Identities\",\n    \"path\": \"ses.regions.id.identities.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"DkimEnabled\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ses-identity-dkim-not-verified.json",
    "content": "{\n    \"description\": \"DKIM Not Verified\",\n    \"rationale\": \"Amazon SES has not verified the DKIM DNS records (tokens) published in the domain name's DNS.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-dkim.html\"\n    ],\n    \"dashboard_name\": \"Identities\",\n    \"path\": \"ses.regions.id.identities.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"DkimEnabled\",\n            \"true\",\n            \"\"\n        ],\n        [\n            \"DkimVerificationStatus\",\n            \"notEqual\",\n            \"Success\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/ses-identity-world-policy.json",
    "content": "{\n    \"description\": \"_ARG_0_ Authorized to All Principals\",\n    \"rationale\": \"Allowing IAM actions to all principals is contrary to the principle of least privilege and presents an opportunity for abuse. This policy should be reviewed to ensure it is secure and in line with the resource's intended use.\",\n    \"dashboard_name\": \"Statements\",\n    \"display_path\": \"ses.regions.id.identities.id\",\n    \"path\": \"ses.regions.id.identities.id.policies.id.Statement.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"ses.regions.id.identities.id.policies.id.Statement.id.Effect\",\n            \"equal\",\n            \"Allow\"\n        ],\n        [\n            \"ses.regions.id.identities.id.policies.id.Statement.id.\",\n            \"containAction\",\n            \"ses:_ARG_0_\"\n        ],\n        [\n            \"_INCLUDE_(conditions/policy-statement-any-principal.json)\",\n            [\n                \"_STATEMENT_\"\n            ],\n            [\n                \"ses.regions.id.identities.id.policies.id.Statement.id\"\n            ]\n        ],\n        [\n            \"_INCLUDE_(conditions/policy-statement-poor-condition.json)\",\n            [\n                \"_STATEMENT_\"\n            ],\n            [\n                \"ses.regions.id.identities.id.policies.id.Statement.id\"\n            ]\n        ]\n    ],\n    \"key\": \"ses-identity-world-_ARG_0_-policy\",\n    \"arg_names\": [\n        \"SES action\"\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json",
    "content": "{\n    \"description\": \"_ARG_0_ Authorized to All Principals\",\n    \"rationale\": \"Allowing IAM actions to all principals is contrary to the principle of least privilege and presents an opportunity for abuse. This policy should be reviewed to ensure it is secure and in line with the resource's intended use.\",\n    \"dashboard_name\": \"Statements\",\n    \"display_path\": \"sns.regions.id.topics.id\",\n    \"path\": \"sns.regions.id.topics.id.Policy.Statement.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sns.regions.id.topics.id.Policy\",\n            \"notNull\",\n            \"\"\n        ],\n        [\n            \"sns.regions.id.topics.id.Policy.Statement.id.Effect\",\n            \"equal\",\n            \"Allow\"\n        ],\n        [\n            \"sns.regions.id.topics.id.Policy.Statement.id.\",\n            \"containAction\",\n            \"SNS:_ARG_0_\"\n        ],\n        [\n            \"_INCLUDE_(conditions/policy-statement-any-principal.json)\",\n            [\n                \"_STATEMENT_\"\n            ],\n            [\n                \"sns.regions.id.topics.id.Policy.Statement.id\"\n            ]\n        ],\n        [\n            \"_INCLUDE_(conditions/policy-statement-poor-condition.json)\",\n            [\n                \"_STATEMENT_\"\n            ],\n            [\n                \"sns.regions.id.topics.id.Policy.Statement.id\"\n            ]\n        ]\n    ],\n    \"key\": \"sns-topic-world-_ARG_0_-policy\",\n    \"arg_names\": [\n        \"SNS action\"\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/sqs-queue-server-side-encryption-disabled.json",
    "content": "{\n    \"description\": \"Queue with Encryption Disabled\",\n    \"rationale\": \"SQS Server-Side Encryption ensures that the contents of messages in queues are encrypted.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html\"\n    ],\n    \"dashboard_name\": \"Queues\",\n    \"display_path\": \"sqs.regions.id.queues.id\",\n    \"path\": \"sqs.regions.id.queues.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqs.regions.id.queues.id.kms_master_key_id\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"sqs.regions.id.queues.id.sqs_managed_sse_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"server-side-encryption-disabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/sqs-queue-world-policy.json",
    "content": "{\n    \"description\": \"_ARG_0_ Authorized to All Principals\",\n    \"rationale\": \"Allowing IAM actions to all principals is contrary to the principle of least privilege and presents an opportunity for abuse. This policy should be reviewed to ensure it is secure and in line with the resource's intended use.\",\n    \"dashboard_name\": \"Statements\",\n    \"display_path\": \"sqs.regions.id.queues.id\",\n    \"path\": \"sqs.regions.id.queues.id.Policy.Statement.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqs.regions.id.queues.id.Policy\",\n            \"notNull\",\n            \"\"\n        ],\n        [\n            \"sqs.regions.id.queues.id.Policy.Statement.id.Effect\",\n            \"equal\",\n            \"Allow\"\n        ],\n        [\n            \"sqs.regions.id.queues.id.Policy.Statement.id.\",\n            \"containAction\",\n            \"sqs:_ARG_0_\"\n        ],\n        [\n            \"_INCLUDE_(conditions/policy-statement-any-principal.json)\",\n            [\n                \"_STATEMENT_\"\n            ],\n            [\n                \"sqs.regions.id.queues.id.Policy.Statement.id\"\n            ]\n        ],\n        [\n            \"_INCLUDE_(conditions/policy-statement-poor-condition.json)\",\n            [\n                \"_STATEMENT_\"\n            ],\n            [\n                \"sqs.regions.id.queues.id.Policy.Statement.id\"\n            ]\n        ]\n    ],\n    \"key\": \"sqs-queue-world-_ARG_0_-policy\",\n    \"arg_names\": [\n        \"SQS action\"\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/vpc-custom-network-acls-allow-all.json",
    "content": "{\n    \"description\": \"Network ACLs Allow All _ARG_0_ Traffic (custom)\",\n    \"rationale\": \"Network ACLs are designed to provide a secondary layer of security. Adding a rule that allows all network traffic (all protocols, IPs, and _ARG_1_) prior to any deny rule defeats the purpose of network ACLs.\",\n    \"dashboard_name\": \"Network ACLs\",\n    \"path\": \"vpc.regions.id.vpcs.id.network_acls.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"allow_all__ARG_0__traffic\",\n            \"notEqual\",\n            \"0\"\n        ],\n        [\n            \"use_default__ARG_0__rules\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"key\": \"vpc-custom-network-acls-allow-all-_ARG_0_\",\n    \"arg_names\": [\n        \"Direction of traffic (ingress or egress)\",\n        \"Corresponding target (source or destination)\"\n    ],\n    \"id_suffix\": \"_ARG_0_._GET_VALUE_AT_(vpc.regions.id.vpcs.id.network_acls.id.allow_all__ARG_0__traffic)\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/vpc-default-network-acls-allow-all.json",
    "content": "{\n    \"description\": \"Network ACLs Allow All _ARG_0_ Traffic (default)\",\n    \"rationale\": \"Network ACLs are designed to provide a secondary layer of security. Adding a rule that allows all network traffic (all protocols, IPs, and _ARG_1_) prior to any deny rule defeats the purpose of network ACLs.\",\n    \"dashboard_name\": \"Network ACLs\",\n    \"path\": \"vpc.regions.id.vpcs.id.network_acls.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"allow_all__ARG_0__traffic\",\n            \"notEqual\",\n            \"0\"\n        ],\n        [\n            \"use_default__ARG_0__rules\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"key\": \"vpc-default-network-acls-allow-all-_ARG_0_\",\n    \"arg_names\": [\n        \"Direction of traffic (ingress or egress)\",\n        \"Corresponding target (source or destination)\"\n    ],\n    \"id_suffix\": \"_ARG_0_._GET_VALUE_AT_(vpc.regions.id.vpcs.id.network_acls.id.allow_all__ARG_0__traffic)\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/vpc-network-acl-not-used.json",
    "content": "{\n    \"description\": \"Unused Network ACLs\",\n    \"rationale\": \"Maintaining unused resources increases risks of misconfigurations and increases the difficulty of audits.\",\n    \"dashboard_name\": \"Network ACLs\",\n    \"path\": \"vpc.regions.id.vpcs.id.network_acls.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"IsDefault\",\n            \"false\",\n            \"\"\n        ],\n        [\n            \"Associations\",\n            \"empty\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"unused\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/vpc-routing-tables-with-peering.json",
    "content": "{\n    \"description\": \"Routing Table with VPC Peering\",\n    \"rationale\": \"Being highly selective in peering routing tables minimizes the impact of breach as resources outside of these routes are inaccessible to the peered VPC.\",\n    \"remediation\": \"Ensure route tables contain the least number of subnets or hosts as is required to accomplish the purpose for peering\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"4.5\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.4\"\n        }\n    ],\n    \"dashboard_name\": \"Rulesets\",\n    \"path\": \"vpc.regions.id.peering_connections.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"vpc.regions.id.peering_connections.id.VpcPeeringConnectionId\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"default_with_rules\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/vpc-subnet-with-bad-acls.json",
    "content": "{\n    \"description\": \"Subnet with \\\"Allow All\\\" _ARG_0_ NACLs\",\n    \"rationale\": \"Network ACLs associated with subnets and VPCs should not allow all _ARG_0_ traffic.\",\n    \"dashboard_name\": \"Subnets\",\n    \"path\": \"vpc.regions.id.vpcs.id.subnets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"vpc.regions.id.vpcs.id.network_acls._GET_VALUE_AT_(vpc.regions.id.vpcs.id.subnets.id.network_acl).allow_all__ARG_0__traffic\",\n            \"notEqual\",\n            \"0\"\n        ]\n    ],\n    \"key\": \"vpc-subnet-with-allow-all-_ARG_0_-acls\",\n    \"arg_names\": [\n        \"Direction of traffic (ingress or egress)\",\n        \"Corresponding target (source or destination)\"\n    ],\n    \"id_suffix\": \"bad_nacls\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/vpc-subnet-with-default-acls.json",
    "content": "{\n    \"description\": \"Subnet with Default _ARG_0_ NACLs\",\n    \"rationale\": \"Default _ARG_0_ network access control lists allow all network traffic (all protocols, IPs, and _ARG_1_), hence do not provide the secondary layer of security network ACLs are supposed to.\",\n    \"dashboard_name\": \"Subnets\",\n    \"path\": \"vpc.regions.id.vpcs.id.subnets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"vpc.regions.id.vpcs.id.network_acls._GET_VALUE_AT_(vpc.regions.id.vpcs.id.subnets.id.network_acl).use_default__ARG_0__rules\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"key\": \"vpc-subnet-with-default-_ARG_0_-acls\",\n    \"arg_names\": [\n        \"Direction of traffic (ingress or egress)\",\n        \"Corresponding target (source or destination)\"\n    ],\n    \"id_suffix\": \"DefaultNACLs\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json",
    "content": "{\n    \"description\": \"Subnet without a Flow Log\",\n    \"rationale\": \"Flow logs enable the investigation of incidents involving unauthorized network traffic, such as an attacker exfiltrating data or pivoting to other hosts.\",\n    \"remediation\": \"Create a flow log for each subnet.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.3\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"4.3\"\n        },\n        {\n            \"name\": \"CIS Amazon Web Services Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"2.9\"\n        }\n    ],\n    \"references\": [\n        \"https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html\"\n    ],\n    \"dashboard_name\": \"Subnets\",\n    \"path\": \"vpc.regions.id.vpcs.id.subnets.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"withoutKey\",\n            \"flow_logs\"\n        ],\n        [\n            \"flow_logs\",\n            \"empty\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"no_flowlog\"\n}"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json",
    "content": "{\n    \"about\": \"This ruleset covers most of the recommendations from the CIS Amazon Web Services Foundation v1.2.0.\",\n    \"rules\": {\n        \"cloudtrail-no-cloudwatch-integration.json\": [\n            {\n                \"comment\": \"Recommendation 2.4\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"cloudtrail-no-encryption-with-kms.json\": [\n            {\n                \"comment\": \"Recommendation 2.7\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"cloudtrail-no-log-file-validation.json\": [\n            {\n                \"comment\": \"Recommendation 2.2\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"cloudtrail-no-logging.json\": [\n            {\n                \"comment\": \"Recommendation 2.1 (Part 1/2)\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"cloudtrail-not-configured.json\": [\n            {\n                \"comment\": \"Recommendation 2.1 (Part 2/2)\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"config-recorder-not-configured.json\": [\n            {\n                \"comment\": \"Recommendation 2.5\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"ec2-default-security-group-in-use.json\": [\n            {\n                \"comment\": \"Recommendation 4.3 (Part 2/2)\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": \"true\"\n            }\n        ],\n        \"ec2-default-security-group-with-rules.json\": [\n            {\n                \"comment\": \"Recommendation 4.3 (Part 1/2)\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": \"true\"\n            }\n        ],\n        \"ec2-security-group-opens-known-port-to-all.json\": [\n            {\n                \"args\": [\n                    \"SSH\",\n                    \"TCP\",\n                    \"22\"\n                ],\n                \"comment\": \"Recommendation 4.1\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            },\n            {\n                \"args\": [\n                    \"RDP\",\n                    \"TCP\",\n                    \"3389\"\n                ],\n                \"comment\": \"Recommendation 4.2\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"iam-managed-policy-allows-full-privileges.json\": [\n            {\n                \"comment\": \"Recommendation 1.22\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"iam-no-support-role.json\": [\n            {\n                \"comment\": \"Recommendation 1.20\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"iam-password-policy-expiration-threshold.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"comment\": \"Recommendation 1.11\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"iam-password-policy-minimum-length.json\": [\n            {\n                \"args\": [\n                    \"14\"\n                ],\n                \"comment\": \"Recommendation 1.9\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"iam-password-policy-no-lowercase-required.json\": [\n            {\n                \"comment\": \"Recommendation 1.6\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"iam-password-policy-no-number-required.json\": [\n            {\n                \"comment\": \"Recommendation 1.8\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"iam-password-policy-no-symbol-required.json\": [\n            {\n                \"comment\": \"Recommendation 1.7\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"iam-password-policy-no-uppercase-required.json\": [\n            {\n                \"comment\": \"Recommendation 1.5\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"iam-password-policy-reuse-enabled.json\": [\n            {\n                \"comment\": \"Recommendation 1.10\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"iam-root-account-no-hardware-mfa.json\": [\n            {\n                \"comment\": \"Recommendation 1.14\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"iam-root-account-no-mfa.json\": [\n            {\n                \"comment\": \"Recommendation 1.13\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"iam-root-account-used-recently.json\": [\n            {\n                \"comment\": \"Recommendation 1.1\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"iam-root-account-with-active-keys.json\": [\n            {\n                \"comment\": \"Recommendation 1.12\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"iam-unused-credentials-not-disabled.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"comment\": \"Recommendation 1.3\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"iam-user-no-key-rotation.json\": [\n            {\n                \"args\": [\n                    \"Active\",\n                    \"90\"\n                ],\n                \"comment\": \"Recommendation 1.4\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"iam-user-unused-access-key-initial-setup.json\": [\n            {\n                \"comment\": \"Recommendation 1.21\",\n                \"enabled\": true,\n                \"level\": \"warning\",\n                \"scored\": false\n            }\n        ],\n        \"iam-user-with-policies.json\": [\n            {\n                \"args\": [\n                    \"inline\",\n                    \"inline_policies\"\n                ],\n                \"comment\": \"Recommendation 1.16 (Part 1/2)\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            },\n            {\n                \"args\": [\n                    \"managed\",\n                    \"policies\"\n                ],\n                \"comment\": \"Recommendation 1.16 (Part 2/2)\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"iam-user-without-mfa.json\": [\n            {\n                \"comment\": \"Recommendation 1.2\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"kms-cmk-rotation-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"logs-no-alarm-aws-configuration-changes.json\": [\n            {\n                \"comment\": \"Recommendation 3.9\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"logs-no-alarm-cloudtrail-configuration-changes.json\": [\n            {\n                \"comment\": \"Recommendation 3.5\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"logs-no-alarm-cmk-deletion.json\": [\n            {\n                \"comment\": \"Recommendation 3.7\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"logs-no-alarm-console-authentication-failures.json\": [\n            {\n                \"comment\": \"Recommendation 3.6\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"logs-no-alarm-iam-policy-changes.json\": [\n            {\n                \"comment\": \"Recommendation 3.4\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"logs-no-alarm-nacl-changes.json\": [\n            {\n                \"comment\": \"Recommendation 3.11\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"logs-no-alarm-network-gateways-changes.json\": [\n            {\n                \"comment\": \"Recommendation 3.12\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"logs-no-alarm-root-usage.json\": [\n            {\n                \"comment\": \"Recommendation 3.3\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"logs-no-alarm-route-table-changes.json\": [\n            {\n                \"comment\": \"Recommendation 3.13\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"logs-no-alarm-s3-policy-changes.json\": [\n            {\n                \"comment\": \"Recommendation 3.8\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"logs-no-alarm-security-group-changes.json\": [\n            {\n                \"comment\": \"Recommendation 3.10\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"logs-no-alarm-signin-without-mfa.json\": [\n            {\n                \"comment\": \"Recommendation 3.2\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"logs-no-alarm-unauthorized-api-calls.json\": [\n            {\n                \"comment\": \"Recommendation 3.1\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"logs-no-alarm-vpc-changes.json\": [\n            {\n                \"comment\": \"Recommendation 3.14\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"s3-bucket-no-logging.json\": [\n            {\n                \"comment\": \"Recommendation 2.6\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ],\n        \"s3-bucket-world-acl.json\": [\n            {\n                \"args\": [\n                    \"AllUsers\",\n                    \"read\",\n                    \"Bucket world-listable (anonymous)\",\n                    \"warning\"\n                ],\n                \"comment\": \"Recommendation 2.3 (Part 1/2)\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"score\": true\n            },\n            {\n                \"args\": [\n                    \"AllUsers\",\n                    \"read_acp\",\n                    \"Bucket's permissions world-readable (anonymous)\",\n                    \"warning\"\n                ],\n                \"comment\": \"Recommendation 2.3 (Part 1/2)\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"score\": true\n            },\n            {\n                \"args\": [\n                    \"AllUsers\",\n                    \"write\",\n                    \"Bucket world-writable (anonymous)\",\n                    \"danger\"\n                ],\n                \"comment\": \"Recommendation 2.3 (Part 1/2)\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"score\": true\n            },\n            {\n                \"args\": [\n                    \"AllUsers\",\n                    \"write_acp\",\n                    \"Bucket's permissions world-writable (anonymous)\",\n                    \"danger\"\n                ],\n                \"comment\": \"Recommendation 2.3 (Part 1/2)\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"score\": true\n            },\n            {\n                \"args\": [\n                    \"AuthenticatedUsers\",\n                    \"read\",\n                    \"Bucket world-listable\",\n                    \"danger\"\n                ],\n                \"comment\": \"Recommendation 2.3 (Part 1/2)\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"score\": true\n            },\n            {\n                \"args\": [\n                    \"AuthenticatedUsers\",\n                    \"read_acp\",\n                    \"Bucket's permissions world-readable\",\n                    \"warning\"\n                ],\n                \"comment\": \"Recommendation 2.3 (Part 1/2)\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"score\": true\n            },\n            {\n                \"args\": [\n                    \"AuthenticatedUsers\",\n                    \"write\",\n                    \"Bucket world-writable\",\n                    \"danger\"\n                ],\n                \"comment\": \"Recommendation 2.3 (Part 1/2)\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"score\": true\n            },\n            {\n                \"args\": [\n                    \"AuthenticatedUsers\",\n                    \"write_acp\",\n                    \"Bucket's permissions world-writable\",\n                    \"danger\"\n                ],\n                \"comment\": \"Recommendation 2.3 (Part 1/2)\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"score\": true\n            }\n        ],\n        \"s3-bucket-world-policy-star.json\": [\n            {\n                \"comment\": \"Recommendation 2.3 (Part 2/2)\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"score\": true\n            }\n        ],\n        \"vpc-routing-tables-with-peering.json\": [\n            {\n                \"comment\": \"Recommendation 4.4\",\n                \"enabled\": true,\n                \"level\": \"warning\",\n                \"scored\": \"false\"\n            }\n        ],\n        \"vpc-subnet-without-flow-log.json\": [\n            {\n                \"comment\": \"Recommendation 2.9\",\n                \"enabled\": true,\n                \"level\": \"danger\",\n                \"scored\": true\n            }\n        ]\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/rulesets/default.json",
    "content": "{\n    \"about\": \"This ruleset consists of numerous rules that are considered standard by NCC Group. The rules enabled range from violations of well-known security best practices to gaps resulting from less-known security implications of provider-specific mechanisms. Additional rules exist, some of them requiring extra-parameters to be configured, and some of them being applicable to a limited number of users.\",\n    \"rules\": {\n        \"acm-certificate-with-close-expiration-date.json\": [\n            {\n                \"args\": [\n                    \"7\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"acm-certificate-with-transparency-logging-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudformation-stack-with-role.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cloudfront-distribution-cleartext-origin.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudfront-distribution-insecure-origin.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudfront-distribution-insufficient-viewer-security.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudtrail-duplicated-global-services-logging.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudtrail-no-cloudwatch-integration.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudtrail-no-data-logging.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudtrail-no-encryption-with-kms.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cloudtrail-no-global-services-logging.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cloudtrail-no-log-file-validation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cloudtrail-no-logging.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cloudtrail-not-configured.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cloudtrail-partial-data-logging.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudwatch-alarm-without-actions.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"config-recorder-not-configured.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-ami-public.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-default-security-group-in-use.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-default-security-group-with-rules.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-ebs-snapshot-not-encrypted.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-ebs-snapshot-public.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-ebs-volume-not-encrypted.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-ebs-default-encryption-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-instance-in-security-group.json\": [\n            {\n                \"args\": [\n                    \"_LIST_(BannedSecurityGroup)\"\n                ],\n                \"enabled\": false,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-instance-type.json\": [\n            {\n                \"args\": [\n                    \"t2.micro\"\n                ],\n                \"enabled\": false,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-instance-types.json\": [\n            {\n                \"args\": [\n                    \"beefy\",\n                    \"g3.4xlarge,g3.8xlarge,g3.16xlarge\"\n                ],\n                \"enabled\": false,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-instance-with-public-ip.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-instance-with-user-data-secrets.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-security-group-opens-all-ports-to-all.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-security-group-opens-all-ports-to-self.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-security-group-opens-all-ports.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-security-group-opens-icmp-to-all.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-security-group-opens-known-port-to-all.json\": [\n            {\n                \"args\": [\n                    \"MySQL\",\n                    \"TCP\",\n                    \"3306\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"DNS\",\n                    \"UDP\",\n                    \"53\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"MongoDB\",\n                    \"TCP\",\n                    \"27017\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"MsSQL\",\n                    \"TCP\",\n                    \"1433\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"Oracle DB\",\n                    \"TCP\",\n                    \"1521\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"PostgreSQL\",\n                    \"TCP\",\n                    \"5432\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"RDP\",\n                    \"TCP\",\n                    \"3389\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"SSH\",\n                    \"TCP\",\n                    \"22\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"NFS\",\n                    \"TCP\",\n                    \"2049\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"SMTP\",\n                    \"TCP\",\n                    \"25\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-security-group-opens-plaintext-port.json\": [\n            {\n                \"args\": [\n                    \"FTP\",\n                    \"TCP\",\n                    \"21\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"Telnet\",\n                    \"TCP\",\n                    \"23\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-security-group-opens-port-range.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-security-group-opens-port-to-all.json\": [\n            {\n                \"args\": [\n                    \"TCP\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"UDP\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-security-group-whitelists-aws-ip-from-banned-region.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-security-group-whitelists-aws.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-security-group-whitelists-non-elastic-ips.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-security-group-whitelists-unknown-aws.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-security-group-whitelists-unknown-cidrs.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-unused-security-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"elb-listener-allowing-cleartext.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"elb-no-access-logs.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"elb-older-ssl-policy.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"elbv2-http-request-smuggling.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"elbv2-listener-allowing-cleartext.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"elbv2-no-access-logs.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"elbv2-no-deletion-protection.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"elbv2-older-ssl-policy.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-assume-role-lacks-external-id-and-mfa.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-assume-role-no-mfa.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-assume-role-policy-allows-all.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-ec2-role-without-instances.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-group-with-inline-policies.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-group-with-no-users.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-human-user-with-policies.json\": [\n            {\n                \"args\": [\n                    \"_LIST_(AllHumanUsers)\",\n                    \"managed\",\n                    \"policies\"\n                ],\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-inline-policy-allows-NotActions.json\": [\n            {\n                \"args\": [\n                    \"group\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"role\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"user\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-inline-policy-allows-non-sts-action.json\": [\n            {\n                \"args\": [\n                    \"group\"\n                ],\n                \"enabled\": false,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"role\"\n                ],\n                \"enabled\": false,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"user\"\n                ],\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-inline-policy-for-role.json\": [\n            {\n                \"args\": [\n                    \"group\",\n                    \"iam\",\n                    \"PassRole\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"group\",\n                    \"sts\",\n                    \"AssumeRole\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"role\",\n                    \"iam\",\n                    \"PassRole\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"role\",\n                    \"sts\",\n                    \"AssumeRole\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"user\",\n                    \"iam\",\n                    \"PassRole\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"user\",\n                    \"sts\",\n                    \"AssumeRole\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-lightspin-user-action-denied-for-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-managed-policy-allows-NotActions.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-managed-policy-allows-full-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-managed-policy-allows-non-sts-action.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-managed-policy-for-role.json\": [\n            {\n                \"args\": [\n                    \"iam\",\n                    \"PassRole\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"sts\",\n                    \"AssumeRole\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-managed-policy-no-attachments.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-no-support-role.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-password-policy-expiration-threshold.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-password-policy-minimum-length.json\": [\n            {\n                \"args\": [\n                    \"14\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-password-policy-no-expiration.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-password-policy-no-lowercase-required.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-password-policy-no-number-required.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-password-policy-no-symbol-required.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-password-policy-no-uppercase-required.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-password-policy-reuse-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-role-with-inline-policies.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-root-account-no-hardware-mfa.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-root-account-no-mfa.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-root-account-used-recently.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-root-account-with-active-certs.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-root-account-with-active-keys.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-service-user-with-password.json\": [\n            {\n                \"args\": [\n                    \"_LIST_(AllHeadlessUsers)\"\n                ],\n                \"enabled\": false,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-unused-credentials-not-disabled.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-user-no-key-rotation.json\": [\n            {\n                \"args\": [\n                    \"Active\",\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"Inactive\",\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-user-not-in-category-group.json\": [\n            {\n                \"args\": [\n                    \"_LIST_(AllHumanUsers, AllHeadlessUsers)\"\n                ],\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-user-not-in-common-group.json\": [\n            {\n                \"args\": [\n                    \"_LIST_(AllUsers)\"\n                ],\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-user-unused-access-key-initial-setup.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-user-with-multiple-access-keys.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-user-with-password-and-key.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-user-with-policies.json\": [\n            {\n                \"args\": [\n                    \"inline\",\n                    \"inline_policies\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-user-without-mfa.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"kms-cmk-rotation-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"logs-no-alarm-aws-configuration-changes.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-cloudtrail-configuration-changes.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-cmk-deletion.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-console-authentication-failures.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-iam-policy-changes.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-nacl-changes.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-network-gateways-changes.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-root-usage.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-route-table-changes.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-s3-policy-changes.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-security-group-changes.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-signin-without-mfa.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-unauthorized-api-calls.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-vpc-changes.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"rds-instance-backup-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"rds-instance-ca-certificate-deprecated.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rds-instance-no-minor-upgrade.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"rds-instance-publicly-accessible.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"rds-instance-short-backup-retention-period.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rds-instance-single-az.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"rds-instance-storage-not-encrypted.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rds-postgres-instance-with-invalid-certificate.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rds-security-group-allows-all.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"rds-snapshot-public.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"redshift-cluster-database-not-encrypted.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"redshift-cluster-no-version-upgrade.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"redshift-cluster-publicly-accessible.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"redshift-parameter-group-logging-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"redshift-parameter-group-ssl-not-required.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"redshift-security-group-whitelists-all.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"route53-domain-no-autorenew.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"route53-domain-no-transferlock.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"route53-domain-transferlock-not-authorized.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"s3-bucket-allowing-cleartext.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"s3-bucket-no-default-encryption.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"s3-bucket-no-logging.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"s3-bucket-no-mfa-delete.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"s3-bucket-no-versioning.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"s3-bucket-world-acl.json\": [\n            {\n                \"args\": [\n                    \"AllUsers\",\n                    \"read\",\n                    \"Bucket world-listable (anonymous)\",\n                    \"warning\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"AllUsers\",\n                    \"read_acp\",\n                    \"Bucket's permissions world-readable (anonymous)\",\n                    \"warning\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"AllUsers\",\n                    \"write\",\n                    \"Bucket world-writable (anonymous)\",\n                    \"danger\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"AllUsers\",\n                    \"write_acp\",\n                    \"Bucket's permissions world-writable (anonymous)\",\n                    \"danger\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"AuthenticatedUsers\",\n                    \"read\",\n                    \"Bucket world-listable\",\n                    \"danger\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"AuthenticatedUsers\",\n                    \"read_acp\",\n                    \"Bucket's permissions world-readable\",\n                    \"warning\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"AuthenticatedUsers\",\n                    \"write\",\n                    \"Bucket world-writable\",\n                    \"danger\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"AuthenticatedUsers\",\n                    \"write_acp\",\n                    \"Bucket's permissions world-writable\",\n                    \"danger\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"s3-bucket-world-policy-arg.json\": [\n            {\n                \"args\": [\n                    \"Delete\",\n                    \"s3:Delete*\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"Get\",\n                    \"s3:Get*\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"List\",\n                    \"s3:List*\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"Put\",\n                    \"s3:Put*\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"s3-bucket-world-policy-star.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ses-identity-dkim-not-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ses-identity-dkim-not-verified.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ses-identity-world-policy.json\": [\n            {\n                \"args\": [\n                    \"SendEmail\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"SendRawEmail\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"sns-topic-world-policy.json\": [\n            {\n                \"args\": [\n                    \"Publish\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"Subscribe\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"AddPermission\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"RemovePermission\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"GetTopicAttributes\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"SetTopicAttributes\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"ListSubscriptionsByTopic\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"DeleteTopic\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"sqs-queue-server-side-encryption-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqs-queue-world-policy.json\": [\n            {\n                \"args\": [\n                    \"SendMessage\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"ReceiveMessage\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"PurgeQueue\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"DeleteMessage\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"ChangeMessageVisibility\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"GetQueueAttributes\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"GetQueueUrl\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"vpc-custom-network-acls-allow-all.json\": [\n            {\n                \"args\": [\n                    \"ingress\",\n                    \"source\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"egress\",\n                    \"destination\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"vpc-default-network-acls-allow-all.json\": [\n            {\n                \"args\": [\n                    \"ingress\",\n                    \"source\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"egress\",\n                    \"destination\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"vpc-network-acl-not-used.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"vpc-routing-tables-with-peering.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"vpc-subnet-with-bad-acls.json\": [\n            {\n                \"args\": [\n                    \"ingress\",\n                    \"source\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"egress\",\n                    \"destination\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"vpc-subnet-with-default-acls.json\": [\n            {\n                \"args\": [\n                    \"ingress\",\n                    \"source\"\n                ],\n                \"enabled\": false,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"egress\",\n                    \"destination\"\n                ],\n                \"enabled\": false,\n                \"level\": \"warning\"\n            }\n        ],\n        \"vpc-subnet-without-flow-log.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ]\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/rulesets/detailed.json",
    "content": "{\n    \"about\": \"This ruleset consists of numerous rules that are considered standard by NCC Group. The rules enabled range from violations of well-known security best practices to gaps resulting from less-known security implications of provider-specific mechanisms. Additional rules exist, some of them requiring extra-parameters to be configured, and some of them being applicable to a limited number of users.\",\n    \"rules\": {\n        \"acm-certificate-with-close-expiration-date.json\": [\n            {\n                \"args\": [\n                    \"7\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"acm-certificate-with-transparency-logging-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudformation-stack-with-role.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cloudfront-distribution-cleartext-origin.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudfront-distribution-insecure-origin.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudfront-distribution-insufficient-viewer-security.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudtrail-duplicated-global-services-logging.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudtrail-no-cloudwatch-integration.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudtrail-no-data-logging.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudtrail-no-encryption-with-kms.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cloudtrail-no-global-services-logging.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cloudtrail-no-log-file-validation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cloudtrail-no-logging.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cloudtrail-not-configured.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cloudtrail-partial-data-logging.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudwatch-alarm-without-actions.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"config-recorder-not-configured.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-ami-public.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-default-security-group-in-use.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-default-security-group-with-rules.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-ebs-snapshot-not-encrypted.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-ebs-snapshot-public.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-ebs-volume-not-encrypted.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-ebs-default-encryption-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-instance-in-security-group.json\": [\n            {\n                \"args\": [\n                    \"_LIST_(BannedSecurityGroup)\"\n                ],\n                \"enabled\": false,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-instance-type.json\": [\n            {\n                \"args\": [\n                    \"t2.micro\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-instance-types.json\": [\n            {\n                \"args\": [\n                    \"beefy\",\n                    \"g3.4xlarge,g3.8xlarge,g3.16xlarge\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-instance-with-public-ip.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-instance-with-user-data-secrets.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-security-group-opens-all-ports-to-all.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-security-group-opens-all-ports-to-self.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-security-group-opens-all-ports.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-security-group-opens-icmp-to-all.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-security-group-opens-known-port-to-all.json\": [\n            {\n                \"args\": [\n                    \"MySQL\",\n                    \"TCP\",\n                    \"3306\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"DNS\",\n                    \"UDP\",\n                    \"53\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"MongoDB\",\n                    \"TCP\",\n                    \"27017\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"MsSQL\",\n                    \"TCP\",\n                    \"1433\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"Oracle DB\",\n                    \"TCP\",\n                    \"1521\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"PostgreSQL\",\n                    \"TCP\",\n                    \"5432\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"RDP\",\n                    \"TCP\",\n                    \"3389\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"SSH\",\n                    \"TCP\",\n                    \"22\"\n                ],\n                \"enabled\": true,\n                \"versions\": {\n                    \"in_use\": {\n                        \"conditions\": [\n                            [\n                                \"_INCLUDE_(conditions/ec2-security-group-in-use.json)\",\n                                \"\",\n                                \"\"\n                            ]\n                        ],\n                        \"level\": \"danger\"\n                    },\n                    \"not_used\": {\n                        \"conditions\": [\n                            [\n                                \"_INCLUDE_(conditions/ec2-security-group-not-used.json)\",\n                                \"\",\n                                \"\"\n                            ]\n                        ],\n                        \"level\": \"warning\"\n                    }\n                }\n            },\n            {\n                \"args\": [\n                    \"NFS\",\n                    \"TCP\",\n                    \"2049\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"SMTP\",\n                    \"TCP\",\n                    \"25\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-security-group-opens-plaintext-port.json\": [\n            {\n                \"args\": [\n                    \"FTP\",\n                    \"TCP\",\n                    \"21\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"Telnet\",\n                    \"TCP\",\n                    \"23\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-security-group-opens-port-range.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-security-group-opens-port-to-all.json\": [\n            {\n                \"args\": [\n                    \"TCP\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"UDP\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ec2-security-group-whitelists-aws-ip-from-banned-region.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-security-group-whitelists-aws.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-security-group-whitelists-non-elastic-ips.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-security-group-whitelists-unknown-aws.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-security-group-whitelists-unknown-cidrs.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ec2-unused-security-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"elb-listener-allowing-cleartext.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"elb-no-access-logs.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"elb-older-ssl-policy.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"elbv2-http-request-smuggling.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"elbv2-listener-allowing-cleartext.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"elbv2-no-access-logs.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"elbv2-no-deletion-protection.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"elbv2-older-ssl-policy.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-assume-role-lacks-external-id-and-mfa.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-assume-role-no-mfa.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-assume-role-policy-allows-all.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-ec2-role-without-instances.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-group-with-inline-policies.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-group-with-no-users.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-human-user-with-policies.json\": [\n            {\n                \"args\": [\n                    \"_LIST_(AllHumanUsers)\",\n                    \"managed\",\n                    \"policies\"\n                ],\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-inline-policy-allows-NotActions.json\": [\n            {\n                \"args\": [\n                    \"group\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"role\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"user\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-inline-policy-allows-non-sts-action.json\": [\n            {\n                \"args\": [\n                    \"group\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"role\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"user\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-inline-policy-for-role.json\": [\n            {\n                \"args\": [\n                    \"group\",\n                    \"iam\",\n                    \"PassRole\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"group\",\n                    \"sts\",\n                    \"AssumeRole\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"role\",\n                    \"iam\",\n                    \"PassRole\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"role\",\n                    \"sts\",\n                    \"AssumeRole\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"user\",\n                    \"iam\",\n                    \"PassRole\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"user\",\n                    \"sts\",\n                    \"AssumeRole\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-lightspin-user-action-denied-for-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-managed-policy-allows-NotActions.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-managed-policy-allows-full-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-managed-policy-allows-non-sts-action.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-managed-policy-for-role.json\": [\n            {\n                \"args\": [\n                    \"iam\",\n                    \"PassRole\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"sts\",\n                    \"AssumeRole\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-managed-policy-no-attachments.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-no-support-role.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-password-policy-expiration-threshold.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-password-policy-minimum-length.json\": [\n            {\n                \"args\": [\n                    \"14\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-password-policy-no-expiration.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-password-policy-no-lowercase-required.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-password-policy-no-number-required.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-password-policy-no-symbol-required.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-password-policy-no-uppercase-required.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-password-policy-reuse-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-role-with-inline-policies.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-root-account-no-hardware-mfa.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-root-account-no-mfa.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-root-account-used-recently.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-root-account-with-active-certs.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-root-account-with-active-keys.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-service-user-with-password.json\": [\n            {\n                \"args\": [\n                    \"_LIST_(AllHeadlessUsers)\"\n                ],\n                \"enabled\": false,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-unused-credentials-not-disabled.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-user-no-key-rotation.json\": [\n            {\n                \"args\": [\n                    \"Active\",\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"Inactive\",\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-user-not-in-category-group.json\": [\n            {\n                \"args\": [\n                    \"_LIST_(AllHumanUsers, AllHeadlessUsers)\"\n                ],\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-user-not-in-common-group.json\": [\n            {\n                \"args\": [\n                    \"_LIST_(AllUsers)\"\n                ],\n                \"enabled\": false,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-user-unused-access-key-initial-setup.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-user-with-multiple-access-keys.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-user-with-password-and-key.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-user-with-policies.json\": [\n            {\n                \"args\": [\n                    \"inline\",\n                    \"inline_policies\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"managed\",\n                    \"policies\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-user-without-mfa.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"kms-cmk-rotation-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"logs-no-alarm-aws-configuration-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-cloudtrail-configuration-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-cmk-deletion.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-console-authentication-failures.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-iam-policy-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-nacl-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-network-gateways-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-root-usage.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-route-table-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-s3-policy-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-security-group-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-signin-without-mfa.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-unauthorized-api-calls.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"logs-no-alarm-vpc-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"rds-instance-backup-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"rds-instance-ca-certificate-deprecated.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rds-instance-no-minor-upgrade.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"rds-instance-publicly-accessible.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"rds-instance-short-backup-retention-period.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rds-instance-single-az.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"rds-instance-storage-not-encrypted.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rds-postgres-instance-with-invalid-certificate.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rds-security-group-allows-all.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"rds-snapshot-public.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"redshift-cluster-database-not-encrypted.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"redshift-cluster-no-version-upgrade.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"redshift-cluster-publicly-accessible.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"redshift-parameter-group-logging-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"redshift-parameter-group-ssl-not-required.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"redshift-security-group-whitelists-all.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"route53-domain-no-autorenew.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"route53-domain-no-transferlock.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"route53-domain-transferlock-not-authorized.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"s3-bucket-allowing-cleartext.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"s3-bucket-no-default-encryption.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"s3-bucket-no-logging.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"s3-bucket-no-mfa-delete.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"s3-bucket-no-versioning.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"s3-bucket-world-acl.json\": [\n            {\n                \"args\": [\n                    \"AllUsers\",\n                    \"read\",\n                    \"Bucket world-listable (anonymous)\",\n                    \"warning\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"AllUsers\",\n                    \"read_acp\",\n                    \"Bucket's permissions world-readable (anonymous)\",\n                    \"warning\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"AllUsers\",\n                    \"write\",\n                    \"Bucket world-writable (anonymous)\",\n                    \"danger\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"AllUsers\",\n                    \"write_acp\",\n                    \"Bucket's permissions world-writable (anonymous)\",\n                    \"danger\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"AuthenticatedUsers\",\n                    \"read\",\n                    \"Bucket world-listable\",\n                    \"danger\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"AuthenticatedUsers\",\n                    \"read_acp\",\n                    \"Bucket's permissions world-readable\",\n                    \"warning\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"AuthenticatedUsers\",\n                    \"write\",\n                    \"Bucket world-writable\",\n                    \"danger\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"AuthenticatedUsers\",\n                    \"write_acp\",\n                    \"Bucket's permissions world-writable\",\n                    \"danger\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"s3-bucket-world-policy-arg.json\": [\n            {\n                \"args\": [\n                    \"Delete\",\n                    \"s3:Delete*\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"Get\",\n                    \"s3:Get*\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"List\",\n                    \"s3:List*\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"Put\",\n                    \"s3:Put*\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"s3-bucket-world-policy-star.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"ses-identity-dkim-not-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ses-identity-dkim-not-verified.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"ses-identity-world-policy.json\": [\n            {\n                \"args\": [\n                    \"SendEmail\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"SendRawEmail\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"sns-topic-world-policy.json\": [\n            {\n                \"args\": [\n                    \"Publish\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"Subscribe\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"AddPermission\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"RemovePermission\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"GetTopicAttributes\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"SetTopicAttributes\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"ListSubscriptionsByTopic\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"DeleteTopic\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"sqs-queue-server-side-encryption-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqs-queue-world-policy.json\": [\n            {\n                \"args\": [\n                    \"SendMessage\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"ReceiveMessage\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"PurgeQueue\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"DeleteMessage\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"ChangeMessageVisibility\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"GetQueueAttributes\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"GetQueueUrl\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"vpc-custom-network-acls-allow-all.json\": [\n            {\n                \"args\": [\n                    \"ingress\",\n                    \"source\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"egress\",\n                    \"destination\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"vpc-default-network-acls-allow-all.json\": [\n            {\n                \"args\": [\n                    \"ingress\",\n                    \"source\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"egress\",\n                    \"destination\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"vpc-network-acl-not-used.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"vpc-routing-tables-with-peering.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"vpc-subnet-with-bad-acls.json\": [\n            {\n                \"args\": [\n                    \"ingress\",\n                    \"source\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"egress\",\n                    \"destination\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"vpc-subnet-with-default-acls.json\": [\n            {\n                \"args\": [\n                    \"ingress\",\n                    \"source\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"egress\",\n                    \"destination\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"vpc-subnet-without-flow-log.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ]\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/rules/rulesets/filters.json",
    "content": "{\n    \"about\": \"Default set of filters for Scout\",\n    \"rules\": {\n        \"ec2-instance-with-open-nacls.json\": [\n            {\n                \"enabled\": true\n            }\n        ],\n        \"ec2-security-group-with-public-cidr-grant.json\": [\n            {\n                \"enabled\": true\n            }\n        ],\n        \"iam-role-for-aws-account.json\": [\n            {\n                \"args\": [\n                    \"same\",\n                    \"isSameAccount\"\n                ],\n                \"enabled\": true\n            },\n            {\n                \"args\": [\n                    \"cross\",\n                    \"isCrossAccount\"\n                ],\n                \"enabled\": true\n            }\n        ],\n        \"iam-role-for-service.json\": [\n            {\n                \"args\": [\n                    \"EC2\",\n                    \"ec2.amazonaws.com\"\n                ],\n                \"enabled\": true\n            },\n            {\n                \"args\": [\n                    \"Lambda\",\n                    \"lambda.amazonaws.com\"\n                ],\n                \"enabled\": true\n            }\n        ],\n        \"s3-bucket-website-enabled.json\": [\n            {\n                \"enabled\": true\n            }\n        ]\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/aws/services.py",
    "content": "from ScoutSuite.providers.aws.facade.base import AWSFacade\nfrom ScoutSuite.providers.aws.resources.acm.base import Certificates\nfrom ScoutSuite.providers.aws.resources.awslambda.base import Lambdas\nfrom ScoutSuite.providers.aws.resources.cloudformation.base import CloudFormation\nfrom ScoutSuite.providers.aws.resources.cloudtrail.base import CloudTrail\nfrom ScoutSuite.providers.aws.resources.cloudwatch.base import CloudWatch\nfrom ScoutSuite.providers.aws.resources.cloudfront.base import CloudFront\nfrom ScoutSuite.providers.aws.resources.codebuild.base import CodeBuild\nfrom ScoutSuite.providers.aws.resources.config.base import Config\nfrom ScoutSuite.providers.aws.resources.directconnect.base import DirectConnect\nfrom ScoutSuite.providers.aws.resources.dynamodb.base import DynamoDB\nfrom ScoutSuite.providers.aws.resources.ec2.base import EC2\nfrom ScoutSuite.providers.aws.resources.efs.base import EFS\nfrom ScoutSuite.providers.aws.resources.elasticache.base import ElastiCache\nfrom ScoutSuite.providers.aws.resources.elb.base import ELB\nfrom ScoutSuite.providers.aws.resources.elbv2.base import ELBv2\nfrom ScoutSuite.providers.aws.resources.emr.base import EMR\nfrom ScoutSuite.providers.aws.resources.iam.base import IAM\nfrom ScoutSuite.providers.aws.resources.kms.base import KMS\nfrom ScoutSuite.providers.aws.resources.rds.base import RDS\nfrom ScoutSuite.providers.aws.resources.redshift.base import Redshift\nfrom ScoutSuite.providers.aws.resources.route53.base import Route53\nfrom ScoutSuite.providers.aws.resources.s3.base import S3\nfrom ScoutSuite.providers.aws.resources.ses.base import SES\nfrom ScoutSuite.providers.aws.resources.sns.base import SNS\nfrom ScoutSuite.providers.aws.resources.sqs.base import SQS\nfrom ScoutSuite.providers.aws.resources.vpc.base import VPC\nfrom ScoutSuite.providers.aws.resources.secretsmanager.base import SecretsManager\nfrom ScoutSuite.providers.base.services import BaseServicesConfig\n\n# Try to import proprietary services\ntry:\n    from ScoutSuite.providers.aws.resources.private_cognito.base import Cognito\nexcept ImportError:\n    pass\ntry:\n    from ScoutSuite.providers.aws.resources.private_docdb.base import DocDB\nexcept ImportError:\n    pass\ntry:\n    from ScoutSuite.providers.aws.resources.private_ecr.base import ECR\nexcept ImportError:\n    pass\ntry:\n    from ScoutSuite.providers.aws.resources.private_ecs.base import ECS\nexcept ImportError:\n    pass\ntry:\n    from ScoutSuite.providers.aws.resources.private_eks.base import EKS\nexcept ImportError:\n    pass\ntry:\n    from ScoutSuite.providers.aws.resources.private_guardduty.base import GuardDuty\nexcept ImportError:\n    pass\ntry:\n    from ScoutSuite.providers.aws.resources.private_ssm.base import SSM\nexcept ImportError:\n    pass\n\n\nclass AWSServicesConfig(BaseServicesConfig):\n    \"\"\"\n    Object that holds the necessary AWS configuration for all services in scope.\n\n    :ivar cloudtrail:                   CloudTrail configuration\n    :ivar cloudwatch:                   CloudWatch configuration:\n    :ivar cloudfront:                   CloudFront configuration\n    :ivar config:                       Config configuration\n    :ivar dynamodb:                     DynamoDB configuration\n    :ivar ec2:                          EC2 configuration\n    :ivar ecs:                          ECS configuration\n    :ivar ecr:                          ECR configuration\n    :ivar eks:                          EKS configuration\n    :ivar guarduty:                     GuardDuty configuration\n    :ivar iam:                          IAM configuration\n    :ivar kms:                          KMS configuration\n    :ivar rds:                          RDS configuration\n    :ivar redshift:                     Redshift configuration\n    :ivar s3:                           S3 configuration\n    :ivar ses:                          SES configuration:\n    :ivar sns:                          SNS configuration\n    :ivar sqs:                          SQS configuration\n    \"\"\"\n\n    def __init__(self, credentials=None, **kwargs):\n\n        super().__init__(credentials)\n\n        facade = AWSFacade(credentials)\n\n        self.acm = Certificates(facade)\n        self.awslambda = Lambdas(facade)\n        self.cloudformation = CloudFormation(facade)\n        self.cloudtrail = CloudTrail(facade)\n        self.cloudwatch = CloudWatch(facade)\n        self.cloudfront = CloudFront(facade)\n        self.codebuild = CodeBuild(facade)\n        self.config = Config(facade)\n        self.directconnect = DirectConnect(facade)\n        self.dynamodb = DynamoDB(facade)\n        self.ec2 = EC2(facade)\n        self.efs = EFS(facade)\n        self.elasticache = ElastiCache(facade)\n        self.elb = ELB(facade)\n        self.elbv2 = ELBv2(facade)\n        self.emr = EMR(facade)\n        self.iam = IAM(facade)\n        self.kms = KMS(facade)\n        self.rds = RDS(facade)\n        self.redshift = Redshift(facade)\n        self.route53 = Route53(facade)\n        self.s3 = S3(facade)\n        self.ses = SES(facade)\n        self.sns = SNS(facade)\n        self.sqs = SQS(facade)\n        self.vpc = VPC(facade)\n        self.secretsmanager = SecretsManager(facade)\n\n        # Instantiate proprietary services\n        try:\n            self.cognito = Cognito(facade)\n        except NameError as _:\n            pass\n        try:\n            self.docdb = DocDB(facade)\n        except NameError as _:\n            pass\n        try:\n            self.ecr = ECR(facade)\n        except NameError as _:\n            pass\n        try:\n            self.ecs = ECS(facade)\n        except NameError as _:\n            pass\n        try:\n            self.eks = EKS(facade)\n        except NameError as _:\n            pass\n        try:\n            self.guardduty = GuardDuty(facade)\n        except NameError as _:\n            pass\n        try:\n            self.ssm = SSM(facade)\n        except NameError as _:\n            pass\n\n    def _is_provider(self, provider_name):\n        return provider_name == 'aws'\n"
  },
  {
    "path": "ScoutSuite/providers/aws/utils.py",
    "content": "import re\n\nfrom ScoutSuite.core.console import print_exception\n\nec2_classic = \"EC2-Classic\"\n\n\ndef get_caller_identity(session):\n    sts_client = session.client(\"sts\")\n    identity = sts_client.get_caller_identity()\n    return identity\n\n\ndef get_aws_account_id(session):\n    caller_identity = get_caller_identity(session)\n    account_id = caller_identity[\"Arn\"].split(\":\")[4]\n    return account_id\n\n\ndef get_partition_name(session):\n    caller_identity = get_caller_identity(session)\n    partition_name = caller_identity[\"Arn\"].split(\":\")[1]\n    return partition_name\n\n\ndef is_throttled(exception):\n    \"\"\"\n    Determines whether the exception is due to API throttling.\n\n    :param exception:                           Exception raised\n    :return:                            True if it's a throttling exception else False\n    \"\"\"\n    # taken from botocore.retries.standard.ThrottledRetryableChecker\n    throttled_errors = [\n        'Throttling',\n        'ThrottlingException',\n        'ThrottledException',\n        'RequestThrottledException',\n        'TooManyRequestsException',\n        'ProvisionedThroughputExceededException',\n        'TransactionInProgressException',\n        'RequestLimitExceeded',\n        'BandwidthLimitExceeded',\n        'LimitExceededException',\n        'RequestThrottled',\n        'SlowDown',\n        'PriorRequestNotComplete',\n        'EC2ThrottledException',\n    ]\n\n    try:\n        throttled = (hasattr(exception, \"response\")\n                     and exception.response\n                     and \"Error\" in exception.response\n                     and exception.response[\"Error\"][\"Code\"] in throttled_errors) \\\n                    or \\\n                    any(error in str(exception) for error in throttled_errors)\n        return throttled\n    except Exception as e:\n        print_exception(f'Unable to validate exception {exception} for AWS throttling: {e}')\n        return False\n\n\ndef get_keys(src, dst, keys):\n    \"\"\"\n    Copies the value of keys from source object to dest object\n\n    :param src:                         Source object\n    :param dst:                         Destination object\n    :param keys:                        Keys\n    :return:\n    \"\"\"\n    for key in keys:\n        dst[key] = src[key] if key in src else None\n\n\ndef get_name(src, dst, default_attribute):\n    \"\"\"\n\n    :param src:                         Source object\n    :param dst:                         Destination object\n    :param default_attribute:           Default attribute\n\n    :return:\n    \"\"\"\n    name_found = False\n    if \"Tags\" in src:\n        for tag in src[\"Tags\"]:\n            if tag[\"Key\"] == \"Name\" and tag[\"Value\"] != \"\":\n                dst[\"name\"] = tag[\"Value\"]\n                name_found = True\n    if not name_found:\n        dst[\"name\"] = src[default_attribute]\n    return dst[\"name\"]\n\n\ndef no_camel(name):\n    \"\"\"\n    Converts CamelCase to camel_case\n\n    :param name:                        Name string to convert\n    :return:\n    \"\"\"\n    s1 = re.sub(\"(.)([A-Z][a-z]+)\", r\"\\1_\\2\", name)\n    return re.sub(\"([a-z0-9])([A-Z])\", r\"\\1_\\2\", s1).lower()\n\n\ndef snake_keys(d):\n    \"\"\"\n    Converts a dictionary with CamelCase keys to camel_case\n\n    :param name:                        d Dictionary to iterate over\n    :return:\n    \"\"\"\n\n    new_table = {}\n    if isinstance(d, dict):\n        for k in d.keys():\n            new_key = no_camel(k)\n            if isinstance(d[k], dict):\n                new_table[new_key] = snake_keys(d[k])\n            elif isinstance(d[k], list):\n                new_ary = []\n                for v in d[k]:\n                    if isinstance(v, dict):\n                        new_ary.append(snake_keys(v))\n                    else:\n                        new_ary.append(v)\n                new_table[new_key] = new_ary\n            else:\n                new_table[new_key] = d[k]\n    return new_table\n\n\ndef format_arn(partition, service, region, account_id, resource_id, resource_type=None):\n    \"\"\"\n    Formats a resource ARN based on the parameters\n\n    :param partition:                   The partition where the resource is located\n    :param service:                     The service namespace that identified the AWS product\n    :param region:                      The corresponding region\n    :param account_id:                  The ID of the AWS account that owns the resource\n    :param resource_id:                 The resource identified\n    :param resource_type:               (Optional) The resource type\n    :return:                            Resource ARN\n    \"\"\"\n\n    try:\n        # If a resource type is specified\n        if resource_type is not None:\n            arn = f\"arn:{partition}:{service}:{region}:{account_id}:{resource_type}/{resource_id}\"\n        else:\n            arn = f\"arn:{partition}:{service}:{region}:{account_id}:{resource_id}\"\n    except Exception as e:\n        print_exception(f'Failed to parse a resource ARN: {e}')\n        return None\n    return arn\n"
  },
  {
    "path": "ScoutSuite/providers/azure/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/azure/authentication_strategy.py",
    "content": "import json\nimport logging\nfrom getpass import getpass\n\nimport requests\nfrom ScoutSuite.core.console import print_exception\n\nfrom azure.identity import UsernamePasswordCredential, AzureCliCredential, ClientSecretCredential, \\\n    ManagedIdentityCredential, DeviceCodeCredential\nfrom ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy, AuthenticationException\n\nAUTHORITY_HOST_URI = 'https://login.microsoftonline.com/'\nAZURE_CLI_CLIENT_ID = \"04b07795-8ddb-461a-bbee-02f9e1bf7b46\"\n\n\nclass AzureCredentials:\n\n    def __init__(self,\n                 identity_credentials,\n                 tenant_id=None, default_subscription_id=None,\n                 context=None):\n\n        self.identity_credentials = identity_credentials  # Azure Resource Manager API credentials\n        self.tenant_id = tenant_id\n        self.default_subscription_id = default_subscription_id\n        self.context = context\n\n    def get_tenant_id(self):\n        if self.tenant_id:\n            return self.tenant_id\n        elif hasattr(self.identity_credentials, 'tenant_id'):\n            return self.identity_credentials['tenant_id']\n\n        else:\n            # Additional request for CLI & MSI authentication\n            try:\n                access_token = self.identity_credentials.get_token(\"https://management.core.windows.net/.default\")\n                h = {'Authorization': f'Bearer {access_token.token}'}\n                r = requests.get('https://management.azure.com/tenants?api-version=2020-01-01', headers=h)\n                r2 = r.json()\n                return r2.get('value')[0].get('tenantId')\n            except Exception as e:\n                print_exception(f'Unable to infer tenant ID: {e}')\n                return None\n\n    def get_credentials(self):\n        return self.identity_credentials\n\n\nclass AzureAuthenticationStrategy(AuthenticationStrategy):\n\n    def authenticate(self,\n                     cli=None, user_account=None, user_account_browser=None,\n                     service_principal=None, file_auth=None, msi=None,\n                     tenant_id=None,\n                     subscription_id=None,\n                     client_id=None, client_secret=None,\n                     username=None, password=None,\n                     programmatic_execution=False,\n                     **kargs):\n        \"\"\"\n        Implements authentication for the Azure provider\n        \"\"\"\n        try:\n\n            # Set logging level to error for libraries as otherwise generates a lot of warnings\n            logging.getLogger('azure.identity').setLevel(logging.ERROR)\n            logging.getLogger('azure.core.pipeline').setLevel(logging.ERROR)\n\n            context = None\n\n            if cli:\n                identity_credentials = AzureCliCredential()\n\n            elif user_account:\n\n                if not (username and password):\n                    if not programmatic_execution:\n                        username = username if username else input(\"Username: \")\n                        password = password if password else getpass(\"Password: \")\n                    else:\n                        raise AuthenticationException('Username or password not set')\n\n                identity_credentials = UsernamePasswordCredential(AZURE_CLI_CLIENT_ID, username, password,\n                                                                  authority=AUTHORITY_HOST_URI, tenant_id=tenant_id)\n\n            elif user_account_browser:\n\n                identity_credentials = DeviceCodeCredential(authority=AUTHORITY_HOST_URI,tenant_id=tenant_id,client_id=AZURE_CLI_CLIENT_ID)\n\n            elif service_principal:\n\n                if not tenant_id:\n                    if not programmatic_execution:\n                        tenant_id = input(\"Tenant ID: \")\n                    else:\n                        raise AuthenticationException('No Tenant ID set')\n\n                if not client_id:\n                    if not programmatic_execution:\n                        client_id = input(\"Client ID: \")\n                    else:\n                        raise AuthenticationException('No Client ID set')\n\n                if not client_secret:\n                    if not programmatic_execution:\n                        client_secret = getpass(\"Client secret: \")\n                    else:\n                        raise AuthenticationException('No Client Secret set')\n\n                identity_credentials = ClientSecretCredential(\n                    client_id=client_id,\n                    client_secret=client_secret,\n                    tenant_id=tenant_id\n                )\n\n            elif file_auth:\n\n                data = json.loads(file_auth.read())\n                tenant_id = data.get('tenantId')\n                client_id = data.get('clientId')\n                client_secret = data.get('clientSecret')\n\n                identity_credentials = ClientSecretCredential(\n                    client_id=client_id,\n                    client_secret=client_secret,\n                    tenant_id=tenant_id\n                )\n\n            elif msi:\n                identity_credentials = ManagedIdentityCredential()\n\n            else:\n                raise AuthenticationException('Unknown authentication method')\n\n            # Getting token to authenticate and detect AuthenticationException\n            identity_credentials.get_token(\"https://management.core.windows.net/.default\")\n\n            return AzureCredentials(\n                identity_credentials,\n                tenant_id, subscription_id,\n                context)\n\n        except Exception as e:\n            if 'Authentication failed: Unable to find wstrust endpoint from MEX. This typically happens when ' \\\n               'attempting MSA accounts. More details available here. ' \\\n               'https://github.com/AzureAD/microsoft-authentication-library-for-python/' \\\n               'wiki/Username-Password-Authentication' in e.args:\n\n                raise AuthenticationException(\n                    'You are likely authenticating with a Microsoft Account. '\n                    'This authentication mode only support Azure Active Directory principal authentication.')\n            raise AuthenticationException(e)\n"
  },
  {
    "path": "ScoutSuite/providers/azure/facade/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/azure/facade/aad.py",
    "content": "from msgraph.core import GraphClient\n\nfrom ScoutSuite.core.console import print_exception\n\n\nclass AADFacade:\n\n    def __init__(self, credentials):\n        self.credentials = credentials\n\n\n    async def _get_microsoft_graph_response(self, api_resource, api_version='v1.0'):\n        scopes = ['https://graph.microsoft.com/.default']\n\n        client = GraphClient(credential=self.credentials.get_credentials(), scopes=scopes)\n        endpoint = 'https://graph.microsoft.com/{}/{}'.format(api_version, api_resource)\n        try:\n            response = client.get(endpoint)\n            if response.status_code == 200:\n                return response.json()\n            # If response is 404 then it means there is no resource associated with the provided id\n            elif response.status_code == 404:\n                return {}\n            else:\n                print_exception('Failed to query Microsoft Graph endpoint \\\"{}\\\": status code {}'.\n                                format(api_resource, response.status_code))\n                return {}\n        except Exception as e:\n            print_exception('Failed to query Microsoft Graph endpoint \\\"{}\\\": {}'.format(api_resource, e))\n            return {}\n\n    async def get_users(self):\n        try:\n            # This filters down the users which are pulled from the directory, otherwise for large tenants this\n            # becomes out of hands\n            # See https://github.com/nccgroup/ScoutSuite/issues/698\n            user_filter = '?$filter=userType+eq+%27Guest%27'\n            users_response_beta = await self._get_microsoft_graph_response('users'+ user_filter, 'beta')\n            if users_response_beta:\n                users = users_response_beta.get('value')\n                return users\n            return users_response_beta\n        except Exception as e:\n            print_exception(f'Failed to retrieve users: {e}')\n            return []\n\n    async def get_user(self, user_id):\n        try:\n            user_filter = f'?$filter=id+eq+%27{user_id}%27'\n            user_response_beta = await self._get_microsoft_graph_response('users'+user_filter, 'beta')\n            if user_response_beta:\n                users = user_response_beta.get('value')\n                return users[0]\n            return user_response_beta\n        except Exception as e:\n            print_exception(f'Failed to retrieve user {user_id}: {e}')\n            return None\n\n    async def get_groups(self):\n        try:\n            groups_response = await self._get_microsoft_graph_response('groups')\n            if groups_response:\n                groups = groups_response.get('value')\n                return groups\n            return groups_response\n        except Exception as e:\n            print_exception(f'Failed to retrieve groups: {e}')\n            return []\n\n    async def get_user_groups(self, group_id):\n        try:\n            group_filter = f'?$filter=id+eq+%27{group_id}%27'\n            user_groups_response = await self._get_microsoft_graph_response('groups' + group_filter)\n            if user_groups_response:\n                groups = user_groups_response.get('value')\n                return groups\n            return user_groups_response\n        except Exception as e:\n            print_exception(f'Failed to retrieve user\\'s groups: {e}')\n            return []\n\n    async def get_service_principals(self):\n        try:\n            # Need publisher name value for serviceprincipals.py. v1.0 does not have that value, thus we use beta\n            service_principals_response_beta = await self._get_microsoft_graph_response('servicePrincipals', 'beta')\n            if service_principals_response_beta:\n                service_principals = service_principals_response_beta.get('value')\n                return service_principals\n            return service_principals_response_beta\n        except Exception as e:\n            print_exception(f'Failed to retrieve service principals: {e}')\n            return []\n\n    async def get_applications(self):\n        try:\n            applications_response = await self._get_microsoft_graph_response('applications')\n            if applications_response:\n                applications = applications_response.get('value')\n                return applications\n            return applications_response\n        except Exception as e:\n            print_exception(f'Failed to retrieve applications: {e}')\n            return []\n\n    async def get_policies(self):\n        try:\n            policies_response = await self._get_microsoft_graph_response('policies/authorizationPolicy')\n            return policies_response\n        except Exception as e:\n            print_exception(f'Failed to retrieve policies: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/azure/facade/appservice.py",
    "content": "from azure.mgmt.web import WebSiteManagementClient\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.azure.utils import get_resource_group_name\nfrom ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently\nfrom ScoutSuite.utils import get_user_agent\n\n\nclass AppServiceFacade:\n\n    def __init__(self, credentials):\n        self.credentials = credentials\n\n    def get_client(self, subscription_id: str):\n        client = WebSiteManagementClient(self.credentials.get_credentials(),\n                                         subscription_id=subscription_id, user_agent=get_user_agent())\n        return client\n\n    async def get_web_apps(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            web_apps = await run_concurrently(\n                lambda: list(client.web_apps.list())\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve web apps: {e}')\n            return []\n        else:\n            await get_and_set_concurrently([self._get_and_set_web_app_configuration], web_apps, api_client=client)\n            await get_and_set_concurrently([self._get_and_set_web_app_auth_settings], web_apps, api_client=client)\n            return web_apps\n\n    async def _get_and_set_web_app_configuration(self, web_app, api_client):\n        resource_group_name = get_resource_group_name(web_app.id)\n        try:\n            web_app_config = await run_concurrently(\n                lambda: api_client.web_apps.get_configuration(resource_group_name, web_app.name)\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve web app configuration: {e}')\n            setattr(web_app, 'config', None)\n        else:\n            setattr(web_app, 'config', web_app_config)\n\n    async def _get_and_set_web_app_auth_settings(self, web_app, api_client):\n        resource_group_name = get_resource_group_name(web_app.id)\n        try:\n            web_app_auth_settings = await run_concurrently(\n                lambda: api_client.web_apps.get_auth_settings(resource_group_name=resource_group_name,\n                                                              name=web_app.name)\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve web app auth settings: {e}')\n            setattr(web_app, 'auth_settings', None)\n        else:\n            setattr(web_app, 'auth_settings', web_app_auth_settings)\n"
  },
  {
    "path": "ScoutSuite/providers/azure/facade/base.py",
    "content": "from ScoutSuite.providers.azure.authentication_strategy import AzureCredentials\nfrom ScoutSuite.providers.azure.facade.aad import AADFacade\nfrom ScoutSuite.providers.azure.facade.rbac import RBACFacade\nfrom ScoutSuite.providers.azure.facade.keyvault import KeyVaultFacade\nfrom ScoutSuite.providers.azure.facade.network import NetworkFacade\nfrom ScoutSuite.providers.azure.facade.resourcemanagement import ResourceManagementFacade\nfrom ScoutSuite.providers.azure.facade.securitycenter import SecurityCenterFacade\nfrom ScoutSuite.providers.azure.facade.sqldatabase import SQLDatabaseFacade\nfrom ScoutSuite.providers.azure.facade.storageaccounts import StorageAccountsFacade\nfrom ScoutSuite.providers.azure.facade.virtualmachines import VirtualMachineFacade\nfrom ScoutSuite.providers.azure.facade.appservice import AppServiceFacade\nfrom ScoutSuite.providers.azure.facade.mysqldatabase import MySQLDatabaseFacade\nfrom ScoutSuite.providers.azure.facade.postgresqldatabse import PostgreSQLDatabaseFacade\nfrom ScoutSuite.providers.azure.facade.loggingmonitoring import LoggingMonitoringFacade\n\nfrom azure.mgmt.resource import SubscriptionClient\nfrom ScoutSuite.providers.base.authentication_strategy import AuthenticationException\nfrom ScoutSuite.utils import get_user_agent\n\nfrom ScoutSuite.core.console import print_info, print_exception\n\n# Try to import proprietary services\ntry:\n    from ScoutSuite.providers.azure.facade.appgateway_private import AppGatewayFacade\nexcept ImportError:\n    pass\ntry:\n    from ScoutSuite.providers.azure.facade.loadbalancer_private import LoadBalancerFacade\nexcept ImportError:\n    pass\ntry:\n    from ScoutSuite.providers.azure.facade.rediscache_private import RedisCacheFacade\nexcept ImportError:\n    pass\n\n\nclass AzureFacade:\n    def __init__(self,\n                 credentials: AzureCredentials,\n                 subscription_ids=[], all_subscriptions=False,\n                 programmatic_execution=False):\n\n        self.credentials = credentials\n        self.programmatic_execution = programmatic_execution\n\n        self.subscription_list = []\n        self.subscription_ids = subscription_ids\n        self.all_subscriptions = all_subscriptions\n\n        self.aad = AADFacade(credentials)\n        self.rbac = RBACFacade(credentials)\n        self.keyvault = KeyVaultFacade(credentials)\n        self.virtualmachines = VirtualMachineFacade(credentials)\n        self.network = NetworkFacade(credentials)\n        self.securitycenter = SecurityCenterFacade(credentials)\n        self.sqldatabase = SQLDatabaseFacade(credentials)\n        self.storageaccounts = StorageAccountsFacade(credentials)\n        self.appservice = AppServiceFacade(credentials)\n        self.mysqldatabase = MySQLDatabaseFacade(credentials)\n        self.postgresqldatabase = PostgreSQLDatabaseFacade(credentials)\n        self.loggingmonitoring = LoggingMonitoringFacade(credentials)\n        self.resourcemanagement = ResourceManagementFacade(credentials)\n\n        # Instantiate facades for proprietary services\n        try:\n            self.appgateway = AppGatewayFacade(credentials)\n        except NameError:\n            pass\n        try:\n            self.loadbalancer = LoadBalancerFacade(credentials)\n        except NameError:\n            pass\n        try:\n            self.rediscache = RedisCacheFacade(credentials)\n        except NameError:\n            pass\n\n        self._set_subscriptions()\n\n    async def get_subscriptions(self):\n        if self.subscription_list:\n            return self.subscription_list\n        else:\n            self._set_subscriptions()\n\n    def _set_subscriptions(self):\n\n        # Create the client\n        subscription_client = SubscriptionClient(self.credentials.get_credentials(), user_agent=get_user_agent())\n        # Get all the accessible subscriptions\n        accessible_subscriptions_list = list(subscription_client.subscriptions.list())\n\n        if not accessible_subscriptions_list:\n            raise AuthenticationException('The provided credentials do not have access to any subscriptions')\n\n        # Final list, start empty\n        subscriptions_list = []\n\n        # No subscription provided, infer\n        if not (self.subscription_ids or self.all_subscriptions):\n            try:\n                # Tries to read the subscription list\n                print_info('No subscription set, inferring')\n                s = next(subscription_client.subscriptions.list())\n            except StopIteration:\n                print_info('Unable to infer a subscription')\n                # If the user cannot read subscription list, ask Subscription ID:\n                if not self.programmatic_execution:\n                    s = input('Subscription ID: ')\n                else:\n                    print_exception('Unable to infer a Subscription ID')\n                    # raise\n            finally:\n                subscriptions_list.append(s)\n\n        # All subscriptions\n        elif self.all_subscriptions:\n            subscriptions_list = accessible_subscriptions_list\n\n        # A specific set of subscriptions\n        elif self.subscription_ids:\n            # Only include accessible subscriptions\n            subscriptions_list = [s for s in accessible_subscriptions_list if\n                                  s.subscription_id in self.subscription_ids]\n            # Verbose skip\n            for s in self.subscription_ids:\n                if not any(subs.subscription_id == s for subs in accessible_subscriptions_list):\n                    raise AuthenticationException('Subscription {} does not exist or is not accessible '\n                                                  'with the provided credentials'.format(s))\n\n        # Other == error\n        else:\n            raise AuthenticationException('Unknown Azure subscription option')\n\n        if subscriptions_list and len(subscriptions_list) > 0:\n            self.subscription_list = subscriptions_list\n            if len(subscriptions_list) == 1:\n                print_info('Running against subscription {}'.format(subscriptions_list[0].subscription_id))\n            else:\n                print_info('Running against {} subscriptions'.format(len(subscriptions_list)))\n        else:\n            raise AuthenticationException('No subscriptions to scan')\n"
  },
  {
    "path": "ScoutSuite/providers/azure/facade/keyvault.py",
    "content": "from azure.mgmt.keyvault import KeyVaultManagementClient\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.utils import run_concurrently\nfrom ScoutSuite.utils import get_user_agent\n\n\nclass KeyVaultFacade:\n\n    def __init__(self, credentials):\n        self.credentials = credentials\n\n    def get_client(self, subscription_id: str):\n        client = KeyVaultManagementClient(self.credentials.get_credentials(),\n                                          subscription_id=subscription_id, user_agent=get_user_agent())\n        return client\n\n    async def get_key_vaults(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.vaults.list_by_subscription()))\n        except Exception as e:\n            print_exception(f'Failed to retrieve key vaults: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/azure/facade/loggingmonitoring.py",
    "content": "from ScoutSuite.providers.utils import run_concurrently\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.utils import get_user_agent\nfrom azure.mgmt.monitor import MonitorManagementClient\n\n\nclass LoggingMonitoringFacade:\n\n    def __init__(self, credentials):\n        self.credentials = credentials\n\n    def get_client(self, subscription_id: str):\n        client = MonitorManagementClient(self.credentials.get_credentials(),\n                                         subscription_id=subscription_id,\n                                         user_agent=get_user_agent())\n        return client\n\n    async def get_log_profiles(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            log_profiles = await run_concurrently(\n                lambda: list(client.log_profiles.list())\n            )\n            return log_profiles\n        except Exception as e:\n            print_exception(f'Failed to retrieve log profiles: {e}')\n            return []\n\n    async def get_subscription_diagnostic_settings(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            diagnostic_settings = await run_concurrently(\n                lambda: client.subscription_diagnostic_settings.list(subscription_id).value\n            )\n            return diagnostic_settings\n        except Exception as e:\n            print_exception(f'Failed to retrieve subscription diagnostic settings: {e}')\n            return []\n\n    async def get_diagnostic_settings(self, subscription_id: str, resource_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            diagnostic_settings = await run_concurrently(\n                lambda: client.diagnostic_settings.list(resource_id).value\n            )\n            return diagnostic_settings\n        except Exception as e:\n            print_exception(f'Failed to retrieve resource diagnostic settings: {e}')\n            return []\n\n    async def get_activity_log_alerts(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            activity_log_alerts = await run_concurrently(\n                lambda: list(client.activity_log_alerts.list_by_subscription_id())\n            )\n            return activity_log_alerts\n        except Exception as e:\n            print_exception(f'Failed to retrieve activity log alerts: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/azure/facade/mysqldatabase.py",
    "content": "from azure.mgmt.rdbms.mysql import MySQLManagementClient\nfrom ScoutSuite.providers.utils import run_concurrently\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.utils import get_user_agent\n\n\nclass MySQLDatabaseFacade:\n\n    def __init__(self, credentials):\n        self.credentials = credentials\n\n    def get_client(self, subscription_id: str):\n        client = MySQLManagementClient(self.credentials.get_credentials(),\n                                       subscription_id=subscription_id,\n                                       user_agent=get_user_agent())\n        return client\n\n    async def get_servers(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.servers.list())\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve mySQL servers: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/azure/facade/network.py",
    "content": "from azure.mgmt.network import NetworkManagementClient\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.utils import run_concurrently\nfrom ScoutSuite.utils import get_user_agent\n\n\nclass NetworkFacade:\n\n    def __init__(self, credentials):\n        self.credentials = credentials\n\n    def get_client(self, subscription_id: str):\n        client = NetworkManagementClient(self.credentials.get_credentials(),\n                                         subscription_id=subscription_id,\n                                         user_agent=get_user_agent())\n        return client\n\n    async def get_network_watchers(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.network_watchers.list_all())\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve network watchers: {e}')\n            return []\n\n    async def get_network_security_groups(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.network_security_groups.list_all())\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve network security groups: {e}')\n            return []\n\n    async def get_application_security_groups(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.application_security_groups.list_all())\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve application security groups: {e}')\n            return []\n\n    async def get_virtual_networks(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.virtual_networks.list_all())\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve virtual networks: {e}')\n            return []\n\n    async def get_network_interfaces(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.network_interfaces.list_all())\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve network interfaces: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/azure/facade/postgresqldatabse.py",
    "content": "from azure.mgmt.rdbms.postgresql import PostgreSQLManagementClient\nfrom ScoutSuite.providers.utils import run_concurrently\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.utils import get_user_agent\n\n\nclass PostgreSQLDatabaseFacade:\n\n    def __init__(self, credentials):\n        self.credentials = credentials\n\n    def get_client(self, subscription_id: str):\n        client = PostgreSQLManagementClient(self.credentials.get_credentials(),\n                                            subscription_id=subscription_id,\n                                            user_agent=get_user_agent())\n        return client\n\n    async def get_servers(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.servers.list())\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve postgresSQL servers: {e}')\n            return []\n\n    async def get_config(self, resource_group_name, server_name,\n                         subscription_id: str, configuration_name: str):\n        try:\n            client = self.get_client(subscription_id)\n            val = await run_concurrently(\n                lambda: client.configurations.get(resource_group_name, server_name, configuration_name)\n            )\n            return val\n        except Exception as e:\n            print_exception(f'Failed to retrieve server configuration: {e}')\n            return []\n\n    async def get_firewall_rules(self, resource_group_name, server_name, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.firewall_rules.list_by_server(resource_group_name, server_name))\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve firewalls rules: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/azure/facade/rbac.py",
    "content": "from azure.mgmt.authorization import AuthorizationManagementClient\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.utils import run_concurrently\nfrom ScoutSuite.utils import get_user_agent\n\n\nclass RBACFacade:\n\n    def __init__(self, credentials):\n        self.credentials = credentials\n\n    def get_client(self, subscription_id: str):\n        client = AuthorizationManagementClient(self.credentials.get_credentials(),\n                                               subscription_id=subscription_id,\n                                               user_agent=get_user_agent())\n        return client\n\n    async def get_roles(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            scope = f'/subscriptions/{subscription_id}'\n            return await run_concurrently(lambda: list(client.role_definitions.list(scope=scope)))\n        except Exception as e:\n            print_exception(f'Failed to retrieve roles: {e}')\n            return []\n\n    async def get_role_assignments(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            scope = f'/subscriptions/{subscription_id}'\n            return await run_concurrently(lambda: list(client.role_assignments.list_for_scope(scope=scope)))\n        except Exception as e:\n            print_exception(f'Failed to retrieve role assignments: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/azure/facade/resourcemanagement.py",
    "content": "from ScoutSuite.providers.utils import run_concurrently\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.utils import get_user_agent\nfrom azure.mgmt.resource import ResourceManagementClient\n\n\nclass ResourceManagementFacade:\n\n    def __init__(self, credentials):\n        self.credentials = credentials\n\n    def get_client(self, subscription_id: str):\n        client = ResourceManagementClient(self.credentials.get_credentials(),\n                                          subscription_id=subscription_id,\n                                          user_agent=get_user_agent())\n        return client\n\n    async def get_specific_type_resources_with_filter(self, subscription_id: str, resource_type_filter: str):\n        try:\n            type_filter = \" and \".join([\n                f'resourceType eq \\'{resource_type_filter}\\''\n            ])\n            client = self.get_client(subscription_id)\n            resource = await run_concurrently(\n                lambda: list(client.resources.list(filter=type_filter))\n            )\n            return resource\n        except Exception as e:\n            print_exception(f'Failed to retrieve key vault resources: {e}')\n            return []\n\n    async def get_all_resources(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            resource = await run_concurrently(\n                lambda: list(client.resources.list())\n            )\n            return resource\n        except Exception as e:\n            print_exception(f'Failed to retrieve resources: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/azure/facade/securitycenter.py",
    "content": "from azure.mgmt.security import SecurityCenter\n\nfrom ScoutSuite.core.console import print_exception, print_debug\nfrom ScoutSuite.providers.utils import run_concurrently\nfrom ScoutSuite.utils import get_user_agent\n\n\nclass SecurityCenterFacade:\n\n    def __init__(self, credentials):\n        self.credentials = credentials\n\n    def get_client(self, subscription_id: str):\n        client = SecurityCenter(self.credentials.get_credentials(),\n                                subscription_id, '',\n                                user_agent=get_user_agent())\n        return client\n\n    async def get_pricings(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            pricings_list = await run_concurrently(\n                lambda: client.pricings.list()\n            )\n            if hasattr(pricings_list, 'value'):\n                return pricings_list.value\n            else:\n                return []\n        except Exception as e:\n            print_exception(f'Failed to retrieve pricings: {e}')\n            return []\n\n    async def get_security_contacts(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.security_contacts.list())\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve security contacts: {e}')\n            return []\n\n    async def get_auto_provisioning_settings(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.auto_provisioning_settings.list())\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve auto provisioning settings: {e}')\n            return []\n\n    async def get_information_protection_policies(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            scope = f'/subscriptions/{self._subscription_id}'\n            return await run_concurrently(lambda: list(client.information_protection_policies.list(scope=scope)))\n        except Exception as e:\n            print_exception(f'Failed to retrieve information protection policies: {e}')\n            return []\n\n    async def get_settings(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.settings.list())\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve settings: {e}')\n            return []\n\n    async def get_alerts(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.alerts.list())\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve alerts: {e}')\n            return []\n\n    def remove_last_ItemPage_from_the_list(self, results):\n        p = list()\n        try:\n            for i in results:\n                p.append(i)\n        except Exception:\n        # TODO implement condition to pass only if the triggered error is MissingApiVersionParameter\n            pass\n        return p\n    \n    \"\"\"\n    Commented out this part since a weird bug causes MissingApiVersionParameter errors to appear in the last response from Azure API. \n    Workaround bypasses this but obviously not ideal.\n    \n    async def get_compliance_results(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            scope = f'/subscriptions/{subscription_id}'\n            return await run_concurrently(\n                lambda: list(client.compliance_results.list(scope=scope))\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve compliance results: {e}')\n            return []\n     \"\"\"\n            \n    async def get_compliance_results(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            scope = f'/subscriptions/{subscription_id}'\n            return await run_concurrently(\n                lambda: self.remove_last_ItemPage_from_the_list(client.compliance_results.list(scope=scope))\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve compliance results: {e}')\n            return []\n\n    async def get_regulatory_compliance_results(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            results = []\n            try:\n                compliance_standards = await run_concurrently(\n                    lambda: list(client.regulatory_compliance_standards.list())\n                )\n            except Exception as e:\n                if 'as it has no standard pricing bundle' in str(e):\n                    print_debug(f'Failed to retrieve regulatory compliance standards: {e}')\n                else:\n                    print_exception(f'Failed to retrieve regulatory compliance standards: {e}')\n                return {}\n            else:\n                for standard in compliance_standards:\n                    try:\n                        compliance_controls = await run_concurrently(\n                            lambda standard=standard: list(client.regulatory_compliance_controls.list(\n                                regulatory_compliance_standard_name=standard.name))\n                        )\n                        for control in compliance_controls:\n                            control.standard_name = standard.name\n                            results.append(control)\n                    except Exception as e:\n                        print_exception(f'Failed to retrieve compliance controls: {e}')\n            finally:\n                return results\n        except Exception as e:\n            print_exception(f'Failed to retrieve regulatory compliance results: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/azure/facade/sqldatabase.py",
    "content": "\nfrom azure.mgmt.sql import SqlManagementClient\nfrom ScoutSuite.providers.utils import run_concurrently\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.utils import get_user_agent\n\n\nclass SQLDatabaseFacade:\n\n    def __init__(self, credentials):\n        self.credentials = credentials\n\n    def get_client(self, subscription_id: str):\n        client = SqlManagementClient(self.credentials.get_credentials(),\n                                     subscription_id=subscription_id,\n                                     user_agent=get_user_agent())\n\n        return client\n\n    async def get_database_blob_auditing_policies(self, resource_group_name, server_name, database_name,\n                                                  subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: client.database_blob_auditing_policies.get(\n                    resource_group_name, server_name, database_name)\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve database blob auditing policies: {e}')\n            return []\n\n    async def get_database_threat_detection_policies(self, resource_group_name, server_name, database_name,\n                                                     subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: client.database_threat_detection_policies.get(resource_group_name, server_name, database_name,\n                                                                      'default')\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve database threat detection policies: {e}')\n            return []\n\n    async def get_databases(self, resource_group_name, server_name, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.databases.list_by_server(resource_group_name, server_name))\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve databases: {e}')\n            return []\n\n    async def get_database_replication_links(self, resource_group_name, server_name, database_name,\n                                             subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.replication_links.list_by_database(\n                    resource_group_name, server_name, database_name))\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve database replication links: {e}')\n            return []\n\n    async def get_server_azure_ad_administrators(self, resource_group_name, server_name, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.server_azure_ad_administrators.list_by_server(resource_group_name, server_name))\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve server azure ad administrators: {e}')\n            return None\n\n    async def get_server_blob_auditing_policies(self, resource_group_name, server_name, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: client.server_blob_auditing_policies.get(resource_group_name, server_name)\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve server blob auditing policies: {e}')\n            return []\n\n    async def get_server_security_alert_policies(self, resource_group_name, server_name, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: client.server_security_alert_policies.get(resource_group_name, server_name, 'default')\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve server security alert policies: {e}')\n            return []\n\n    async def get_servers(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.servers.list())\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve servers: {e}')\n            return []\n\n    async def get_database_transparent_data_encryptions(self, resource_group_name, server_name, database_name,\n                                                        subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: client.transparent_data_encryptions.get(\n                    resource_group_name, server_name, database_name, 'current')\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve database transparent data encryptions: {e}')\n            return []\n\n    async def get_server_vulnerability_assessments(self, resource_group_name, server_name,\n                                                   subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: client.server_vulnerability_assessments.get(resource_group_name, server_name, 'default')\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve server vulnerability assessments: {e}')\n\n    async def get_server_encryption_protectors(self, resource_group_name, server_name, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: client.encryption_protectors.get(resource_group_name, server_name, 'current')\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve database transparent data encryptions: {e}')\n            return []\n\n    async def get_firewall_rules(self, resource_group_name, server_name, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.firewall_rules.list_by_server(resource_group_name, server_name))\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve firewalls rules: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/azure/facade/storageaccounts.py",
    "content": "import datetime\nfrom azure.mgmt.monitor import MonitorManagementClient\nfrom azure.mgmt.storage import StorageManagementClient\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently\nfrom ScoutSuite.utils import get_user_agent\n\n\nclass StorageAccountsFacade:\n\n    def __init__(self, credentials):\n        self.credentials = credentials\n\n    def get_client(self, subscription_id: str):\n        client = StorageManagementClient(self.credentials.get_credentials(),\n                                         subscription_id=subscription_id,\n                                         user_agent=get_user_agent())\n        return client\n\n    async def get_storage_accounts(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            storage_accounts = await run_concurrently(\n                lambda: list(client.storage_accounts.list())\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve storage accounts: {e}')\n            return []\n        else:\n            await get_and_set_concurrently([self._get_and_set_activity_logs], storage_accounts,\n                                           subscription_id=subscription_id)\n            return storage_accounts\n\n    async def get_blob_containers(self, resource_group_name, storage_account_name, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            containers = await run_concurrently(\n                lambda: list(client.blob_containers.list(resource_group_name, storage_account_name))\n            )\n\n        except Exception as e:\n            print_exception(f'Failed to retrieve blob containers: {e}')\n            return []\n        else:\n            return containers\n\n    async def get_blob_services(self, resource_group_name, storage_account_name, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            blob_services = await run_concurrently(\n                lambda: list(client.blob_services.list(resource_group_name, storage_account_name))\n            )\n\n        except Exception as e:\n            print_exception(f'Failed to retrieve blob services: {e}')\n            return []\n        else:\n\n            return blob_services\n\n    async def _get_and_set_activity_logs(self, storage_account, subscription_id: str):\n        client = MonitorManagementClient(self.credentials.get_credentials(), subscription_id, user_agent=get_user_agent())\n\n        # Time format used by Azure API:\n        time_format = \"%Y-%m-%dT%H:%M:%S.%f\"\n        # Azure API uses UTC time, we need to use the same to avoid bad requests:\n        utc_now = datetime.datetime.utcnow()\n        # Activity logs are only archived for a period of 90 days max (requesting a timespan of more than that ends up\n        # with a bad request):\n        timespan = datetime.timedelta(90)\n\n        logs_filter = \" and \".join([\n            \"eventTimestamp ge {}\".format((utc_now - timespan).strftime(time_format)),\n            \"eventTimestamp le {}\".format(utc_now.strftime(time_format)),\n            f\"resourceId eq {storage_account.id}\",\n        ])\n        try:\n            activity_logs = await run_concurrently(\n                lambda: list(client.activity_logs.list(filter=logs_filter, select=\"eventTimestamp, operationName\"))\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve activity logs: {e}')\n            setattr(storage_account, 'activity_logs', [])\n        else:\n            setattr(storage_account, 'activity_logs', activity_logs)\n\n    # FIXME - not implemented by SDK\n    # async def get_queues(self, resource_group_name, storage_account_name, subscription_id: str):\n    #     try:\n    #         client = QueueServiceClient(account_url=\"https://{}.queue.core.windows.net\".format(storage_account_name),\n    #                                      credential=self.credentials.aad_graph_credentials)\n    #\n    #         # queues = await run_concurrently(\n    #         #     lambda: list(client.queues.list(resource_group_name, storage_account_name))\n    #         # )\n    #     except Exception as e:\n    #         print_exception('Failed to retrieve queues: {}'.format(e))\n    #         return []\n    #     else:\n    #         return None\n    #         # return queues\n"
  },
  {
    "path": "ScoutSuite/providers/azure/facade/virtualmachines.py",
    "content": "from azure.mgmt.compute import ComputeManagementClient\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.utils import run_concurrently\nfrom ScoutSuite.utils import get_user_agent\n\n\nclass VirtualMachineFacade:\n\n    def __init__(self, credentials):\n        self.credentials = credentials\n\n    def get_client(self, subscription_id: str):\n\n        client = ComputeManagementClient(self.credentials.get_credentials(),\n                                         subscription_id=subscription_id,\n                                         user_agent=get_user_agent())\n        return client\n\n    async def get_instances(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.virtual_machines.list_all())\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve virtual machines: {e}')\n            return []\n\n    async def get_instance_extensions(self, subscription_id: str,\n                                      instance_name: str,\n                                      resource_group: str):\n        try:\n            client = self.get_client(subscription_id)\n            extensions = await run_concurrently(\n                lambda: client.virtual_machine_extensions.list(resource_group,\n                                                               instance_name)\n            )\n            return list(extensions.value)\n        except Exception as e:\n            print_exception(f'Failed to retrieve virtual machine extensions: {e}')\n            return []\n\n    async def get_disks(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.disks.list())\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve disks: {e}')\n            return []\n\n    async def get_snapshots(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.snapshots.list())\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve snapshots: {e}')\n            return []\n\n    async def get_images(self, subscription_id: str):\n        try:\n            client = self.get_client(subscription_id)\n            return await run_concurrently(\n                lambda: list(client.images.list())\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve images: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/azure/metadata.json",
    "content": "{\n  \"storage\": {\n    \"storageaccounts\": {\n      \"resources\": {\n        \"storage_accounts\": {\n          \"cols\": 2,\n          \"path\": \"services.storageaccounts.subscriptions.id.storage_accounts\"\n        }\n      }\n    }\n  },\n  \"compute\": {\n    \"virtualmachines\": {\n      \"resources\": {\n        \"instances\": {\n          \"cols\": 2,\n          \"path\": \"services.virtualmachines.subscriptions.id.instances\"\n        },\n        \"disks\": {\n          \"cols\": 2,\n          \"path\": \"services.virtualmachines.subscriptions.id.disks\"\n        },\n        \"snapshots\": {\n          \"cols\": 2,\n          \"path\": \"services.virtualmachines.subscriptions.id.snapshots\"\n        },\n        \"images\": {\n          \"cols\": 2,\n          \"path\": \"services.virtualmachines.subscriptions.id.images\"\n        }\n      }\n    }\n  },\n  \"database\": {\n    \"sqldatabase\": {\n      \"resources\": {\n        \"servers\": {\n          \"cols\": 2,\n          \"path\": \"services.sqldatabase.subscriptions.id.servers\"\n        }\n      }\n    },\n    \"rediscache\": {\n      \"resources\": {\n        \"caches\": {\n          \"cols\": 2,\n          \"path\": \"services.rediscache.subscriptions.id.caches\"\n        }\n      }\n    }\n  },\n  \"security\": {\n    \"aad\": {\n      \"resources\": {\n        \"users\": {\n          \"cols\": 2,\n          \"path\": \"services.aad.users\"\n        },\n        \"groups\": {\n          \"cols\": 2,\n          \"path\": \"services.aad.groups\"\n        },\n        \"service_principals\": {\n          \"cols\": 2,\n          \"path\": \"services.aad.service_principals\"\n        },\n        \"applications\": {\n          \"cols\": 2,\n          \"path\": \"services.aad.applications\"\n        },\n        \"policies\": {\n          \"cols\": 2,\n          \"path\": \"services.aad.policies\"\n        }\n      }\n    },\n    \"rbac\": {\n      \"resources\": {\n        \"roles\": {\n          \"cols\": 2,\n          \"path\": \"services.rbac.subscriptions.id.roles\"\n        },\n        \"custom_roles_report\": {\n          \"cols\": 2,\n          \"path\": \"services.rbac.subscriptions.id.custom_roles_report\"\n        }\n      }\n    },\n    \"keyvault\": {\n      \"resources\": {\n        \"vaults\": {\n          \"cols\": 2,\n          \"path\": \"services.keyvault.subscriptions.id.vaults\"\n        }\n      }\n    },\n    \"securitycenter\": {\n      \"resources\": {\n        \"pricings\": {\n          \"cols\": 2,\n          \"path\": \"services.securitycenter.subscriptions.id.pricings\"\n        },\n        \"security_contacts\": {\n          \"cols\": 2,\n          \"path\": \"services.securitycenter.subscriptions.id.security_contacts\"\n        },\n        \"auto_provisioning_settings\": {\n          \"cols\": 2,\n          \"path\": \"services.securitycenter.subscriptions.id.auto_provisioning_settings\"\n        },\n        \"compliance_results\": {\n          \"cols\": 2,\n          \"path\": \"services.securitycenter.subscriptions.id.compliance_results\"\n        },\n        \"regulatory_compliance_results\": {\n          \"cols\": 2,\n          \"path\": \"services.securitycenter.subscriptions.id.regulatory_compliance_results\"\n        },\n        \"settings\": {\n          \"cols\": 2,\n          \"path\": \"services.securitycenter.subscriptions.id.settings\"\n        }\n      }\n    }\n  },\n  \"networking\": {\n    \"appgateway\": {\n      \"resources\": {\n        \"app_gateways\": {\n          \"cols\": 2,\n          \"path\": \"services.appgateway.subscriptions.id.app_gateways\"\n        }\n      }\n    },\n    \"network\": {\n      \"resources\": {\n        \"virtual_networks\": {\n          \"cols\": 2,\n          \"path\": \"services.network.subscriptions.id.virtual_networks\"\n        },\n        \"security_groups\": {\n          \"cols\": 2,\n          \"path\": \"services.network.subscriptions.id.security_groups\"\n        },\n        \"application_security_groups\": {\n          \"cols\": 2,\n          \"path\": \"services.network.subscriptions.id.application_security_groups\"\n        },\n        \"watchers\": {\n          \"cols\": 2,\n          \"path\": \"services.network.subscriptions.id.watchers\"\n        }\n      }\n    },\n    \"loadbalancer\": {\n      \"resources\": {\n        \"load_balancers\": {\n          \"cols\": 2,\n          \"path\": \"services.loadbalancer.subscriptions.id.load_balancers\"\n        }\n      }\n    }\n  },\n  \"applications\": {\n    \"appservice\": {\n      \"resources\": {\n        \"web_apps\": {\n          \"cols\": 2,\n          \"path\": \"services.appservice.subscriptions.id.web_apps\"\n        }\n      }\n    }\n  },\n  \"mysql\": {\n    \"mysqldatabase\": {\n      \"resources\": {\n        \"servers\": {\n          \"cols\": 2,\n          \"path\": \"services.mysqldatabase.subscriptions.id.servers\"\n        }\n      }\n    }\n  },\n  \"postgres\": {\n    \"postgresqldatabase\": {\n      \"resources\": {\n        \"servers\": {\n          \"cols\": 2,\n          \"path\": \"services.postgresqldatabase.subscriptions.id.servers\"\n        }\n      }\n    }\n  },\n \"logging\": {\n    \"loggingmonitoring\": {\n      \"resources\": {\n        \"resources_logging\": {\n          \"cols\": 2,\n          \"path\": \"services.loggingmonitoring.subscriptions.id.resources_logging\"\n        },\n        \"log_alerts\": {\n          \"cols\": 2,\n          \"path\": \"services.loggingmonitoring.subscriptions.id.log_alerts\"\n        },\n        \"diagnostic_settings\": {\n          \"cols\": 2,\n          \"path\": \"services.loggingmonitoring.subscriptions.id.diagnostic_settings\"\n        },\n        \"log_profiles\": {\n          \"cols\": 2,\n          \"path\": \"services.loggingmonitoring.subscriptions.id.log_profiles\"\n        }\n      }\n    }\n  }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/azure/provider.py",
    "content": "import os\n\nfrom ScoutSuite.core.console import print_exception\n\nfrom ScoutSuite.providers.base.provider import BaseProvider\nfrom ScoutSuite.providers.azure.services import AzureServicesConfig\n\n\nclass AzureProvider(BaseProvider):\n    \"\"\"\n    Implements provider for Azure\n    \"\"\"\n\n    def __init__(self,\n                 subscription_ids=[], all_subscriptions=None,\n                 report_dir=None, timestamp=None, services=None, skipped_services=None,\n                 result_format='json',\n                 **kwargs):\n        services = [] if services is None else services\n        skipped_services = [] if skipped_services is None else skipped_services\n\n        self.metadata_path = '%s/metadata.json' % os.path.split(os.path.abspath(__file__))[0]\n\n        self.provider_code = 'azure'\n        self.provider_name = 'Microsoft Azure'\n        self.environment = 'default'\n\n        self.programmatic_execution = kwargs['programmatic_execution']\n        self.credentials = kwargs['credentials']\n\n        if subscription_ids:\n            self.subscription_ids = subscription_ids\n        elif self.credentials.default_subscription_id:\n            self.subscription_ids = [self.credentials.default_subscription_id]\n        else:\n            self.subscription_ids = []\n        self.all_subscriptions = all_subscriptions\n\n        try:\n            self.account_id = self.credentials.get_tenant_id()\n        except Exception as e:\n            self.account_id = 'undefined'\n\n        self.services = AzureServicesConfig(self.credentials,\n                                            programmatic_execution=self.programmatic_execution,\n                                            subscription_ids=self.subscription_ids,\n                                            all_subscriptions=self.all_subscriptions)\n\n        self.result_format = result_format\n\n        super().__init__(report_dir, timestamp,\n                                            services, skipped_services, result_format)\n\n    def get_report_name(self):\n        \"\"\"\n        Returns the name of the report using the provider's configuration\n        \"\"\"\n        try:\n            return f'azure-tenant-{self.credentials.get_tenant_id()}'\n        except Exception as e:\n            print_exception(f'Unable to define report name: {e}')\n            return 'azure'\n\n    def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):\n        \"\"\"\n        Tweak the Azure config to match cross-service resources and clean any fetching artifacts\n\n        :param ip_ranges:\n        :param ip_ranges_name_key:\n        :return: None\n        \"\"\"\n        ip_ranges = [] if ip_ranges is None else ip_ranges\n\n        # Don't do this if we're running a local execution\n        if not self.last_run:\n            self._match_rbac_roles_and_principals()\n\n        super().preprocessing()\n\n    def _match_rbac_roles_and_principals(self):\n        \"\"\"\n        Matches ARM role assignments to AAD service principals\n        \"\"\"\n        try:\n            if 'rbac' in self.service_list and 'aad' in self.service_list:\n                for subscription in self.services['rbac']['subscriptions']:\n                    for assignment in self.services['rbac']['subscriptions'][subscription]['role_assignments'].values():\n                        role_id = assignment['role_definition_id'].split('/')[-1]\n                        for group in self.services['aad']['groups']:\n                            if group == assignment['principal_id']:\n                                self.services['aad']['groups'][group]['roles'].append({'subscription_id': subscription,\n                                                                                     'role_id': role_id})\n                                self.services['rbac']['subscriptions'][subscription]['roles'][role_id]['assignments']['groups'].append(group)\n                                self.services['rbac']['subscriptions'][subscription]['roles'][role_id]['assignments_count'] += 1\n                        for user in self.services['aad']['users']:\n                            if user == assignment['principal_id']:\n                                self.services['aad']['users'][user]['roles'].append({'subscription_id': subscription,\n                                                                                     'role_id': role_id})\n                                self.services['rbac']['subscriptions'][subscription]['roles'][role_id]['assignments']['users'].append(user)\n                                self.services['rbac']['subscriptions'][subscription]['roles'][role_id]['assignments_count'] += 1\n                        for service_principal in self.services['aad']['service_principals']:\n                            if service_principal == assignment['principal_id']:\n                                self.services['aad']['service_principals'][service_principal]['roles'].append({'subscription_id': subscription,\n                                                                                                               'role_id': role_id})\n                                self.services['rbac']['subscriptions'][subscription]['roles'][role_id]['assignments']['service_principals'].append(service_principal)\n                                self.services['rbac']['subscriptions'][subscription]['roles'][role_id]['assignments_count'] += 1\n        except Exception as e:\n            print_exception('Unable to match RBAC roles and principals: {}'.format(e))\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/azure/resources/aad/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/azure/resources/aad/applications.py",
    "content": "from ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass Applications(AzureResources):\n    async def fetch_all(self):\n        for raw_application in await self.facade.aad.get_applications():\n            id, application = await self._parse_application(raw_application)\n            self[id] = application\n\n    async def _parse_application(self, raw_application):\n        application_dict = {}\n        application_dict['id'] = raw_application.get('id')\n        application_dict['app_id'] = raw_application.get('appId')\n        application_dict['name'] = raw_application.get('displayName')\n        # application_dict['additional_properties'] = raw_application.additional_properties\n        application_dict['deletion_timestamp'] = raw_application.get('deletedDateTime')\n        application_dict['object_type'] = 'Application'\n        # application_dict['allow_guests_sign_in'] = raw_application.allow_guests_sign_in\n        # application_dict['allow_passthrough_users'] = raw_application.allow_passthrough_users\n        # application_dict['app_logo_url'] = raw_application.app_logo_url\n        application_dict['app_roles'] = raw_application.get('appRoles')\n        # application_dict['app_permissions'] = raw_application.app_permissions\n        # application_dict['available_to_other_tenants'] = raw_application.available_to_other_tenants\n        # application_dict['error_url'] = raw_application.error_url\n        application_dict['group_membership_claims'] = raw_application.get('groupMembershipClaims')\n        # application_dict['homepage'] = raw_application.homepage\n        application_dict['identifier_uris'] = raw_application.get('identifierUris')\n        application_dict['informational_urls'] = raw_application.get('info')\n        application_dict['is_device_only_auth_supported'] = raw_application.get('isDeviceOnlyAuthSupported')\n        application_dict['key_credentials'] = raw_application.get('keyCredentials')\n        application_dict['known_client_applications'] = raw_application['api'].get('knownClientApplications')\n        application_dict['logout_url'] = raw_application['web'].get('logoutUrl')\n        # application_dict['oauth2_allow_implicit_flow'] = raw_application.oauth2_allow_implicit_flow\n        # application_dict['oauth2_allow_url_path_matching'] = raw_application.oauth2_allow_url_path_matching\n        application_dict['oauth2_permissions'] = raw_application['api'].get('oauth2PermissionScopes')\n        # application_dict['oauth2_require_post_response'] = raw_application.get('oauth2RequirePostResponse')\n        # only in beta\n        # application_dict['org_restrictions'] = raw_application.get('orgRestrictions') # only in beta\n        application_dict['optional_claims'] = raw_application.get('optionalClaims')\n        application_dict['password_credentials'] = raw_application.get('passwordCredentials')\n        application_dict['pre_authorized_applications'] = raw_application['api'].get('preAuthorizedApplications')\n        application_dict['public_client'] = raw_application.get('publicClient')\n        application_dict['publisher_domain'] = raw_application.get('publisherDomain')\n        # application_dict['reply_urls'] = raw_application.reply_urls\n        application_dict['required_resource_access'] = raw_application.get('requiredResourceAccess')\n        # application_dict['saml_metadata_url'] = raw_application.saml_metadata_url\n        application_dict['sign_in_audience'] = raw_application.get('signInAudience')\n        application_dict['www_homepage'] = raw_application['web'].get('homePageUrl')\n        return application_dict['id'], application_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/aad/base.py",
    "content": "from ScoutSuite.providers.azure.resources.base import AzureCompositeResources\nfrom ScoutSuite.core.console import print_exception\n\nfrom .users import Users\nfrom .groups import Groups\nfrom .serviceprincipals import ServicePrincipals\nfrom .applications import Applications\nfrom .policies import Policies\n\n\nclass AAD(AzureCompositeResources):\n    _children = [\n        (Users, 'users'),\n        (Groups, 'groups'),\n        (ServicePrincipals, 'service_principals'),\n        (Applications, 'applications'),\n        (Policies, 'policies')\n    ]\n\n    async def fetch_all(self):\n        await self._fetch_children(resource_parent=self)\n\n    async def fetch_additional_users(self, user_list):\n        \"\"\"\n        Special method to fetch additional users\n        \"\"\"\n        try:\n            # fetch the users\n            additional_users = Users(self.facade)\n            await additional_users.fetch_additional_users(user_list)\n            # add them to the resource and update count\n            self['users'].update(additional_users)\n            self['users_count'] = len(self['users'].values())\n        except Exception as e:\n            print_exception('Unable to fetch additional users: {}'.format(e))\n        finally:\n            # re-run the finalize method\n            await self.finalize()\n\n    async def finalize(self):\n        self.assign_group_memberships()\n\n    def assign_group_memberships(self):\n        \"\"\"\n        Assigns members to groups\n        \"\"\"\n        try:\n            for group in self['groups']:\n                for user in self['users']:\n                    if group in self['users'][user]['groups']:\n                        self['groups'][group]['users'].append(user)\n        except Exception as e:\n            print_exception('Unable to assign group memberships: {}'.format(e))\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/aad/groups.py",
    "content": "from ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass Groups(AzureResources):\n    async def fetch_all(self):\n        for raw_group in await self.facade.aad.get_groups():\n            id, group = await self._parse_group(raw_group)\n            self[id] = group\n\n    async def _parse_group(self, raw_group):\n\n        group_dict = {}\n\n        group_dict['id'] = raw_group.get('id')\n        group_dict['name'] = raw_group.get('displayName')\n        # group_dict['additional_properties'] = raw_group.additional_properties\n        group_dict['deletion_timestamp'] = raw_group.get('deletedDateTime')\n        group_dict['object_type'] = 'Group'\n        group_dict['mail_enabled'] = raw_group.get('mailEnabled')\n        group_dict['mail_nickname'] = raw_group.get('mailNickname')\n        group_dict['security_enabled'] = raw_group.get('securityEnabled')\n        group_dict['mail'] = raw_group.get('mail')\n        group_dict['users'] = []  # this will be filled in `finalize()`\n        group_dict['roles'] = []  # this will be filled in `finalize()`\n\n        return group_dict['id'], group_dict\n\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/aad/policies.py",
    "content": "from ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass Policies(AzureResources):\n    async def fetch_all(self):\n        raw_policy = await self.facade.aad.get_policies()\n        id, policy = await self._parse_policy(raw_policy)\n        self[id] = policy\n\n    async def _parse_policy(self, raw_policy):\n        policy_dict = {}\n        policy_dict['id'] = raw_policy.get('id')\n        policy_dict['name'] = raw_policy.get('displayName')\n        policy_dict['allow_invites_from'] = raw_policy.get('allowInvitesFrom')\n        policy_dict[\n            'allowed_to_sign_up_email_based_subscription'] = raw_policy.get('allowedToSignUpEmailBasedSubscriptions')\n        policy_dict['allowed_to_use_SSPR'] = raw_policy.get('allowedToUseSSPR')\n        policy_dict['allow_email_verified_users_to_join_organization'\n                    ] = raw_policy.get('allowEmailVerifiedUsersToJoinOrganization')\n        policy_dict['allowed_to_create_apps'] = raw_policy.get('defaultUserRolePermissions', {}).get('allowedToCreateApps')\n        policy_dict['allowed_to_create_security_groups'\n                    ] = raw_policy.get('defaultUserRolePermissions', {}).get('allowedToCreateSecurityGroups')\n        policy_dict[\n            'allowed_to_read_other_users'] = raw_policy.get('defaultUserRolePermissions', {}).get('allowedToReadOtherUsers')\n\n        return policy_dict['id'], policy_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/aad/serviceprincipals.py",
    "content": "from ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass ServicePrincipals(AzureResources):\n    async def fetch_all(self):\n        for raw_service_principal in await self.facade.aad.get_service_principals():\n            id, service_principal = await self._parse_service_principal(raw_service_principal)\n            # exclude built-in service principals\n            if service_principal['publisher_name'] != 'Microsoft Services':\n                self[id] = service_principal\n\n    async def _parse_service_principal(self, raw_service_principal):\n        service_principal_dict = {}\n        service_principal_dict['id'] = raw_service_principal.get('id')\n        service_principal_dict['name'] = raw_service_principal.get('displayName')\n        # service_principal_dict['additional_properties'] = raw_service_principal.additional_properties\n        service_principal_dict['deletion_timestamp'] = raw_service_principal.get('deletedDateTime')\n        service_principal_dict['object_type'] = 'ServicePrincipal'\n        service_principal_dict['account_enabled'] = raw_service_principal.get('accountEnabled')\n        service_principal_dict['alternative_names'] = raw_service_principal.get('alternativeNames')\n        service_principal_dict['app_name'] = raw_service_principal.get('appDisplayName')\n        service_principal_dict['app_id'] = raw_service_principal.get('appId')\n        service_principal_dict['app_owner_tenant_id'] = raw_service_principal.get('appOwnerOrganizationId')\n        service_principal_dict['app_role_assignment_required'] = raw_service_principal.get('appRoleAssignmentRequired')\n        service_principal_dict['app_roles'] = raw_service_principal.get('appRoles')\n        service_principal_dict['error_url'] = raw_service_principal.get('errorUrl')\n        service_principal_dict['homepage'] = raw_service_principal.get('homepage')\n        service_principal_dict['key_credentials'] = raw_service_principal.get('keyCredentials')\n        service_principal_dict['logout_url'] = raw_service_principal.get('logoutUrl')\n        service_principal_dict['oauth2_permissions'] = raw_service_principal.get('oauth2PermissionScopes')\n        service_principal_dict['password_credentials'] = raw_service_principal.get('passwordCredentials')\n        service_principal_dict[\n            'preferred_token_signing_key_thumbprint'] = raw_service_principal.get('preferredTokenSigningKeyThumbprint')\n        service_principal_dict['publisher_name'] = raw_service_principal.get('publisherName')\n        service_principal_dict['reply_urls'] = raw_service_principal.get('replyUrls')\n        service_principal_dict['saml_metadata_url'] = raw_service_principal.get('samlMetadataUrl')\n        service_principal_dict['service_principal_names'] = raw_service_principal.get('servicePrincipalNames')\n        service_principal_dict['service_principal_type'] = raw_service_principal.get('servicePrincipalType')\n        service_principal_dict['tags'] = raw_service_principal.get('tags')\n\n        service_principal_dict['roles'] = []  # this will be filled in `finalize()`\n\n        return service_principal_dict['id'], service_principal_dict\n\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/aad/users.py",
    "content": "from ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass Users(AzureResources):\n    async def fetch_all(self):\n        for raw_user in await self.facade.aad.get_users():\n            id, user = await self._parse_user(raw_user)\n            self[id] = user\n\n    async def fetch_additional_users(self, user_list):\n        \"\"\"\n        Alternative method which only fetches defined users\n        :param user_list: a list of the users to fetch and parse\n        \"\"\"\n        for user in user_list:\n            raw_user = await self.facade.aad.get_user(user)\n            if raw_user:\n                id, user = await self._parse_user(raw_user)\n                self[id] = user\n\n    async def _parse_user(self, raw_user):\n        user_dict = {}\n        user_dict['id'] = raw_user.get('id')\n        # user_dict['additional_properties'] = raw_user.additional_properties\n        user_dict['deletion_timestamp'] = raw_user.get('deletedDateTime')\n        user_dict['object_type'] = 'User'\n        # user_dict['immutable_id'] = raw_user.immutable_id\n        user_dict['usage_location'] = raw_user.get('usageLocation')\n        user_dict['given_name'] = raw_user.get('given_name')\n        user_dict['surname'] = raw_user.get('surname')\n        user_dict['user_type'] = raw_user.get('userType')\n        user_dict['account_enabled'] = raw_user.get('accountEnabled')\n        user_dict['display_name'] = raw_user.get('displayName')\n        user_dict['name'] = raw_user.get('userPrincipalName')\n        user_dict['mail_nickname'] = raw_user.get('mailNickname')\n        user_dict['mail'] = raw_user.get('mail')\n        # user_dict['sign_in_names'] = raw_user.sign_in_names\n        user_dict['groups'] = await self.facade.aad.get_user_groups(user_dict['id'])\n        user_dict['roles'] = []  # this will be filled in `finalize()`\n\n        return user_dict['id'], user_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/appservice/base.py",
    "content": "from ScoutSuite.providers.azure.resources.subscriptions import Subscriptions\n\nfrom .web_apps import WebApplication\n\n\nclass AppServices(Subscriptions):\n    _children = [\n        (WebApplication, 'web_apps')\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/appservice/web_apps.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\nfrom ScoutSuite.providers.azure.utils import get_resource_group_name\n\n\nclass WebApplication(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_web_app in await self.facade.appservice.get_web_apps(self.subscription_id):\n            id, web_app = self._parse_web_app(raw_web_app)\n            self[id] = web_app\n\n    def _parse_web_app(self, raw_web_app):\n\n        web_app_dict = {}\n        web_app_dict['id'] = get_non_provider_id(raw_web_app.id)\n        web_app_dict['name'] = raw_web_app.name\n        web_app_dict['kind'] = raw_web_app.kind\n        web_app_dict['location'] = raw_web_app.location\n        web_app_dict['type'] = raw_web_app.type\n        if raw_web_app.tags is not None:\n            web_app_dict['tags'] = [\"{}:{}\".format(key, value) for key, value in  raw_web_app.tags.items()]\n        else:\n            web_app_dict['tags'] = []\n        web_app_dict['resource_group_name'] = get_resource_group_name(raw_web_app.id)\n        web_app_dict['state'] = raw_web_app.state\n        web_app_dict['host_names'] = raw_web_app.host_names\n        web_app_dict['repository_site_name'] = raw_web_app.repository_site_name\n        web_app_dict['usage_state'] = raw_web_app.usage_state\n        web_app_dict['enabled'] = raw_web_app.enabled\n        web_app_dict['https_only'] = raw_web_app.https_only\n        web_app_dict['enabled_host_names'] = raw_web_app.enabled_host_names\n        web_app_dict['availability_state'] = raw_web_app.availability_state\n        web_app_dict['host_name_ssl_states'] = raw_web_app.host_name_ssl_states\n        web_app_dict['server_farm_id'] = raw_web_app.server_farm_id\n        web_app_dict['reserved'] = raw_web_app.reserved\n        web_app_dict['is_xenon'] = raw_web_app.is_xenon\n        web_app_dict['hyper_v'] = raw_web_app.hyper_v\n        web_app_dict['last_modified_time_utc'] = raw_web_app.last_modified_time_utc\n        web_app_dict['site_config'] = raw_web_app.site_config\n        web_app_dict['traffic_manager_host_names'] = raw_web_app.traffic_manager_host_names\n        web_app_dict['scm_site_also_stopped'] = raw_web_app.scm_site_also_stopped\n        web_app_dict['target_swap_slot'] = raw_web_app.target_swap_slot\n        web_app_dict['hosting_environment_profile'] = raw_web_app.hosting_environment_profile\n        web_app_dict['client_affinity_enabled'] = raw_web_app.client_affinity_enabled\n        web_app_dict['client_cert_enabled'] = raw_web_app.client_cert_enabled\n        web_app_dict['client_cert_exclusion_paths'] = raw_web_app.client_cert_exclusion_paths\n        web_app_dict['host_names_disabled'] = raw_web_app.host_names_disabled\n        web_app_dict['container_size'] = raw_web_app.container_size\n        web_app_dict['daily_memory_time_quota'] = raw_web_app.daily_memory_time_quota\n        web_app_dict['suspended_till'] = raw_web_app.suspended_till\n        web_app_dict['max_number_of_workers'] = raw_web_app.max_number_of_workers\n        web_app_dict['cloning_info'] = raw_web_app.cloning_info\n        web_app_dict['resource_group'] = raw_web_app.resource_group\n        web_app_dict['is_default_container'] = raw_web_app.is_default_container\n        web_app_dict['default_host_name'] = raw_web_app.default_host_name\n        web_app_dict['slot_swap_status'] = raw_web_app.slot_swap_status\n        web_app_dict['redundancy_mode'] = raw_web_app.redundancy_mode\n        web_app_dict['in_progress_operation_id'] = raw_web_app.in_progress_operation_id\n        web_app_dict['identity'] = raw_web_app.identity\n        web_app_dict['additional_properties'] = raw_web_app.additional_properties\n\n        web_app_dict['outbound_ip_addresses'] = raw_web_app.outbound_ip_addresses.split(',')\n        web_app_dict['possible_outbound_ip_addresses'] = raw_web_app.possible_outbound_ip_addresses.split(',')\n\n        if raw_web_app.config is not None:\n            web_app_dict['minimum_tls_version_supported'] = raw_web_app.config.min_tls_version\n            web_app_dict['http_2_enabled'] = raw_web_app.config.http20_enabled\n            web_app_dict['http_logging_enabled'] = raw_web_app.config.http_logging_enabled\n            web_app_dict['ftp_deployment_enabled'] = raw_web_app.config.ftps_state == 'AllAllowed'\n\n            if raw_web_app.config.linux_fx_version:\n                web_app_dict['programming_language'] = raw_web_app.config.linux_fx_version.split('|')[0].lower()\n                web_app_dict['programming_language_version'] = raw_web_app.config.linux_fx_version.split('|')[1]\n            elif raw_web_app.config.windows_fx_version:\n                web_app_dict['programming_language'] = raw_web_app.config.windows_fx_version.split('|')[0].lower()\n                web_app_dict['programming_language_version'] = raw_web_app.config.windows_fx_version.split('|')[1]\n            elif raw_web_app.config.net_framework_version:\n                web_app_dict['programming_language'] = 'dotnet'\n                web_app_dict['programming_language_version'] = raw_web_app.config.net_framework_version\n            elif raw_web_app.config.php_version:\n                web_app_dict['programming_language'] = 'php'\n                web_app_dict['programming_language_version'] = raw_web_app.config.php_version\n            elif raw_web_app.config.python_version:\n                web_app_dict['programming_language'] = 'python'\n                web_app_dict['programming_language_version'] = raw_web_app.config.python_version\n            elif raw_web_app.config.node_version:\n                web_app_dict['programming_language'] = 'node'\n                web_app_dict['programming_language_version'] = raw_web_app.config.node_version\n            elif raw_web_app.config.java_version:\n                web_app_dict['programming_language'] = 'java'\n                web_app_dict['programming_language_version'] = raw_web_app.config.java_version\n            else:\n                web_app_dict['programming_language'] = None\n                web_app_dict['programming_language_version'] = None\n\n        else:\n            web_app_dict['minimum_tls_version_supported'] = None\n            web_app_dict['http_2_enabled'] = None\n            web_app_dict['http_logging_enabled'] = False\n\n            web_app_dict['programming_language'] = None\n            web_app_dict['programming_language_version'] = None\n\n        if raw_web_app.auth_settings is not None:\n            web_app_dict['authentication_enabled'] = raw_web_app.auth_settings.enabled\n        else:\n            web_app_dict['authentication_enabled'] = None\n\n        return web_app_dict['id'], web_app_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/base.py",
    "content": "\"\"\"This module provides implementations for Resources and CompositeResources for Azure.\"\"\"\n\nimport abc\n\nfrom ScoutSuite.providers.base.resources.base import Resources, CompositeResources\n\n\nclass AzureResources(Resources, metaclass=abc.ABCMeta):\n    \"\"\"This is the base class for Azure resources.\"\"\"\n\n    pass\n\n\nclass AzureCompositeResources(AzureResources, CompositeResources, metaclass=abc.ABCMeta):\n    \"\"\"This class represents a collection of composite Resources (resources that include nested resources referred as\n    their children). Classes extending AzureCompositeResources have to define a '_children' attribute which consists of\n    a list of tuples describing the children. The tuples are expected to respect the following format:\n    (<child_class>, <child_name>). 'child_name' is used to indicate the name under which the child resources will be\n    stored in the parent object.\n    \"\"\"\n\n    pass\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/keyvault/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/azure/resources/keyvault/base.py",
    "content": "from ScoutSuite.providers.azure.resources.subscriptions import Subscriptions\n\nfrom .vaults import Vaults\n\n\nclass KeyVaults(Subscriptions):\n    _children = [\n        (Vaults, 'vaults')\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/keyvault/vaults.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\nfrom ScoutSuite.providers.azure.utils import get_resource_group_name\n\n\nclass Vaults(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_vault in await self.facade.keyvault.get_key_vaults(self.subscription_id):\n            id, vault = self._parse_key_vault(raw_vault)\n            self[id] = vault\n\n    def _parse_key_vault(self, raw_vault):\n        vault = {}\n        vault['id'] = get_non_provider_id(raw_vault.id)\n        vault['name'] = raw_vault.name\n        vault['type'] = raw_vault.type\n        vault['location'] = raw_vault.location\n\n        vault['additional_properties'] = raw_vault.additional_properties\n        if raw_vault.tags is not None:\n            vault['tags'] = [\"{}:{}\".format(key, value) for key, value in raw_vault.tags.items()]\n        else:\n            vault['tags'] = []\n        vault['resource_group_name'] = get_resource_group_name(raw_vault.id)\n        vault['properties'] = raw_vault.properties\n        vault[\n            'recovery_protection_enabled'] = bool(raw_vault.properties.enable_soft_delete) and \\\n                                             bool(raw_vault.properties.enable_purge_protection)\n        vault['public_access_allowed'] = self._is_public_access_allowed(raw_vault)\n        vault['rbac_authorization_enabled'] = bool(raw_vault.properties.enable_rbac_authorization)\n        return vault['id'], vault\n\n    def _is_public_access_allowed(self, raw_vault):\n        return raw_vault.properties.network_acls is None or raw_vault.properties.network_acls.default_action == 'Allow'\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/loggingmonitoring/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/azure/resources/loggingmonitoring/activity_log_alerts.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass ActivityLogAlerts(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        log_alerts = await self.facade.loggingmonitoring.get_activity_log_alerts(self.subscription_id)\n        self[self.subscription_id] = self._parse_log_alerts(log_alerts)\n\n    def _parse_log_alerts(self, log_alerts):\n        log_alerts_dict = {}\n        log_alerts_dict['create_policy_assignment_exist'] = self.ensure_alert_exist(log_alerts,\n                                                                                    'Microsoft.Authorization'\n                                                                                    '/policyAssignments/write')\n        log_alerts_dict['create_update_NSG_exist'] = self.ensure_alert_exist(log_alerts,\n                                                                             'Microsoft.Network/networkSecurityGroups'\n                                                                             '/write')\n        log_alerts_dict['delete_NSG_exist'] = self.ensure_alert_exist(log_alerts,\n                                                                      'Microsoft.Network/networkSecurityGroups/delete')\n        log_alerts_dict['create_update_NSG_rule_exist'] = self.ensure_alert_exist(log_alerts,\n                                                                                  'Microsoft.Network'\n                                                                                  '/networkSecurityGroups'\n                                                                                  '/securityRules/write')\n        log_alerts_dict['delete_NSG_rule_exist'] = self.ensure_alert_exist(log_alerts,\n                                                                           'Microsoft.Network/networkSecurityGroups'\n                                                                           '/securityRules/delete')\n        log_alerts_dict['create_update_security_solution_exist'] = self.ensure_alert_exist(log_alerts,\n                                                                                           'Microsoft.Security'\n                                                                                           '/securitySolutions/write')\n        log_alerts_dict['delete_security_solution_exist'] = self.ensure_alert_exist(log_alerts,\n                                                                                    'Microsoft.Security'\n                                                                                    '/securitySolutions/delete')\n        log_alerts_dict['create_delete_firewall_rule_exist'] = self.ensure_alert_exist(log_alerts,\n                                                                                       'Microsoft.Sql/servers'\n                                                                                       '/firewallRules/write')\n\n        return log_alerts_dict\n\n    def ensure_alert_exist(self, log_alerts, equals_value: str):\n        for log_alert in log_alerts:\n            if log_alert.location == 'Global' and log_alert.enabled:\n                if '/subscriptions/' + self.subscription_id in log_alert.scopes:\n                    for condition in log_alert.condition.all_of:\n                        if condition.field == 'operationName' and condition.equals == equals_value:\n                            return True\n        return False\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/loggingmonitoring/base.py",
    "content": "from ScoutSuite.providers.azure.resources.subscriptions import Subscriptions\n\nfrom .log_profiles import LogProfiles\nfrom .diagnostic_settings import DiagnosticSettings\nfrom .activity_log_alerts import ActivityLogAlerts\nfrom.resources import Resources\n\n\nclass LoggingMonitoring(Subscriptions):\n    _children = [\n        (LogProfiles, 'log_profiles'),\n        (DiagnosticSettings, 'diagnostic_settings'),\n        (ActivityLogAlerts, 'log_alerts'),\n        (Resources, 'resources_logging')\n    ]\n\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/loggingmonitoring/diagnostic_resource_key_vault.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass DiagnosticResourceKeyVault(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_id: str, subscription_id: str):\n        super().__init__(facade)\n        self.resource_id = resource_id\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        diagnostic_settings = await self.facade.loggingmonitoring.get_diagnostic_settings(self.subscription_id,\n                                                                                          self.resource_id)\n        self._parse_diagnostic_settings(diagnostic_settings)\n\n    def _parse_diagnostic_settings(self, diagnostic_settings):\n        self.update({\n            'audit_event_enabled': self.ensure_audit_event_enabled(diagnostic_settings)\n        })\n\n    def ensure_audit_event_enabled(self, diagnostic_settings):\n        for diagnostic_setting in diagnostic_settings:\n            for log in diagnostic_setting.logs:\n                if log.category == 'AuditEvent' and log.enabled and log.retention_policy.days > 0:\n                    return True\n        return False\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/loggingmonitoring/diagnostic_settings.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass DiagnosticSettings(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        diagnostic_dict = {}\n        diagnostic_dict['diagnostic_exist'] = await self.facade.loggingmonitoring.get_subscription_diagnostic_settings(\n            self.subscription_id) != []\n        self[self.subscription_id] = diagnostic_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/loggingmonitoring/log_profiles.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass LogProfiles(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for log_profile in await self.facade.loggingmonitoring.get_log_profiles(self.subscription_id):\n            id, log_profiles = self._parse_log_profile(log_profile)\n            self[id] = log_profiles\n\n    def _parse_log_profile(self, log_profile):\n        log_profile_dict = {}\n\n        log_profile_dict['id'] = get_non_provider_id(log_profile.id.lower())\n        log_profile_dict['name'] = log_profile.name\n        log_profile_dict['storage_account_id'] = log_profile.storage_account_id\n        log_profile_dict['service_bus_rule_id'] = log_profile.service_bus_rule_id\n        log_profile_dict['retention_policy_enabled'] = log_profile.retention_policy.enabled\n        log_profile_dict['retention_policy_days'] = log_profile.retention_policy.days\n        log_profile_dict['captures_all_activities'] = self.profile_captures_all_activities(log_profile)\n\n        return log_profile_dict['id'], log_profile_dict\n\n    def profile_captures_all_activities(self, log_profile):\n        categories = log_profile.categories\n        if 'Delete' in categories and 'Write' in categories and 'Action' in categories:\n            return True\n        return False\n\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/loggingmonitoring/resources.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureCompositeResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\nfrom .diagnostic_resource_key_vault import DiagnosticResourceKeyVault\n\n\nclass Resources(AzureCompositeResources):\n    \"\"\"\n    TODO this is commented out since DiagnositcResourceKeyVault.get_diagnostic_settings needs to be fixed\n    _children = [\n        (DiagnosticResourceKeyVault, 'diagnostic_key_vault'),\n    ]\"\"\"\n    \n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n    async def fetch_all(self):\n        for raw_resource in await self.facade.resourcemanagement.get_specific_type_resources_with_filter(\n                self.subscription_id, 'Microsoft.KeyVault/vaults'):\n            id, resource = self._parse_resource(raw_resource)\n            self[id] = resource\n         \n        \"\"\"\n        TODO this is commented out since DiagnositcResourceKeyVault.get_diagnostic_settings needs to be fixed\n        await self._fetch_children_of_all_resources(\n            resources=self,\n            scopes={resource_id: {'resource_id': resource['id'],\n                                  'subscription_id': self.subscription_id}\n                    for (resource_id, resource) in self.items()}\n        )\n        \"\"\"\n\n    def _parse_resource(self, raw_resource):\n        resource = {}\n        resource['id'] = get_non_provider_id(raw_resource.id.lower())\n        resource['name'] = raw_resource.name\n        if raw_resource.tags is not None:\n            resource['tags'] = [\"{}:{}\".format(key, value) for key, value in raw_resource.tags.items()]\n        else:\n            resource['tags'] = []\n        return resource['id'], resource\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/mysqldatabase/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/azure/resources/mysqldatabase/base.py",
    "content": "from ScoutSuite.providers.azure.resources.subscriptions import Subscriptions\n\nfrom .mysql_servers import MySQLServers\n\n\nclass MySQLServers(Subscriptions):\n    _children = [\n        (MySQLServers, 'servers')\n    ]"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/mysqldatabase/mysql_servers.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureCompositeResources\nfrom ScoutSuite.providers.azure.utils import get_resource_group_name\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass MySQLServers(AzureCompositeResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_server in await self.facade.mysqldatabase.get_servers(self.subscription_id):\n            id, server = self._parse_server(raw_server)\n            self[id] = server\n\n    def _parse_server(self, raw_server):\n        server = {}\n        server['id'] = get_non_provider_id(raw_server.id)\n        server['name'] = raw_server.name\n        server['resource_group_name'] = get_resource_group_name(raw_server.id)\n        server['ssl_enforcement'] = raw_server.ssl_enforcement\n        if raw_server.tags is not None:\n            server['tags'] = [\"{}:{}\".format(key, value) for key, value in raw_server.tags.items()]\n        else:\n            server['tags'] = []\n        return server['id'], server"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/network/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/azure/resources/network/application_security_groups.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\nfrom ScoutSuite.providers.azure.utils import get_resource_group_name\n\n\nclass ApplicationSecurityGroups(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_group in await self.facade.network.get_application_security_groups(self.subscription_id):\n            id, application_security_group = self._parse_application_security_group(raw_group)\n            self[id] = application_security_group\n\n    def _parse_application_security_group(self, raw_application_security_group):\n        application_security_group_dict = {}\n        application_security_group_dict['id'] = get_non_provider_id(raw_application_security_group.id)\n        application_security_group_dict['name'] = raw_application_security_group.name\n        application_security_group_dict['type'] = raw_application_security_group.type\n        application_security_group_dict['location'] = raw_application_security_group.location\n        if raw_application_security_group.tags is not None:\n            application_security_group_dict['tags'] = [\"{}:{}\".format(key, value) for key, value in  raw_application_security_group.tags.items()]\n        else:\n            application_security_group_dict['tags'] = []\n        application_security_group_dict['resource_group_name'] = get_resource_group_name(raw_application_security_group.id)\n        application_security_group_dict['resource_guid'] = raw_application_security_group.resource_guid\n        application_security_group_dict['provisioning_state'] = raw_application_security_group.provisioning_state\n        application_security_group_dict['etag'] = raw_application_security_group.etag\n        application_security_group_dict['network_interfaces'] = []  # this is filled in the base class\n        return application_security_group_dict['id'], application_security_group_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/network/base.py",
    "content": "from ScoutSuite.providers.azure.resources.subscriptions import Subscriptions\nfrom .application_security_groups import ApplicationSecurityGroups\nfrom .network_interfaces import NetworkInterfaces\nfrom .security_groups import SecurityGroups\nfrom .virtual_networks import VirtualNetworks\nfrom .watchers import Watchers\n\n\nclass Networks(Subscriptions):\n    _children = [\n        (VirtualNetworks, 'virtual_networks'),\n        (SecurityGroups, 'security_groups'),\n        (ApplicationSecurityGroups, 'application_security_groups'),\n        (NetworkInterfaces, 'network_interfaces'),\n        (Watchers, 'watchers')\n    ]\n\n    async def finalize(self):\n        await self._match_subnets_and_security_groups()\n        await self._match_subnets_and_network_interfaces()\n        await self._match_asgs_and_network_interfaces()\n\n    async def _match_subnets_and_security_groups(self):\n        \"\"\"\n        Goes through each security groups' subnets and adds the ID of the subnet's virtual network.\n        This is useful in the partials as both the subnet and its network's IDs are needed to build the path.\n        \"\"\"\n        for subscription in self['subscriptions']:\n            for sg in self['subscriptions'][subscription]['security_groups']:\n                for subnet in self['subscriptions'][subscription]['security_groups'][sg]['subnets']:\n                    for network in self['subscriptions'][subscription]['virtual_networks']:\n                        for network_subnet in self['subscriptions'][subscription]['virtual_networks'][network].get('subnets', []):\n                            if subnet == network_subnet:\n                                self['subscriptions'][subscription]['security_groups'][sg]['subnets'][subnet]['virtual_network_id'] = network\n\n    async def _match_subnets_and_network_interfaces(self):\n        \"\"\"\n        Goes through each security groups' subnets and adds the network interfaces and instances that are placed in it.\n        \"\"\"\n        for subscription in self['subscriptions']:\n            for interface in self['subscriptions'][subscription]['network_interfaces']:\n                subnet_id = self['subscriptions'][subscription]['network_interfaces'][interface]['ip_configuration']['subnet']['id']\n                for network in self['subscriptions'][subscription]['virtual_networks']:\n                    for network_subnet in self['subscriptions'][subscription]['virtual_networks'][network].get('subnets', []):\n                        if not 'instances' in self['subscriptions'][subscription]['virtual_networks'][network]['subnets'][network_subnet]:\n                            self['subscriptions'][subscription]['virtual_networks'][network]['subnets'][network_subnet]['instances'] = []\n                        if subnet_id == network_subnet:\n                            self['subscriptions'][subscription]['network_interfaces'][interface]['ip_configuration']['subnet'][\n                                'virtual_network_id'] = network\n                            self['subscriptions'][subscription]['virtual_networks'][network]['subnets'][network_subnet]['instances'].append(\n                                self['subscriptions'][subscription]['network_interfaces'][interface]['virtual_machine'])\n\n    async def _match_asgs_and_network_interfaces(self):\n        \"\"\"\n        Goes through each application security group and add the network interfaces and instances that are placed in it.\n        \"\"\"\n        for subscription in self['subscriptions']:\n            for interface in self['subscriptions'][subscription]['network_interfaces']:\n                for asg in self['subscriptions'][subscription]['network_interfaces'][interface]['ip_configuration']['application_security_groups']:\n                    self['subscriptions'][subscription]['application_security_groups'][asg]['network_interfaces'].append(interface)\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/network/network_interfaces.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\nfrom ScoutSuite.providers.azure.utils import get_resource_group_name\n\n\nclass NetworkInterfaces(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_network_interface in await self.facade.network.get_network_interfaces(self.subscription_id):\n            id, network_interface = self._parse_network_interface(raw_network_interface)\n            self[id] = network_interface\n\n    def _parse_network_interface(self, raw_network_interface):\n        network_interface_dict = {}\n        network_interface_dict['id'] = get_non_provider_id(raw_network_interface.id)\n        network_interface_dict['enable_accelerated_networking'] = raw_network_interface.enable_accelerated_networking\n        network_interface_dict['virtual_machine'] = \\\n            get_non_provider_id(raw_network_interface.virtual_machine.id.lower()) if \\\n                raw_network_interface.virtual_machine else None\n        network_interface_dict['name'] = raw_network_interface.name\n        if raw_network_interface.tags is not None:\n            network_interface_dict['tags'] = [\"{}:{}\".format(key, value) for key, value in  raw_network_interface.tags.items()]\n        else:\n            network_interface_dict['tags'] = []\n        network_interface_dict['resource_group_name'] = get_resource_group_name(raw_network_interface.id)\n        network_interface_dict['interface_endpoint'] = raw_network_interface.interface_endpoint if \\\n            hasattr(raw_network_interface, 'interface_endpoint') else None\n        network_interface_dict['primary'] = raw_network_interface.primary\n        network_interface_dict['etag'] = raw_network_interface.etag\n        network_interface_dict['additional_properties'] = raw_network_interface.additional_properties\n        network_interface_dict['location'] = raw_network_interface.location\n        network_interface_dict['mac_address'] = raw_network_interface.mac_address\n        network_interface_dict['provisioning_state'] = raw_network_interface.provisioning_state\n        network_interface_dict['resource_guid'] = raw_network_interface.resource_guid\n        network_interface_dict['enable_ip_forwarding'] = raw_network_interface.enable_ip_forwarding\n        network_interface_dict['type'] = raw_network_interface.type\n        network_interface_dict['network_security_group'] = \\\n            get_non_provider_id(raw_network_interface.network_security_group.id) if \\\n                raw_network_interface.network_security_group else None\n\n        # TODO process and display the below\n        network_interface_dict['hosted_workloads'] = raw_network_interface.hosted_workloads\n        network_interface_dict['tap_configurations'] = raw_network_interface.tap_configurations\n        network_interface_dict['dns_settings'] = raw_network_interface.dns_settings\n\n        ip_configuration = raw_network_interface.ip_configurations[0]  # TODO is this always an array of 1?\n        network_interface_dict['ip_configuration'] = {}\n        network_interface_dict['ip_configuration']['id'] = ip_configuration.id\n        network_interface_dict['ip_configuration']['additional_properties'] = ip_configuration.additional_properties\n        network_interface_dict['ip_configuration']['virtual_network_taps'] = ip_configuration.virtual_network_taps\n        network_interface_dict['ip_configuration'][\n            'application_gateway_backend_address_pools'] = ip_configuration.application_gateway_backend_address_pools\n        network_interface_dict['ip_configuration'][\n            'load_balancer_backend_address_pools'] = ip_configuration.load_balancer_backend_address_pools\n        network_interface_dict['ip_configuration'][\n            'load_balancer_inbound_nat_rules'] = ip_configuration.load_balancer_inbound_nat_rules\n        network_interface_dict['ip_configuration']['private_ip_address'] = ip_configuration.private_ip_address\n        network_interface_dict['ip_configuration'][\n            'private_ip_allocation_method'] = ip_configuration.private_ip_allocation_method\n        network_interface_dict['ip_configuration'][\n            'private_ip_address_version'] = ip_configuration.private_ip_address_version\n        network_interface_dict['ip_configuration']['subnet'] = {'id': get_non_provider_id(ip_configuration.subnet.id)}\n        network_interface_dict['ip_configuration']['primary'] = ip_configuration.primary\n        network_interface_dict['ip_configuration']['public_ip_address'] = ip_configuration.public_ip_address\n        network_interface_dict['ip_configuration']['provisioning_state'] = ip_configuration.provisioning_state\n        network_interface_dict['ip_configuration']['name'] = ip_configuration.name\n        network_interface_dict['ip_configuration']['etag'] = ip_configuration.etag\n\n        network_interface_dict['ip_configuration']['application_security_groups'] = []\n        if ip_configuration.application_security_groups:\n            for asg in ip_configuration.application_security_groups:\n                network_interface_dict['ip_configuration']['application_security_groups'].append(\n                    get_non_provider_id(asg.id))\n\n        # FIXME this is currently always None, might change in the future?\n        # network_interface_dict['ip_configuration']['subnet_security_group'] = ip_configuration.subnet.network_security_group\n\n        return network_interface_dict['id'], network_interface_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/network/security_groups.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\nfrom ScoutSuite.providers.azure.utils import get_resource_group_name\n\n\nclass SecurityGroups(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_group in await self.facade.network.get_network_security_groups(self.subscription_id):\n            id, network_security_group = self._parse_network_security_group(raw_group)\n            self[id] = network_security_group\n\n    def _parse_network_security_group(self, network_security_group):\n        network_security_group_dict = {}\n        network_security_group_dict['id'] = get_non_provider_id(network_security_group.id)\n        network_security_group_dict['name'] = network_security_group.name\n        network_security_group_dict['location'] = network_security_group.location\n        network_security_group_dict['provisioning_state'] = network_security_group.provisioning_state\n        network_security_group_dict['resource_guid'] = network_security_group.resource_guid\n        network_security_group_dict['type'] = network_security_group.type\n        network_security_group_dict['etag'] = network_security_group.etag\n        if network_security_group.tags is not None:\n            network_security_group_dict['tags'] = [\"{}:{}\".format(key, value) for key, value in  network_security_group.tags.items()]\n        else:\n            network_security_group_dict['tags'] = []\n        network_security_group_dict['resource_group_name'] = get_resource_group_name(network_security_group.id)\n        network_security_group_dict['additional_properties'] = network_security_group.additional_properties\n\n        network_security_group_dict['security_rules'] = self._parse_security_rules(network_security_group)\n\n        network_security_group_dict['subnets'] = {}\n        if network_security_group.subnets:\n            for subnet in network_security_group.subnets:\n                identifier = get_non_provider_id(subnet.id)\n                network_security_group_dict['subnets'][identifier] = {'id': identifier}\n\n        network_security_group_dict['network_interfaces'] = {}\n        if network_security_group.network_interfaces:\n            for network_interface in network_security_group.network_interfaces:\n                identifier = get_non_provider_id(network_interface.id)\n                network_security_group_dict['network_interfaces'][identifier] = {'id': identifier}\n\n        return network_security_group_dict['id'], network_security_group_dict\n\n    def _parse_security_rules(self, network_security_group):\n        security_rules = {}\n        # custom rules\n        for sr in network_security_group.security_rules:\n            security_rule_id, security_rule_dict = self._parse_security_rule(sr)\n            security_rules[security_rule_id] = security_rule_dict\n        # default rules\n        for sr in network_security_group.default_security_rules:\n            security_rule_id, security_rule_dict = self._parse_security_rule(sr, default=True)\n            security_rules[security_rule_id] = security_rule_dict\n        return security_rules\n\n    def _parse_security_rule(self, rule, default=False):\n        security_rule_dict = {}\n        security_rule_dict['id'] = rule.id\n        security_rule_dict['name'] = rule.name\n        security_rule_dict['allow'] = rule.access == \"Allow\"\n        security_rule_dict['priority'] = rule.priority\n        security_rule_dict['description'] = rule.description\n        security_rule_dict['provisioning_state'] = rule.provisioning_state\n\n        security_rule_dict['protocol'] = rule.protocol\n        security_rule_dict['direction'] = rule.direction\n\n        source_address_prefixes = \\\n            self._merge_prefixes_or_ports(rule.source_address_prefix,\n                                          rule.source_address_prefixes if rule.source_address_prefixes else\n                                          (get_non_provider_id(rule.source_application_security_groups[0].id) if\n                                           rule.source_application_security_groups else None))\n        security_rule_dict['source_address_prefixes'] = source_address_prefixes\n        # this is required for the HTML partial to interpret the source as an ASG\n        if rule.source_application_security_groups:\n            security_rule_dict['source_address_prefixes_is_asg'] = True\n        else:\n            security_rule_dict['source_address_prefixes_is_asg'] = False\n\n        security_rule_dict['source_port_ranges'] = self._merge_prefixes_or_ports(rule.source_port_range, rule.source_port_ranges)\n        security_rule_dict['source_ports'] = ['0-65535'] if '*' in security_rule_dict['source_port_ranges'] else security_rule_dict['source_port_ranges']\n\n        security_rule_dict['destination_address_prefixes'] = self._merge_prefixes_or_ports(rule.destination_address_prefix, rule.destination_address_prefixes)\n\n        security_rule_dict['destination_port_ranges'] = self._merge_prefixes_or_ports(rule.destination_port_range, rule.destination_port_ranges)\n        security_rule_dict['destination_ports'] = ['0-65535'] if '*' in security_rule_dict['destination_port_ranges'] else security_rule_dict['destination_port_ranges']\n\n        security_rule_dict['etag'] = rule.etag\n\n        security_rule_dict['default'] = default\n\n        return security_rule_dict['id'], security_rule_dict\n\n    def _merge_prefixes_or_ports(self, port_range, port_ranges):\n        port_ranges = port_ranges if port_ranges else []\n        if port_range:\n            port_ranges.append(port_range)\n        return port_ranges\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/network/virtual_networks.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\nfrom ScoutSuite.providers.azure.utils import get_resource_group_name\n\n\nclass VirtualNetworks(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_virtual_network in await self.facade.network.get_virtual_networks(self.subscription_id):\n            id, virtual_network = self._parse_virtual_network(raw_virtual_network)\n            self[id] = virtual_network\n\n    def _parse_virtual_network(self, raw_virtual_network):\n        virtual_network_dict = {}\n        virtual_network_dict['id'] = get_non_provider_id(raw_virtual_network.id)\n        virtual_network_dict['name'] = raw_virtual_network.name\n\n        virtual_network_dict['enable_vm_protection'] = raw_virtual_network.enable_vm_protection\n        virtual_network_dict['etag'] = str(raw_virtual_network.etag)\n        if raw_virtual_network.tags is not None:\n            virtual_network_dict['tags'] = [\"{}:{}\".format(key, value) for key, value in  raw_virtual_network.tags.items()]\n        else:\n            virtual_network_dict['tags'] = []\n        virtual_network_dict['resource_group_name'] = get_resource_group_name(raw_virtual_network.id)\n        virtual_network_dict['virtual_network_peerings'] = raw_virtual_network.virtual_network_peerings\n        virtual_network_dict['enable_ddos_protection'] = raw_virtual_network.enable_ddos_protection\n        virtual_network_dict['resource_guid'] = raw_virtual_network.resource_guid\n        virtual_network_dict['provisioning_state'] = raw_virtual_network.provisioning_state\n        virtual_network_dict['address_space'] = raw_virtual_network.address_space\n        virtual_network_dict['ddos_protection_plan'] = raw_virtual_network.ddos_protection_plan\n        virtual_network_dict['additional_properties'] = list(raw_virtual_network.additional_properties)\n        virtual_network_dict['location'] = raw_virtual_network.location\n        virtual_network_dict['type'] = raw_virtual_network.type\n        virtual_network_dict['dhcp_options'] = raw_virtual_network.dhcp_options\n\n        virtual_network_dict['subnets'] = {}\n        virtual_network_dict['subnets_count'] = 0\n        for raw_subnet in raw_virtual_network.subnets:\n            subnet_dict = {}\n            subnet_dict['id'] = get_non_provider_id(raw_subnet.id)\n            subnet_dict['name'] = raw_subnet.name\n            subnet_dict['service_association_links'] = raw_subnet.service_association_links\n            subnet_dict['resource_navigation_links'] = raw_subnet.resource_navigation_links\n            subnet_dict['service_endpoint_policies'] = raw_subnet.service_endpoint_policies\n            subnet_dict['interface_endpoints'] = raw_subnet.interface_endpoints if \\\n                hasattr(raw_subnet, 'interface_endpoints') else None\n            subnet_dict['purpose'] = raw_subnet.purpose\n            subnet_dict['address_prefix'] = raw_subnet.address_prefix\n            subnet_dict['provisioning_state'] = raw_subnet.provisioning_state\n            subnet_dict['etag'] = str(raw_subnet.etag)\n            subnet_dict['additional_properties'] = raw_subnet.additional_properties\n            subnet_dict['route_table'] = raw_subnet.route_table\n            subnet_dict['delegations'] = raw_subnet.delegations\n            subnet_dict['service_endpoints'] = raw_subnet.service_endpoints\n            subnet_dict['ip_configuration_profiles'] = raw_subnet.ip_configuration_profiles\n            subnet_dict['ip_configurations'] = raw_subnet.ip_configurations\n            subnet_dict['address_prefixes'] = raw_subnet.address_prefixes\n            if raw_subnet.network_security_group:\n                subnet_dict['network_security_group'] = get_non_provider_id(raw_subnet.network_security_group.id)\n            else:\n                subnet_dict['network_security_group'] = None\n            virtual_network_dict['subnets_count'] += 1\n            virtual_network_dict['subnets'][subnet_dict['id']] = subnet_dict\n\n        return virtual_network_dict['id'], virtual_network_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/network/watchers.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\nfrom ScoutSuite.providers.azure.utils import get_resource_group_name\n\n\nclass Watchers(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_watcher in await self.facade.network.get_network_watchers(self.subscription_id):\n            id, network_watcher = self._parse_network_watcher(raw_watcher)\n            self[id] = network_watcher\n\n    def _parse_network_watcher(self, raw_watcher):\n        watcher_dict = {}\n        watcher_dict['id'] = get_non_provider_id(raw_watcher.id)\n        watcher_dict['name'] = raw_watcher.name\n        watcher_dict['type'] = raw_watcher.type\n        watcher_dict['location'] = raw_watcher.location\n        if raw_watcher.tags is not None:\n            watcher_dict['tags'] = [\"{}:{}\".format(key, value) for key, value in raw_watcher.tags.items()]\n        else:\n            watcher_dict['tags'] = []\n        watcher_dict['resource_group_name'] = get_resource_group_name(raw_watcher.id)\n        watcher_dict['etag'] = raw_watcher.etag\n        watcher_dict['additional_properties'] = raw_watcher.additional_properties\n        watcher_dict['provisioning_state'] = raw_watcher.provisioning_state\n        return watcher_dict['id'], watcher_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/postgresqldatabase/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/azure/resources/postgresqldatabase/base.py",
    "content": "from ScoutSuite.providers.azure.resources.subscriptions import Subscriptions\n\nfrom .postgresql_servers import PostgreSQLServers\n\n\nclass PostgreSQLServers(Subscriptions):\n    _children = [\n        (PostgreSQLServers, 'servers')\n    ]"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_connection_throttling.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass ConfigurationConnectionThrottling(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.server_name = server_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        configuration = await self.facade.postgresqldatabase.get_config(self.resource_group_name, self.server_name,\n                                                                        self.subscription_id, 'connection_throttling')\n        self._parse_configuration(configuration)\n\n    def _parse_configuration(self, configuration):\n        self.update({\n            'value': configuration.value\n        })\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_checkpoints.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass ConfigurationLogCheckpoints(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.server_name = server_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        configuration = await self.facade.postgresqldatabase.get_config(self.resource_group_name, self.server_name,\n                                                                        self.subscription_id, 'log_checkpoints')\n        self._parse_configuration(configuration)\n\n    def _parse_configuration(self, configuration):\n        self.update({\n            'value': configuration.value\n        })\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_connections.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass ConfigurationLogConnections(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.server_name = server_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        configuration = await self.facade.postgresqldatabase.get_config(self.resource_group_name, self.server_name,\n                                                                        self.subscription_id, 'log_connections')\n        self._parse_configuration(configuration)\n\n    def _parse_configuration(self, configuration):\n        self.update({\n            'value': configuration.value\n        })\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_disconnections.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass ConfigurationLogDisconnections(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.server_name = server_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        configuration = await self.facade.postgresqldatabase.get_config(self.resource_group_name, self.server_name,\n                                                                        self.subscription_id, 'log_disconnections')\n        self._parse_configuration(configuration)\n\n    def _parse_configuration(self, configuration):\n        self.update({\n            'value': configuration.value\n        })\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_duration.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass ConfigurationLogDuration(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.server_name = server_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        configuration = await self.facade.postgresqldatabase.get_config(self.resource_group_name, self.server_name,\n                                                                        self.subscription_id, 'log_duration')\n        self._parse_configuration(configuration)\n\n    def _parse_configuration(self, configuration):\n        self.update({\n            'value': configuration.value\n        })\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_retention_days.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass ConfigurationLogRetentionDays(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.server_name = server_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        configuration = await self.facade.postgresqldatabase.get_config(self.resource_group_name, self.server_name,\n                                                                        self.subscription_id, 'log_retention_days')\n        self._parse_configuration(configuration)\n\n    def _parse_configuration(self, configuration):\n        self.update({\n            'value': configuration.value\n        })\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/postgresqldatabase/posgresql_firewall_rules.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass PostgreSQLFirewallRules(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.server_name = server_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for firewall_rule in await self.facade.postgresqldatabase.get_firewall_rules(self.resource_group_name,\n                                                                                     self.server_name,\n                                                                                     self.subscription_id):\n            id, firewall_rules = self._parse_firewall_rules(firewall_rule)\n            self[id] = firewall_rules\n\n    def _parse_firewall_rules(self, firewall_rule):\n        firewall_rules_dict = {}\n        firewall_rules_dict['id'] = get_non_provider_id(firewall_rule.id.lower())\n        firewall_rules_dict['name'] = firewall_rule.name\n        firewall_rules_dict['start_ip'] = firewall_rule.start_ip_address\n        firewall_rules_dict['end_ip'] = firewall_rule.end_ip_address\n\n        return firewall_rules_dict['id'], firewall_rules_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/postgresqldatabase/postgresql_servers.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureCompositeResources\nfrom ScoutSuite.providers.azure.utils import get_resource_group_name\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\nfrom .configuration_connection_throttling import ConfigurationConnectionThrottling\n\nfrom .configuration_log_checkpoints import ConfigurationLogCheckpoints\nfrom .configuration_log_connections import ConfigurationLogConnections\nfrom .configuration_log_disconnections import ConfigurationLogDisconnections\nfrom .configuration_log_duration import ConfigurationLogDuration\nfrom .configuration_log_retention_days import ConfigurationLogRetentionDays\nfrom .posgresql_firewall_rules import PostgreSQLFirewallRules\n\n\n\n\nclass PostgreSQLServers(AzureCompositeResources):\n    _children = [\n        (ConfigurationLogCheckpoints, 'log_checkpoints'),\n        (ConfigurationLogConnections, 'log_connections'),\n        (ConfigurationLogDisconnections, 'log_disconnections'),\n        (ConfigurationLogDuration, 'log_duration'),\n        (ConfigurationConnectionThrottling, 'connection_throttling'),\n        (ConfigurationLogRetentionDays, 'log_retention_days'),\n        (PostgreSQLFirewallRules, 'postgresql_firewall_rules'),\n        (ConfigurationLogRetentionDays, 'log_retention_days')\n    ]\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_server in await self.facade.postgresqldatabase.get_servers(self.subscription_id):\n            id, server = self._parse_server(raw_server)\n            self[id] = server\n\n        await self._fetch_children_of_all_resources(\n            resources=self,\n            scopes={server_id: {'resource_group_name': server['resource_group_name'],\n                                'server_name': server['name'],\n                                'subscription_id': self.subscription_id}\n                    for (server_id, server) in self.items()}\n        )\n\n    def _parse_server(self, raw_server):\n        server = {}\n        server['id'] = get_non_provider_id(raw_server.id)\n        server['name'] = raw_server.name\n        server['resource_group_name'] = get_resource_group_name(raw_server.id)\n        server['ssl_enforcement'] = raw_server.ssl_enforcement\n\n        if raw_server.tags is not None:\n            server['tags'] = [\"{}:{}\".format(key, value) for key, value in raw_server.tags.items()]\n        else:\n            server['tags'] = []\n        return server['id'], server\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/rbac/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/azure/resources/rbac/base.py",
    "content": "from ScoutSuite.providers.azure.resources.subscriptions import Subscriptions\n\nfrom .role_assignments import RoleAssignments\nfrom .roles import Roles\nfrom .custom_roles_report import  CustomRolesReport\n\n\nclass RBAC(Subscriptions):\n    _children = [\n        (Roles, 'roles'),\n        (RoleAssignments, 'role_assignments'),\n        (CustomRolesReport, 'custom_roles_report'),\n    ]\n\n    def get_user_id_list(self):\n        \"\"\"\n        Generates and returns a unique list of user IDs which have a role assigned.\n        \"\"\"\n        user_set = set()\n        for subscription in self['subscriptions'].values():\n            for role_assignment in subscription['role_assignments'].values():\n                if role_assignment['principal_type'] == 'User':\n                    user_set.add(role_assignment['principal_id'])\n        return list(user_set)\n\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/rbac/custom_roles_report.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass CustomRolesReport(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        custom_role_dict = {}\n        custom_role_dict['id'] = self.subscription_id\n        custom_role_dict['missing_custom_role_administering_resource_locks'] = True\n\n        for raw_role in await self.facade.rbac.get_roles(self.subscription_id):\n            if raw_role.role_name == 'Resource Lock Administrator':\n                custom_role_dict['missing_custom_role_administering_resource_locks'] = False\n\n        self[custom_role_dict['id']] = custom_role_dict\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/rbac/role_assignments.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass RoleAssignments(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_role_assignment in await self.facade.rbac.get_role_assignments(self.subscription_id):\n            id, role_assignment = self._parse_role_assignment(raw_role_assignment)\n            self[id] = role_assignment\n\n    def _parse_role_assignment(self, raw_role_assignment):\n        role_assignment_dict = {}\n        role_assignment_dict['id'] = raw_role_assignment.name\n        role_assignment_dict['name'] = raw_role_assignment.name\n        role_assignment_dict['role_definition_id'] = raw_role_assignment.role_definition_id\n        role_assignment_dict['type'] = raw_role_assignment.type\n        role_assignment_dict['scope'] = raw_role_assignment.scope\n        role_assignment_dict['principal_id'] = raw_role_assignment.principal_id\n        role_assignment_dict['principal_type'] = raw_role_assignment.principal_type\n        role_assignment_dict['can_delegate'] = \"None\"\n        role_assignment_dict['additional_properties'] = raw_role_assignment.additional_properties\n        return role_assignment_dict['id'], role_assignment_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/rbac/roles.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass Roles(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_role in await self.facade.rbac.get_roles(self.subscription_id):\n            id, role = self._parse_role(raw_role)\n            self[id] = role\n\n\n\n    def _parse_role(self, raw_role):\n        role_dict = {}\n        role_dict['id'] = raw_role.name\n        role_dict['name'] = raw_role.role_name\n        role_dict['type'] = raw_role.type\n        role_dict['description'] = raw_role.description\n        role_dict['role_type'] = raw_role.role_type\n        role_dict['permissions'] = raw_role.permissions\n        role_dict['assignable_scopes'] = raw_role.assignable_scopes\n        role_dict['additional_properties'] = raw_role.additional_properties\n        role_dict['assignments_count'] = 0\n        role_dict['custom_subscription_owner_role'] = self._no_custom_subscription_owner_role_allowed(raw_role)\n        role_dict['assignments'] = {'users': [],\n                                    'groups': [],\n                                    'service_principals': []}  # this will be filled in `finalize()`\n        return role_dict['id'], role_dict\n\n    def _no_custom_subscription_owner_role_allowed(self, role):\n        if role.role_type ==\"CustomRole\":\n            for assignable_scope in role.assignable_scopes:\n                if \"subscriptions\" in assignable_scope or assignable_scope == \"/\":\n                    for permission in role.permissions:\n                        for action in permission.actions:\n                            if \"*\" in action:\n                                return True\n        return False\n\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/securitycenter/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/azure/resources/securitycenter/alerts.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Alerts(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_alert in await self.facade.securitycenter.get_alerts(self.subscription_id):\n            id, alert = self._parse_alert(raw_alert)\n            self[id] = alert\n\n    def _parse_alert(self, alert):\n        alert_dict = {}\n        alert_dict['id'] = get_non_provider_id(alert.id)\n        alert_dict['name'] = alert.name\n        return alert_dict['id'], alert_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/securitycenter/auto_provisioning_settings.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass AutoProvisioningSettings(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_settings in await self.facade.securitycenter.get_auto_provisioning_settings(self.subscription_id):\n            id, auto_provisioning_settings = self._parse_auto_provisioning_settings(\n                raw_settings)\n            self[id] = auto_provisioning_settings\n\n    def _parse_auto_provisioning_settings(self, auto_provisioning_settings):\n        auto_provisioning_setting_dict = {}\n        auto_provisioning_setting_dict['id'] = get_non_provider_id(auto_provisioning_settings.id)\n        auto_provisioning_setting_dict['name'] = auto_provisioning_settings.name\n        auto_provisioning_setting_dict['auto_provision'] = auto_provisioning_settings.auto_provision\n\n        return auto_provisioning_setting_dict['id'], auto_provisioning_setting_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/securitycenter/base.py",
    "content": "from ScoutSuite.providers.azure.resources.subscriptions import Subscriptions\n\nfrom .auto_provisioning_settings import AutoProvisioningSettings\nfrom .pricings import Pricings\n# from .alerts import Alerts\nfrom .security_contacts import SecurityContacts\n# from .information_protection_policies import InformationProtectionPolicies\nfrom .settings import Settings\nfrom .compliance_results import ComplianceResults\nfrom .regulatory_compliance_results import RegulatoryComplianceResults\n\n\nclass SecurityCenter(Subscriptions):\n    _children = [\n        (AutoProvisioningSettings, 'auto_provisioning_settings'),\n        (Pricings, 'pricings'),\n        # (Alerts, 'alerts'),  # FIXME this needs to be tested with alert results...\n        (SecurityContacts, 'security_contacts'),\n        # (InformationProtectionPolicies, 'information_protection_policies'),  # FIXME this isn't properly implemented\n        (Settings, 'settings'),\n        (ComplianceResults, 'compliance_results'),\n        (RegulatoryComplianceResults, 'regulatory_compliance_results')\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/securitycenter/compliance_results.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass ComplianceResults(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_compliance_result in await self.facade.securitycenter.get_compliance_results(self.subscription_id):\n            id, compliance_result = self._parse_compliance_result(raw_compliance_result)\n            self[id] = compliance_result\n\n    def _parse_compliance_result(self, raw_compliance_result):\n        compliance_result_dict = {}\n        compliance_result_dict['id'] = get_non_provider_id(raw_compliance_result.id)\n        compliance_result_dict['name'] = raw_compliance_result.name\n        compliance_result_dict['type'] = raw_compliance_result.type\n        compliance_result_dict['resource_status'] = raw_compliance_result.resource_status\n        compliance_result_dict['additional_properties'] = raw_compliance_result.additional_properties\n        return compliance_result_dict['id'], compliance_result_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/securitycenter/information_protection_policies.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass InformationProtectionPolicies(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_information_policies in await self.facade.securitycenter.get_information_protection_policies(\n                self.subscription_id):\n            id, information_protection_policies = self._parse_information_protection_policies(\n                raw_information_policies)\n            self[id] = information_protection_policies\n\n    def _parse_information_protection_policies(self, auto_provisioning_settings):\n        information_protection_policies_dict = {}\n        return information_protection_policies_dict['id'], information_protection_policies_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/securitycenter/pricings.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Pricings(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_pricing in await self.facade.securitycenter.get_pricings(self.subscription_id):\n            id, pricing = self._parse_pricing(raw_pricing)\n            self[id] = pricing\n\n    def _parse_pricing(self, pricing):\n        pricing_dict = {}\n        pricing_dict['id'] = get_non_provider_id(pricing.id)\n        pricing_dict['name'] = pricing.name\n        pricing_dict['pricing_tier'] = pricing.pricing_tier\n\n        return pricing_dict['id'], pricing_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/securitycenter/regulatory_compliance_results.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass RegulatoryComplianceResults(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_regulatory_compliance_result in await \\\n                self.facade.securitycenter.get_regulatory_compliance_results(self.subscription_id):\n            id, regulatory_compliance_result = \\\n                self._parse_regulatory_compliance_result(raw_regulatory_compliance_result)\n            self[id] = regulatory_compliance_result\n\n    def _parse_regulatory_compliance_result(self, raw_regulatory_compliance_result):\n        regulatory_compliance_result_dict = {}\n        regulatory_compliance_result_dict['id'] = get_non_provider_id(raw_regulatory_compliance_result.id)\n        regulatory_compliance_result_dict['name'] = '{} {}'.format(raw_regulatory_compliance_result.standard_name,\n                                                                   raw_regulatory_compliance_result.name)\n        regulatory_compliance_result_dict['reference'] = raw_regulatory_compliance_result.name\n        regulatory_compliance_result_dict['standard_name'] = raw_regulatory_compliance_result.standard_name\n        regulatory_compliance_result_dict['type'] = raw_regulatory_compliance_result.type\n        regulatory_compliance_result_dict['description'] = raw_regulatory_compliance_result.description\n        regulatory_compliance_result_dict['state'] = raw_regulatory_compliance_result.state\n        regulatory_compliance_result_dict['passed_assessments'] = raw_regulatory_compliance_result.passed_assessments\n        regulatory_compliance_result_dict['failed_assessments'] = raw_regulatory_compliance_result.failed_assessments\n        regulatory_compliance_result_dict['skipped_assessments'] = raw_regulatory_compliance_result.skipped_assessments\n        regulatory_compliance_result_dict['additional_properties'] = \\\n            raw_regulatory_compliance_result.additional_properties\n        return regulatory_compliance_result_dict['id'], regulatory_compliance_result_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/securitycenter/security_contacts.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass SecurityContacts(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_contact in await self.facade.securitycenter.get_security_contacts(self.subscription_id):\n            id, security_contact = self._parse_security_contact(raw_contact)\n            self[id] = security_contact\n\n    def _parse_security_contact(self, security_contact):\n        security_contact_dict = {}\n        security_contact_dict['id'] = get_non_provider_id(security_contact.id.lower())\n        security_contact_dict['name'] = security_contact.name\n        security_contact_dict['email'] = security_contact.email\n        security_contact_dict['phone'] = security_contact.phone\n        security_contact_dict['alert_notifications'] = security_contact.alert_notifications == \"On\"\n        security_contact_dict['alerts_to_admins'] = security_contact.alerts_to_admins == \"On\"\n        security_contact_dict['additional_properties'] = security_contact.additional_properties\n\n        return security_contact_dict['id'], security_contact_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/securitycenter/settings.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Settings(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_settings in await self.facade.securitycenter.get_settings(self.subscription_id):\n            id, settings = self._parse_settings(\n                raw_settings)\n            self[id] = settings\n\n    def _parse_settings(self, settings):\n        settings_dict = {}\n        settings_dict['id'] = get_non_provider_id(settings.id.lower())\n        settings_dict['name'] = settings.name\n        settings_dict['kind'] = settings.kind\n        settings_dict['enabled'] = settings.enabled\n        return settings_dict['id'], settings_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/sqldatabase/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/azure/resources/sqldatabase/base.py",
    "content": "from ScoutSuite.providers.azure.resources.subscriptions import Subscriptions\n\nfrom .servers import Servers\n\n\nclass Servers(Subscriptions):\n    _children = [\n        (Servers, 'servers')\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/sqldatabase/database_blob_auditing_policies.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass DatabaseBlobAuditingPolicies(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, database_name: str,\n                 subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.server_name = server_name\n        self.database_name = database_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        policies = await self.facade.sqldatabase.get_database_blob_auditing_policies(\n            self.resource_group_name, self.server_name, self.database_name, self.subscription_id)\n        self._parse_policies(policies)\n\n    def _parse_policies(self, policies):\n        self.update({\n            'auditing_enabled': policies.state == \"Enabled\",\n            'retention_days': policies.retention_days\n        })\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/sqldatabase/database_threat_detection_policies.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass DatabaseThreatDetectionPolicies(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, database_name: str,\n                 subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.server_name = server_name\n        self.database_name = database_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        policies = await self.facade.sqldatabase.get_database_threat_detection_policies(\n            self.resource_group_name, self.server_name, self.database_name, self.subscription_id)\n        self._parse_policies(policies)\n\n    def _parse_policies(self, policies):\n        self.update({\n            'threat_detection_enabled': policies.state == \"Enabled\",\n            'alerts_enabled': policies.disabled_alerts == \"\",\n            'send_alerts_enabled': policies.email_addresses != \"\" and policies.email_account_admins == \"Enabled\",\n            'retention_days': policies.retention_days\n        })\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/sqldatabase/databases.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureCompositeResources\nfrom ScoutSuite.providers.azure.utils import get_resource_group_name\n\nfrom .database_blob_auditing_policies import DatabaseBlobAuditingPolicies\nfrom .database_threat_detection_policies import DatabaseThreatDetectionPolicies\nfrom .replication_links import ReplicationLinks\nfrom .transparent_data_encryptions import TransparentDataEncryptions\n\n\nclass Databases(AzureCompositeResources):\n    _children = [\n        (DatabaseBlobAuditingPolicies, 'auditing'),\n        (DatabaseThreatDetectionPolicies, 'threat_detection'),\n        (ReplicationLinks, None),\n        (TransparentDataEncryptions, None)\n    ]\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.server_name = server_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for db in await self.facade.sqldatabase.get_databases(\n                self.resource_group_name, self.server_name, self.subscription_id):\n            # We do not want to scan 'master' database which is auto-generated by Azure and read-only:\n            if db.name == 'master':\n                continue\n\n            self[db.name] = {\n                'id': db.name,\n                'name': db.name,\n                'tags': [\"{}:{}\".format(key, value) for key, value in  db.tags.items()] if db.tags is not None else [],\n                'resource_group_name': get_resource_group_name(db.id)\n            }\n\n        await self._fetch_children_of_all_resources(\n            resources=self,\n            scopes={db_id: {'resource_group_name': self.resource_group_name,\n                            'server_name': self.server_name,\n                            'database_name': db['name'],\n                            'subscription_id': self.subscription_id}\n                    for (db_id, db) in self.items()}\n        )\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/sqldatabase/firewall_rules.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass FirewallRules(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.server_name = server_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for firewall_rule in await self.facade.sqldatabase.get_firewall_rules(self.resource_group_name, self.server_name,\n                                                                         self.subscription_id):\n            id, firewall_rules = self._parse_firewall_rules(firewall_rule)\n            self[id] = firewall_rules\n\n    def _parse_firewall_rules(self, firewall_rule):\n        firewall_rules_dict ={}\n        firewall_rules_dict['id'] = get_non_provider_id(firewall_rule.id.lower())\n        firewall_rules_dict['name'] = firewall_rule.name\n        firewall_rules_dict['start_ip'] = firewall_rule.start_ip_address\n        firewall_rules_dict['end_ip'] = firewall_rule.end_ip_address\n\n        return firewall_rules_dict['id'], firewall_rules_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/sqldatabase/replication_links.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass ReplicationLinks(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, database_name: str,\n                 subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.server_name = server_name\n        self.database_name = database_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        links = await self.facade.sqldatabase.get_database_replication_links(\n            self.resource_group_name, self.server_name, self.database_name, self.subscription_id)\n        self._parse_links(links)\n\n    def _parse_links(self, links):\n        links_count = len(links)\n        self.update({\n            'replication_configured': links_count > 0\n        })\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/sqldatabase/server_azure_ad_administrators.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass ServerAzureAdAdministrators(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.server_name = server_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        self['ad_admin'] = await self.facade.sqldatabase.get_server_azure_ad_administrators(\n            self.resource_group_name, self.server_name, self.subscription_id)\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/sqldatabase/server_blob_auditing_policies.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass ServerBlobAuditingPolicies(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.server_name = server_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        policies = await self.facade.sqldatabase.get_server_blob_auditing_policies(\n            self.resource_group_name, self.server_name, self.subscription_id)\n        self._parse_policies(policies)\n\n    def _parse_policies(self, policies):\n        self.update({\n            'auditing_enabled': policies.state == \"Enabled\",\n            'retention_days': policies.retention_days\n        })\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/sqldatabase/server_encryption_protectors.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass ServerEncryptionProtectors(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.server_name = server_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        protectors = await self.facade.sqldatabase.get_server_encryption_protectors(\n            self.resource_group_name, self.server_name, self.subscription_id)\n        self._parse_protectors(protectors)\n\n    def _parse_protectors(self, protectors):\n        self.update({\n            'kind': protectors.kind,\n            'server_key_type': protectors.server_key_type,\n            'uri': protectors.uri,\n            'TDE_protector_is_encrypted': protectors.kind == 'azurekeyvault' and\n            protectors.server_key_type == 'AzureKeyVault' and protectors.uri is not None\n        })\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/sqldatabase/server_security_alert_policies.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass ServerSecurityAlertPolicies(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.server_name = server_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        policies = await self.facade.sqldatabase.get_server_security_alert_policies(\n            self.resource_group_name, self.server_name, self.subscription_id)\n        self._parse_policies(policies)\n\n    def _parse_policies(self, policies):\n        self.update({\n            'threat_detection_enabled': policies.state == \"Enabled\",\n            'alerts_enabled': policies.disabled_alerts == [\"\"],\n            'send_alerts_enabled': policies.email_addresses != [\"\"] and policies.email_account_admins,\n            'retention_days': policies.retention_days\n        })\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/sqldatabase/server_vulnerability_assessments.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass ServerVulnerabilityAssessments(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.server_name = server_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        server_vulnerability = await self.facade.sqldatabase.get_server_vulnerability_assessments(\n            self.resource_group_name, self.server_name, self.subscription_id)\n        self._parse_vulnerabilities(server_vulnerability)\n\n    def _parse_vulnerabilities(self, vulnerability):\n        self.update({\n            'storage_account_name': vulnerability.name,\n            'recurring_scans_enabled': vulnerability.recurring_scans.is_enabled,\n            'send_scan_reports_to_not_empty': vulnerability.recurring_scans.emails != [],\n            'email_subscription_admin': vulnerability.recurring_scans.email_subscription_admins\n        })\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/sqldatabase/servers.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureCompositeResources\nfrom ScoutSuite.providers.azure.utils import get_resource_group_name\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\nfrom .databases import Databases\nfrom .server_azure_ad_administrators import ServerAzureAdAdministrators\nfrom .server_blob_auditing_policies import ServerBlobAuditingPolicies\nfrom .server_security_alert_policies import ServerSecurityAlertPolicies\nfrom .server_vulnerability_assessments import ServerVulnerabilityAssessments\nfrom .server_encryption_protectors import ServerEncryptionProtectors\nfrom .firewall_rules import FirewallRules\n\n\nclass Servers(AzureCompositeResources):\n    _children = [\n        (Databases, 'databases'),\n        (ServerAzureAdAdministrators, None),\n        (ServerBlobAuditingPolicies, 'auditing'),\n        (ServerSecurityAlertPolicies, 'threat_detection'),\n        (ServerVulnerabilityAssessments, 'server_vulnerability'),\n        (ServerEncryptionProtectors, 'encryption_protectors'),\n        (FirewallRules, 'firewall_rules')\n    ]\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_server in await self.facade.sqldatabase.get_servers(self.subscription_id):\n            id, server = self._parse_server(raw_server)\n            self[id] = server\n\n        await self._fetch_children_of_all_resources(\n            resources=self,\n            scopes={server_id: {'resource_group_name': server['resource_group_name'],\n                                'server_name': server['name'],\n                                'subscription_id': self.subscription_id}\n                    for (server_id, server) in self.items()}\n        )\n\n    def _parse_server(self, raw_server):\n        server = {}\n        server['id'] = get_non_provider_id(raw_server.id)\n        server['name'] = raw_server.name\n        server['resource_group_name'] = get_resource_group_name(raw_server.id)\n        if raw_server.tags is not None:\n            server['tags'] = [\"{}:{}\".format(key, value) for key, value in  raw_server.tags.items()]\n        else:\n            server['tags'] = []\n        return server['id'], server\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/sqldatabase/transparent_data_encryptions.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass TransparentDataEncryptions(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, database_name: str,\n                 subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.server_name = server_name\n        self.database_name = database_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        encryptions = await self.facade.sqldatabase.get_database_transparent_data_encryptions(\n            self.resource_group_name, self.server_name, self.database_name, self.subscription_id)\n        self._parse_encryptions(encryptions)\n\n    def _parse_encryptions(self, encryptions):\n        self.update({\n            'transparent_data_encryption_enabled': encryptions.status == \"Enabled\"\n        })\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/storageaccounts/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/azure/resources/storageaccounts/base.py",
    "content": "from ScoutSuite.providers.azure.resources.subscriptions import Subscriptions\n\nfrom .storage_accounts import StorageAccounts\n\n\nclass StorageAccounts(Subscriptions):\n    _children = [\n        (StorageAccounts, 'storage_accounts')\n    ]\n\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/storageaccounts/blob_containers.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass BlobContainers(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, storage_account_name: str, subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.storage_account_name = storage_account_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        raw_blob_containers = await self.facade.storageaccounts.get_blob_containers(self.resource_group_name,\n                                                                                    self.storage_account_name,\n                                                                                    self.subscription_id)\n        for raw_blob_container in raw_blob_containers:\n            id, blob_container = self._parse_blob_container(raw_blob_container)\n            self[id] = blob_container\n\n    def _parse_blob_container(self, raw_blob_container):\n        blob_container = {}\n        blob_container['id'] = raw_blob_container.name\n        blob_container['public_access_allowed'] = raw_blob_container.public_access != \"None\"\n\n        return blob_container['id'], blob_container\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/storageaccounts/blob_services.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass BlobServices(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, storage_account_name: str, subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.storage_account_name = storage_account_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        raw_blob_services = await self.facade.storageaccounts.get_blob_services(self.resource_group_name,\n                                                                                    self.storage_account_name,\n                                                                                    self.subscription_id)\n        for raw_blob_service in raw_blob_services:\n            id, blob_service = self._parse_blob_service(raw_blob_service)\n            self[id] = blob_service\n\n    def _parse_blob_service(self, raw_blob_service):\n        blob_service = {}\n        blob_service['id'] = get_non_provider_id(raw_blob_service.id.lower())\n        blob_service['name'] = raw_blob_service.name\n        blob_service['soft_delete_enabled'] = raw_blob_service.delete_retention_policy.enabled\n\n        return blob_service['id'], blob_service\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/storageaccounts/queues.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\n\n\nclass Queues(AzureResources):\n\n    def __init__(self, facade: AzureFacade, resource_group_name: str, storage_account_name: str, subscription_id: str):\n        super().__init__(facade)\n        self.resource_group_name = resource_group_name\n        self.storage_account_name = storage_account_name\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        raw_queues = await self.facade.storageaccounts.get_queues(self.resource_group_name,\n                                                                  self.storage_account_name,\n                                                                  self.subscription_id)\n        for raw_queue in raw_queues:\n            id, queue = self._parse_queue(raw_queue)\n            self[id] = queue\n\n    def _parse_queue(self, raw_queue):\n        pass\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureCompositeResources\nfrom ScoutSuite.providers.azure.utils import get_resource_group_name\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\nfrom .blob_containers import BlobContainers\n# from .queues import Queues\nfrom .blob_services import BlobServices\n\n\nclass StorageAccounts(AzureCompositeResources):\n    _children = [\n        (BlobContainers, 'blob_containers'),\n        (BlobServices, 'blob_services'),\n        # (Queues, 'queues')  # FIXME - not implemented by SDK\n    ]\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_storage_account in await self.facade.storageaccounts.get_storage_accounts(self.subscription_id):\n            id, storage_account = self._parse_storage_account(raw_storage_account)\n            self[id] = storage_account\n\n        await self._fetch_children_of_all_resources(\n            resources=self,\n            scopes={storage_account_id: {'resource_group_name': storage_account['resource_group_name'],\n                                         'storage_account_name': storage_account['name'],\n                                         'subscription_id': self.subscription_id}\n                    for (storage_account_id, storage_account) in self.items()}\n        )\n\n    def _parse_storage_account(self, raw_storage_account):\n        storage_account = {}\n\n        encryption = raw_storage_account.encryption\n        raw_id = raw_storage_account.id\n        storage_account['id'] = get_non_provider_id(raw_id.lower())\n        storage_account['resource_group_name'] = get_resource_group_name(raw_id)\n        storage_account['name'] = raw_storage_account.name\n        storage_account['https_traffic_enabled'] = raw_storage_account.enable_https_traffic_only\n        storage_account['public_traffic_allowed'] = self._is_public_traffic_allowed(raw_storage_account)\n        storage_account['trusted_microsoft_services_enabled'] = \\\n            self._is_trusted_microsoft_services_enabled(raw_storage_account)\n        storage_account['bypass'] = raw_storage_account.network_rule_set.bypass\n        # The default value (null) is equivalent to True\n        storage_account['shared_key_access_allowed'] = raw_storage_account.allow_shared_key_access != False\n        storage_account['access_keys_last_rotation_date'] = \\\n            self._parse_access_keys_last_rotation_date(raw_storage_account.activity_logs)\n        storage_account['encryption_key_source'] = raw_storage_account.encryption.key_source\n        storage_account['encryption_key_customer_managed'] = self._is_encryption_key_customer_managed(raw_storage_account.encryption.key_source)\n        if raw_storage_account.tags is not None:\n            storage_account['tags'] = [\"{}:{}\".format(key, value) for key, value in  raw_storage_account.tags.items()]\n        else:\n            storage_account['tags'] = []\n\n        return storage_account['id'], storage_account\n\n    def _is_public_traffic_allowed(self, storage_account):\n        return storage_account.network_rule_set.default_action == \"Allow\"\n\n    def _is_trusted_microsoft_services_enabled(self, storage_account):\n        if storage_account.network_rule_set.bypass:\n            return \"AzureServices\" in storage_account.network_rule_set.bypass\n        return False\n\n    def _parse_access_keys_last_rotation_date(self, activity_logs):\n        last_rotation_date = None\n        for log in activity_logs:\n            if log.operation_name.value == 'Microsoft.Storage/storageAccounts/regenerateKey/action':\n                if last_rotation_date is None or last_rotation_date < log.event_timestamp:\n                    last_rotation_date = log.event_timestamp\n        return last_rotation_date\n\n    def _is_encryption_key_customer_managed(self, key_source):\n        # Microsoft Storage is the default option which is not customer-managed\n        return key_source != \"Microsoft.Storage\"\n\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/subscriptions.py",
    "content": "from ScoutSuite.providers.azure.resources.base import AzureCompositeResources\n\n\nclass Subscriptions(AzureCompositeResources):\n\n    \"\"\"This class represents a collection of Azure Resources that are grouped by subscription.\n    Classes extending Subscriptions should implement the method _fetch_children() with a subscription ID as paramater.\n    The children resources will be stored with the following structure {<subscriptions>: {<subscription_id>: {<child_name>: {<child_id>: <child_instance>}}}}.\n    \"\"\"\n\n    async def fetch_all(self):\n        \"\"\"This method fetches all the Azure subscriptions that can be accessed with the given run configuration.\n        It then fetches all the children defined in _children and groups them by subscription.\n        \"\"\"\n\n        raw_subscriptions = await self.facade.get_subscriptions()\n\n        if raw_subscriptions:\n            self['subscriptions'] = {subscription.subscription_id: {}\n                                     for subscription in raw_subscriptions}\n        else:\n            self['subscriptions'] = {}\n        await self._fetch_children_of_all_resources(\n            resources=self['subscriptions'],\n            scopes={subscription_id: {'subscription_id': subscription_id} for subscription_id in self['subscriptions']})\n        self._set_counts()\n\n    def _set_counts(self):\n        for _, child_name in self._children:\n            self[child_name + '_count'] = sum([subscription[child_name + '_count']\n                                               for subscription in self['subscriptions'].values()])\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/virtualmachines/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/azure/resources/virtualmachines/base.py",
    "content": "from ScoutSuite.providers.azure.resources.subscriptions import Subscriptions\n\nfrom .instances import Instances\nfrom .disks import Disks\nfrom .snapshots import Snapshots\nfrom .images import Images\n\n\nclass VirtualMachines(Subscriptions):\n    _children = [\n        (Instances, 'instances'),\n        (Disks, 'disks'),\n        (Snapshots, 'snapshots'),\n        (Images, 'images'),\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/virtualmachines/disks.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Disks(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_disk in await self.facade.virtualmachines.get_disks(self.subscription_id):\n            id, disk = self._parse_disk(raw_disk)\n            self[id] = disk\n\n    def _parse_disk(self, raw_disk):\n        disk_dict = {}\n\n        disk_dict['id'] = get_non_provider_id(raw_disk.id)\n        disk_dict['unique_id'] = getattr(raw_disk, 'unique_id', None)\n        disk_dict['name'] = raw_disk.name\n        disk_dict['type'] = raw_disk.type\n        disk_dict['location'] = raw_disk.location\n        disk_dict['tags'] = raw_disk.tags\n        disk_dict['managed_by'] = raw_disk.managed_by\n        disk_dict['sku'] = raw_disk.sku\n        disk_dict['zones'] = raw_disk.zones\n        disk_dict['time_created'] = raw_disk.time_created\n        disk_dict['os_type'] = raw_disk.os_type\n        disk_dict['hyper_vgeneration'] = raw_disk.hyper_v_generation\n        disk_dict['creation_data'] = raw_disk.creation_data\n        disk_dict['disk_size_gb'] = raw_disk.disk_size_gb\n        disk_dict['disk_size_bytes'] = getattr(raw_disk, 'disk_size_bytes', None)\n        disk_dict['provisioning_state'] = raw_disk.provisioning_state\n        disk_dict['disk_iops_read_write'] = raw_disk.disk_iops_read_write\n        disk_dict['disk_mbps_read_write'] = raw_disk.disk_m_bps_read_write\n        disk_dict['disk_state'] = raw_disk.disk_state\n        disk_dict['additional_properties'] = raw_disk.additional_properties\n\n        if hasattr(raw_disk, 'encryption'):\n            disk_dict['encryption_type'] = getattr(raw_disk.encryption, 'type', None)\n        else:\n            disk_dict['encryption_type'] = None\n\n        if getattr(raw_disk, 'encryption_settings_collection', None):\n            disk_dict['encryption_ade'] = raw_disk.encryption_settings_collection.enabled and \\\n                getattr(raw_disk.encryption_settings_collection, 'encryption_settings_version') in ['1.0','1.1']\n        else:\n            disk_dict['encryption_ade'] = False\n\n        return disk_dict['id'], disk_dict\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/virtualmachines/images.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Images(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_image in await self.facade.virtualmachines.get_images(self.subscription_id):\n            id, image = self._parse_image(raw_image)\n            self[id] = image\n\n    def _parse_image(self, raw_image):\n        image_dict = {}\n        image_dict['id'] = get_non_provider_id(raw_image.id)\n        image_dict['name'] = raw_image.name\n        image_dict['type'] = raw_image.type\n        image_dict['location'] = raw_image.location\n        image_dict['tags'] = raw_image.tags\n        image_dict['source_virtual_machine'] = raw_image.source_virtual_machine\n        image_dict['storage_profile'] = raw_image.storage_profile\n        image_dict['provisioning_state'] = raw_image.provisioning_state\n        image_dict['hyper_vgeneration'] = raw_image.hyper_vgeneration\n        image_dict['additional_properties'] = raw_image.additional_properties\n        return image_dict['id'], image_dict\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/virtualmachines/instances.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\nfrom ScoutSuite.providers.azure.utils import get_resource_group_name\n\nfrom ScoutSuite.providers.azure.utils import get_resource_group_name\n\nclass Instances(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_instance in await self.facade.virtualmachines.get_instances(self.subscription_id):\n            id, instance = await self._parse_instance(raw_instance)\n            self[id] = instance\n\n    async def _parse_instance(self, raw_instance):\n        instance_dict = {}\n\n        instance_dict['id'] = get_non_provider_id(raw_instance.id.lower())\n        instance_dict['name'] = raw_instance.name\n        instance_dict['vm_id'] = raw_instance.vm_id\n        instance_dict['zones'] = raw_instance.zones\n        if raw_instance.availability_set is not None:\n            #Get the resource group and availability set if set\n            try:\n                instance_dict['availability_set'] = raw_instance.availability_set.id.split('/')[4] + ':' + raw_instance.availability_set.id.split('/')[8]\n            except Exception as e:\n                instance_dict['availability_set'] = raw_instance.availability_set.id\n        else:\n            instance_dict['availability_set'] = None\n        if raw_instance.proximity_placement_group is not None:\n            #Get the resource group and proximity placement group if set  \n            try:\n                instance_dict['proximity_placement_group'] = raw_instance.proximity_placement_group.id.split('/')[4] + ':' + raw_instance.proximity_placement_group.id.split('/')[8]\n            except Exception as e:\n                instance_dict['proximity_placement_group'] = raw_instance.proximity_placement_group.id\n        else:\n            instance_dict['proximity_placement_group'] = None\n        instance_dict['additional_properties'] = list(raw_instance.additional_properties)\n        instance_dict['location'] = raw_instance.location\n        instance_dict['type'] = raw_instance.type\n        instance_dict['resources'] = raw_instance.resources\n        if raw_instance.tags is not None:\n            instance_dict['tags'] = [\"{}:{}\".format(key, value) for key, value in  raw_instance.tags.items()]\n        else:\n            instance_dict['tags'] = []\n        instance_dict['resource_group_name'] = get_resource_group_name(raw_instance.id)\n        instance_dict['provisioning_state'] = raw_instance.provisioning_state\n        if raw_instance.plan is not None:\n            instance_dict['plan'] = raw_instance.plan.name\n        else:\n            instance_dict['plan'] = None\n        instance_dict['identity'] = raw_instance.identity\n\n        if raw_instance.additional_capabilities is not None:\n            #Get all the enabled additional capabilities ignoring not set or empty values\n            instance_dict['additional_capabilities'] = [additional_capability for additional_capability, value in raw_instance.additional_capabilities.__dict__.items() if (value and value is not None)]\n        else:\n            instance_dict['additional_capabilities'] = None\n        instance_dict['license_type'] = raw_instance.license_type\n\n        # TODO process and display the below\n        instance_dict['hardware_profile'] = raw_instance.hardware_profile.vm_size\n        \n        # Handle VMs without diagnostics profile configured\n        if raw_instance.diagnostics_profile is not None:\n            instance_dict['diagnostics_profile'] = {'Boot Diagnostics': True if raw_instance.diagnostics_profile.boot_diagnostics.enabled else None}\n        \n        instance_dict['os_profile'] = {}\n        if raw_instance.os_profile is not None:\n            instance_dict['os_profile']['Administrator Username'] = raw_instance.os_profile.admin_username\n            instance_dict['os_profile']['Allow Extension Operations'] = raw_instance.os_profile.allow_extension_operations\n            instance_dict['os_profile']['Computer Name'] = raw_instance.os_profile.computer_name\n            instance_dict['os_profile']['Custom Data'] = raw_instance.os_profile.custom_data\n            instance_dict['os_profile']['Secrets'] = ''.join(raw_instance.os_profile.secrets)\n            if raw_instance.os_profile.windows_configuration:\n                instance_dict['os_profile']['Unnatended Content'] = raw_instance.os_profile.windows_configuration.additional_unattend_content\n                instance_dict['os_profile']['Automatic Updates'] = raw_instance.os_profile.windows_configuration.enable_automatic_updates\n                instance_dict['os_profile']['VM Agent Provision'] = raw_instance.os_profile.windows_configuration.provision_vm_agent\n                instance_dict['os_profile']['Windows Remote Management'] = raw_instance.os_profile.windows_configuration.win_rm\n            elif raw_instance.os_profile.linux_configuration:\n                instance_dict['os_profile']['Disable Password Authentication'] = raw_instance.os_profile.linux_configuration.disable_password_authentication\n                instance_dict['os_profile']['VM Agent Provision'] = raw_instance.os_profile.linux_configuration.provision_vm_agent\n\n        if raw_instance.storage_profile is not None:\n            instance_dict['storage_profile'] = {}\n            if raw_instance.storage_profile.image_reference is not None:\n                instance_dict['storage_profile']['Publisher'] = raw_instance.storage_profile.image_reference.publisher\n            instance_dict['storage_profile']['Release'] = raw_instance.storage_profile.image_reference.version\n            instance_dict['storage_profile']['SKU'] = raw_instance.storage_profile.image_reference.sku\n            instance_dict['storage_profile']['Offer'] = raw_instance.storage_profile.image_reference.offer\n            instance_dict['storage_profile']['Exact Version'] = raw_instance.storage_profile.image_reference.exact_version\n            instance_dict['storage_profile']['OS Disk Size (GB)'] = raw_instance.storage_profile.os_disk.disk_size_gb\n            instance_dict['storage_profile']['OS Disk Name'] = raw_instance.storage_profile.os_disk.name\n            instance_dict['storage_profile']['OS Disk VHD'] = raw_instance.storage_profile.os_disk.vhd\n            if raw_instance.storage_profile.os_disk.managed_disk:\n                instance_dict['storage_profile'][\n                    'OS Managed Disk ID'] = raw_instance.storage_profile.os_disk.managed_disk.id.split('/')[-1]\n                instance_dict['storage_profile'][\n                    'OS Managed Disk Storage Account Type'] = raw_instance.storage_profile.os_disk.managed_disk.storage_account_type\n            else:\n                instance_dict['storage_profile']['OS Managed Disk ID'] = None\n                instance_dict['storage_profile']['OS Managed Disk Storage Account Type'] = None\n            if raw_instance.storage_profile.data_disks is not None and raw_instance.storage_profile.data_disks:\n                instance_dict['storage_profile']['Data Disks'] = [\"{} ({}GB)\".format(disk.name, disk.disk_size_gb) for disk in raw_instance.storage_profile.data_disks]\n        else:\n            instance_dict['storage_profile'] = None\n\n        instance_dict['network_interfaces'] = []\n        for interface in raw_instance.network_profile.network_interfaces:\n            instance_dict['network_interfaces'].append(get_non_provider_id(interface.id))\n\n        instance_dict['extensions'] = await self.facade.virtualmachines.get_instance_extensions(\n            subscription_id=self.subscription_id,\n            instance_name=instance_dict['name'],\n            resource_group=get_resource_group_name(raw_instance.id))\n\n        instance_dict['extension_names'] = [extension.name for extension in instance_dict['extensions']]\n\n        return instance_dict['id'], instance_dict\n"
  },
  {
    "path": "ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.base import AzureResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Snapshots(AzureResources):\n\n    def __init__(self, facade: AzureFacade, subscription_id: str):\n        super().__init__(facade)\n        self.subscription_id = subscription_id\n\n    async def fetch_all(self):\n        for raw_snapshot in await self.facade.virtualmachines.get_snapshots(self.subscription_id):\n            id, snapshot = self._parse_snapshot(raw_snapshot)\n            self[id] = snapshot\n\n    def _parse_snapshot(self, raw_snapshot):\n        snapshot_dict = {}\n\n        snapshot_dict['id'] = get_non_provider_id(raw_snapshot.id)\n        snapshot_dict['unique_id'] = getattr(raw_snapshot, 'unique_id', None)\n        snapshot_dict['name'] = raw_snapshot.name\n        snapshot_dict['type'] = raw_snapshot.type\n        snapshot_dict['location'] = raw_snapshot.location\n        snapshot_dict['tags'] = raw_snapshot.tags\n        snapshot_dict['managed_by'] = raw_snapshot.managed_by\n        snapshot_dict['sku'] = raw_snapshot.sku\n        snapshot_dict['time_created'] = raw_snapshot.time_created\n        snapshot_dict['os_type'] = raw_snapshot.os_type\n        snapshot_dict['hyper_vgeneration'] = raw_snapshot.hyper_vgeneration\n        snapshot_dict['creation_data'] = raw_snapshot.creation_data\n        snapshot_dict['disk_size_gb'] = raw_snapshot.disk_size_gb\n        snapshot_dict['disk_size_bytes'] = getattr(raw_snapshot, 'disk_size_bytes', None)\n        snapshot_dict['provisioning_state'] = raw_snapshot.provisioning_state\n        snapshot_dict['incremental'] = getattr(raw_snapshot, 'incremental', None)\n        snapshot_dict['additional_properties'] = raw_snapshot.additional_properties\n\n        if hasattr(raw_snapshot, 'encryption'):\n            snapshot_dict['encryption_type'] = getattr(raw_snapshot.encryption, 'type', None)\n        else:\n            snapshot_dict['encryption_type'] = None\n\n        return snapshot_dict['id'], snapshot_dict\n\n"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/conditions/allow-tcp.json",
    "content": "{\n    \"conditions\":[\n          \"or\",\n          [\"network.subscriptions.id.security_groups.id.security_rules.id.protocol\", \"equal\", \"*\"],\n          [\"network.subscriptions.id.security_groups.id.security_rules.id.protocol\", \"equal\", \"TCP\"]\n      ]\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/conditions/allow-udp.json",
    "content": "{\n    \"conditions\":[\n          \"or\",\n          [\"network.subscriptions.id.security_groups.id.security_rules.id.protocol\", \"equal\", \"*\"],\n          [\"network.subscriptions.id.security_groups.id.security_rules.id.protocol\", \"equal\", \"UDP\"]\n      ]\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/conditions/exposed-to-the-internet.json",
    "content": "{\n    \"conditions\":[\n      \"and\",\n      [\"network.subscriptions.id.security_groups.id.security_rules.id.allow\", \"true\", \"\"],\n      [\"network.subscriptions.id.security_groups.id.security_rules.id.direction\", \"equal\", \"Inbound\"],\n      [\n          \"or\",\n          [\"network.subscriptions.id.security_groups.id.security_rules.id.source_address_prefixes\", \"containAtLeastOneOf\", \"*\"],\n          [\"network.subscriptions.id.security_groups.id.security_rules.id.source_address_prefixes\", \"containAtLeastOneOf\", \"Internet\"]\n      ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/aad-guest-users.json",
    "content": "{\n    \"description\": \"Guest Users in Use\",\n    \"rationale\": \"Avoid creating guest users, as they are typically added outside your employee on-boarding/off-boarding process and could potentially be overlooked indefinitely leading to a potential vulnerability.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.3\"\n        }\n    ],\n    \"dashboard_name\": \"Users\",\n    \"path\": \"aad.users.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"aad.users.id.user_type\",\n            \"equal\",\n            \"Guest\"\n        ]\n    ],\n    \"id_suffix\": \"user_type\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/aad-users-create-security-groups-disabled.json",
    "content": "{\n    \"description\": \"Users Can Create Security Group Enabled\",\n    \"rationale\": \"When creating security groups is enabled, all users in the directory are allowed to create new security groups and add members to those groups. Security group creation should be restricted to administrators only.\",\n    \"remediation\": \"From Azure console:<ol><li>Go to <samp>Azure Active Directory</samp></li> <li>Go to <samp>Groups</samp></li> <li>Go to <samp>General</samp> in setting</li> <li>Ensure that <samp>Users can create security groups in Azure Portals</samp> is set to <samp>No</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.17\"\n        }\n    ],\n    \"dashboard_name\": \"Policies\",\n    \"path\": \"aad.policies.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"aad.policies.id.allowed_to_create_security_groups\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"allowed_to_create_security_groups\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json",
    "content": "{\n    \"description\": \"App Service Authentication Disabled\",\n    \"rationale\": \"Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the API app, or authenticate those that have tokens before they reach the API app. If an anonymous request is received from a browser, App Service will redirect to a logon page. To handle the logon process, a choice from a set of identity providers can be made, or a custom authentication mechanism can be implemented.\",\n    \"remediation\": \"In the Azure console:\\n<ol>\\n    <li>Go to <samp>App Services</samp></li>\\n    <li>Click on each App</li>\\n    <li>Under <samp>Setting</samp> section, Click on <samp>Authentication / Authorization</samp></li>\\n    <li>Set <samp>App Service Authentication</samp> to <samp>On</samp></li>\\n    <li>Choose other parameters as per your requirement and Click on Save</li>\\n</ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"9.1\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"9.1\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/app-service/app-service-authentication-overview\",\n        \"https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#website-contributor\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-privileged-access#pa-5-automate-entitlement-management\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-6-define-identity-and-privileged-access-strategy\"\n    ],\n    \"dashboard_name\": \"Web Apps\",\n    \"path\": \"appservice.subscriptions.id.web_apps.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"appservice.subscriptions.id.web_apps.id.authentication_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"authentication_enabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json",
    "content": "{\n    \"description\": \"Client Certificates Disabled\",\n    \"rationale\": \"Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app. The TLS mutual authentication technique in enterprise environments ensures the authenticity of clients to the server. If incoming client certificates are enabled, then only an authenticated client who has valid certificates can access the app.\",\n    \"remediation\": \"In the Azure console:\\n<ol>\\n    <li>Go to <samp>App Services</samp></li>\\n    <li>Click on each App</li>\\n    <li>Under <samp>Setting</samp> section, Click on <samp>Configuration</samp></li>\\n    <li>Ensure that the option <samp>Client certificate mode</samp> located under Incoming client certificates is set to <samp>Require</samp></li>\\n</ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"9.4\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"9.4\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/bs-latn-ba/azure/app-service/app-service-web-configure-tls-mutual-auth\"\n    ],\n    \"dashboard_name\": \"Web Apps\",\n    \"path\": \"appservice.subscriptions.id.web_apps.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"appservice.subscriptions.id.web_apps.id.client_cert_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"client_cert_enabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/appservice-ftp-deployment-enabled.json",
    "content": "{\n    \"description\": \"FTP Deployment Enabled\",\n    \"rationale\": \"Azure FTP deployment endpoints are public. An attacker listening to traffic on a wifi network used by a remote employee or a corporate network could see login traffic in clear-text which would then grant them full control of the code base of the app or service. This finding is more severe if User Credentials for deployment are set at the subscription level rather than using the default Application Credentials which are unique per App.\",\n    \"remediation\": \"Using Console:\\n<ol>\\n    <li>Go to <samp>App Services</samp></li>\\n    <li>Click on an App</li>\\n    <li>Select Settings > Configuration</li>\\n    <li>Under Platform Settings, FTP state should be <samp>Disabled</samp> or <samp>FTPS Only</samp></li>\\n</ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.20\",\n            \"reference\": \"9.11\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/app-service/deploy-ftp\",\n        \"https://learn.microsoft.com/en-us/azure/app-service/overview-security\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-4-encrypt-sensitive-information-in-transit\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-identity-management#im-1-standardize-azure-active-directory-as-the-central-identity-and-authentication-system\"\n    ],\n    \"dashboard_name\": \"Web Apps\",\n    \"path\": \"appservice.subscriptions.id.web_apps.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"appservice.subscriptions.id.web_apps.id.ftp_deployment_enabled\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"ftp_deployment_enabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json",
    "content": "{\n    \"description\": \"HTTP 2.0 Disabled\",\n    \"rationale\": \"Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version.<br><br>Newer versions may contain security enhancements and additional functionality. Using the latest version is recommended in order to take advantage of enhancements and new capabilities. With each software installation, organizations need to determine if a given update meets their requirements and also verify the compatibility and support provided for any additional software against the update revision that is selected.<br><br>HTTP 2.0 has additional performance improvements on the head-of-line blocking problem of old HTTP version, header compression, and prioritization of requests. HTTP 2.0 no longer supports HTTP 1.1's chunked transfer encoding mechanism, as it provides its own, more efficient, mechanisms for data streaming.\",\n    \"remediation\": \"Using Console:<ol><li>Login to Azure Portal using https://portal.azure.com</li><li>Go to \\\"App Services\\\"</li><li>Click on each App</li><li>Under \\\"Setting\\\" section, Click on \\\"Application settings\\\"</li><li>Ensure that \\\"HTTP Version\\\" set to \\\"2.0\\\" version under \\\"General settings\\\"</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"9.10\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"9.10\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security\"\n    ],\n    \"dashboard_name\": \"Web Apps\",\n    \"path\": \"appservice.subscriptions.id.web_apps.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"appservice.subscriptions.id.web_apps.id.http_2_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"http_2_enabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/appservice-http-allowed.json",
    "content": "{\n    \"description\": \"HTTP Traffic Allowed\",\n    \"rationale\": \"Azure Web Apps allows sites to run under both HTTP and HTTPS by default. Web apps can be accessed by anyone using non-secure HTTP links by default. Non-secure HTTP requests can be restricted and all HTTP requests redirected to the secure HTTPS port.\",\n    \"remediation\": \"In the Azure console:\\n<ol><li>Go to <samp>App Services</samp></li>\\n    <li>Click on each App</li>\\n    <li>Under <samp>Setting</samp> section, Click on <samp>SSL settings</samp></li>\\n    <li>Set <samp>HTTPS Only</samp> to <samp>On</samp> under <samp>Protocol Settings</samp> section</li>\\n</ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"9.2\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"9.2\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl#enforce-https\"\n    ],\n    \"dashboard_name\": \"Web Apps\",\n    \"path\": \"appservice.subscriptions.id.web_apps.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"appservice.subscriptions.id.web_apps.id.https_only\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"https_only\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json",
    "content": "{\n    \"description\": \"Managed Service Identities Disabled\",\n    \"rationale\": \"App Service provides a highly scalable, self-patching web hosting service in Azure. It also provides a managed identity for apps, which is a turn-key solution for securing access to Azure SQL Database and other Azure services.\",\n    \"remediation\": \"Using Console:<ol><li>Login to Azure Portal using https://portal.azure.com</li><li>Go to \\\"App Services\\\"</li><li>Click on each App</li><li>Under the \\\"Setting\\\" section, Click on \\\"Identity\\\"</li><li>Ensure that \\\"Status\\\" set to On\\\"</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"9.5\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"9.5\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-gb/azure/app-service/app-service-web-tutorial-connect-msi\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-identity-management#im-1-standardize-azure-active-directory-as-the-central-identity-and-authentication-system\"\n    ],\n    \"dashboard_name\": \"Web Apps\",\n    \"path\": \"appservice.subscriptions.id.web_apps.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"appservice.subscriptions.id.web_apps.id.identity\",\n            \"notNull\",\n            \"\"\n        ],\n        [\n            \"appservice.subscriptions.id.web_apps.id.identity.principal_id\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"identity.managed_principal_id\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-dotnet.json",
    "content": "{\n    \"description\": \"Web App Running an Outdated .Net Framework Version\",\n    \"rationale\": \"Periodically, newer versions are released for .Net Framework software either due to security flaws or to include additional functionality. Using the latest version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.\",\n    \"remediation\": \"Using Command Line:\\n<ol>\\n    <li>To see the list of supported runtimes</li>\\n    <code><samp>az webapp list-runtimes | grep aspnet</samp></code>\\n    <li>To set latest .NET Framework version for an existing app, run the following command:</li>\\n  <code>az webapp config set --resource-group &ltRESOURCE_GROUP_NAME&gt --name &ltAPP_NAME&gt --net-framework-version &ltVERSION&gt</code>\\n    <li>Use .NET Framework as, 'v4.0' for .NET 4.6 and 'v3.0' for .NET 3.5.</li>\\n</ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"9.6\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"9.6\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security\"\n    ],\n    \"dashboard_name\": \"Web Apps\",\n    \"path\": \"appservice.subscriptions.id.web_apps.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"appservice.subscriptions.id.web_apps.id.programming_language\",\n            \"equal\",\n            \"dotnet\"\n        ],\n        [\n            \"appservice.subscriptions.id.web_apps.id.programming_language_version\",\n            \"containNoneOf\",\n            [\n                \"v6.0\",\n                \"6.0\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"programming_language_version\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-java.json",
    "content": "{\n    \"description\": \"Web App Running an Outdated Java Version\",\n    \"rationale\": \"Periodically, newer versions are released for Java software either due to security flaws or to include additional functionality. Using the latest Java version for web apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\n    \"remediation\": \"Using Console:\\n<ol>\\n    <li>Go to <samp>App Services</samp></li>\\n    <li>Click on each App</li>\\n    <li>Under <samp>Setting</samp> section, Click on <samp>Application Settings</samp></li>\\n    <li>Set  <samp>Java version</samp>  to latest version available under <samp>General Settings</samp></li>\\n    <li>Set <samp>Java minor version</samp> to latest version available</li>\\n    <li>Set <samp>Java web container</samp> to the latest version of web container available</li>\\n    NOTE: No action is required if <samp>Java version</samp> is set to <samp>Off</samp> \\n</ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"9.9\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"9.9\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security\"\n    ],\n    \"dashboard_name\": \"Web Apps\",\n    \"path\": \"appservice.subscriptions.id.web_apps.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"appservice.subscriptions.id.web_apps.id.programming_language\",\n            \"equal\",\n            \"java\"\n        ],\n        [\n            \"appservice.subscriptions.id.web_apps.id.programming_language_version\",\n            \"containNoneOf\",\n            [\n                \"8-jre8\",\n                \"11-java11\",\n                \"1.8\",\n                \"11\",\n                \"8u232\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"programming_language_version\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-php.json",
    "content": "{\n    \"description\": \"Web App Running an Outdated PHP Version\",\n    \"rationale\": \"Periodically newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.\",\n    \"remediation\": \"Using Console:\\n<ol>\\n    <li>Go to <samp>App Services</samp></li>\\n    <li>Click on each App</li>\\n    <li>Under <samp>Setting</samp> section, Click on <samp>Configuration</samp></li>\\n    <li>Set  <samp>PHP version</samp>  to latest version available under <samp>General Settings</samp></li>\\n   NOTE: No action is required if <samp>PHP version</samp> is set to <samp>Off</samp> \\n</ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"9.7\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"9.7\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security\"\n    ],\n    \"dashboard_name\": \"Web Apps\",\n    \"path\": \"appservice.subscriptions.id.web_apps.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"appservice.subscriptions.id.web_apps.id.programming_language\",\n            \"equal\",\n            \"php\"\n        ],\n        [\n            \"appservice.subscriptions.id.web_apps.id.programming_language_version\",\n            \"containNoneOf\",\n            [\n                \"7.2\",\n                \"7.3\",\n                \"7.4\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"programming_language_version\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-python.json",
    "content": "{\n    \"description\": \"Web App Running an Outdated Python Version\",\n    \"rationale\": \"Periodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest Python version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.\",\n    \"remediation\": \"Using Console:\\n<ol>\\n    <li>Go to <samp>App Services</samp></li>\\n    <li>Click on each App</li>\\n    <li>Under <samp>Setting</samp> section, Click on <samp>Application Settings</samp></li>\\n    <li>Set  <samp>Python version</samp>  to latest version available under <samp>General Settings</samp></li>\\n  NOTE: No action is required if <samp>Python version</samp> is set to <samp>Off</samp>\\n</ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"9.8\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"9.8\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings\"\n    ],\n    \"dashboard_name\": \"Web Apps\",\n    \"path\": \"appservice.subscriptions.id.web_apps.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"appservice.subscriptions.id.web_apps.id.programming_language\",\n            \"equal\",\n            \"python\"\n        ],\n        [\n            \"appservice.subscriptions.id.web_apps.id.programming_language_version\",\n            \"containNoneOf\",\n            [\n                \"3.6\",\n                \"3.7\",\n                \"3.8\",\n                \"3.9\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"programming_language_version\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json",
    "content": "{\n    \"description\": \"Insecure TLS Version Supported\",\n    \"rationale\": \"The TLS (Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS. App Service allows TLS 1.2 by default, which is the recommended TLS level by industry standards, such as PCI DSS.\",\n    \"remediation\": \"In the Azure console:\\n<ol>\\n    <li>Go to <samp>App Services</samp></li>\\n    <li>Click on each App</li>\\n    <li>Under <samp>Setting</samp> section, Click on <samp>SSL settings</samp></li>\\n    <li>Set  <samp>Minimum TLS Version</samp> to <samp>1.2</samp> under <samp>Protocol Settings</samp> section</li>\\n</ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"9.3\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"9.3\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl#enforce-tls-versions\"\n    ],\n    \"dashboard_name\": \"Web Apps\",\n    \"path\": \"appservice.subscriptions.id.web_apps.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"appservice.subscriptions.id.web_apps.id.minimum_tls_version_supported\",\n            \"notEqual\",\n            \"1.2\"\n        ]\n    ],\n    \"id_suffix\": \"minimum_tls_supported\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/appservice-webapp-using-outdated-progamming-language-version.json",
    "content": "{\n    \"description\": \"(WIP) Web App Not Using Latest Programming Language Version\",\n    \"rationale\": \"\",\n    \"remediation\": \"\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"9.6\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"9.7\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"9.8\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"9.9\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings\"\n    ],\n    \"dashboard_name\": \"Web Apps\",\n    \"path\": \"appservice.subscriptions.id.web_apps.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"or\",\n            [\n                \"appservice.subscriptions.id.web_apps.id.programming_language\",\n                \"equal\",\n                \"dotnet\"\n            ],\n            [\n                \"appservice.subscriptions.id.web_apps.id.programming_language_version\",\n                \"notEqual\",\n                \"v4.0\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"programming_language_version\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/keyvault-not-recoverable.json",
    "content": "{\n    \"description\": \"Key Vault Not Recoverable\",\n    \"rationale\": \"There could be scenarios where users accidently run delete/purge commands on key vault or attacker/malicious user does it deliberately to cause disruption. Deleting or purging a key vault leads to immediate data loss as keys encrypting data and secrets/certificates allowing access/services will become non-accessible.\",\n    \"remediation\": \"From Azure CLI: <br> <samp>az resource update --id /subscriptions/xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/<resourceGroupName>/providers/Microsoft.KeyVault /vaults/<keyVaultName> --set properties.enablePurgeProtection=true properties.enableSoftDelete=true</samp></br>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"8.5\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/key-vault/key-vault-soft-delete-cli\",\n        \"https://blogs.technet.microsoft.com/kv/2017/05/10/azure-key-vault-recovery-options/\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-8-define-backup-and-recovery-strategy\"\n    ],\n    \"dashboard_name\": \"Key Vaults\",\n    \"path\": \"keyvault.subscriptions.id.vaults.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"keyvault.subscriptions.id.vaults.id.recovery_protection_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"recovery_protection_enabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/keyvault-public-traffic-allowed.json",
    "content": "{\n    \"description\": \"Key Vaults Allowing Public Network Access\",\n    \"rationale\": \"Restricting default network access helps to provide a new layer of security, since key vaults accept connections from clients on any network. To limit access to selected networks, the default action must be changed.\",\n    \"remediation\": \"In the Azure console: <ol> <li>Go to <samp>Key Vaults</samp></li> <li>For each key vault, click on the settings menu called <samp>Networking</samp>.</li><li>Go to the tab named <samp>Firewalls and virtual networks</samp>.</li> <li>Ensure that you have elected to disable public access, or allow public access from <samp>specific virtual networks and IP addresses</samp>.</li> <li>If necessary, add rules to allow traffic from specific networks.</li> <li>Click <samp>Save</samp> to apply your changes.</li> </ol>\",\n    \"compliance\": [\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/key-vault/general/network-security\",\n        \"https://learn.microsoft.com/en-gb/security/benchmark/azure/baselines/key-vault-security-baseline?context=%2Fazure%2Fkey-vault%2Fgeneral%2Fcontext%2Fcontext#ns-2-secure-cloud-services-with-network-controls\"\n    ],\n    \"dashboard_name\": \"Key Vaults\",\n    \"path\": \"keyvault.subscriptions.id.vaults.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"keyvault.subscriptions.id.vaults.id.public_access_allowed\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"public_access_allowed\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/keyvault-rbac-authorization-disabled.json",
    "content": "{\n    \"description\": \"Key Vault Role Based Access Control Disabled\",\n    \"rationale\": \"Azure RBAC provides finer-grained access management of Azure resources than vault access policy. It allows an administrator to set separate permissions on individual keys, secrets and certificates on different scope levels, from a management group level all the way to individual resources. It also allows an administrator to take advantage of privileged identity management functionality such as assigning Just in Time access (JIT) to resources.\",\n    \"remediation\": \"In the Azure console:<ol><li>Go to <samp>Key Vaults</samp></li> <li>For each key vault, go to <samp>Access configuration</samp></li> <li>Set <samp>Permission model</samp> to <samp>Azure role-based access control (recommended)</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"2.0.0\",\n            \"reference\": \"8.6\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-access-policy\",\n        \"https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide\"\n    ],\n    \"dashboard_name\": \"Key Vaults\",\n    \"path\": \"keyvault.subscriptions.id.vaults.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"keyvault.subscriptions.id.vaults.id.rbac_authorization_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"rbac_authorization_enabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json",
    "content": "{\n    \"description\": \"Diagnostic Setting Does Not Exist\",\n    \"rationale\": \"A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.\",\n    \"remediation\": \"In the Azure console: <ol> <li>Go to <samp>Diagnostic settings</samp></li> <li>Click on <samp>Add diagnostic setting</samp>.</li> <li></li> <li>Add rules to allow traffic from specific network.</li>Configure the setting including the export location (This may be Log Analytics/Storage account or Event Hub) <li>Click on <samp>Save</samp></li> </ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"5.1.1\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/platform-logs-overview#export-the-activity-log-with-a-log-profile\",\n        \"https://learn.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az_monitor_log_profiles_create\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-5-centralize-security-log-management-and-analysis\"\n    ],\n    \"dashboard_name\": \"Diagnostic Settings\",\n    \"path\": \"loggingmonitoring.subscriptions.id.diagnostic_settings.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"loggingmonitoring.subscriptions.id.diagnostic_settings.id.diagnostic_exist\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"diagnostic_exist\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json",
    "content": "{\n    \"description\": \"Activity Log Alert Does Not Exist for Create Policy Assignment\",\n    \"rationale\": \"Monitoring for \\\"Create Policy Assignment\\\" events gives insight into changes done in \\\"azure policy -assignments\\\" and can reduce the time it takes to detect unsolicited changes.\",\n    \"remediation\": \"In the Azure console: <ol><li>Go to Monitor service on Azure Security Center</li><li>Select Alerts blade</li><li>Click On New alert Rule</li><li>Under Scope, click Select resource</li><li>Select the appropriate subscription under Filter by subscription</li><li>Select Policy Assignment under Filter by resource type</li><li>Select All for Filter by location</li><li>Click on the subscription from the entries populated under Resource</li><li>Verify Selection preview shows All Policy assignment (policyAssignments) and your selected subscription name</li><li>Under Condition click Select Condition</li><li>Select Create policy assignment signal</li><li>Click Done</li><li>Under Action group, select appropriate action group</li><li>Under Alert rule details, enter rule name and description</li><li>Select appropriate resource group</li><li>Check Enable alert rule upon creation checkbox</li><li>Click Create alert rule</li> </ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"5.2.1\"\n        }\n    ],\n    \"references\": [\n        \"https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/\",\n        \"https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log\",\n        \"https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate\",\n        \"https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources\"\n    ],\n    \"dashboard_name\": \"Alert Rules\",\n    \"path\": \"loggingmonitoring.subscriptions.id.log_alerts.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"loggingmonitoring.subscriptions.id.log_alerts.id.create_policy_assignment_exist\",\n            \"false\",\n            \"\"\n        ],\n        [\n            \"loggingmonitoring.subscriptions.id.log_alerts.id.create_policy_assignment_exist\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"create_policy_assignment_exist\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json",
    "content": "{\n    \"description\": \"Activity Log Alert Does Not Exist for _ARG_0_\",\n    \"rationale\": \"Monitoring for \\\"_ARG_0_\\\" events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.\",\n    \"remediation\": \"In the Azure console: <ol><li>Go to Monitor service on Azure Security Center</li><li>Select Alerts blade</li><li>Click On New alert Rule</li><li>Under Scope, click Select resource</li><li>Select the appropriate subscription under Filter by subscription</li><li>Select Policy Assignment under Filter by resource type</li><li>Select All for Filter by location</li><li>Click on the subscription from the entries populated under Resource</li><li>Verify Selection preview shows All Policy assignment (policyAssignments) and your selected subscription name</li><li>Under Condition click Select Condition</li><li>Select Create policy assignment signal</li><li>Click Done</li><li>Under Action group, select appropriate action group</li><li>Under Alert rule details, enter rule name and description</li><li>Select appropriate resource group</li><li>Check Enable alert rule upon creation checkbox</li><li>Click Create alert rule</li> </ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"_ARG_1_\"\n        }\n    ],\n    \"references\": [\n        \"https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/\",\n        \"https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log\",\n        \"https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate\",\n        \"https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources\"\n    ],\n    \"dashboard_name\": \"Alert Rules\",\n    \"path\": \"loggingmonitoring.subscriptions.id.log_alerts.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"loggingmonitoring.subscriptions.id.log_alerts.id._ARG_2_\",\n            \"false\",\n            \"\"\n        ],\n        [\n            \"loggingmonitoring.subscriptions.id.log_alerts.id._ARG_2_\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"key\": \"_ARG_2_\",\n    \"arg_names\": [\n        \"Event\",\n        \"Associated CIS rule\",\n        \"Dictionary Value\"\n    ],\n    \"id_suffix\": \"_ARG_2_\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json",
    "content": "{\n    \"description\": \"Activity Log Alert Does Not Exist for _ARG_0_\",\n    \"rationale\": \"Monitoring for \\\"_ARG_0_\\\" events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.\",\n    \"remediation\": \"In the Azure console: <ol><li>Go to Monitor service on Azure Security Center</li><li>Select Alerts blade</li><li>Click On New alert Rule</li><li>Under Scope, click Select resource</li><li>Select the appropriate subscription under Filter by subscription</li><li>Select Policy Assignment under Filter by resource type</li><li>Select All for Filter by location</li><li>Click on the subscription from the entries populated under Resource</li><li>Verify Selection preview shows All Policy assignment (policyAssignments) and your selected subscription name</li><li>Under Condition click Select Condition</li><li>Select Create policy assignment signal</li><li>Click Done</li><li>Under Action group, select appropriate action group</li><li>Under Alert rule details, enter rule name and description</li><li>Select appropriate resource group</li><li>Check Enable alert rule upon creation checkbox</li><li>Click Create alert rule</li> </ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"_ARG_1_\"\n        }\n    ],\n    \"references\": [\n        \"https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/\",\n        \"https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log\",\n        \"https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate\",\n        \"https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources\"\n    ],\n    \"dashboard_name\": \"Alert Rules\",\n    \"path\": \"loggingmonitoring.subscriptions.id.log_alerts.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"loggingmonitoring.subscriptions.id.log_alerts.id._ARG_2_\",\n            \"false\",\n            \"\"\n        ],\n        [\n            \"loggingmonitoring.subscriptions.id.log_alerts.id._ARG_2_\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"key\": \"_ARG_2_\",\n    \"arg_names\": [\n        \"Event\",\n        \"Associated CIS rule\",\n        \"Dictionary Value\"\n    ],\n    \"id_suffix\": \"_ARG_2_\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/logging-monitoring-logging-key-vault-disabled.json",
    "content": "{\n    \"description\": \"Logging for Azure Key Vault Is Disabled\",\n    \"rationale\": \"Monitoring how and when key vaults are accessed, and by whom enables an audit trail of interactions with confidential information, keys and certificates managed by Azure Keyvault. Enabling logging for Key Vault saves information in an Azure storage account that the user provides. This creates a new container named insights-logs-auditevent automatically for the specified storage account, andthis same storage account can be used for collecting logs for multiple key vaults.\",\n    \"remediation\": \"Follow Microsoft Azure documentation and setup Azure Key Vault Logging.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"5.1.5\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources\"\n    ],\n    \"dashboard_name\": \"Key Vaults\",\n    \"path\": \"loggingmonitoring.subscriptions.id.resources_logging.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"loggingmonitoring.subscriptions.id.resources_logging.id.diagnostic_key_vault.audit_event_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"diagnostic_key_vault_audit_event_enabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json",
    "content": "{\n    \"description\": \"Audit Profile Does Not Capture All Activities\",\n    \"rationale\": \"A log profile controls how the activity log is exported. Configuring the log profile to collect logs for the categories \\\"write\\\", \\\"delete\\\" and \\\"action\\\" ensures that all the control/management plane activities performed on the subscription are exported.\",\n    \"remediation\": \"On Azure portal there is no provision to check or set categories.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"5.1.2\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az-monitor-log-profiles-update\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources\"\n    ],\n    \"dashboard_name\": \"Profile\",\n    \"path\": \"loggingmonitoring.subscriptions.id.log_profiles.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"loggingmonitoring.subscriptions.id.log_profiles.id.captures_all_activities\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"captures_all_activities\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/mysql-database-servers-ssl-enforcement-disabled.json",
    "content": "{\n    \"description\": \"Enforce SSL Connection Is Disabled for MySQL Database Server\",\n    \"rationale\": \"<samp>SSL connectivity</samp> helps to provide a new layer of security, by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against \\\"man in the middle\\\" attacks by encrypting the data stream between the server and application.\",\n    \"remediation\": \"From Azure Console: <ol><li>Login to Azure Portal using https://portal.azure.com</li><li>Go to <samp>Azure Database</samp> for <samp>MySQL server</samp></li><li>For each database, click on <samp>Connection security</samp></li><li>In <samp>SSL</samp> settings.</li><li>Click <samp>Enabled</samp> to Enforce SSL connection</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.3.2\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/postgresql/concepts-ssl-connection-security\",\n        \"https://learn.microsoft.com/en-us/azure/mysql/howto-configure-ssl\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-4-encrypt-sensitive-information-in-transit\"\n    ],\n    \"dashboard_name\": \"MySQL Servers\",\n    \"path\": \"mysqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"mysqldatabase.subscriptions.id.servers.id.ssl_enforcement\",\n            \"equal\",\n            \"Disabled\"\n        ]\n    ],\n    \"id_suffix\": \"ssl_enforcement\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-internet-all.json",
    "content": "{\n    \"description\": \"Security Group Rules Allowing All Inbound Access\",\n    \"rationale\": \"It was detected that all ports in the security group are open, and accessible from the Internet, which creates a wider attack surface for resources assigned to it. Open ports should be reduced to the minimum needed to correctly operate and, when possible, source address restrictions should be implemented.\",\n    \"dashboard_name\": \"NSGs\",\n    \"display_path\": \"network.subscriptions.id.security_groups.id\",\n    \"path\": \"network.subscriptions.id.security_groups.id.security_rules.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"network.subscriptions.id.security_groups.id.security_rules.id.destination_port_ranges\",\n            \"containAtLeastOneOf\",\n            [\n                \"*\",\n                \"0-65535\",\n                \"1-65535\"\n            ]\n        ],\n        [\n            \"_INCLUDE_(conditions/exposed-to-the-internet.json)\",\n            \"\",\n            \"\"\n        ],\n        [\n            \"_INCLUDE_(conditions/allow-tcp.json)\",\n            \"\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-mssql.json",
    "content": "{\n    \"description\": \"Security Group Rules Allowing Inbound MsSQL Access\",\n    \"rationale\": \"MsSQL (1433) inbound access should not be allowed to a network security group.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.3\"\n        }\n    ],\n    \"dashboard_name\": \"NSGs\",\n    \"display_path\": \"network.subscriptions.id.security_groups.id\",\n    \"path\": \"network.subscriptions.id.security_groups.id.security_rules.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"network.subscriptions.id.security_groups.id.security_rules.id.destination_ports\",\n            \"portsInPortList\",\n            \"1433\"\n        ],\n        [\n            \"_INCLUDE_(conditions/exposed-to-the-internet.json)\",\n            \"\",\n            \"\"\n        ],\n        [\n            \"_INCLUDE_(conditions/allow-tcp.json)\",\n            \"\",\n            \"\"\n        ]\n    ],\n    \"key\": \"network-security-groups-rule-inbound-MsSQL\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-udp.json",
    "content": "{\n    \"description\": \"Security Group Rules Allowing Inbound UDP Access\",\n    \"rationale\": \"UDP inbound access should not be allowed to a network security group.\",\n    \"remediation\": \"Disable direct UDP access to your Azure Virtual Machines from the Internet. After direct UDP access from the Internet is disabled, you have other options you can use to access UDP based services running on these virtual machines:<ol><li>Point-to-site VPN</li><li>Site-to-site VPN</li><li>ExpressRoute</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"6.6\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal\",\n        \"https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal\",\n        \"https://learn.microsoft.com/en-us/azure/expressroute/\",\n        \"https://learn.microsoft.com/en-us/azure/security/fundamentals/network-best-practices\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-network-security#ns-1-implement-security-for-internal-traffic\"\n    ],\n    \"dashboard_name\": \"NSGs\",\n    \"display_path\": \"network.subscriptions.id.security_groups.id\",\n    \"path\": \"network.subscriptions.id.security_groups.id.security_rules.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"_INCLUDE_(conditions/exposed-to-the-internet.json)\",\n            \"\",\n            \"\"\n        ],\n        [\n            \"_INCLUDE_(conditions/allow-udp.json)\",\n            \"\",\n            \"\"\n        ]\n    ],\n    \"key\": \"network-security-groups-rule-inbound-UDP\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service.json",
    "content": "{\n    \"description\": \"Security Group Rules Allowing Inbound _ARG_0_ Access\",\n    \"rationale\": \"_ARG_0_ (port _ARG_1_) inbound access should not be allowed to a network security group.\",\n    \"remediation\": \"Disable direct _ARG_0_ access to your Azure Virtual Machines from the Internet. After direct UDP access from the Internet is disabled, you have other options you can use to access UDP based services running on these virtual machines:<br><ol><li>Point-to-site VPN</li><li>Site-to-site VPN</li><li>ExpressRoute</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"_ARG_2_\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"_ARG_2_\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal\",\n        \"https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal\",\n        \"https://learn.microsoft.com/en-us/azure/expressroute/\",\n        \"https://learn.microsoft.com/en-us/azure/security/fundamentals/network-best-practices#disable-rdpssh-access-to-azure-virtual-machines\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-network-security\"\n    ],\n    \"dashboard_name\": \"NSGs\",\n    \"display_path\": \"network.subscriptions.id.security_groups.id\",\n    \"path\": \"network.subscriptions.id.security_groups.id.security_rules.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"network.subscriptions.id.security_groups.id.security_rules.id.destination_ports\",\n            \"portsInPortList\",\n            \"_ARG_1_\"\n        ],\n        [\n            \"_INCLUDE_(conditions/exposed-to-the-internet.json)\",\n            \"\",\n            \"\"\n        ],\n        [\n            \"_INCLUDE_(conditions/allow-tcp.json)\",\n            \"\",\n            \"\"\n        ]\n    ],\n    \"key\": \"network-security-groups-rule-inbound-_ARG_0_\",\n    \"arg_names\": [\n        \"Protocol (ex: SSH, RDP, etc.)\",\n        \"Protocol's port\",\n        \"Associated CIS rule\"\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/network-watcher-not-enabled.json",
    "content": "{\n    \"description\": \"Network Watchers Not Enabled\",\n    \"rationale\": \"Network watchers should be enabled.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.5\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"6.5\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview\",\n        \"https://docs.azure.cn/zh-cn/cli/network/watcher?view=azure-cli-latest\",\n        \"https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-create\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-asset-management#am-2-ensure-security-team-has-access-to-asset-inventory-and-metadata\"\n    ],\n    \"dashboard_name\": \"Network Configurations\",\n    \"display_path\": \"network.subscriptions.id.watchers\",\n    \"path\": \"network.subscriptions.id.watchers\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"network.subscriptions.id.watchers\",\n            \"empty\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"network_watchers_disabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/network-watcher-not-provisioned.json",
    "content": "{\n    \"description\": \"Network Watchers Not Provisioned\",\n    \"rationale\": \"Network watchers should be provisioned to work.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.5\"\n        }\n    ],\n    \"dashboard_name\": \"Network\",\n    \"display_path\": \"network.subscriptions.id.watchers.id\",\n    \"path\": \"network.subscriptions.id.watchers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"network.subscriptions.id.watchers.id.provisioning_state\",\n            \"notEqual\",\n            \"Succeeded\"\n        ]\n    ],\n    \"id_suffix\": \"network_watchers_not_provisioned\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-allow-any-ip.json",
    "content": "{\n    \"description\": \"PostgreSQL Database Allow Ingress 0.0.0.0/0 (Any IP)\",\n    \"rationale\": \"If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, setup firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.\",\n    \"remediation\": \"From Azure Console: <ol><li>Login to Azure Portal using https://portal.azure.com</li><li>Go to <samp>Azure Database</samp> for <samp>PostgreSQL server</samp></li><li>For each database, click on <samp>Connection security</samp></li><li>In <samp>Firewall rukes</samp></li><li>Ensure <samp> Allow access to Azure services</samp> is set to 'OFF'</li><li>Click <samp>Save</samp> to apply the changed rule.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.3.9\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules\",\n        \"https://learn.microsoft.com/en-us/azure/postgresql/howto-manage-firewall-using-cli\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-network-security#ns-1-implement-security-for-internal-traffic\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-network-security#ns-4-protect-applications-and-services-from-external-network-attacks\"\n    ],\n    \"dashboard_name\": \"PostgreSQL Firewall Rules\",\n    \"display_path\": \"postgresqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"postgresqldatabase.subscriptions.id.servers.id.postgresql_firewall_rules.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"postgresqldatabase.subscriptions.id.servers.id.postgresql_firewall_rules.id.start_ip\",\n            \"equal\",\n            \"0.0.0.0\"\n        ]\n    ],\n    \"id_suffix\": \"start_ip\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-connection-throttling-not-on.json",
    "content": "{\n    \"description\": \"Server Parameter Connection Throttling Not Set to 'ON'\",\n    \"rationale\": \"Enabling <samp>connection_throttling</samp> helps the PostgreSQL Database to <samp>Set the verbosity of logged messages</samp> which in turn generates query and error logs with respect to concurrent connections, that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.\",\n    \"remediation\": \"From Azure Console: <ol><li>Login to Azure Portal using https://portal.azure.com</li><li>Go to <samp>Azure Database</samp> for <samp>PostgreSQL server</samp></li><li>For each database, click on <samp>Server parameters</samp></li><li>Search for <samp>connection_throttling.</samp></li><li>Click <samp>ON</samp> and save.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.3.7\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver\",\n        \"https://learn.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources\"\n    ],\n    \"dashboard_name\": \"PostgreSQL Servers\",\n    \"path\": \"postgresqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"postgresqldatabase.subscriptions.id.servers.id.connection_throttling.value\",\n            \"equal\",\n            \"off\"\n        ]\n    ],\n    \"id_suffix\": \"server_connection_throttling_value\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-checkpoints-not-on.json",
    "content": "{\n    \"description\": \"Server Parameter Log Checkpoints Not Set to 'ON'\",\n    \"rationale\": \"Enabling <samp>log_checkpoints</samp> helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.\",\n    \"remediation\": \"From Azure Console: <ol><li>Login to Azure Portal using https://portal.azure.com</li><li>Go to <samp>Azure Database</samp> for <samp>PostgreSQL server</samp></li><li>For each database, click on <samp>Server parameters</samp></li><li>Search for <samp>log_checkpoints.</samp></li><li>Click <samp>ON</samp> and save.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.3.3\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver\",\n        \"https://learn.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources\"\n    ],\n    \"dashboard_name\": \"PostgreSQL Servers\",\n    \"path\": \"postgresqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"postgresqldatabase.subscriptions.id.servers.id.log_checkpoints.value\",\n            \"equal\",\n            \"off\"\n        ]\n    ],\n    \"id_suffix\": \"server_log_checkpoints_value\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-connections-not-on.json",
    "content": "{\n    \"description\": \"Server Parameter Log Connections Not Set to 'ON'\",\n    \"rationale\": \"Enabling <samp>log_connections</samp> helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.\",\n    \"remediation\": \"From Azure Console: <ol><li>Login to Azure Portal using https://portal.azure.com</li><li>Go to <samp>Azure Database</samp> for <samp>PostgreSQL server</samp></li><li>For each database, click on <samp>Server parameters</samp></li><li>Search for <samp>log_connection.</samp></li><li>Click <samp>ON</samp> and save.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.3.4\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver\",\n        \"https://learn.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources\"\n    ],\n    \"dashboard_name\": \"PostgreSQL Servers\",\n    \"path\": \"postgresqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"postgresqldatabase.subscriptions.id.servers.id.log_connections.value\",\n            \"equal\",\n            \"off\"\n        ]\n    ],\n    \"id_suffix\": \"server_log_connections_value\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-disconnections-not-on.json",
    "content": "{\n    \"description\": \"Server Parameter Log Disconnections Not Set to 'ON'\",\n    \"rationale\": \"Enabling <samp>log_disconnections</samp>helps PostgreSQL Database to <samp>Logs end of a session</samp>, including duration, which in turn generates query and error logs. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.\",\n    \"remediation\": \"From Azure Console: <ol><li>Login to Azure Portal using https://portal.azure.com</li><li>Go to <samp>Azure Database</samp> for <samp>PostgreSQL server</samp></li><li>For each database, click on <samp>Server parameters</samp></li><li>Search for <samp>log_disconnection.</samp></li><li>Click <samp>ON</samp> and save.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.3.5\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver\",\n        \"https://learn.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources\"\n    ],\n    \"dashboard_name\": \"PostgreSQL Servers\",\n    \"path\": \"postgresqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"postgresqldatabase.subscriptions.id.servers.id.log_disconnections.value\",\n            \"equal\",\n            \"off\"\n        ]\n    ],\n    \"id_suffix\": \"server_log_disconnections_value\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-duration-not-on.json",
    "content": "{\n    \"description\": \"Server Parameter Log Duration Not Set to 'ON'\",\n    \"rationale\": \"Enabling <samp>log_duration</samp> helps the PostgreSQL Database to <samp>Logs the duration of each completed SQL statement</samp> which in turn generates query and error logs. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.\",\n    \"remediation\": \"From Azure Console: <ol><li>Login to Azure Portal using https://portal.azure.com</li><li>Go to <samp>Azure Database</samp> for <samp>PostgreSQL server</samp></li><li>For each database, click on <samp>Server parameters</samp></li><li>Search for <samp>log_duration.</samp></li><li>Click <samp>ON</samp> and save.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.3.6\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver\",\n        \"https://learn.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources\"\n    ],\n    \"dashboard_name\": \"PostgreSQL Servers\",\n    \"path\": \"postgresqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"postgresqldatabase.subscriptions.id.servers.id.log_duration.value\",\n            \"equal\",\n            \"off\"\n        ]\n    ],\n    \"id_suffix\": \"server_log_duration_value\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-retention-days-less-than-4.json",
    "content": "{\n    \"description\": \"Server Parameter Log Retention Days Less Than 4\",\n    \"rationale\": \"Enabling <samp>log_retention_days</samp> helps PostgreSQL Database to <samp>Sets number of days a log file is retained</samp> which in turn generates query and error logs. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.\",\n    \"remediation\": \"From Azure Console: <ol><li>Login to Azure Portal using https://portal.azure.com</li><li>Go to <samp>Azure Database</samp> for <samp>PostgreSQL server</samp></li><li>For each database, click on <samp>Server parameters</samp></li><li>Search for <samp>retention_days.</samp></li><li>Enter value in range 4-7 (inclusive) and save.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.3.8\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver\",\n        \"https://learn.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources\"\n    ],\n    \"dashboard_name\": \"PostgreSQL Servers\",\n    \"path\": \"postgresqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"postgresqldatabase.subscriptions.id.servers.id.log_retention_days.value\",\n            \"lessThan\",\n            \"4\"\n        ]\n    ],\n    \"id_suffix\": \"server_log_retention_days_value\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-ssl-enforcement-disabled.json",
    "content": "{\n    \"description\": \"Enforce SSL Connection Is Disabled for PostgreSQL Database Server\",\n    \"rationale\": \"<samp>SSL connectivity</samp> helps to provide a new layer of security, by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against \\\"man in the middle\\\" attacks by encrypting the data stream between the server and application.\",\n    \"remediation\": \"From Azure Console: <ol><li>Login to Azure Portal using https://portal.azure.com</li><li>Go to <samp>Azure Database</samp> for <samp>PostgreSQL server</samp></li><li>For each database, click on <samp>Connection security</samp></li><li>In <samp>SSL</samp> settings.</li><li>Click <samp>Enabled</samp> to Enforce SSL connection</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.3.1\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/postgresql/concepts-ssl-connection-security\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-4-encrypt-sensitive-information-in-transit\"\n    ],\n    \"dashboard_name\": \"PostgreSQL Servers\",\n    \"path\": \"postgresqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"postgresqldatabase.subscriptions.id.servers.id.ssl_enforcement\",\n            \"equal\",\n            \"Disabled\"\n        ]\n    ],\n    \"id_suffix\": \"ssl_enforcement\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/rbac-administering-resource-locks-assigned.json",
    "content": "{\n    \"description\": \"No Administering Resource Locks Role\",\n    \"rationale\": \"Given the resource lock functionality is outside of standard Role Based Access Control(RBAC), it would be prudent to create a resource lock administrator role to prevent inadvertent unlocking of resources.\",\n    \"remediation\": \"From Azure Console: <ol><li>In the Azure portal, open a subscription or resource group where you want the custom role to be assignable.</li><li>Select <samp>Access control (IAM)</samp></li> <li> Click <samp> Add</samp></li><li>Select Add custom role</li><li>\\n    Select Add custom role\\n</li><li>\\n    In the Custom Role Name field enter <samp>Resource Lock Administrator</samp>\\n</li>\\n<li>\\n    In the <samp>Description</samp> field enter <samp>Can Administer Resource Locks</samp>\\n</li>\\n<li>\\n    For <samp>Baseline permissions</samp> select <samp> Start from scratch</samp>\\n</li>\\n<li>\\n    Click <samp>next</samp>\\n</li>\\n<li>\\n    In the <samp>Permissions</samp> select <samp>Add permissions</samp>\\n</li>\\n<li>In the Search for a permission box, type in <samp>Microsoft.Authorization/locks</samp> to search for permissions.</li>\\n<li> Select the check box next to the permission called <samp>Microsoft.Authorization/locks</samp></li>\\n<li>Click <samp>add</samp></li>\\n<li>Click <samp>Review+create</samp></li>\\n<li>Click <samp>Create</samp></li>\\n<li>Assign the newly created role to the appropriate user</li> </ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.23\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles\",\n        \"https://learn.microsoft.com/en-us/azure/role-based-access-control/check-access\"\n    ],\n    \"dashboard_name\": \"Roles\",\n    \"path\": \"rbac.subscriptions.id.custom_roles_report.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"rbac.subscriptions.id.custom_roles_report.id.missing_custom_role_administering_resource_locks\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"missing_custom_role_administering_resource_locks\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/rbac-custom-subscription-owner-role-not-allowed.json",
    "content": "{\n    \"description\": \"Custom Subscription Owner Role Not Allowed\",\n    \"rationale\": \"Classic subscription admin roles offer basic access management and include Account Administrator, Service Administrator, and Co-Administrators. It is recommended the least necessary permissions be given initially. Permissions can be added as needed by the account holder. This ensures the account holder cannot perform actions which were not intended.\",\n    \"remediation\": \"From Azure Command Line Interface 2.0: <ol><li><samp>az role definition list</samp></li><li>Check for entries with <samp>assignableScope</samp> of <samp>/</samp> or a <samp> subscription</samp>, and an action of <samp>*</samp></li> <li> Verify the usage and impact of removing the role identified:</li><li><samp>az role definition delete --name \\\"rolename\\\"</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"1.21\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/add-change-subscription-administrator\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-privileged-access\"\n    ],\n    \"dashboard_name\": \"Roles\",\n    \"path\": \"rbac.subscriptions.id.roles.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"rbac.subscriptions.id.roles.id.custom_subscription_owner_role\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"custom_subscription_owner_role\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/securitycenter-auto-provisioning-off.json",
    "content": "{\n    \"description\": \"No Automatic Provisioning of Monitoring Agent\",\n    \"rationale\": \"When Automatic provisioning of monitoring agentis turned on, Azure Security Center provisions the Microsoft Monitoring Agent on all existing supported Azure virtual machines and any new ones that are created. The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, endpoint protection, and provides alerts.\",\n    \"remediation\": \"From Azure console:<ol><li>Go to <samp>Security Center</samp></li><li>Click on <samp>Pricing & Settings</samp></li><li>Click on subscription</li><li>Click on <samp>Data Collection</samp></li><li>Set <samp>Automatic provisioning</samp> to <samp>On</samp></li><li>Click <samp>Save</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.2\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"2.9\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/security-center/security-center-data-security\",\n        \"https://learn.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection\",\n        \"https://learn.microsoft.com/en-us/previous-versions/azure/reference/mt704062(v=azure.100)?redirectedfrom=MSDN\",\n        \"https://learn.microsoft.com/en-us/previous-versions/azure/reference/mt704063(v=azure.100)?redirectedfrom=MSDN\",\n        \"https://learn.microsoft.com/en-us/rest/api/securitycenter/autoprovisioningsettings/list\",\n        \"https://learn.microsoft.com/en-us/rest/api/securitycenter/autoprovisioningsettings/create\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments\"\n    ],\n    \"dashboard_name\": \"Security Center\",\n    \"path\": \"securitycenter.subscriptions.id.auto_provisioning_settings.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"securitycenter.subscriptions.id.auto_provisioning_settings.id.auto_provision\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"auto_provision\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-email-not-set.json",
    "content": "{\n    \"description\": \"No Security Contact Email Set\",\n    \"rationale\": \"Azure Security Center emails the Subscription Owner to notify them about security alerts. Adding your Security Contact's email address to the 'Additional email addresses' field ensures that your organization's Security Team is included in these alerts. This ensures that the proper people are aware of any potential compromise in order to mitigate the risk in a timely fashion.\",\n    \"remediation\": \"From Azure console:<ol><li>Go to <samp>Security Center</samp></li><li>Click on <samp>Pricing & Settings</samp></li><li>Click on the appropriate Management Group, Subscription, or Workspace</li><li>Click on <samp>Email notifications</samp></li><li>Enter a valid security contact email address (or multiple addresses separated by commas) in the <samp>Additional email addresses</samp> field</li><li>Click <samp>Save</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.16\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"2.11\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details\",\n        \"https://learn.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/list\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-3-define-security-posture-management-strategy\"\n    ],\n    \"dashboard_name\": \"Security contacts\",\n    \"path\": \"securitycenter.subscriptions.id.security_contacts.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"securitycenter.subscriptions.id.security_contacts.id.email\",\n            \"equal\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"email\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-admin-email-notifications.json",
    "content": "{\n    \"description\": \"\\\"Sending Email to Security Contact on Alert\\\" Is \\\"Off\\\"\",\n    \"rationale\": \"Enabling security alert emails to subscription owners ensures that they receive security alert emails from Microsoft. This ensures that they are aware of any potential security issues and can mitigate the risk in a timely fashion.\",\n    \"remediation\": \"From Azure console:<ol><li>Go to <samp>Security Center</samp></li><li>Click on <samp>Pricing & Settings</samp></li><li>Click on the appropriate Management Group, Subscription, or Workspace</li><li>Click on <samp>Email notifications</samp></li><li> In the drop down of the <samp>All users with the following roles</samp> field select <samp>Owner</samp></li><li>Click <samp>Save</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.19\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"2.13\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details\",\n        \"https://learn.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/list\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-3-define-security-posture-management-strategy\"\n    ],\n    \"dashboard_name\": \"Security contacts\",\n    \"path\": \"securitycenter.subscriptions.id.security_contacts.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"securitycenter.subscriptions.id.security_contacts.id.alerts_to_admins\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"alerts_to_admins\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-email-notifications.json",
    "content": "{\n    \"description\": \"\\\"Sending Email to Administrators on Alert\\\" Is \\\"Off\\\"\",\n    \"rationale\": \"Enabling securityalert emails ensures that security alert emails are received from Microsoft. This ensures that the right people are aware of any potential security issues and are able to mitigate the risk.\",\n    \"remediation\": \"From Azure console:<ol><li>Go to <samp>Security Center</samp></li><li>Click on <samp>Pricing & Settings</samp></li><li>Click on the appropriate Management Group, Subscription, or Workspace</li><li>Click on <samp>Email notifications</samp></li><li>Under 'Notification types', check the check box next to <samp>Notify about alerts with the following severity (or higher)</samp>: and select <samp>High</samp> from the drop down menu</li><li>Click <samp>Save</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"2.18\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"2.12\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details\",\n        \"https://learn.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/list\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-3-define-security-posture-management-strategy\"\n    ],\n    \"dashboard_name\": \"Security contacts\",\n    \"path\": \"securitycenter.subscriptions.id.security_contacts.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"securitycenter.subscriptions.id.security_contacts.id.alert_notifications\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"alert_notifications\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-not-set.json",
    "content": "{\n    \"description\": \"No Security Contact Set\",\n    \"rationale\": \"Set at least one security contact.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"2.16\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"2.17\"\n        }\n    ],\n    \"dashboard_name\": \"Security Center\",\n    \"path\": \"securitycenter.subscriptions.id.security_contacts\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"securitycenter.subscriptions.id.security_contacts\",\n            \"empty\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"security_contact_not_set\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-phone-not-set.json",
    "content": "{\n    \"description\": \"No Security Contact Phone Set\",\n    \"rationale\": \"Set at least one security contact phone number.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.17\"\n        }\n    ],\n    \"dashboard_name\": \"Security contacts\",\n    \"path\": \"securitycenter.subscriptions.id.security_contacts.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"securitycenter.subscriptions.id.security_contacts.id.phone\",\n            \"equal\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"phone\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/securitycenter-settings-MCAS-integration-disabled.json",
    "content": "{\n    \"description\": \"Microsoft Cloud App Security (MCAS) Is Disabled\",\n    \"rationale\": \"Security Center offers an additional layer of protection by using Azure Resource Manager events, which is considered to be the control plane for Azure. By analyzing the Azure Resource Manager records, Security Center detects unusual or potentially harmful operations in the Azure subscription environment. Several of the preceding analytics are powered by Microsoft Cloud App Security.\",\n    \"remediation\": \"From Azure console:<ol><li>Go to <samp>Azure Security Center</samp></li><li>Select <samp>Security policy</samp> blade</li><li>Click on <samp>Edit Settings</samp> to alter the the security policy for a subscription</li><li>Select the <samp>Threat Detection</samp> blade</li><li>Check/Enable option <samp>Allow Microsoft Cloud App Security to access my data</samp></li><li>Select <samp>Save</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"2.8\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-in/azure/security-center/azure-defender#azure-management-layer-azure-resource-manager-preview\",\n        \"https://learn.microsoft.com/en-us/rest/api/securitycenter/settings/list\",\n        \"https://learn.microsoft.com/en-us/rest/api/securitycenter/settings/update\"\n    ],\n    \"dashboard_name\": \"Security Settings\",\n    \"path\": \"securitycenter.subscriptions.id.settings.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"securitycenter.subscriptions.id.settings.id.name\",\n            \"equal\",\n            \"MCAS\"\n        ],\n        [\n            \"securitycenter.subscriptions.id.settings.id.enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"enabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/securitycenter-settings-WDATP-integration-disabled.json",
    "content": "{\n    \"description\": \"Windows Defender ATP (WDATP) Is Disabled\",\n    \"rationale\": \"WDATP integration brings comprehensive Endpoint Detection and Response (EDR) capabilities within security center. This integration helps to spot abnormalities, detect and respond to advanced attacks on Windows server endpoints monitored by Azure Security Center. Windows Defender ATP in Security Center supports detection on Windows Server 2016, 2012 R2, and 2008 R2 SP1 operating systems in a Standard service subscription.\",\n    \"remediation\": \"From Azure console:<ol><li>Go to <samp>Azure Security Center</samp></li><li>Select <samp>Security policy</samp> blade</li><li>Click on <samp>Edit Settings</samp> to alter the the security policy for a subscription</li><li>Select the <samp>Threat Detection</samp> blade</li><li>Check/Enable option <samp>Allow Windows Defender ATP to access my data</samp></li><li>Select <samp>Save</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"2.7\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-in/azure/security-center/security-center-wdatp\",\n        \"https://learn.microsoft.com/en-us/rest/api/securitycenter/settings/list\",\n        \"https://learn.microsoft.com/en-us/rest/api/securitycenter/settings/update\"\n    ],\n    \"dashboard_name\": \"Security Settings\",\n    \"path\": \"securitycenter.subscriptions.id.settings.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"securitycenter.subscriptions.id.settings.id.name\",\n            \"equal\",\n            \"WDATP\"\n        ],\n        [\n            \"securitycenter.subscriptions.id.settings.id.enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"enabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/securitycenter-standard-tier-not-enabled.json",
    "content": "{\n    \"description\": \"Standard Tier Not Enabled\",\n    \"rationale\": \"Enabling Azure Defender allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).\",\n    \"remediation\": \"From Azure console:<ol><li>Go to <samp>Security Center</samp></li><li>Click on <samp>Pricing & Settings</samp></li><li>Click on the subscription name</li><li>Select <samp>Azure Defender plans</samp> blade</li><li>On the line in the table for the resource type Select <samp>On</samp> under <samp>Plan</samp></li><li>Click <samp>Save</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.1\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"2.1 to 2.6\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/rest/api/securitycenter/pricings/list\",\n        \"https://learn.microsoft.com/en-us/azure/security-center/security-center-alerts-overview\"\n    ],\n    \"dashboard_name\": \"Pricings\",\n    \"display_path\": \"securitycenter.subscriptions.id.pricings.id\",\n    \"path\": \"securitycenter.subscriptions.id.pricings.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"securitycenter.subscriptions.id.pricings.id.pricing_tier\",\n            \"notEqual\",\n            \"Standard\"\n        ]\n    ],\n    \"id_suffix\": \"pricing_tier\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-allow-any-ip.json",
    "content": "{\n    \"description\": \"SQL Database Allow Ingress 0.0.0.0/0 (Any IP)\",\n    \"rationale\": \"SQL Server includes a firewall to block access to unauthorized connections. More granular IP addresses can be defined by referencing the range of addresses available from specific datacenters. In order to reduce the potential attack surface for a SQL server, firewall rules should be defined with more granular IP addresses by referencing the range of addresses available from specific datacenters.\",\n    \"remediation\": \"In the Azure console:<ol><li>Go to <samp>SQL servers</samp></li><li>For each SQL server</li><li>Click on <samp>Firewall/Virtual Networks</samp></li><li>Set <samp>Allow access to Azure services</samp> to 'OFF'</li><li>Set firewall rules to limit access to only authorized connections</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"6.3\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-a-windows-firewall-for-database-engine-access?view=sql-server-2017\",\n        \"https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/get-azurermsqlserverfirewallrule?view=azurermps-6.13.0&viewFallbackFrom=azurermps-5.2.0\",\n        \"https://learn.microsoft.com/en-us/azure/azure-sql/database/firewall-configure\",\n        \"https://learn.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-set-database-firewall-rule-azure-sql-database?view=azuresqldb-current\"\n    ],\n    \"dashboard_name\": \"Firewall Rules\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id.firewall_rules.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.firewall_rules.id.start_ip\",\n            \"equal\",\n            \"0.0.0.0\"\n        ]\n    ],\n    \"id_suffix\": \"start_ip\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json",
    "content": "{\n    \"description\": \"Short Auditing Retention Period for SQL Databases\",\n    \"rationale\": \"Auditing retention period should be greater than _ARG_0_ days. Audit Logs can be used to check for anomalies and give insight into suspected breaches or misuse of information and access.\",\n    \"remediation\": \"From Azure Console:\\n<ol>\\n    <li>Go to <samp>SQL servers</samp></li>\\n    <li>For each server instance</li>\\n    <li>Click on <samp>Auditing</samp></li>\\n    <li>Select <samp>Storage Details</samp> </li>\\n    <li>Ensure <samp>Retention (days) </samp>setting <samp>greater than 90 days</samp></li>\\n</ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.1.3\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.2\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/sql-database/sql-database-auditing\",\n        \"https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/get-azurermsqlserverauditing?view=azurermps-5.2.0\",\n        \"https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/set-azurermsqlserverauditing?view=azurermps-5.2.0\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-6-configure-log-storage-retention\"\n    ],\n    \"dashboard_name\": \"SQL Databases\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id.databases.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.databases.id.auditing.retention_days\",\n            \"notEqual\",\n            \"0\"\n        ],\n        [\n            \"sqldatabase.subscriptions.id.servers.id.databases.id.auditing.retention_days\",\n            \"lessThan\",\n            \"_ARG_0_\"\n        ]\n    ],\n    \"id_suffix\": \"db_low_auditing_retention\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-auditing.json",
    "content": "{\n    \"description\": \"Auditing Disabled for SQL Databases\",\n    \"rationale\": \"Auditing tracks database events and writes them to an audit log in the Azure storage account. It also helps to maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations.\",\n    \"remediation\": \"From Azure Console:\\n<ol>\\n    <li>Go to <samp>SQL servers</samp></li>\\n    <li>For each server instance</li>\\n    <li>Click on <samp>Auditing</samp></li>\\n    <li>Set <samp>Auditing</samp> to On</li>\\n</ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.1.1\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.2\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/security-center/security-center-enable-auditing-on-sql-servers\",\n        \"https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/get-azurermsqlserverauditing?view=azurermps-5.2.0\",\n        \"https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/set-azurermsqlserverauditingpolicy?view=azurermps-5.2.0\",\n        \"https://learn.microsoft.com/en-us/azure/sql-database/sql-database-auditing\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources\"\n    ],\n    \"dashboard_name\": \"SQL Databases\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id.databases.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.databases.id.auditing.auditing_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"db_auditing_disabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-threat-detection.json",
    "content": "{\n    \"description\": \"Threat Detection Disabled for SQL Databases\",\n    \"rationale\": \"Enable threat detection for all of SQL databases.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.2\"\n        }\n    ],\n    \"dashboard_name\": \"SQL Databases\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id.databases.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.databases.id.threat_detection.threat_detection_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"db_threat_detection_disabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-transparent-data-encryption.json",
    "content": "{\n    \"description\": \"Data Encryption Disabled for SQL Databases\",\n    \"rationale\": \"Azure SQL Database transparent data encryption helps protect against the threat of malicious activity by performing real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application.\",\n    \"remediation\": \"From Azure Console: <ol><li>Go to <samp>SQL databases</samp></li>\\n<li>For each DB instance</li>\\n<li>Click on <samp>Transparent data encryption</samp></li>\\n<li>Set <samp>Data encryption</samp> to On</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.1.2\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.2\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption-with-azure-sql-database\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-5-encrypt-sensitive-data-at-rest\"\n    ],\n    \"dashboard_name\": \"SQL Databases\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id.databases.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.databases.id.transparent_data_encryption_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"transparent_data_encryption_enabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-disabled-alerts.json",
    "content": "{\n    \"description\": \"Threat Detection Alerts Disabled for SQL Databases\",\n    \"rationale\": \"Enable alerts related to threat detections.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.2\"\n        }\n    ],\n    \"dashboard_name\": \"SQL Databases\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id.databases.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.databases.id.threat_detection.alerts_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"db_threat_detection_alerts_disabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-low-retention.json",
    "content": "{\n    \"description\": \"Short Threat Detection Period for SQL Databases\",\n    \"rationale\": \"Threat detection retention period should be greater than _ARG_0_ days.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.2\"\n        }\n    ],\n    \"dashboard_name\": \"SQL Databases\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id.databases.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.databases.id.threat_detection.retention_days\",\n            \"notEqual\",\n            \"0\"\n        ],\n        [\n            \"sqldatabase.subscriptions.id.servers.id.databases.id.threat_detection.retention_days\",\n            \"lessThan\",\n            \"_ARG_0_\"\n        ]\n    ],\n    \"id_suffix\": \"db_low_threat_detection_retention\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-send-alerts-disabled.json",
    "content": "{\n    \"description\": \"Send Threat Detection Alerts Disabled for SQL Databases\",\n    \"rationale\": \"Specify email addresses and ensure that alerts are sent to them.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.2.4\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.2.5\"\n        }\n    ],\n    \"dashboard_name\": \"SQL Databases\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id.databases.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.databases.id.threat_detection.send_alerts_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"db_send_threat_detection_alerts_disabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json",
    "content": "{\n    \"description\": \"SQL Server TDE Protector Not Encrypted with Customer-Managed Key\",\n    \"rationale\": \"Customer-managed key support for Transparent Data Encryption (TDE) allows user control of TDE encryption keys and restricts who can access them and when. Azure Key Vault, Azure\\u2019s cloud-based external key management system is the first key management service where TDE has integrated support for Customer-managed keys. With Customer-managed key support, the database encryption key is protected by an asymmetric key stored inthe Key Vault. The asymmetric key is set at the server level and inherited by all databases under that server.\",\n    \"remediation\": \"From Azure console: <br> Go to <samp>SQL servers</samp><br>For the desired server instance<br><ol><li>Click on <samp>Transparent data encryption</samp></li><li>Set <samp> Use your own key</samp> to <samp>YES</samp></li><li>Browse through your <samp>key vaults</samp> to Select an existing key or create a new key in Key Vault</li><li>Check <samp>Make selected key the default TDE protector</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.5\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=sql-server-ver15\",\n        \"https://azure.microsoft.com/en-in/blog/preview-sql-transparent-data-encryption-tde-with-bring-your-own-key-support/\",\n        \"https://winterdom.com/2017/09/07/azure-sql-tde-protector-keyvault\",\n        \"https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=sql-server-ver15\"\n    ],\n    \"dashboard_name\": \"SQL Databases\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.encryption_protectors.TDE_protector_is_encrypted\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"server_encryption_protectors_TDE_protector_is_encrypted\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-auditing-low-retention.json",
    "content": "{\n    \"description\": \"Short Auditing Retention Period for SQL Servers\",\n    \"rationale\": \"Auditing retention period should be greater than _ARG_0_ days.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.1\"\n        }\n    ],\n    \"dashboard_name\": \"SQL Servers\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.auditing.retention_days\",\n            \"notEqual\",\n            \"0\"\n        ],\n        [\n            \"sqldatabase.subscriptions.id.servers.id.auditing.retention_days\",\n            \"lessThan\",\n            \"_ARG_0_\"\n        ]\n    ],\n    \"id_suffix\": \"server_low_auditing_retention\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-ad-admin-configured.json",
    "content": "{\n    \"description\": \"Azure Active Directory Admin Not Configured for SQL Servers\",\n    \"rationale\": \"Azure Active Directory authentication is a mechanism to connect to Microsoft Azure SQL Database and SQL Data Warehouse by using identities in Azure Active Directory (Azure AD). With Azure AD authentication, identities of database users and other Microsoft services can be managed in one central location. Central ID management provides a single place to manage database users and simplifies permission management.\",\n    \"remediation\": \"From Azure console:<ol><li>Go to <samp>SQL servers</samp></li><li>For each SQL server, click on <samp>Active Directory admin</samp></li><li>Click on <samp>Set admin</samp></li><li>Select an admin</li><li>Click <samp>Save</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.1\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.4\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?tabs=azure-powershell\",\n        \"https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview\",\n        \"https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/get-azurermsqlserveractivedirectoryadministrator?view=azurermps-6.13.0&viewFallbackFrom=azurermps-5.2.0\",\n        \"https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/set-azurermsqlserveractivedirectoryadministrator?view=azurermps-6.13.0&viewFallbackFrom=azurermps-5.2.0\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-identity-management#im-1-standardize-azure-active-directory-as-the-central-identity-and-authentication-system\"\n    ],\n    \"dashboard_name\": \"SQL Databases\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.ad_admin\",\n            \"empty\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"ad_admin\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-auditing.json",
    "content": "{\n    \"description\": \"Auditing Disabled for SQL Servers\",\n    \"rationale\": \"Enable auditing for all SQL servers.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.1\"\n        }\n    ],\n    \"dashboard_name\": \"SQL Servers\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.auditing.auditing_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"server_auditing_disabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-threat-detection.json",
    "content": "{\n    \"description\": \"Advanced Threat Protection (ATP) Disabled for SQL Servers\",\n    \"rationale\": \"SQL Server \\\"Advanced Data Security\\\" (ADS) provides a new layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities. Users will receive an alert upon suspicious database activities, potential vulnerabilities, and SQL injection attacks, as well as anomalous database access patterns.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.2.1\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.1\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/sql-database/sql-advanced-threat-protection\",\n        \"https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql\"\n    ],\n    \"dashboard_name\": \"SQL Servers\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.threat_detection.threat_detection_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"server_threat_detection_disabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-disabled-alerts.json",
    "content": "{\n    \"description\": \"Advanced Threat Protection Disabled Types for SQL Servers\",\n    \"rationale\": \"Enabling all threat protection types protects against SQL injection, database vulnerabilities, and any other anomalous activities.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.2.2\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.1\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/sql-database/sql-advanced-threat-protection\",\n        \"https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql\"\n    ],\n    \"dashboard_name\": \"SQL Servers\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.threat_detection.alerts_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"server_threat_detection_alerts_disabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-low-retention.json",
    "content": "{\n    \"description\": \"Short Threat Detection Retention Period for SQL Servers\",\n    \"rationale\": \"Threat detection retention period should be greater than _ARG_0_ days.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.1\"\n        }\n    ],\n    \"dashboard_name\": \"SQL Servers\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.threat_detection.retention_days\",\n            \"notEqual\",\n            \"0\"\n        ],\n        [\n            \"sqldatabase.subscriptions.id.servers.id.threat_detection.retention_days\",\n            \"lessThan\",\n            \"_ARG_0_\"\n        ]\n    ],\n    \"id_suffix\": \"server_low_threat_detection_retention\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-send-alerts-disabled.json",
    "content": "{\n    \"description\": \"Send Advanced Threat Protection Alerts Disabled for SQL Servers\",\n    \"rationale\": \"Providing the email address and enable Administrator and subscription owner to receive alerts ensures that any detection of anomalous activities is reported as soon as possible, making it more likely to mitigate any potential risk sooner.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.2.3\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.2.4\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.1.4\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"4.1.5\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/sql-database/sql-advanced-threat-protection\",\n        \"https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql\"\n    ],\n    \"dashboard_name\": \"SQL Servers\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.threat_detection.send_alerts_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"server_send_threat_detection_alerts_disabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-assessments-disabled.json",
    "content": "{\n    \"description\": \"Vulnerability Assessment (VA) Is Disabled on SQL Servers\",\n    \"rationale\": \"Enabling Advanced Data Security on a SQL server does not enables Vulnerability Assessment capability for individual SQL databases unless storage account is set to store the scanning data and reports.\",\n    \"remediation\": \"In the Azure console: <ol> <li>Go to <samp>SQL servers</samp></li><li>For each server instance</li><li>Click on <samp>Advanced Data Security</samp></li><li>Set <samp> Advanced Data Security to On</samp> if not already</li><li>In Section <samp>Vulnerability Assessment Settings</samp>, Click <samp>Storage Accounts</samp></li><li>Choose Storage Account (Existing or Create New). Click <samp>Ok</samp></li><li>Click <samp>Save</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.2.5\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment\",\n        \"https://learn.microsoft.com/en-us/rest/api/sql/servervulnerabilityassessments/listbyserver\",\n        \"https://learn.microsoft.com/en-in/powershell/module/Az.Sql/Update-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0\",\n        \"https://learn.microsoft.com/en-in/powershell/module/Az.Sql/Get-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments\"\n    ],\n    \"dashboard_name\": \"SQL Servers\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.server_vulnerability.storage_account_name\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"server_vulnerability_storage_account_name\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json",
    "content": "{\n    \"description\": \"Send Email Notifications to Admins and Subscription Owners Is Not Set on SQL Servers\",\n    \"rationale\": \"ADS -VA scan reports and alerts will be sent to admins and subscription owners by enabling setting 'Also send email notifications to admins and subscription owners'. This may help in reducing time required for identifying risks and taking corrective measures.\",\n    \"remediation\": \"In the Azure console: <ol> <li>Go to <samp>SQL servers</samp></li><li>For each server instance</li><li>Click on <samp>Advanced Data Security</samp></li><li>Set <samp> Advanced Data Security to On</samp> if not already</li><li>In Section <samp>Vulnerability Assessment Settings</samp>, set <samp>Storage Accounts</samp> if not already</li><li>Check/enable 'Also send email notifications to admins and subscription owners'</li><li>Click <samp>Save</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.2.8\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment\",\n        \"https://learn.microsoft.com/en-us/rest/api/sql/servervulnerabilityassessments/listbyserver\",\n        \"https://learn.microsoft.com/en-in/powershell/module/Az.Sql/Update-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0\",\n        \"https://learn.microsoft.com/en-in/powershell/module/Az.Sql/Get-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments\"\n    ],\n    \"dashboard_name\": \"SQL Servers\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.server_vulnerability.email_subscription_admin\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"server_vulnerability_email_subscription_admin\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-recurring-scans-disabled.json",
    "content": "{\n    \"description\": \"Periodic Recurring Scans Is Disabled on SQL Servers\",\n    \"rationale\": \"ADS -VA setting 'Periodic recurring scans' schedules periodic (weekly) vulnerability scanning for the SQL server and corresponding Databases. Periodic and regular vulnerability scanning provides risk visibility based on updated known vulnerability signatures and best practices.\",\n    \"remediation\": \"In the Azure console: <ol> <li>Go to <samp>SQL servers</samp></li><li>For each server instance</li><li>Click on <samp>Advanced Data Security</samp></li><li>Set <samp> Advanced Data Security to On</samp> if not already</li><li>In Section <samp>Vulnerability Assessment Settings</samp>, set <samp>Storage Accounts</samp> if not already</li><li>Toggle 'Periodic recurring scans' ton ON</li><li>Click <samp>Save</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.2.6\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment\",\n        \"https://learn.microsoft.com/en-us/rest/api/sql/servervulnerabilityassessments/listbyserver\",\n        \"https://learn.microsoft.com/en-in/powershell/module/Az.Sql/Update-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0\",\n        \"https://learn.microsoft.com/en-in/powershell/module/Az.Sql/Get-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments\"\n    ],\n    \"dashboard_name\": \"SQL Servers\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.server_vulnerability.recurring_scans_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"server_vulnerability_recurring_scans_enabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json",
    "content": "{\n    \"description\": \"Send Scan Report to Is Not Configured on SQL Servers\",\n    \"rationale\": \"ADS -VA scan reports and alerts will be sent to email ids configured at 'Send scan reports to'. This may help in reducing time required for identifying risks and taking corrective measures.\",\n    \"remediation\": \"In the Azure console: <ol> <li>Go to <samp>SQL servers</samp></li><li>For each server instance</li><li>Click on <samp>Advanced Data Security</samp></li><li>Set <samp> Advanced Data Security to On</samp> if not already</li><li>In Section <samp>Vulnerability Assessment Settings</samp>, set <samp>Storage Accounts</samp> if not already</li><li>Configure email ids for concerned data owners/stakeholders at 'Send scan reports to'</li><li>Click <samp>Save</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"4.2.7\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment\",\n        \"https://learn.microsoft.com/en-us/rest/api/sql/servervulnerabilityassessments/listbyserver\",\n        \"https://learn.microsoft.com/en-in/powershell/module/Az.Sql/Update-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0\",\n        \"https://learn.microsoft.com/en-in/powershell/module/Az.Sql/Get-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments\"\n    ],\n    \"dashboard_name\": \"SQL Servers\",\n    \"display_path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"path\": \"sqldatabase.subscriptions.id.servers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"sqldatabase.subscriptions.id.servers.id.server_vulnerability.send_scan_reports_to_not_empty\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"server_vulnerability_send_scan_reports_to_not_empty\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json",
    "content": "{\n    \"description\": \"Access Keys Not Rotated\",\n    \"rationale\": \"When a storage account is created, Azure generates two 512-bit storage access keys, which are used for authentication when the storage account is accessed. Rotating these keys periodically ensures that any inadvertent access or exposure does not result in these keys being compromised.<br><br>The access keys storage accounts should be rotated at least every _ARG_0_ days.\",\n    \"remediation\": \"Follow Microsoft Azure documentation for regenerating storage account access keys.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.2\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.2\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/storage/common/storage-create-storage-account\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-privileged-access\"\n    ],\n    \"dashboard_name\": \"Storage Accounts\",\n    \"path\": \"storageaccounts.subscriptions.id.storage_accounts.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"storageaccounts.subscriptions.id.storage_accounts.id.shared_key_access_allowed\",\n            \"true\",\n            \"\"\n        ],\n        [\n            \"or\",\n            [\n                \"storageaccounts.subscriptions.id.storage_accounts.id.access_keys_last_rotation_date\",\n                \"equal\",\n                \"None\"\n            ],\n            [\n                \"storageaccounts.subscriptions.id.storage_accounts.id.access_keys_last_rotation_date\",\n                \"olderThan\",\n                [\n                    \"_ARG_0_\",\n                    \"days\"\n                ]\n            ]\n        ]\n    ],\n    \"id_suffix\": \"access_keys_rotated\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/storageaccount-account-allowing-clear-text.json",
    "content": "{\n    \"description\": \"Secure Transfer (HTTPS) Not Enforced\",\n    \"rationale\": \"The secure transfer option enhances the security of a storage account by only allowing requests to the storage account by a secure connection.<br><br>For example, when calling REST APIs to access storage accounts, the connection must use HTTPS. Any requests using HTTP will be rejected when 'secure transfer required' is enabled. When using the Azure files service, connection without encryption will fail, including scenarios using SMB 2.1, SMB 3.0 without encryption, and some flavors of the Linux SMB client.<br><br>Because Azure storage does not support HTTPS for custom domain names, this option is not applied when using a custom domain name.\",\n    \"remediation\": \"In the Azure console:<ol><li>Go to <samp>Storage Accounts</samp></li> <li>For each storage account, go to <samp>Configuration</samp></li> <li>Set <samp>Secure transfer</samp> required to <samp>Enabled</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.1\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.1\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/storage/common/storage-security-guide\",\n        \"https://learn.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer\",\n        \"https://learn.microsoft.com/en-us/azure/storage/blobs/security-recommendations#encryption-in-transit\",\n        \"https://learn.microsoft.com/en-us/cli/azure/storage/account?view=azure-cli-latest#az_storage_account_list\",\n        \"https://learn.microsoft.com/en-us/cli/azure/storage/account?view=azure-cli-latest#az_storage_account_update\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-4-encrypt-sensitive-information-in-transit\"\n    ],\n    \"dashboard_name\": \"Accounts\",\n    \"path\": \"storageaccounts.subscriptions.id.storage_accounts.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"storageaccounts.subscriptions.id.storage_accounts.id.https_traffic_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"https_traffic_enabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/storageaccount-encrypted-not-customer-managed.json",
    "content": "{\n    \"description\": \"Storage Not Encrypted with Customer Managed Key\",\n    \"rationale\": \"By default, data in the storage account is encrypted using Microsoft Managed Keys at rest.<br><br>If sensitive information is stored, it should be encrypted using either Server-side Customer-Managed keys or Client-side Encryption. In the case of Client-side Encryption, it is difficult to decipher if the customer loses the key.<br><br>\",\n    \"remediation\": \"In the Azure console:<ol><li>Go to <samp>Storage Accounts</samp></li> <li>For each storage account, go to <samp>Encryption</samp></li> <li>Set <samp>Customer Managed Keys</samp> </li><li>Select the <samp>Encryption key</samp> and enter the appropriate setting value</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.9\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/storage/common/storage-service-encryption\",\n        \"https://learn.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices#protect-data-at-rest\"\n    ],\n    \"dashboard_name\": \"Accounts\",\n    \"path\": \"storageaccounts.subscriptions.id.storage_accounts.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"storageaccounts.subscriptions.id.storage_accounts.id.encryption_key_customer_managed\",\n            \"equal\",\n            \"False\"\n        ]\n    ],\n    \"id_suffix\": \"encryption_key_customer_managed\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/storageaccount-public-blob-container.json",
    "content": "{\n    \"description\": \"Blob Containers Allowing Public Access\",\n    \"rationale\": \"Anonymous, public read access to a container and its blobs can be enabled in Azure Blob storage. It grants read-only access to these resources without sharing the account key, and without requiring a shared access signature.<br><br>It is recommended not to provide anonymous access to blob containers until, and unless, it is strongly desired. A shared access signature token should be used for providing controlled and timed access to blob containers.\",\n    \"remediation\": \"First, follow Microsoft documentation and created shared access signature tokens for your blob containers.<br><br>Then, in the Azure console:<ol><li>Go to <samp>Storage Accounts</samp></li> <li>For each storage account, go to <samp>Containers</samp> under <samp>Blob Service</samp></li> <li>For each container, click <samp>Access policy</samp></li> <li>Set <samp>Public access level</samp> to <samp>Private (no anonymous access)</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.6\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.5\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/storage/blobs/storage-manage-access-to-resources\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-privileged-access\"\n    ],\n    \"dashboard_name\": \"Blob Containers\",\n    \"display_path\": \"storageaccounts.subscriptions.id.storage_accounts.id\",\n    \"path\": \"storageaccounts.subscriptions.id.storage_accounts.id.blob_containers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"storageaccounts.subscriptions.id.storage_accounts.id.blob_containers.id.public_access_allowed\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"public_access_allowed\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/storageaccount-public-traffic-allowed.json",
    "content": "{\n    \"description\": \"Storage Accounts Allowing Public Traffic\",\n    \"rationale\": \"Restricting default network access helps to provide a new layer of security, since storage accounts accept connections from clients on any network. To limit access to selected networks, the default action must be changed.\",\n    \"remediation\": \"In the Azure console: <ol> <li>Go to <samp>Storage Accounts</samp></li> <li>For each storage account, click on the settings menu called <samp>Firewalls and virtual networks</samp>.</li> <li>Ensure that you have elected to allow access from <samp>Selected networks</samp>.</li> <li>Add rules to allow traffic from specific network.</li> <li>Click <samp>Save</samp> to apply your changes.</li> </ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.7\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.6\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy\"\n    ],\n    \"dashboard_name\": \"Storage Accounts\",\n    \"path\": \"storageaccounts.subscriptions.id.storage_accounts.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"storageaccounts.subscriptions.id.storage_accounts.id.public_traffic_allowed\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"public_traffic_allowed\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/storageaccount-soft-delete-enabled.json",
    "content": "{\n    \"description\": \"Storage Account Soft Delete Disabled\",\n    \"rationale\": \"Enabling this configuration for azure storage ensures that even if blobs/data were deleted from the storage account, Blobs/data objects remain recoverable for a particular time which set in the \\\"Retention policies\\\" \",\n    \"remediation\": \"In the Azure console:<ol><li>Go to <samp>Storage Accounts</samp></li> <li>For each storage account, navigate to <samp>Data protection</samp></li> <li>Ensure that soft delete is <samp>Enabled</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.8\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-soft-delete\"\n    ],\n    \"dashboard_name\": \"Accounts\",\n    \"display_path\": \"storageaccounts.subscriptions.id.storage_accounts.id\",\n    \"path\": \"storageaccounts.subscriptions.id.storage_accounts.id.blob_services.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"storageaccounts.subscriptions.id.storage_accounts.id.blob_services.id.soft_delete_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"soft_delete_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/storageaccount-trusted-microsoft-services.json",
    "content": "{\n    \"description\": \"Trusted Microsoft Services Enabled\",\n    \"rationale\": \"Some Microsoft services that interact with storage accounts operate from networks that can't be granted access through network rules. To help this type of service work as intended allow the set of trusted Microsoft services to bypass the network rules. These services will then use strong authentication to access the storage account.<br><br>If the <samp>Allow trusted Microsoft services</samp> exception is enabled the following services are granted access to the storage account:<br> <ul> <li>Azure Backup</li> <li>Azure Site Recovery</li> <li>Azure DevTest Labs</li> <li>Azure Event Grid</li> <li>Azure Event Hubs</li> <li>Azure Networking</li> <li>Azure Monitor</li> <li>Azure SQL Data Warehouse (when registered in the subscription)</li> </ul>\",\n    \"remediation\": \"In the Azure console: <ol> <li>Go to <samp>Storage Accounts</samp></li> <li>For each storage account, click on the settings menu called <samp>Firewalls and virtual networks</samp>.</li> <li>Ensure that you have elected to allow access from <samp>Selected networks</samp>.</li> <li>Enable check box for <samp>Allow trusted Microsoft services to access this storage account</samp>.</li> <li>Click <samp>Save</samp> to apply your changes.</li> </ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.8\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"3.7\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-network-security#ns-1-implement-security-for-internal-traffic\"\n    ],\n    \"dashboard_name\": \"Storage Accounts\",\n    \"path\": \"storageaccounts.subscriptions.id.storage_accounts.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"storageaccounts.subscriptions.id.storage_accounts.id.trusted_microsoft_services_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"trusted_microsoft_services_enabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/virtual-machines-disk-encryption.json",
    "content": "{\n    \"description\": \"Disks Lacking Encryption\",\n    \"rationale\": \"Encrypting disks ensures that their entire content is fully unrecoverable without a key and thus protects the volume from unwarranted reads.\",\n    \"remediation\": \"Ensure that disks are encrypted, where possible.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.2\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.3\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"7.1\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"7.2\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"7.3\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/security/azure-security-disk-encryption-overview\",\n        \"https://learn.microsoft.com/en-us/azure/security-center/security-center-apply-disk-encryption\"\n    ],\n    \"dashboard_name\": \"Disks\",\n    \"path\": \"virtualmachines.subscriptions.id.disks.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"virtualmachines.subscriptions.id.disks.id.encryption_type\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"virtualmachines.subscriptions.id.disks.id.encryption_ade\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"encryption_type\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/virtual-machines-extensions-installed.json",
    "content": "{\n    \"description\": \"Virtual Machine Extensions Installed\",\n    \"rationale\": \"Azure virtual machine extensions are small applications that provide post-deployment configuration and automation tasks on Azure virtual machines. These extensions run with administrative privileges and could potentially access anything on a virtual machine. The Azure Portal and community provide several such extensions.\",\n    \"remediation\": \"From Azure console: <ol> <li>Go to <samp>Virtual machines</samp></li><li>For each virtual machine, go to <samp>Settings</samp></li><li>Click on <samp>Extensions</samp></li><li>If there are unapproved extensions, uninstall them.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.4\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"7.4\"\n        },\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"7.4\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/virtual-machines/windows/extensions-features\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"virtualmachines.subscriptions.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"virtualmachines.subscriptions.id.instances.id.extension_names\",\n            \"containAtLeastOneDifferentFrom\",\n            [ \n                \"AzureDiskEncryption\",\n                \"AzureDiskEncryptionForLinux\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"extensions\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/virtual-machines-managed-disks.json",
    "content": "{\n    \"description\": \"Virtual Machines Not Utilizing Managed Disks\",\n    \"rationale\": \"Managed disks are by default encrypted on the underlying hardware so no additional encryption is required for basic protection, it is available if additional encryption is required. Managed disks are by design more resilient that storage accounts.\",\n    \"remediation\": \"From Azure console:<ol><li> Using the search feature, go to <samp>Virtual Machines</samp></li><li>Select the virtual machine you would like to convert</li><li>Select <samp> Disks</samp> in the menu for the VM</li><li>At the top select <samp>Migrate to managed disks</samp></li><li>You may follow the prompts to convert the disk and finish by selecting 'Migrate' to start the process</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"7.1\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/virtual-machines/windows/convert-unmanaged-to-managed-disks\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-1-define-asset-management-and-data-protection-strategy\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"virtualmachines.subscriptions.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"virtualmachines.subscriptions.id.instances.id.storage_profile.OS Managed Disk ID\",\n            \"equal\",\n            \"None\"\n        ]\n    ],\n    \"id_suffix\": \"OS Managed Disk ID\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/virtual-machines-os-data-encrypted-cmk.json",
    "content": "{\n    \"description\": \"OS and Data Disks Not Encrypted with CMK\",\n    \"rationale\": \"Encrypting the IaaS VM's OS disk (boot volume), Data disks (non-boot volume) ensures that the entire content is fully unrecoverable without a key and thus protects the volume from unwarranted reads. CMK is superior encryption although requires additional planning.\",\n    \"remediation\": \"From Azure console: <ol><li>Go to <samp>Virtual machines</samp></li><li>For each virtual machine, go to <samp>Settings</samp></li><li>Click on <samp>Disks</samp></li><li>Click the <samp>X</samp> to detach the disk from the VM</li><li>Now search for <samp>Disks</samp> and locate the unattached disk</li><li>Click the disk then select <samp>Encryption</samp></li><li>Change your encryption type, then select your encryption set</li><li>Click <samp>Save</samp></li><li>Go back to the VM and re-attach the dsk</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"7.2\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/security/fundamentals/azure-disk-encryption-vms-vmss\",\n        \"https://learn.microsoft.com/en-us/azure/security-center/asset-inventory?toc=%2Fazure%2Fsecurity%2Ftoc.json\",\n        \"https://learn.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices#protect-data-at-rest\",\n        \"https://learn.microsoft.com/en-us/rest/api/compute/disks/delete\",\n        \"https://learn.microsoft.com/en-us/rest/api/compute/disks/update#encryptionsettings\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-5-encrypt-sensitive-data-at-rest\"\n    ],\n    \"dashboard_name\": \"Disks\",\n    \"path\": \"virtualmachines.subscriptions.id.disks.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"or\",\n            [\n                \"virtualmachines.subscriptions.id.disks.id.encryption_type\",\n                \"null\",\n                \"\"\n            ],\n            [\n                \"virtualmachines.subscriptions.id.disks.id.encryption_type\",\n                \"equal\",\n                \"EncryptionAtRestWithPlatformKey\"\n            ]\n        ],\n        [\n            \"virtualmachines.subscriptions.id.disks.id.encryption_ade\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"encryption_type\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/findings/virtual-machines-unattached-disks-encrypted-cmk.json",
    "content": "{\n    \"description\": \"Unattached Disks Not Encrypted with CMK\",\n    \"rationale\": \"Managed disks are encrypted by default with Platform-managed keys. Using Customer-managed keys may provide an additional level of security or meet an organization's regulatory requirements. Encrypting managed disks ensures that its entire content is fully unrecoverable without a key and thus protects the volume from unwarranted reads. Even if the disk is not attached to any of the VMs, there is always a risk where a compromised user account with administrative access to VM service can mount/attach these data disks which may lead to sensitive information disclosure and tampering.\",\n    \"remediation\": \"If data stored in the disk is no longer useful, refer to Azure documentation to delete unattached data disks at : <ol><li>https://learn.microsoft.com/en-us/rest/api/compute/disks/delete</li><li>https://learn.microsoft.com/en-us/cli/azure/disk?view=azure-cli-latest#az-disk-delete</li></ol><br> If data stored in the disk is important, To encrypt the disk refer azure documentation at: <ol><li>https://learn.microsoft.com/en-us/azure/virtual-machines/disks-enable-customer-managed-keys-portal</li><li>https://learn.microsoft.com/en-us/rest/api/compute/disks/update#encryptionsettings</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"7.3\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/security/fundamentals/azure-disk-encryption-vms-vmss\",\n        \"https://learn.microsoft.com/en-us/azure/security-center/asset-inventory?toc=%2Fazure%2Fsecurity%2Ftoc.json\",\n        \"https://learn.microsoft.com/en-us/rest/api/compute/disks/delete\",\n        \"https://learn.microsoft.com/en-us/cli/azure/disk?view=azure-cli-latest#az-disk-delete\",\n        \"https://learn.microsoft.com/en-us/rest/api/compute/disks/update#encryptionsettings\",\n        \"https://learn.microsoft.com/en-us/cli/azure/disk?view=azure-cli-latest#az-disk-update\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-5-encrypt-sensitive-data-at-rest\"\n    ],\n    \"dashboard_name\": \"Disks\",\n    \"path\": \"virtualmachines.subscriptions.id.disks.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"virtualmachines.subscriptions.id.disks.id.disk_state\",\n            \"equal\",\n            \"Unattached\"\n        ],\n        [\n            \"or\",\n            [\n                \"virtualmachines.subscriptions.id.disks.id.encryption_type\",\n                \"null\",\n                \"\"\n            ],\n            [\n                \"virtualmachines.subscriptions.id.disks.id.encryption_type\",\n                \"equal\",\n                \"EncryptionAtRestWithPlatformKey\"\n            ]\n        ],\n        [\n            \"virtualmachines.subscriptions.id.disks.id.encryption_ade\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"encryption_type\"\n}"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/rulesets/cis-1.0.0.json",
    "content": "{\n    \"about\": \"This ruleset covers most of the recommendations from the CIS Microsoft Azure Foundation v1.0.0.\",\n    \"rules\": {\n        \"network-security-groups-rule-inbound-service-mssql.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"network-security-groups-rule-inbound-service.json\": [\n            {\n                \"args\": [\n                    \"RDP\",\n                    \"3389\",\n                    \"6.1\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"SSH\",\n                    \"22\",\n                    \"6.2\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"network-watcher-not-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"network-watcher-not-provisioned.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"securitycenter-auto-provisioning-off.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"securitycenter-security-contacts-email-not-set.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"securitycenter-security-contacts-no-admin-email-notifications.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"securitycenter-security-contacts-no-email-notifications.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"securitycenter-security-contacts-not-set.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"securitycenter-security-contacts-phone-not-set.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"securitycenter-standard-tier-not-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-databases-auditing-low-retention.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-databases-no-auditing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-databases-no-threat-detection.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-databases-no-transparent-data-encryption.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-databases-threat-detection-disabled-alerts.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-databases-threat-detection-low-retention.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-databases-threat-detection-send-alerts-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-auditing-low-retention.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-no-ad-admin-configured.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-no-auditing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-no-threat-detection.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-threat-detection-disabled-alerts.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-threat-detection-low-retention.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-threat-detection-send-alerts-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"storageaccount-access-keys-not-rotated.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"storageaccount-account-allowing-clear-text.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"storageaccount-public-blob-container.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"virtual-machines-disk-encryption.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"virtual-machines-extensions-installed.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ]\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/rulesets/cis-1.1.0.json",
    "content": "{\n    \"about\": \"This ruleset covers most of the recommendations from the CIS Microsoft Azure Foundation v1.1.0.\",\n    \"rules\": {\n        \"appservice-outdated-version-dotnet.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"appservice-outdated-version-java.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"appservice-outdated-version-php.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"appservice-outdated-version-python.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ]\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json",
    "content": "{\n    \"about\": \"This ruleset covers most of the recommendations from the CIS Microsoft Azure Foundation v1.2.0.\",\n    \"appservice-ftp-deployment-enabled.json\": [\n        {\n            \"enabled\": true,\n            \"level\": \"warning\"\n        }\n    ],\n    \"appservice-outdated-version-java.json\": [\n        {\n            \"enabled\": true,\n            \"level\": \"warning\"\n        }\n    ],\n    \"appservice-outdated-version-php.json\": [\n        {\n            \"enabled\": true,\n            \"level\": \"warning\"\n        }\n    ],\n    \"appservice-outdated-version-python.json\": [\n        {\n            \"enabled\": true,\n            \"level\": \"warning\"\n        }\n    ],\n    \"appservice-tls-v1-supported.json\": [\n        {\n            \"enabled\": true,\n            \"level\": \"warning\"\n        }\n    ],\n    \"logging-monitoring-diagnostic-setting-does-not-exist.json\": [\n        {\n            \"enabled\": false,\n            \"level\": \"warning\"\n        }\n    ],\n    \"logging-monitoring-log-alert-not-exist-security-solution.json\": [\n        {\n            \"args\": [\n                \"Create/Update Security Solution\",\n                \"5.2.6\",\n                \"create_update_security_solution_exist\"\n            ],\n            \"enabled\": true,\n            \"level\": \"warning\"\n        },\n        {\n            \"args\": [\n                \"Delete Security Solution\",\n                \"5.2.7\",\n                \"delete_security_solution_exist\"\n            ],\n            \"enabled\": true,\n            \"level\": \"warning\"\n        }\n    ],\n    \"logging-monitoring-logging-key-vault-disabled.json\": [\n        {\n            \"enabled\": false,\n            \"level\": \"warning\"\n        }\n    ],\n    \"logging-monitoring-profile-does-not-capture-all-activities.json\": [\n        {\n            \"enabled\": true,\n            \"level\": \"warning\"\n        }\n    ],\n    \"rules\": {\n        \"aad-users-create-security-groups-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"appservice-authentication-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"appservice-client-certificates-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"appservice-http-2-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"appservice-http-allowed.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"appservice-managed-service-identities-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"appservice-outdated-version-dotnet.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"keyvault-not-recoverable.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"logging-monitoring-log-alert-not-exist-create-policy-assignment.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"logging-monitoring-log-alert-not-exist-nsg.json\": [\n            {\n                \"args\": [\n                    \"Create/Update Network Security Group\",\n                    \"5.2.2\",\n                    \"create_update_NSG_exist\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"Delete Network Security Group\",\n                    \"5.2.3\",\n                    \"delete_NSG_exist\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"Create/Update Network Security Group Rule\",\n                    \"5.2.4\",\n                    \"create_update_NSG_rule_exist\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"Delete Network Security Group Rule\",\n                    \"5.2.5\",\n                    \"delete_NSG_rule_exist\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"Create/Update/Delete SQL Server Firewall Rule\",\n                    \"5.2.8\",\n                    \"create_delete_firewall_rule_exist\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"mysql-database-servers-ssl-enforcement-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"network-security-groups-rule-inbound-service-udp.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"postgresql-database-servers-allow-any-ip.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"postgresql-database-servers-connection-throttling-not-on.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"postgresql-database-servers-log-checkpoints-not-on.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"postgresql-database-servers-log-connections-not-on.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"postgresql-database-servers-log-disconnections-not-on.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"postgresql-database-servers-log-duration-not-on.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"postgresql-database-servers-log-retention-days-less-than-4.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"postgresql-database-servers-ssl-enforcement-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rbac-administering-resource-locks-assigned.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"rbac-custom-subscription-owner-role-not-allowed.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"securitycenter-settings-MCAS-integration-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"securitycenter-settings-WDATP-integration-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-allow-any-ip.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-databases-no-auditing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-databases-no-transparent-data-encryption.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-databases-threat-detection-low-retention.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-vulnerability-assessments-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-vulnerability-recurring-scans-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"storageaccount-encrypted-not-customer-managed.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"storageaccount-soft-delete-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"virtual-machines-managed-disks.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"virtual-machines-os-data-encrypted-cmk.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"virtual-machines-unattached-disks-encrypted-cmk.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ]\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/rulesets/default.json",
    "content": "{\n    \"about\": \"This ruleset consists of numerous rules that are considered standard by NCC Group. The rules enabled range from violations of well-known security best practices to gaps resulting from less-known security implications of provider-specific mechanisms. Additional rules exist, some of them requiring extra-parameters to be configured, and some of them being applicable to a limited number of users.\",\n    \"rules\": {\n        \"aad-guest-users.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"aad-users-create-security-groups-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"appservice-authentication-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"appservice-client-certificates-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"appservice-ftp-deployment-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"appservice-http-2-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"appservice-http-allowed.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"appservice-managed-service-identities-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"appservice-outdated-version-dotnet.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"appservice-outdated-version-java.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"appservice-outdated-version-php.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"appservice-outdated-version-python.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"appservice-tls-v1-supported.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"appservice-webapp-using-outdated-progamming-language-version.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"warning\"\n            }\n        ],\n        \"keyvault-not-recoverable.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"keyvault-public-traffic-allowed.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"keyvault-rbac-authorization-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"logging-monitoring-diagnostic-setting-does-not-exist.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"warning\"\n            }\n        ],\n        \"logging-monitoring-log-alert-not-exist-create-policy-assignment.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"logging-monitoring-log-alert-not-exist-nsg.json\": [\n            {\n                \"args\": [\n                    \"Create/Update Network Security Group\",\n                    \"5.2.2\",\n                    \"create_update_NSG_exist\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"Delete Network Security Group\",\n                    \"5.2.3\",\n                    \"delete_NSG_exist\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"Create/Update Network Security Group Rule\",\n                    \"5.2.4\",\n                    \"create_update_NSG_rule_exist\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"Delete Network Security Group Rule\",\n                    \"5.2.5\",\n                    \"delete_NSG_rule_exist\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"Create/Update/Delete SQL Server Firewall Rule\",\n                    \"5.2.8\",\n                    \"create_delete_firewall_rule_exist\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"logging-monitoring-log-alert-not-exist-security-solution.json\": [\n            {\n                \"args\": [\n                    \"Create/Update Security Solution\",\n                    \"5.2.6\",\n                    \"create_update_security_solution_exist\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"Delete Security Solution\",\n                    \"5.2.7\",\n                    \"delete_security_solution_exist\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"logging-monitoring-logging-key-vault-disabled.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"warning\"\n            }\n        ],\n        \"logging-monitoring-profile-does-not-capture-all-activities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"mysql-database-servers-ssl-enforcement-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"network-security-groups-rule-inbound-internet-all.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"network-security-groups-rule-inbound-service-mssql.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"network-security-groups-rule-inbound-service-udp.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"network-security-groups-rule-inbound-service.json\": [\n            {\n                \"args\": [\n                    \"RDP\",\n                    \"3389\",\n                    \"6.1\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"SSH\",\n                    \"22\",\n                    \"6.2\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"network-watcher-not-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"network-watcher-not-provisioned.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"postgresql-database-servers-allow-any-ip.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"postgresql-database-servers-connection-throttling-not-on.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"postgresql-database-servers-log-checkpoints-not-on.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"postgresql-database-servers-log-connections-not-on.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"postgresql-database-servers-log-disconnections-not-on.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"postgresql-database-servers-log-duration-not-on.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"postgresql-database-servers-log-retention-days-less-than-4.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"postgresql-database-servers-ssl-enforcement-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rbac-administering-resource-locks-assigned.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"rbac-custom-subscription-owner-role-not-allowed.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"securitycenter-auto-provisioning-off.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"securitycenter-security-contacts-email-not-set.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"securitycenter-security-contacts-no-admin-email-notifications.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"securitycenter-security-contacts-no-email-notifications.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"securitycenter-security-contacts-not-set.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"securitycenter-security-contacts-phone-not-set.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"securitycenter-settings-MCAS-integration-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"securitycenter-settings-WDATP-integration-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"securitycenter-standard-tier-not-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-allow-any-ip.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-databases-auditing-low-retention.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-databases-no-auditing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-databases-no-threat-detection.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-databases-no-transparent-data-encryption.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-databases-threat-detection-disabled-alerts.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-databases-threat-detection-low-retention.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-databases-threat-detection-send-alerts-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-auditing-low-retention.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-no-ad-admin-configured.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-no-auditing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-no-threat-detection.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-threat-detection-disabled-alerts.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-threat-detection-low-retention.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-threat-detection-send-alerts-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-vulnerability-assessments-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-vulnerability-recurring-scans-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"storageaccount-access-keys-not-rotated.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"storageaccount-account-allowing-clear-text.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"storageaccount-encrypted-not-customer-managed.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"storageaccount-public-blob-container.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"storageaccount-public-traffic-allowed.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"storageaccount-soft-delete-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"storageaccount-trusted-microsoft-services.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"virtual-machines-disk-encryption.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"virtual-machines-extensions-installed.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"virtual-machines-managed-disks.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"virtual-machines-os-data-encrypted-cmk.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"virtual-machines-unattached-disks-encrypted-cmk.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ]\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/azure/rules/rulesets/filters.json",
    "content": "{\n    \"about\": \"Default set of filters for Scout\",\n    \"rules\": {}\n}\n"
  },
  {
    "path": "ScoutSuite/providers/azure/services.py",
    "content": "from ScoutSuite.providers.azure.authentication_strategy import AzureCredentials\nfrom ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.azure.resources.aad.base import AAD\nfrom ScoutSuite.providers.azure.resources.rbac.base import RBAC\nfrom ScoutSuite.providers.azure.resources.keyvault.base import KeyVaults\nfrom ScoutSuite.providers.azure.resources.network.base import Networks\nfrom ScoutSuite.providers.azure.resources.securitycenter.base import SecurityCenter\nfrom ScoutSuite.providers.azure.resources.sqldatabase.base import Servers\nfrom ScoutSuite.providers.azure.resources.storageaccounts.base import StorageAccounts\nfrom ScoutSuite.providers.azure.resources.virtualmachines.base import VirtualMachines\nfrom ScoutSuite.providers.base.services import BaseServicesConfig\nfrom ScoutSuite.providers.azure.resources.appservice.base import AppServices\nfrom ScoutSuite.providers.azure.resources.mysqldatabase.base import MySQLServers\nfrom ScoutSuite.providers.azure.resources.postgresqldatabase.base import PostgreSQLServers\nfrom ScoutSuite.providers.azure.resources.loggingmonitoring.base import LoggingMonitoring\n\n# Try to import proprietary services\ntry:\n    from ScoutSuite.providers.azure.resources.private_appgateway.base import ApplicationGateways\nexcept ImportError:\n    pass\ntry:\n    from ScoutSuite.providers.azure.resources.private_rediscache.base import RedisCaches\nexcept ImportError:\n    pass\ntry:\n    from ScoutSuite.providers.azure.resources.private_loadbalancer.base import LoadBalancers\nexcept ImportError:\n    pass\n\n\nclass AzureServicesConfig(BaseServicesConfig):\n\n    def __init__(self,\n                 credentials: AzureCredentials = None,\n                 subscription_ids=[], all_subscriptions=None,\n                 programmatic_execution=None,\n                 **kwargs):\n\n        super().__init__(credentials)\n\n        facade = AzureFacade(credentials,\n                             subscription_ids, all_subscriptions,\n                             programmatic_execution)\n\n        self.aad = AAD(facade)\n        self.rbac = RBAC(facade)\n        self.securitycenter = SecurityCenter(facade)\n        self.sqldatabase = Servers(facade)\n        self.storageaccounts = StorageAccounts(facade)\n        self.keyvault = KeyVaults(facade)\n        self.network = Networks(facade)\n        self.virtualmachines = VirtualMachines(facade)\n        self.appservice = AppServices(facade)\n        self.mysqldatabase = MySQLServers(facade)\n        self.postgresqldatabase = PostgreSQLServers(facade)\n        self.loggingmonitoring = LoggingMonitoring(facade)\n\n        # Instantiate proprietary services\n        try:\n            self.appgateway = ApplicationGateways(facade)\n        except NameError as _:\n            pass\n        try:\n            self.loadbalancer = LoadBalancers(facade)\n        except NameError as _:\n            pass\n        try:\n            self.rediscache = RedisCaches(facade)\n        except NameError as _:\n            pass\n\n    def _is_provider(self, provider_name):\n        return provider_name == 'azure'\n\n    async def fetch(self, services: list, regions: list, excluded_regions: list):\n        await super().fetch(services, regions, excluded_regions)\n\n        # This is a unique case where we'll want to fetch additional resources (in the AAD service) in the\n        # event the RBAC service was included. There's no existing cross-service fetching logic (only cross-service\n        # processing), hence why we needed to add this.\n        if 'rbac' in services and 'aad' in services:\n            user_list = self.rbac.get_user_id_list()\n            await self.aad.fetch_additional_users(user_list)\n"
  },
  {
    "path": "ScoutSuite/providers/azure/utils.py",
    "content": "import re\n\n\ndef get_resource_group_name(id):\n    return re.findall(\"/resourceGroups/(.*?)/\", id)[0]\n"
  },
  {
    "path": "ScoutSuite/providers/base/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/base/authentication_strategy.py",
    "content": "from abc import ABCMeta, abstractmethod\n\n\nclass AuthenticationStrategy(metaclass=ABCMeta):\n    \"\"\"\n    This class represents an authentication strategy.\n    \"\"\"\n\n    @abstractmethod\n    def authenticate(self, **kwargs):\n        \"\"\"\n        Given parameters, this authenticates the user to a provider and returns a credentials object.\n        \"\"\"\n        raise NotImplementedError()\n\n\nclass AuthenticationException(Exception):\n    def __init__(self, message, errors=None):\n        super().__init__(message)\n        self.errors = errors\n"
  },
  {
    "path": "ScoutSuite/providers/base/authentication_strategy_factory.py",
    "content": "_strategies = {\n    'aws': 'AWSAuthenticationStrategy',\n    'gcp': 'GCPAuthenticationStrategy',\n    'azure': 'AzureAuthenticationStrategy',\n    'aliyun': 'AliyunAuthenticationStrategy',\n    'oci': 'OracleAuthenticationStrategy',\n    'kubernetes': 'KubernetesAuthenticationStrategy',\n    'do': 'DigitalOceanAuthenticationStrategy'\n}\n\n\ndef import_authentication_strategy(provider):\n    strategy_class = _strategies[provider]\n    module = __import__(f'ScoutSuite.providers.{provider}.authentication_strategy', fromlist=[strategy_class])\n    authentication_strategy = getattr(module, strategy_class)\n    return authentication_strategy\n\n\ndef get_authentication_strategy(provider: str):\n    \"\"\"\n        Returns an authentication strategy implementation for a provider.\n        :param provider: The authentication strategy \n    \"\"\"\n    authentication_strategy = import_authentication_strategy(provider)\n    return authentication_strategy()\n"
  },
  {
    "path": "ScoutSuite/providers/base/configs/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/base/configs/browser.py",
    "content": "import copy\n\nfrom ScoutSuite.core.console import print_exception\n\n\n########################################\n# Functions\n########################################\n\ndef combine_paths(path1, path2):\n    path = path1\n    for p in path2:\n        if p == '..':\n            del (path[-1])\n        else:\n            path.append(p)\n    return path\n\n\ndef get_object_at(object, path, attribute_name=None):\n    \"\"\"\n    Get arbitrary object given a dictionary and path (list of keys).\n\n    :param object:\n    :param path:\n    :param attribute_name:\n    :return:\n    \"\"\"\n    o = object\n    for p in path:\n        if type(o) is dict:\n            o = o[p]\n        else:\n            o = getattr(o, p)\n\n    if attribute_name:\n        if type(o) is dict:\n            return o[attribute_name]\n        else:\n            return getattr(o, attribute_name)\n    else:\n        return o\n\n\ndef get_value_at(all_info, current_path, key, to_string=False):\n    \"\"\"\n    Get value located at a given path.\n\n    :param all_info:        All of the services' data\n    :param current_path:    The value of the `path` variable defined in the finding file\n    :param key:             The key that is being requested\n    :param to_string:       Whether or not the returned value should be casted as a string\n    :return:                The value in `all_info` indicated by the `key` in `current_path`\n    \"\"\"\n    keys = key.split('.')\n    if keys[-1] == 'id':\n        target_obj = current_path[len(keys) - 1]\n    else:\n        if key == 'this':\n            target_path = current_path\n        elif '.' in key:\n            target_path = []\n            for i, key in enumerate(keys):\n                try:\n                    # If 'id', replace by value\n                    if key == 'id':\n                        target_path.append(current_path[i])\n                    # If empty key and value is an index, keep the index\n                    elif key == '' and i < len(current_path) and current_path[i].isdigit():\n                        target_path.append(int(current_path[i]))\n                    # Otherwise, use key\n                    else:\n                        target_path.append(key)\n                except Exception as e:\n                    print_exception(f'Unable to get index \\\"{i}\\\" from path \\\"{current_path}\\\": {e}',\n                                    additional_details={'current_path': current_path,\n                                                        'target_path': target_path,\n                                                        'key': key,\n                                                        'i': i})\n                    return None\n            if len(keys) > len(current_path):\n                target_path = target_path + keys[len(target_path):]\n        else:\n            target_path = copy.deepcopy(current_path)\n            target_path.append(key)\n        target_obj = all_info\n        for p in target_path:\n            try:\n                if type(target_obj) == list and type(target_obj[0]) == dict:\n                    target_obj = target_obj[int(p)]\n                elif type(target_obj) == list and type(p) == int:\n                    target_obj = target_obj[p]\n                elif type(target_obj) == list and p.isdigit():\n                    target_obj = target_obj[int(p)]\n                elif type(target_obj) == list:\n                    target_obj = p\n                elif p == '':\n                    pass\n                elif target_obj is None:\n                    pass\n                else:\n                    target_obj = target_obj.get(p)\n            except Exception as e:\n                print_exception(f'Unable to get \\\"{p}\\\" from target object \\\"{target_obj}\\\" in path \\\"{target_path}\\\": {e}',\n                                additional_details={'current_path': current_path,\n                                                    'target_obj': target_obj,\n                                                    'p': p})\n                return None\n    if to_string:\n        return str(target_obj)\n    else:\n        return target_obj\n"
  },
  {
    "path": "ScoutSuite/providers/base/provider.py",
    "content": "import copy\nimport json\n\nfrom ScoutSuite import __version__ as scout_version\nfrom ScoutSuite.core.console import print_exception, print_info, print_error\nfrom ScoutSuite.output.html import ScoutReport\nfrom ScoutSuite.providers.base.configs.browser import get_object_at\n\n\nclass BaseProvider:\n    \"\"\"\n    Base class for the different providers.\n\n    Root object that holds all of the necessary provider-specific resources and Scout configuration items.\n\n    For each supported cloud provider, a child class will be created which implements the necessary code.\n    In addition, each method of children classes will call the base provider in order to execute code required for\n    all cloud providers\n    \"\"\"\n\n    def __init__(self, report_dir=None, timestamp=None,\n                 services=None, skipped_services=None,\n                 result_format='json', **kwargs):\n        \"\"\"\n\n        :account_id         account ID\n        :last_run           Information about the last run\n        :metadata           Metadata used to generate the HTML report\n        :ruleset            Ruleset used to perform the analysis\n        :services           AWS configuration sorted by service\n        \"\"\"\n        services = [] if services is None else services\n        skipped_services = [] if skipped_services is None else skipped_services\n\n        self.last_run = None\n        self.metadata = None\n\n        self._load_metadata()\n\n        if not hasattr(self, 'services'):\n            self.services = self.services_config(self.credentials)\n        supported_services = vars(self.services).keys()\n\n        # Ensures \"credentials\" is not included\n        supported_services = list(supported_services)\n        supported_services.remove('credentials')\n\n        self.service_list = self._build_services_list(supported_services, services, skipped_services)\n\n    def get_report_name(self):\n        \"\"\"\n        Returns the name of the report using the provider's configuration\n        \"\"\"\n        return 'base'\n\n    def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):\n        \"\"\"\n        Used for adding cross-services configs.\n        \"\"\"\n        # Preprocessing dictated by metadata\n        self._process_metadata_callbacks()\n\n    def postprocessing(self, current_time, ruleset, run_parameters):\n        \"\"\"\n        Sets post-run information.\n        \"\"\"\n        self._update_metadata()\n        self._update_last_run(current_time, ruleset, run_parameters)\n\n    async def fetch(self, regions=None, excluded_regions=None, partition_name=None):\n        \"\"\"\n        Fetch resources for each service\n\n        :param regions:\n        :param excluded_regions:\n        :param partition_name:\n        :return:\n        \"\"\"\n        regions = [] if regions is None else regions\n        excluded_regions = [] if excluded_regions is None else excluded_regions\n        # TODO: determine partition name based on regions and warn if multiple partitions...\n        await self.services.fetch(self.service_list, regions, excluded_regions)\n\n        # TODO implement this properly\n        \"\"\"\n        This is quite ugly but the legacy Scout expects the configurations to be dictionaries.\n        Eventually this should be moved to objects/attributes, but that will require significant re-write.\n        \"\"\"\n        report = ScoutReport(self.provider_code, 'placeholder')\n        self.services = report.encoder.to_dict(self.services)\n\n    def _load_metadata(self):\n        \"\"\"\n        Load the metadata as defined in the child class metadata_path attribute\n\n        :return: None\n        \"\"\"\n        # Load metadata\n        with open(self.metadata_path) as f:\n            self.metadata = json.load(f)\n\n    @staticmethod\n    def _build_services_list(supported_services, services, skipped_services):\n\n        # Ensure services and skipped services exist, otherwise log exception\n        error = False\n        for service in services + skipped_services:\n            if service not in supported_services:\n                print_error(f'Service \\\"{service}\\\" does not exist, skipping')\n                error = True\n        if error:\n            print_info('Available services are: {}'.format(str(list(supported_services)).strip('[]')))\n\n        return [s for s in supported_services if (services == [] or s in services) and s not in skipped_services]\n\n    def _update_last_run(self, current_time, ruleset, run_parameters):\n\n        last_run = {\n            'time': current_time.strftime(\"%Y-%m-%d %H:%M:%S%z\"),\n            'run_parameters': run_parameters,\n            'version': scout_version,\n            'ruleset_name': ruleset.name,\n            'ruleset_about': ruleset.about,\n            'summary': {}\n        }\n\n        for service in self.services:\n            last_run['summary'][service] = {'checked_items': 0,\n                                            'flagged_items': 0,\n                                            'max_level': 'warning',\n                                            'rules_count': 0,\n                                            'resources_count': 0}\n            if self.services[service] is None:\n                # Not supported yet\n                continue\n            elif 'findings' in self.services[service]:\n                for finding in self.services[service]['findings'].values():\n                    last_run['summary'][service]['rules_count'] += 1\n                    last_run['summary'][service]['checked_items'] += finding['checked_items']\n                    last_run['summary'][service]['flagged_items'] += finding['flagged_items']\n                    items = finding.get('items', [])\n                    if last_run['summary'][service]['max_level'] != 'danger' and len(items) > 0:\n                        last_run['summary'][service]['max_level'] = finding['level']\n            # Total number of resources\n            for key in self.services[service]:\n                if key != 'regions_count' and key.endswith('_count'):\n                    last_run['summary'][service]['resources_count'] += self.services[service][key]\n        self.last_run = last_run\n\n    def _update_metadata(self):\n        service_map = {}\n        for service_group in self.metadata:\n            for service in self.metadata[service_group]:\n                if service not in self.service_list:\n                    continue\n                if 'hidden' in self.metadata[service_group][service] and \\\n                        self.metadata[service_group][service]['hidden'] == True:\n                    continue\n                if 'resources' not in self.metadata[service_group][service]:\n                    continue\n                service_map[service] = service_group\n                for resource in self.metadata[service_group][service]['resources']:\n                    # full_path = path if needed\n                    if 'full_path' not in self.metadata[service_group][service]['resources'][resource]:\n                        self.metadata[service_group][service]['resources'][resource]['full_path'] = \\\n                            self.metadata[service_group][service]['resources'][resource]['path']\n                    # Script is the full path minus \"id\" (TODO: change that)\n                    if 'script' not in self.metadata[service_group][service]['resources'][resource]:\n                        self.metadata[service_group][service]['resources'][resource]['script'] = '.'.join(\n                            [x for x in\n                             self.metadata[service_group][service]['resources'][resource]['full_path'].split(\n                                 '.') if x != 'id'])\n\n                    # Update counts\n                    self.metadata[service_group][service]['resources'][resource]['count'] = \\\n                        self.recursive_get_count(resource,\n                                                 self.services[service])\n\n    def recursive_get_count(self, resource, resources):\n        \"\"\"\n        Recursively look for counts of a specific resource in a resource tree.\n        \"\"\"\n        count = 0\n        resource_count = '%s_count' % resource\n        if isinstance(resources, dict):\n            if resource_count in resources.keys():\n                count += resources[resource_count]\n            else:\n                for k in resources.keys():\n                    count += self.recursive_get_count(resource, resources[k])\n        return count\n\n    def manage_object(self, object, attr, init, callback=None):\n        \"\"\"\n        This is a quick-fix copy of Opinel's manage_dictionary in order to support the new ScoutSuite object which isn't\n        a dict\n        \"\"\"\n        if type(object) == dict:\n            if not str(attr) in object:\n                object[str(attr)] = init\n                self.manage_object(object, attr, init)\n        else:\n            if not hasattr(object, attr):\n                setattr(object, attr, init)\n                self.manage_object(object, attr, init)\n        if callback:\n            callback(getattr(object, attr))\n        return object\n\n    def _process_metadata_callbacks(self):\n        \"\"\"\n        Iterates through each type of resource and, when callbacks have been\n        configured in the config metadata, recurse through each resource and calls\n        each callback.\n\n        :param self.config:                  The entire AWS configuration object\n        :return:                            None\n        \"\"\"\n        # Service-level summaries\n        for service_group in self.metadata:\n            for service in self.metadata[service_group]:\n                if service == 'summaries' or service not in self.service_list:\n                    continue\n                # Reset external attack surface\n                if 'summaries' in self.metadata[service_group][service]:\n                    for summary in self.metadata[service_group][service]['summaries']:\n                        if summary == 'external attack surface' and \\\n                                service in self.services and \\\n                                'external_attack_surface' in self.services[service]:\n                            self.services[service].pop('external_attack_surface')\n                # Reset all global summaries\n                if hasattr(self, 'service_groups'):\n                    del self.service_groups\n                # Resources\n                for resource_type in self.metadata[service_group][service]['resources']:\n                    if 'callbacks' in self.metadata[service_group][service]['resources'][resource_type]:\n                        current_path = ['services', service]\n                        target_path = self.metadata[service_group][service]['resources'][resource_type][\n                                          'path'].replace('.id', '').split('.')[2:]\n                        callbacks = self.metadata[service_group][service]['resources'][resource_type][\n                            'callbacks']\n                        self._new_go_to_and_do(self.services[service],\n                                               target_path,\n                                               current_path,\n                                               callbacks)\n                # Summaries\n                if 'summaries' in self.metadata[service_group][service]:\n                    for summary in self.metadata[service_group][service]['summaries']:\n                        if 'callbacks' in self.metadata[service_group][service]['summaries'][summary]:\n                            current_path = ['services', service]\n                            for callback in self.metadata[service_group][service]['summaries'][summary]['callbacks']:\n                                callback_name = callback[0]\n                                callback_args = copy.deepcopy(callback[1])\n                                target_path = callback_args.pop('path').replace('.id', '').split('.')[2:]\n                                callbacks = [[callback_name, callback_args]]\n                                self._new_go_to_and_do(self.services[service],\n                                                       target_path,\n                                                       current_path,\n                                                       callbacks)\n        # Group-level summaries\n        for service_group in self.metadata:\n            if 'summaries' in self.metadata[service_group]:\n                for summary in self.metadata[service_group]['summaries']:\n                    for callback in self.metadata[service_group]['summaries'][summary]['callbacks']:\n                        callback_name = callback[0]\n                        target_path = self.metadata[service_group]['summaries'][summary]['path'].split('.')\n                        # quick fix as legacy Scout expects \"self\" to be a dict\n                        target_object = self\n                        for p in target_path:\n                            self.manage_object(target_object, p, {})\n                            if type(target_object) == dict:\n                                target_object = target_object[p]\n                            else:\n                                target_object = getattr(target_object, p)\n                        if callback_name == 'merge':\n                            for service in self.metadata[service_group]:\n                                if service == 'summaries':\n                                    continue\n                                if 'summaries' in self.metadata[service_group][service] and \\\n                                        summary in self.metadata[service_group][service]['summaries']:\n                                    try:\n                                        source = get_object_at(self,\n                                                               self.metadata[service_group][service]['summaries'][\n                                                                   summary]['path'].split('.'))\n                                    except Exception as e:\n                                        source = {}\n                                    try:\n                                        target_object.update(source)\n                                    except Exception as e:\n                                        if target_object:\n                                            raise e\n\n        return None\n\n    def _go_to_and_do(self, current_config, path, current_path, callback, callback_args=None):\n        \"\"\"\n        Recursively go to a target and execute a callback\n        \"\"\"\n        try:\n            key = path.pop(0)\n            if not current_config and hasattr(self, 'config'):\n                current_config = self.config\n            if not current_path:\n                current_path = []\n            keys = key.split('.')\n            if len(keys) > 1:\n                while True:\n                    key = keys.pop(0)\n                    if not len(keys):\n                        break\n                    current_path.append(key)\n                    current_config = current_config[key]\n            if key in current_config:\n                current_path.append(key)\n                current_config_key = current_config[key]\n                for (i, value) in enumerate(list(current_config_key)):\n                    if len(path) == 0:\n                        if type(current_config_key == dict) and type(value) != dict and type(value) != list:\n                            callback(current_config_key[value], path, current_path, value, callback_args)\n                        else:\n                            callback(current_config, path, current_path, value, callback_args)\n                    else:\n                        tmp = copy.deepcopy(current_path)\n                        try:\n                            tmp.append(value)\n                            self._go_to_and_do(current_config_key[value], copy.deepcopy(path), tmp, callback,\n                                               callback_args)\n                        except:\n                            tmp.pop()\n                            tmp.append(i)\n                            self._go_to_and_do(current_config_key[i], copy.deepcopy(path), tmp, callback,\n                                               callback_args)\n\n        except Exception as e:\n            print_exception(e, {'current path': f'{current_path}',\n                                'key': '{}'.format(key if 'key' in locals() else 'not defined'),\n                                'value': '{}'.format(value if 'value' in locals() else 'not defined'),\n                                'path': f'{path}',\n                                }\n                            )\n\n    def _new_go_to_and_do(self, current_config, path, current_path, callbacks):\n        \"\"\"\n        Recursively go to a target and execute a callback\n        \"\"\"\n        try:\n            key = path.pop(0)\n            if not current_config:\n                current_config = self.config\n            if not current_path:\n                current_path = []\n            keys = key.split('.')\n            if len(keys) > 1:\n                while True:\n                    key = keys.pop(0)\n                    if not len(keys):\n                        break\n                    current_path.append(key)\n                    current_config = current_config[key]\n            if key in current_config:\n                current_path.append(key)\n                for (i, value) in enumerate(list(current_config[key])):\n                    if len(path) == 0:\n                        for callback_info in callbacks:\n                            callback_name = callback_info[0]\n                            try:\n                                callback = getattr(self, callback_name)\n\n                                callback_args = callback_info[1]\n                                if type(current_config[key] == dict) and type(value) != dict and type(value) != list:\n                                    callback(current_config[key][value],\n                                             path,\n                                             current_path,\n                                             value,\n                                             callback_args)\n                                else:\n                                    callback(current_config, path, current_path, value, callback_args)\n                            except Exception as e:\n                                print_exception(f'Error when calling callback {callback_name} with value {value}: {e}',\n                                                {'callback': callback_name,\n                                                 'callback arguments': callback_args,\n                                                 'current path': f'{current_path}',\n                                                 'key': '{}'.format(key if 'key' in locals() else 'not defined'),\n                                                 'value': '{}'.format(\n                                                     value if 'value' in locals() else 'not defined'),\n                                                 'path': f'{path}'})\n                    else:\n                        tmp = copy.deepcopy(current_path)\n                        try:\n                            tmp.append(value)\n                            self._new_go_to_and_do(current_config[key][value], copy.deepcopy(path), tmp,\n                                                   callbacks)\n                        except:\n                            tmp.pop()\n                            tmp.append(i)\n                            self._new_go_to_and_do(current_config[key][i], copy.deepcopy(path), tmp, callbacks)\n        except Exception as e:\n            print_exception(e, {'current path': f'{current_path}',\n                                'key': '{}'.format(key if 'key' in locals() else 'not defined'),\n                                'value': '{}'.format(value if 'value' in locals() else 'not defined'),\n                                'path': f'{path}',\n                                }\n                            )\n"
  },
  {
    "path": "ScoutSuite/providers/base/resources/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/base/resources/base.py",
    "content": "\"\"\"\nThis module provides some abstract classes for representing a hierarchical structure.\nEspecially since all cloud providers (AWS, Azure and GCP for now) organize their resources (virtual machines,\ndatabases, load balancers, user accounts and so on...) with some kind of hierarchy, these classes may be\nused to reflect that.\n\"\"\"\n\nimport abc\nimport asyncio\nfrom ScoutSuite.core.console import print_exception\n\n\nasync def call(child_name, child):\n    \"\"\"Calls the child class and implements async error handling.\"\"\"\n    try:\n        task = asyncio.ensure_future(child())\n        await task\n    except Exception as e:\n        print_exception(f'Failed to call {child.__name__}() for resource {child_name}: {e}')\n\n\nclass Resources(dict, metaclass=abc.ABCMeta):\n    \"\"\"This is the base class of a hierarchical structure. Everything is basically `Resources`.\n    It stores in its internal dictionary instances of a given type of resources, with instance ids as keys and\n    instance configurations (which store other nested resources) as values.\n    \"\"\"\n\n    def __init__(self, service_facade):\n        self.facade = service_facade\n\n        super().__init__()\n\n    @abc.abstractmethod\n    async def fetch_all(self, **kwargs):\n        \"\"\"Fetches, parses and stores instances of a given type of resources from a cloud provider API.\n\n        :param kwargs:\n        :return:\n        \"\"\"\n        raise NotImplementedError()\n\n\nclass CompositeResources(Resources, metaclass=abc.ABCMeta):\n    \"\"\"This class represents a node in the hierarchical structure. As inherited from `Resources`, it still \\\n    stores instances of a given type of resources internally but also stores some kind of nested resources \\\n    referred to as its 'children'.\n    \"\"\"\n\n    @property\n    @abc.abstractmethod\n    def _children(self):\n        \"\"\"A class that inherits from 'CompositeResources' should define a private '_children' attribute, typically a\n        list of `Resources` classes. That is enforced by this abstract property.\n        \"\"\"\n        raise NotImplementedError\n\n    async def _fetch_children_of_all_resources(self, resources: dict, scopes: dict):\n        \"\"\" This method iterates through a collection of resources and fetches all children of each resource, in a\n        concurrent way.\n\n        :param resources: list of (composite) resources\n        :param scopes: dict that maps resource parent keys to scopes (dict) that should be used to retrieve children\n        of each resource.\n        \"\"\"\n        if len(resources) == 0:\n            return\n\n        tasks = {\n            asyncio.ensure_future(\n                self._fetch_children(\n                    resource_parent=resource_parent, scope=scopes[resource_parent_key])\n            ) for (resource_parent_key, resource_parent) in resources.items()\n        }\n        await asyncio.wait(tasks)\n\n    async def _fetch_children(self, resource_parent: object, scope: dict = {}):\n        \"\"\"This method fetches all children of a given resource (the so called 'resource_parent') by calling fetch_all\n        method on each child defined in '_children' and then stores the fetched resources in `resource_parent` under\n        the key associated with the child. It also creates a \"<child_name>_count\" entry for each child.\n\n        :param resource_parent: The resource in which the children will be stored.\n        :param scope: The scope passed to the children constructors.\n        \"\"\"\n        children = [(child_class(self.facade, **scope), child_name)\n                    for (child_class, child_name) in self._children]\n\n        tasks = []\n        for (child, child_name) in children:\n            task = asyncio.create_task(call(child_name, child.fetch_all))\n            tasks.append(task)\n            \n        await asyncio.wait(tasks)\n\n        # Update parent content:\n        for child, child_name in children:\n            if child_name is None:\n                resource_parent.update(child)\n            else:\n                if resource_parent.get(child_name) is None:\n                    resource_parent[child_name] = {}\n                    resource_parent[child_name + '_count'] = 0\n\n                resource_parent[child_name].update(child)\n                resource_parent[child_name + '_count'] += len(child)\n"
  },
  {
    "path": "ScoutSuite/providers/base/services.py",
    "content": "import asyncio\n\nfrom ScoutSuite.core.console import print_exception, print_debug, print_info\nfrom ScoutSuite.providers.aws.utils import get_partition_name\nfrom ScoutSuite.utils import format_service_name\n\n\nclass BaseServicesConfig:\n\n    def __init__(self, credentials):\n        self.credentials = credentials\n\n    def _is_provider(self, provider_name):\n        return False\n\n    async def fetch(self, services: list, regions: list, excluded_regions: list):\n\n        if not services:\n            print_debug('No services to scan')\n        else:\n            # Remove \"credentials\" as it isn't a service\n            if 'credentials' in services:\n                services.remove('credentials')\n\n            # Print services that are going to get skipped:\n            for service in vars(self):\n                if service not in services and service != 'credentials':\n                    print_debug('Skipping the {} service'.format(format_service_name(service)))\n\n            # Then, fetch concurrently all services:\n            if services:\n                tasks = {\n                    asyncio.ensure_future(\n                        self._fetch(service, regions, excluded_regions)\n                    ) for service in services\n                }\n                await asyncio.wait(tasks)\n\n    async def _fetch(self, service, regions=None, excluded_regions=None):\n        try:\n            print_info('Fetching resources for the {} service'.format(format_service_name(service)))\n            service_config = getattr(self, service)\n            # call fetch method for the service\n            if 'fetch_all' in dir(service_config):\n                method_args = {}\n\n                if regions:\n                    method_args['regions'] = regions\n                if excluded_regions:\n                    method_args['excluded_regions'] = excluded_regions\n\n                if self._is_provider('aws'):\n                    if service != 'iam':\n                        method_args['partition_name'] = get_partition_name(self.credentials.session)\n\n                await service_config.fetch_all(**method_args)                \n                if hasattr(service_config, 'finalize'):\n                    await service_config.finalize()\n            else:\n                print_debug(f'No method to fetch service {service}.')\n        except Exception as e:\n            print(e) # for debugging\n            print_exception(f'Could not fetch {format_service_name(service)} configuration: {e}')\n"
  },
  {
    "path": "ScoutSuite/providers/do/authentication_strategy.py",
    "content": "from ScoutSuite.providers.do import utils\nfrom ScoutSuite.providers.base.authentication_strategy import AuthenticationException\nfrom ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy\nfrom ScoutSuite.core.console import print_warning\nfrom pydo import Client\nimport logging\nimport boto3\n\n\nclass DoCredentials:\n    def __init__(self, client, session=None):\n        self.client = client\n        self.session = session\n\n\nclass DigitalOceanAuthenticationStrategy(AuthenticationStrategy):\n\n    def authenticate(self, token=None, access_key=None, access_secret=None, **kwargs):\n        \"\"\"\n        Handles authentication to DigitalOcean.\n        \"\"\"\n        try:\n            self.client = Client(token)\n            # a simple request here to make sure the authentication is successful\n            self.client.account.get()\n\n            if not (access_key and access_secret):\n                print_warning(\n                    f\"Missing credentials for spaces: Skipping DO Spaces service\"\n                )\n                return DoCredentials(client=self.client)\n            else:\n                # Set logging level to error for libraries as otherwise generates a lot of warnings\n                logging.getLogger(\"botocore\").setLevel(logging.ERROR)\n                logging.getLogger(\"botocore.auth\").setLevel(logging.ERROR)\n                logging.getLogger(\"urllib3\").setLevel(logging.ERROR)\n\n                session = boto3.Session(\n                    aws_access_key_id=access_key,\n                    aws_secret_access_key=access_secret,\n                )\n                # make sure the DO spaces authentication is successful\n                region = \"blr1\"\n                spaces_client = utils.get_client(\"s3\", session, region)\n                spaces_client.list_buckets()\n                return DoCredentials(client=self.client, session=session)\n\n        except Exception as e:\n            raise AuthenticationException(e)\n"
  },
  {
    "path": "ScoutSuite/providers/do/facade/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/do/facade/base.py",
    "content": "from ScoutSuite.providers.do.facade.droplet import DropletFacade\nfrom ScoutSuite.providers.do.facade.networking import Networkingfacade\nfrom ScoutSuite.providers.do.facade.database import DatabasesFacade\nfrom ScoutSuite.providers.do.facade.spaces import SpacesFacade\nfrom ScoutSuite.providers.do.facade.kubernetes import KubernetesDoFacade\nfrom ScoutSuite.providers.do.authentication_strategy import DoCredentials\n\n\nclass DoFacade:\n    def __init__(self, credentials: DoCredentials):\n        self._credentials = credentials\n        self._instantiate_facades()\n\n    def _instantiate_facades(self):\n        self.droplet = DropletFacade(self._credentials)\n        self.networking = Networkingfacade(self._credentials)\n        self.database = DatabasesFacade(self._credentials)\n        self.spaces = SpacesFacade(self._credentials)\n        self.kubernetes = KubernetesDoFacade(self._credentials)\n"
  },
  {
    "path": "ScoutSuite/providers/do/facade/database.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.do.authentication_strategy import DoCredentials\nfrom ScoutSuite.providers.utils import run_concurrently\n\n\nclass DatabasesFacade:\n    def __init__(self, credentials: DoCredentials):\n        self._credentials = credentials\n        self._client = credentials.client\n\n    async def get_databases(self):\n        try:\n            databases = await run_concurrently(\n                lambda: self._client.databases.list_clusters()[\"databases\"]\n            )\n            return databases\n        except Exception as e:\n            print_exception(f\"Failed to get databases: {e}\")\n            return []\n\n    async def get_databaseusers(self, db_uuid):\n        try:\n            db_users = await run_concurrently(\n                lambda: self._client.databases.list_users(db_uuid)[\"users\"]\n            )\n            return db_users\n        except Exception as e:\n            print_exception(f\"Failed to get db users: {e}\")\n            return []\n\n    async def get_eviction_policy(self, db_uuid):\n        try:\n            eviction_policy = await run_concurrently(\n                lambda: self._client.databases.get_eviction_policy(db_uuid)[\n                    \"eviction_policy\"\n                ]\n            )\n            return eviction_policy\n        except Exception as e:\n            print_exception(f\"Failed to get Redis eviction policy: {e}\")\n            return []\n\n    async def get_connection_pools(self, db_uuid):\n        try:\n            connection_pools = await run_concurrently(\n                lambda: self._client.databases.list_connection_pools(db_uuid)[\"pools\"]\n            )\n            return connection_pools\n        except Exception as e:\n            print_exception(f\"Failed to get Postgres connection pools: {e}\")\n            return []\n\n    async def get_firewalls(self, db_uuid):\n        try:\n            firewall_rules = await run_concurrently(\n                lambda: self._client.databases.list_firewall_rules(db_uuid)\n            )\n            return firewall_rules\n        except Exception as e:\n            print_exception(f\"Failed to get db firewalls: {e}\")\n            return []\n\n    async def get_resources(self, tag):\n        try:\n            resources = await run_concurrently(\n                lambda: self._client.tags.get(tag)[\"tag\"][\"resources\"]\n            )\n            return resources\n        except Exception as e:\n            print_exception(f\"Failed to get tag resources: {e}\")\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/do/facade/droplet.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.do.authentication_strategy import DoCredentials\nfrom ScoutSuite.providers.utils import run_concurrently\nfrom ScoutSuite.providers.do.facade.utils import DOFacadeUtils\n\n\nclass DropletFacade:\n    def __init__(self, credentials: DoCredentials):\n        self._credentials = credentials\n        self._client = credentials.client\n        self.current_page = 1\n        self.per_page = 50\n\n    async def get_droplets(self):\n        try:\n            droplets = await DOFacadeUtils.get_all_from_pagination(\n                self._client.droplets.list, self.current_page, self.per_page, \"droplets\"\n            )\n            return droplets[\"droplets\"]\n        except Exception as e:\n            print_exception(f\"Failed to get droplets: {e}\")\n            return []\n\n    async def get_droplet_fwconfig(self, id):\n        try:\n            filters = {\"droplet_id\": id}\n            droplet_fwconfig = await DOFacadeUtils.get_all_from_pagination(\n                self._client.droplets.list_firewalls,\n                self.current_page,\n                self.per_page,\n                \"firewalls\",\n                filters,\n            )\n            return droplet_fwconfig\n        except Exception as e:\n            print_exception(f\"Failed to get droplet firewall config: {e}\")\n            return []\n\n    # TODO not required for now\n    # async def get_droplet_details(self, id):\n    #     try:\n    #         droplets = await run_concurrently(lambda: self._client.droplets.list()['droplets'])\n    #         return droplets\n    #     except Exception as e:\n    #         print_exception(f'Failed to get do droplets: {e}')\n    #         return []\n"
  },
  {
    "path": "ScoutSuite/providers/do/facade/kubernetes.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.do.authentication_strategy import DoCredentials\nfrom ScoutSuite.providers.utils import run_concurrently\n\n\nclass KubernetesDoFacade:\n    def __init__(self, credentials: DoCredentials):\n        self._credentials = credentials\n        self._client = credentials.client\n\n    async def get_kubernetes(self):\n        try:\n            kubernetes = await run_concurrently(\n                lambda: self._client.kubernetes.list_clusters()[\"kubernetes_clusters\"]\n            )\n            return kubernetes\n        except Exception as e:\n            print_exception(f\"Failed to get kubernetes clusters: {e}\")\n            return []\n\n    "
  },
  {
    "path": "ScoutSuite/providers/do/facade/networking.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.do.authentication_strategy import DoCredentials\nfrom ScoutSuite.providers.do.facade.utils import DOFacadeUtils\nfrom ScoutSuite.providers.utils import run_concurrently\n\n\nclass Networkingfacade:\n    def __init__(self, credentials: DoCredentials):\n        self._credentials = credentials\n        self._client = credentials.client\n        self.current_page = 1\n        self.per_page = 50\n\n    async def get_firewalls(self):\n        try:\n            firewalls = await DOFacadeUtils.get_all_from_pagination(\n                self._client.firewalls.list,\n                self.current_page,\n                self.per_page,\n                \"firewalls\",\n            )\n            return firewalls[\"firewalls\"]\n        except Exception as e:\n            print_exception(f\"Failed to get firewalls: {e}\")\n            return []\n\n    async def get_domains(self):\n        try:\n            domains = await DOFacadeUtils.get_all_from_pagination(\n                self._client.domains.list, self.current_page, self.per_page, \"domains\"\n            )\n            return domains[\"domains\"]\n        except Exception as e:\n            print_exception(f\"Failed to get domains: {e}\")\n            return []\n\n    async def get_load_balancers(self):\n        try:\n            load_balancers = await DOFacadeUtils.get_all_from_pagination(\n                self._client.load_balancers.list,\n                self.current_page,\n                self.per_page,\n                \"load_balancers\",\n            )\n            return load_balancers[\"load_balancers\"]\n        except Exception as e:\n            print_exception(f\"Failed to get load balancers: {e}\")\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/do/facade/spaces.py",
    "content": "from botocore.exceptions import ClientError\nimport boto3\nfrom ScoutSuite.core.console import print_exception, print_debug, print_warning\nfrom ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils\nfrom ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently\nfrom ScoutSuite.providers.do.authentication_strategy import DoCredentials\n\n\nclass SpacesFacade:\n    def __init__(self, credentials: DoCredentials):\n        self._credentials = credentials\n        self._client = credentials.client\n        self.session = credentials.session\n\n    async def get_all_buckets(self):\n        buckets = []\n        # TODO no api avaialible to get do regions that support spaces.\n        region_list = [\"nyc3\", \"sfo2\", \"sfo3\", \"ams3\", \"fra1\", \"sgp1\", \"syd1\", \"blr1\"]\n        for region in region_list:\n            region_buckets = await self.get_buckets(region)\n            buckets.extend(region_buckets)\n        return buckets\n\n    async def get_buckets(self, region=None):\n        try:\n            buckets = []\n            exception = None\n            try:\n                client = self.get_client(\"s3\", self.session, region)\n                buckets = await run_concurrently(\n                    lambda: client.list_buckets()[\"Buckets\"]\n                )\n            except Exception as e:\n                exception = e\n            else:\n                exception = None  # Fix for https://github.com/nccgroup/ScoutSuite/issues/916#issuecomment-728783965\n            if not buckets:\n                if exception:\n                    print_exception(f\"Failed to list buckets: {exception}\")\n                return []\n        except Exception as e:\n            print_exception(f\"Failed to list buckets: {e}\")\n            return []\n        else:\n            # We need first to retrieve bucket locations before retrieving bucket details\n            await get_and_set_concurrently(\n                [self._get_and_set_s3_bucket_location], buckets, region=region\n            )\n\n            # Then we can retrieve bucket details concurrently\n            await get_and_set_concurrently(\n                [\n                    self._get_and_set_s3_acls,\n                    self._get_CORS\n                ],\n                buckets,\n            )\n            return buckets\n\n    async def _get_CORS(self, bucket: {}, region=None):\n        client = self.get_client(\"s3\", self.session, bucket[\"region\"])        \n        try:\n            # Attempt to get the CORS configuration\n            response = client.get_bucket_cors(Bucket=bucket[\"Name\"])\n            if 'CORSRules' in response:\n                bucket[\"CORS\"] = response['CORSRules']\n            else:\n                print(\"CORS rules are not set for this bucket.\")\n        except ClientError as e:\n            if e.response['Error']['Code'] == 'InvalidAccessKeyId':\n                print(\"The AWS Access Key Id provided does not exist in our records.\")\n        except Exception as e:\n            print(f\"An unexpected error occurred: {str(e)}\")\n\n    async def _get_and_set_s3_bucket_location(self, bucket: {}, region=None):\n        client = self.get_client(\"s3\", self.session, region)\n        try:\n            location = await run_concurrently(\n                lambda: client.get_bucket_location(Bucket=bucket[\"Name\"])\n            )\n        except Exception as e:\n            if \"NoSuchBucket\" in str(e) or \"InvalidToken\" in str(e):\n                print_warning(\n                    \"Failed to get bucket location for {}: {}\".format(bucket[\"Name\"], e)\n                )\n            else:\n                print_exception(\n                    \"Failed to get bucket location for {}: {}\".format(bucket[\"Name\"], e)\n                )\n            location = None\n\n        if location:\n            region = (\n                location[\"LocationConstraint\"]\n                if location[\"LocationConstraint\"]\n                else \"us-east-1\"\n            )\n\n            # Fixes issue #59: location constraint can be either EU or eu-west-1 for Ireland...\n            if region == \"EU\":\n                region = \"eu-west-1\"\n        else:\n            region = None\n\n        bucket[\"region\"] = region\n\n    async def _get_and_set_s3_acls(self, bucket: {}, key_name=None):\n        bucket_name = bucket[\"Name\"]\n        client = self.get_client(\"s3\", self.session, bucket[\"region\"])\n        try:\n            grantees = {}\n            if key_name:\n                grants = await run_concurrently(\n                    lambda: client.get_object_acl(Bucket=bucket_name, Key=key_name)\n                )\n            else:\n                grants = await run_concurrently(\n                    lambda: client.get_bucket_acl(Bucket=bucket_name)\n                )\n            for grant in grants[\"Grants\"]:\n                if \"ID\" in grant[\"Grantee\"]:\n                    grantee = grant[\"Grantee\"][\"ID\"]\n                    display_name = (\n                        grant[\"Grantee\"][\"DisplayName\"]\n                        if \"DisplayName\" in grant[\"Grantee\"]\n                        else grant[\"Grantee\"][\"ID\"]\n                    )\n                elif \"URI\" in grant[\"Grantee\"]:\n                    grantee = grant[\"Grantee\"][\"URI\"].split(\"/\")[-1]\n                    display_name = self._s3_group_to_string(grant[\"Grantee\"][\"URI\"])\n                else:\n                    grantee = display_name = \"Unknown\"\n                permission = grant[\"Permission\"]\n                grantees.setdefault(grantee, {})\n                grantees[grantee][\"DisplayName\"] = display_name\n                if \"URI\" in grant[\"Grantee\"]:\n                    grantees[grantee][\"URI\"] = grant[\"Grantee\"][\"URI\"]\n                grantees[grantee].setdefault(\"permissions\", self._init_s3_permissions())\n                self._set_s3_permissions(grantees[grantee][\"permissions\"], permission)\n            bucket[\"grantees\"] = grantees\n        except Exception as e:\n            if \"NoSuchBucket\" in str(e) or \"InvalidToken\" in str(e):\n                print_warning(f\"Failed to get ACL configuration for {bucket_name}: {e}\")\n            else:\n                print_exception(\n                    f\"Failed to get ACL configuration for {bucket_name}: {e}\"\n                )\n            bucket[\"grantees\"] = {}\n\n    @staticmethod\n    def get_client(service: str, session: boto3.session.Session, region: str = None):\n        \"\"\"\n        Instantiates an AWS API client\n\n        :param service: Service targeted, e.g. ec2\n        :param session: The aws session\n        :param region:  Region desired, e.g. us-east-2\n\n        :return:\n        \"\"\"\n\n        try:\n            return (\n                session.client(\n                    service,\n                    region_name=region,\n                    endpoint_url=\"https://\" + region + \".digitaloceanspaces.com\",\n                )\n                if region\n                else session.client(service)\n            )\n        except Exception as e:\n            print_exception(f\"Failed to create client for the {service} service: {e}\")\n            return None\n\n    @staticmethod\n    def _init_s3_permissions():\n        permissions = {\n            \"read\": False,\n            \"write\": False,\n            \"read_acp\": False,\n            \"write_acp\": False,\n        }\n        return permissions\n\n    @staticmethod\n    def _set_s3_permissions(permissions: str, name: str):\n        if name == \"READ\" or name == \"FULL_CONTROL\":\n            permissions[\"read\"] = True\n        if name == \"WRITE\" or name == \"FULL_CONTROL\":\n            permissions[\"write\"] = True\n        if name == \"READ_ACP\" or name == \"FULL_CONTROL\":\n            permissions[\"read_acp\"] = True\n        if name == \"WRITE_ACP\" or name == \"FULL_CONTROL\":\n            permissions[\"write_acp\"] = True\n\n    @staticmethod\n    def _s3_group_to_string(uri: str):\n        if uri == \"http://acs.amazonaws.com/groups/global/AuthenticatedUsers\":\n            return \"Authenticated users\"\n        elif uri == \"http://acs.amazonaws.com/groups/global/AllUsers\":\n            return \"Everyone\"\n        elif uri == \"http://acs.amazonaws.com/groups/s3/LogDelivery\":\n            return \"Log delivery\"\n        else:\n            return uri\n\n    @staticmethod\n    def _status_to_bool(value: str):\n        \"\"\"Converts a string to True if it is equal to 'Enabled' or to False otherwise.\"\"\"\n        return value == \"Enabled\"\n"
  },
  {
    "path": "ScoutSuite/providers/do/facade/utils.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.do.authentication_strategy import DoCredentials\nfrom ScoutSuite.providers.utils import run_concurrently\n\n\nclass DOFacadeUtils:\n\n    @staticmethod\n    async def get_all_from_pagination(\n        list_client, current_page, per_page, object_name, filters=None\n    ):\n        final_output = {}\n        next_page = True\n        while next_page:\n            if filters:\n                resp = await run_concurrently(\n                    lambda: list_client(**filters, per_page=per_page, page=current_page)\n                )\n            else:\n                resp = await run_concurrently(\n                    lambda: list_client(per_page=per_page, page=current_page)\n                )\n            if object_name in final_output.keys():\n                final_output[object_name].extend(resp[object_name])\n            else:\n                final_output[object_name] = resp[object_name]\n\n            pages = resp.get(\"links\").get(\"pages\", {})\n            next_page = \"next\" in pages.keys()\n            current_page += 1\n        return final_output\n"
  },
  {
    "path": "ScoutSuite/providers/do/metadata.json",
    "content": "{\n  \"Droplets\": {\n    \"droplet\": {\n      \"resources\": {\n        \"droplets\": {\n          \"cols\": 2,\n          \"path\": \"services.droplet.droplets\"\n        }\n      }\n    }\n  },\n  \"Storage\": {\n    \"spaces\": {\n      \"resources\": {\n        \"buckets\": {\n          \"cols\": 2,\n          \"path\": \"services.spaces.buckets\"\n        }\n      }\n    }\n  },\n  \"Network\": {\n    \"networking\": {\n      \"resources\": {\n        \"firewalls\": {\n          \"cols\": 2,\n          \"path\": \"services.networking.firewalls\"\n        },\n        \"domains\": {\n          \"cols\": 2,\n          \"path\": \"services.networking.domains\"\n        },\n        \"load_balancers\": {\n          \"cols\": 2,\n          \"path\": \"services.networking.load_balancers\"\n        }\n      }\n    }\n  },\n  \"Kubernetes\": {\n    \"kubernetes\": {\n      \"resources\": {\n        \"kubernetes\": {\n          \"cols\": 2,\n          \"path\": \"services.kubernetes.kubernetes\"\n        }\n      }\n    }\n  },\n  \"Databases\": {\n    \"database\": {\n      \"resources\": {\n        \"databases\": {\n          \"cols\": 2,\n          \"path\": \"services.database.databases\"\n        }\n      }\n    }\n  }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/provider.py",
    "content": "import os\nfrom ScoutSuite.providers.do.services import DigitalOceanServicesConfig\nfrom ScoutSuite.providers.base.provider import BaseProvider\n\n\nclass DigitalOceanProvider(BaseProvider):\n    \"\"\"\n    Implements provider for DigitalOcean\n    \"\"\"\n\n    def __init__(\n        self,\n        report_dir=None,\n        timestamp=None,\n        services=None,\n        skipped_services=None,\n        **kwargs,\n    ):\n\n        services = [] if services is None else services\n        skipped_services = [] if skipped_services is None else skipped_services\n\n        self.metadata_path = (\n            \"%s/metadata.json\" % os.path.split(os.path.abspath(__file__))[0]\n        )\n\n        self.provider_code = \"do\"\n        self.provider_name = \"DigitalOcean\"\n        self.environment = \"default\"\n\n        self.services_config = DigitalOceanServicesConfig\n\n        self.credentials = kwargs[\"credentials\"]\n        self.account_id = self.credentials.client.account.get()\n        self.account_id = self.account_id[\"account\"][\"uuid\"]\n\n        super().__init__(report_dir, timestamp, services, skipped_services)\n\n    def get_report_name(self):\n        \"\"\"\n        Returns the name of the report using the provider's configuration\n        \"\"\"\n        if self.account_id:\n            return f\"do-{self.account_id}\"\n        else:\n            return \"do\"\n\n    def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):\n\n        super().preprocessing()\n"
  },
  {
    "path": "ScoutSuite/providers/do/resources/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/do/resources/base.py",
    "content": "\"\"\"This module provides implementations for Resources and CompositeResources for DO.\"\"\"\n\nimport abc\n\nfrom ScoutSuite.providers.base.resources.base import Resources, CompositeResources\n\n\nclass DoResources(Resources, metaclass=abc.ABCMeta):\n    \"\"\"This is the base class for DO resources.\"\"\"\n\n    pass\n\n\nclass DoCompositeResources(DoResources, CompositeResources, metaclass=abc.ABCMeta):\n    \"\"\"This class represents a collection of composite Resources (resources that include nested resources referred as\n    their children). Classes extending DoCompositeResources have to define a '_children' attribute which consists of\n    a list of tuples describing the children. The tuples are expected to respect the following format:\n    (<child_class>, <child_name>). 'child_name' is used to indicate the name under which the child resources will be\n    stored in the parent object.\n    \"\"\"\n\n    pass\n"
  },
  {
    "path": "ScoutSuite/providers/do/resources/database/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/do/resources/database/base.py",
    "content": "from ScoutSuite.providers.do.facade.base import DoFacade\nfrom ScoutSuite.providers.do.resources.base import DoCompositeResources\nfrom ScoutSuite.providers.do.resources.database.databases import Databases\n\n\nclass Databases(DoCompositeResources):\n    _children = [(Databases, \"databases\")]\n\n    def __init__(self, facade: DoFacade):\n        super().__init__(facade)\n        self.service = \"database\"\n\n    async def fetch_all(self, **kwargs):\n        await self._fetch_children(resource_parent=self)\n"
  },
  {
    "path": "ScoutSuite/providers/do/resources/database/databases.py",
    "content": "from ScoutSuite.providers.do.resources.base import DoResources\nfrom ScoutSuite.providers.do.facade.base import DoFacade\n\n\nclass Databases(DoResources):\n    def __init__(self, facade: DoFacade):\n        super().__init__(facade)\n\n    async def fetch_all(self):\n        clusters = await self.facade.database.get_databases()\n        if clusters:\n            for cluster in clusters:\n                id, cluster = await self._parse_cluster(cluster)\n                self[id] = cluster\n\n    async def _parse_cluster(self, raw_cluster):\n        cluster_dict = {}\n\n        cluster_dict[\"id\"] = raw_cluster[\"id\"]\n        cluster_dict[\"name\"] = raw_cluster[\"name\"]\n        cluster_dict[\"engine\"] = raw_cluster[\"engine\"]\n        cluster_dict[\"version\"] = raw_cluster[\"version\"]\n        if raw_cluster[\"engine\"] != \"mongodb\":\n            cluster_dict[\"semantic_version\"] = raw_cluster[\"semantic_version\"]\n        cluster_dict[\"tags\"] = raw_cluster[\"tags\"]\n        cluster_dict[\"databases\"] = str(raw_cluster[\"db_names\"])\n\n        trusted_sources = set()\n        cluster_databases = await self.facade.database.get_firewalls(raw_cluster[\"id\"])\n        if cluster_databases:\n            for cluster_rule in cluster_databases[\"rules\"]:\n                trusted_sources.add(f\"{cluster_rule['type']}s:{cluster_rule['value']}\")\n\n        cluster_dict[\"trusted_sources\"] = (\n            trusted_sources if trusted_sources else \"False\"\n        )\n\n        if raw_cluster[\"engine\"] == \"mysql\":\n            legacy_encryption_users = set()\n            db_users = await self.facade.database.get_databaseusers(raw_cluster[\"id\"])\n            if db_users:\n                for db_user in db_users:\n                    if (\n                        db_user[\"mysql_settings\"][\"auth_plugin\"]\n                        == \"mysql_native_password\"\n                    ):\n                        legacy_encryption_users.add(db_user[\"name\"])\n            if legacy_encryption_users == \"None\":\n                cluster_dict[\"legacy_encryption_users\"] = \"True\"\n            else:\n                cluster_dict[\"legacy_encryption_users\"] = (\n                    str(legacy_encryption_users) if legacy_encryption_users else \"False\"\n                )\n        elif raw_cluster[\"engine\"] == \"redis\":\n            cluster_dict[\"eviction_policy\"] = (\n                await self.facade.database.get_eviction_policy(raw_cluster[\"id\"])\n            )\n\n        elif raw_cluster[\"engine\"] == \"pg\":\n            connection_pools = await self.facade.database.get_connection_pools(\n                raw_cluster[\"id\"]\n            )\n            cluster_dict[\"connection_pools\"] = (\n                connection_pools if connection_pools else \"False\"\n            )\n        return cluster_dict[\"id\"], cluster_dict\n"
  },
  {
    "path": "ScoutSuite/providers/do/resources/droplet/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/do/resources/droplet/base.py",
    "content": "from ScoutSuite.providers.do.facade.base import DoFacade\nfrom ScoutSuite.providers.do.resources.base import DoCompositeResources\nfrom ScoutSuite.providers.do.resources.droplet.droplets import Droplets\n\n\nclass Droplets(DoCompositeResources):\n    _children = [(Droplets, \"droplets\")]\n\n    def __init__(self, facade: DoFacade):\n        super().__init__(facade)\n        self.service = \"droplet\"\n\n    async def fetch_all(self, **kwargs):\n        await self._fetch_children(resource_parent=self)\n"
  },
  {
    "path": "ScoutSuite/providers/do/resources/droplet/droplets.py",
    "content": "from ScoutSuite.providers.do.resources.base import DoResources\nfrom ScoutSuite.providers.do.facade.base import DoFacade\n\n\nclass Droplets(DoResources):\n    def __init__(self, facade: DoFacade):\n        super().__init__(facade)\n\n    async def fetch_all(self):\n\n        droplets = await self.facade.droplet.get_droplets()\n        if droplets:\n            for droplet in droplets:\n                id, droplet = await self._parse_droplet(droplet)\n                self[id] = droplet\n\n    async def _parse_droplet(self, raw_droplet):\n        droplet_dict = {}\n\n        droplet_dict[\"id\"] = raw_droplet[\"id\"]\n        droplet_dict[\"name\"] = raw_droplet[\"name\"]\n        droplet_dict[\"memory\"] = raw_droplet[\"memory\"]\n        droplet_dict[\"vcpus\"] = raw_droplet[\"vcpus\"]\n        droplet_dict[\"disk\"] = raw_droplet[\"disk\"]\n        droplet_dict[\"locked\"] = raw_droplet[\"locked\"]\n        droplet_dict[\"status\"] = raw_droplet[\"status\"]\n        droplet_dict[\"kernel\"] = raw_droplet[\"kernel\"]\n        droplet_dict[\"created_at\"] = raw_droplet[\"created_at\"]\n        droplet_dict[\"features\"] = raw_droplet[\"features\"]\n        droplet_dict[\"backup_ids\"] = str(raw_droplet[\"backup_ids\"])\n        droplet_dict[\"next_backup_window\"] = raw_droplet[\"next_backup_window\"]\n        droplet_dict[\"snapshot_ids\"] = str(raw_droplet[\"snapshot_ids\"])\n        droplet_dict[\"image\"] = raw_droplet[\"image\"][\"slug\"]\n        droplet_dict[\"image_type\"] = raw_droplet[\"image\"][\"type\"]\n        droplet_dict[\"volume_ids\"] = str(raw_droplet[\"volume_ids\"])\n        droplet_dict[\"size\"] = raw_droplet[\"size\"][\"slug\"]\n        droplet_dict[\"size_slug\"] = raw_droplet[\"size_slug\"]\n        droplet_dict[\"networks\"] = str(raw_droplet[\"networks\"])\n        droplet_dict[\"region\"] = raw_droplet[\"region\"][\"slug\"]\n        droplet_dict[\"tags\"] = raw_droplet[\"tags\"]\n        droplet_dict[\"vpc_uuid\"] = raw_droplet[\"vpc_uuid\"]\n        droplet_dict[\"firewalls\"] = None\n\n        droplet_fwconfig = await self.facade.droplet.get_droplet_fwconfig(\n            raw_droplet[\"id\"]\n        )\n        public_ports = {}\n\n        if droplet_fwconfig:\n            if droplet_fwconfig[\"firewalls\"]:\n                droplet_dict[\"firewalls\"] = \"\"\n                for firewall in droplet_fwconfig[\"firewalls\"]:\n                    droplet_dict[\"firewalls\"] = (\n                        droplet_dict[\"firewalls\"] + \" , \" + firewall[\"id\"]\n                        if droplet_dict[\"firewalls\"]\n                        else firewall[\"id\"]\n                    )\n\n                    for rules in firewall[\"inbound_rules\"]:\n                        if (\n                            \"0.0.0.0/0\" in rules[\"sources\"][\"addresses\"]\n                            or \"::/0\" in rules[\"sources\"][\"addresses\"]\n                        ):\n                            public_ports[rules[\"ports\"]] = rules[\"sources\"][\"addresses\"]\n\n        droplet_dict[\"all_ports_exposed\"] = (\n            \"True\"\n            if (\"0\" in public_ports.keys() or not droplet_fwconfig[\"firewalls\"])\n            else \"False\"\n        )\n        droplet_dict[\"port_22_exposed\"] = (\n            \"True\"\n            if (\"22\" in public_ports.keys() or droplet_dict[\"all_ports_exposed\"])\n            else \"False\"\n        )\n\n        droplet_dict[\"public_ports_enabled\"] = \"True\" if public_ports else \"False\"\n        droplet_dict[\"public_port_detail\"] = (\n            f\"Port {','.join(public_ports.keys())} exposed to public internet due to this configuration {str(public_ports)}\"\n            if public_ports\n            else \"\"\n        )\n        droplet_dict[\"features_monitoring\"] = (\n            \"True\"\n            if (\"monitoring\" in droplet_dict[\"features\"])\n            else \"False\"\n        )\n        return droplet_dict[\"id\"], droplet_dict\n"
  },
  {
    "path": "ScoutSuite/providers/do/resources/kubernetes/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/do/resources/kubernetes/base.py",
    "content": "from ScoutSuite.providers.do.facade.base import DoFacade\nfrom ScoutSuite.providers.do.resources.base import DoCompositeResources\nfrom ScoutSuite.providers.do.resources.kubernetes.kubernetes import Kubernetes\n\n\nclass Kubernetes(DoCompositeResources):\n    _children = [(Kubernetes, \"kubernetes\")]\n\n    def __init__(self, facade: DoFacade):\n        super().__init__(facade)\n        self.service = \"kubernetes\"\n\n    async def fetch_all(self, **kwargs):\n        await self._fetch_children(resource_parent=self)\n"
  },
  {
    "path": "ScoutSuite/providers/do/resources/kubernetes/kubernetes.py",
    "content": "from ScoutSuite.providers.do.resources.base import DoResources\nfrom ScoutSuite.providers.do.facade.base import DoFacade\n\n\nclass Kubernetes(DoResources):\n    def __init__(self, facade: DoFacade):\n        super().__init__(facade)\n\n    async def fetch_all(self):\n        clusters = await self.facade.kubernetes.get_kubernetes()\n        if clusters:\n            for cluster in clusters:\n                id, cluster = await self._parse_cluster(cluster)\n                self[id] = cluster\n\n    async def _parse_cluster(self, raw_cluster):\n        cluster_dict = {}\n\n        cluster_dict[\"id\"] = raw_cluster[\"id\"]\n        cluster_dict[\"name\"] = raw_cluster[\"name\"]\n        cluster_dict[\"ha\"] = raw_cluster[\"ha\"]\n        cluster_dict[\"auto_upgrade\"] = raw_cluster[\"auto_upgrade\"]\n        cluster_dict[\"surge_upgrade\"] = raw_cluster[\"surge_upgrade\"]\n\n        return cluster_dict[\"id\"], cluster_dict\n"
  },
  {
    "path": "ScoutSuite/providers/do/resources/networking/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/do/resources/networking/base.py",
    "content": "from ScoutSuite.providers.do.facade.base import DoFacade\nfrom ScoutSuite.providers.do.resources.base import DoCompositeResources\nfrom ScoutSuite.providers.do.resources.networking.firewalls import Firewalls\nfrom ScoutSuite.providers.do.resources.networking.domains import Domains\nfrom ScoutSuite.providers.do.resources.networking.load_balancers import LoadBalancers\n\n\nclass Networking(DoCompositeResources):\n    _children = [\n        (Firewalls, \"firewalls\"),\n        (Domains, \"domains\"),\n        (LoadBalancers, \"load_balancers\"),\n    ]\n\n    def __init__(self, facade: DoFacade):\n        super().__init__(facade)\n        self.service = \"networking\"\n\n    async def fetch_all(self, **kwargs):\n        await self._fetch_children(resource_parent=self)\n"
  },
  {
    "path": "ScoutSuite/providers/do/resources/networking/domains.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.do.resources.base import DoResources\nfrom ScoutSuite.providers.do.facade.base import DoFacade\nimport re\n\n\nclass Domains(DoResources):\n    def __init__(self, facade: DoFacade):\n        super().__init__(facade)\n\n    async def fetch_all(self):\n        domains = await self.facade.networking.get_domains()\n        if domains:\n            for domain in domains:\n                name, domain = await self._parse_domain(domain)\n                if domain:\n                    self[name] = domain\n    async def _parse_domain(self, raw_domain):\n        domain_dict = {}\n        domain_dict[\"name\"] = raw_domain[\"name\"]\n        zone_file = raw_domain[\"zone_file\"]\n\n        spf_pattern = re.compile(r'.*TXT.*v=spf.*', re.IGNORECASE)\n        domain_dict[\"spf_record\"] = \"True\" if bool(re.search(spf_pattern, zone_file)) else \"False\"\n        dmarc_pattern = re.compile(r'.*TXT.*v=DMARC.*', re.IGNORECASE)\n        domain_dict[\"dmarc_record\"] = \"True\" if bool(re.search(dmarc_pattern, zone_file)) else \"False\"\n        dkim_pattern = re.compile(r'.*TXT.*v=DKIM.*', re.IGNORECASE)\n        domain_dict[\"dkim_record\"] = \"True\" if bool(re.search(dkim_pattern, zone_file)) else \"False\"\n\n        ttl_regex = r\"\\.\\s*(\\d+)\\s*IN\"\n        ttl_matches = re.findall(ttl_regex, zone_file)\n        numbers = [int(match) for match in ttl_matches]\n\n        domain_dict[\"highttl_records\"] = (\n            \"True\"\n            if max(numbers) > 3600\n            else \"False\"\n        )\n\n        pattern1 = re.compile(r'.*TXT.*v=spf.*~all', re.IGNORECASE)\n        pattern2 = re.compile(r'.*TXT.*v=spf.*\\+all', re.IGNORECASE)\n        domain_dict[\"spf_record_all\"] = (\n            \"True\"\n            if bool(re.search(pattern1, zone_file))  or bool(re.search(pattern2, zone_file)) \n            else \"False\"\n        )\n\n        return domain_dict[\"name\"], domain_dict"
  },
  {
    "path": "ScoutSuite/providers/do/resources/networking/firewalls.py",
    "content": "from ScoutSuite.providers.do.resources.base import DoResources\nfrom ScoutSuite.providers.do.facade.base import DoFacade\n\n\nclass Firewalls(DoResources):\n    def __init__(self, facade: DoFacade):\n        super().__init__(facade)\n\n    async def fetch_all(self):\n\n        firewalls = await self.facade.networking.get_firewalls()\n        if firewalls:\n            for firewall in firewalls:\n                id, firewall = await self._parse_firewall(firewall)\n                self[id] = firewall\n\n    async def _parse_firewall(self, raw_firewall):\n        firewall_dict = {}\n\n        firewall_dict[\"id\"] = raw_firewall[\"id\"]\n        firewall_dict[\"name\"] = raw_firewall[\"name\"]\n        firewall_dict[\"status\"] = raw_firewall[\"status\"]\n        firewall_dict[\"inbound_rules\"] = raw_firewall[\"inbound_rules\"]\n        firewall_dict[\"outbound_rules\"] = raw_firewall[\"outbound_rules\"]\n        firewall_dict[\"created_at\"] = raw_firewall[\"created_at\"]\n        firewall_dict[\"droplet_ids\"] = str(raw_firewall[\"droplet_ids\"])\n        firewall_dict[\"tags\"] = str(raw_firewall[\"tags\"])\n        firewall_dict[\"pending_changes\"] = str(raw_firewall[\"pending_changes\"])\n        public_ports = {}\n        for rules in raw_firewall[\"inbound_rules\"]:\n            if (\n                \"0.0.0.0/0\" in rules[\"sources\"][\"addresses\"]\n                or \"::/0\" in rules[\"sources\"][\"addresses\"]\n            ):\n                public_ports[rules[\"ports\"]] = rules[\"sources\"][\"addresses\"]\n\n        firewall_dict[\"all_ports_exposed\"] = (\n            \"True\" if (\"0\" in public_ports.keys()) else \"False\"\n        )\n        firewall_dict[\"public_ports_enabled\"] = \"True\" if public_ports else \"False\"\n        firewall_dict[\"public_port_detail\"] = (\n            f\"Port {','.join(public_ports.keys())} exposed to public internet due to this configuration {str(public_ports)}\"\n            if public_ports\n            else \"\"\n        )\n\n        return firewall_dict[\"id\"], firewall_dict\n"
  },
  {
    "path": "ScoutSuite/providers/do/resources/networking/load_balancers.py",
    "content": "from ScoutSuite.providers.do.resources.base import DoResources\nfrom ScoutSuite.providers.do.facade.base import DoFacade\n\n\nclass LoadBalancers(DoResources):\n    def __init__(self, facade: DoFacade):\n        super().__init__(facade)\n\n    async def fetch_all(self):\n        load_balancers = await self.facade.networking.get_load_balancers()\n        if load_balancers:\n            for load_balancer in load_balancers:\n                id, load_balancer = await self._parse_load_balancer(load_balancer)\n                self[id] = load_balancer\n\n    async def _parse_load_balancer(self, raw_load_balancer):\n        load_balancer_dict = {}\n\n        load_balancer_dict[\"id\"] = raw_load_balancer[\"id\"]\n        load_balancer_dict[\"name\"] = raw_load_balancer[\"name\"]\n        load_balancer_dict[\"name\"] = raw_load_balancer[\"name\"]\n        load_balancer_dict[\"redirect_http_to_https\"] = str(\n            raw_load_balancer[\"redirect_http_to_https\"]\n        )\n        load_balancer_dict[\"enable_backend_keepalive\"] = str(\n            raw_load_balancer[\"enable_backend_keepalive\"]\n        )\n        load_balancer_dict[\"droplet_ids\"] = str(raw_load_balancer[\"droplet_ids\"])\n        return load_balancer_dict[\"id\"], load_balancer_dict\n"
  },
  {
    "path": "ScoutSuite/providers/do/resources/spaces/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/do/resources/spaces/base.py",
    "content": "from ScoutSuite.providers.do.facade.base import DoFacade\nfrom ScoutSuite.providers.do.resources.base import DoCompositeResources\nfrom ScoutSuite.providers.do.resources.spaces.buckets import Buckets\n\n\nclass Spaces(DoCompositeResources):\n    _children = [(Buckets, \"buckets\")]\n\n    def __init__(self, facade: DoFacade):\n        super().__init__(facade)\n        self.service = \"buckets\"\n\n    async def fetch_all(self, **kwargs):\n        await self._fetch_children(resource_parent=self)\n"
  },
  {
    "path": "ScoutSuite/providers/do/resources/spaces/buckets.py",
    "content": "from ScoutSuite.providers.do.resources.base import DoResources\nfrom ScoutSuite.providers.do.facade.base import DoFacade\nfrom ScoutSuite.core.console import print_exception\nimport json\n\n\nclass Buckets(DoResources):\n    def __init__(self, facade: DoFacade):\n        super().__init__(facade)\n\n    async def fetch_all(self):\n\n        buckets = await self.facade.spaces.get_all_buckets()\n        if buckets:\n            for bucket in buckets:\n                id, bucket = await self._parse_buckets(bucket)\n                self[id] = bucket\n\n    async def _parse_buckets(self, raw_buckets):\n        buckets_dict = {}\n\n        buckets_dict[\"name\"] = raw_buckets[\"Name\"]\n        buckets_dict[\"public_read\"] = (\n            str(raw_buckets[\"grantees\"][\"AllUsers\"][\"permissions\"][\"read\"])\n            if \"AllUsers\" in raw_buckets.get(\"grantees\", {})\n            else False\n        )\n        buckets_dict[\"public_write\"] = (\n            raw_buckets[\"grantees\"][\"AllUsers\"][\"permissions\"][\"write\"]\n            if \"AllUsers\" in raw_buckets.get(\"grantees\", {})\n            else False\n        )\n        buckets_dict[\"read_acp\"] = (\n            raw_buckets[\"grantees\"][\"AllUsers\"][\"permissions\"][\"read_acp\"]\n            if \"AllUsers\" in raw_buckets.get(\"grantees\", {})\n            else False\n        )\n        buckets_dict[\"write_acp\"] = (\n            raw_buckets[\"grantees\"][\"AllUsers\"][\"permissions\"][\"write_acp\"]\n            if \"AllUsers\" in raw_buckets.get(\"grantees\", {})\n            else False\n        )\n        buckets_dict[\"CORS\"] = (\n            True\n            if \"CORS\" in raw_buckets and raw_buckets[\"CORS\"] and \"AllowedOrigins\" in raw_buckets[\"CORS\"][0]\n            else False\n        )        \n        return buckets_dict[\"name\"], buckets_dict"
  },
  {
    "path": "ScoutSuite/providers/do/rules/filters/.gitkeep",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/database-databases-mysql-publically-exposed.json",
    "content": "{\n    \"description\": \"Mysql Database cluster publically exposed\",\n    \"rationale\": \"Typically, only the application servers should be allowed to connect to the database cluster.\",\n    \"dashboard_name\": \"Databases\",\n    \"path\": \"database.databases.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"database.databases.id.trusted_sources\",\n            \"equal\",\n            \"False\"\n        ],\n        [\n            \"database.databases.id.engine\",\n            \"equal\",\n            \"mysql\"\n        ]\n    ],\n    \"id_suffix\": \"trusted_sources\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/database-databases-mysql-user-legacy-encryption.json",
    "content": "{\n    \"description\": \"Mysql Database user with Legacy MySQL 5.x encryption\",\n    \"rationale\": \"DigitalOcean Managed Databases using MySQL 8+ are automatically configured to use caching_sha2_password authentication by default. caching_sha2_password uses a stronger password encryption than prior versions of MySQL.\",\n    \"dashboard_name\": \"Databases\",\n    \"path\": \"database.databases.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"database.databases.id.legacy_encryption_users\",\n            \"notEqual\",\n            \"False\"\n        ],\n        [\n            \"database.databases.id.engine\",\n            \"equal\",\n            \"mysql\"\n        ]\n    ],\n    \"id_suffix\": \"legacy_encryption_users\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/database-databases-postgres-connection-pools.json",
    "content": "{\n    \"description\": \"No connection pools found for Postgres database\",\n    \"rationale\": \"When you use PostgreSQL without a connection pool, each client request creates a new connection to the database. This can lead to a high number of connections, which can cause performance issues and slow down your application. Connection pooling can help mitigate these issues by reusing existing connections instead of creating new ones for each request\",\n    \"dashboard_name\": \"Databases\",\n    \"path\": \"database.databases.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"database.databases.id.connection_pools\",\n            \"equal\",\n            \"False\"\n        ],\n        [\n            \"database.databases.id.engine\",\n            \"equal\",\n            \"pg\"\n        ]\n    ],\n    \"id_suffix\": \"connection_pools\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/database-databases-postgres-trusted-sources.json",
    "content": "{\n    \"description\": \"Databases publicly exposed\",\n    \"rationale\": \"Database services should restrict incoming requests only from trusted sources.\",\n    \"dashboard_name\": \"Databases\",\n    \"path\": \"database.databases.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"database.databases.id.trusted_sources\",\n            \"equal\",\n            \"False\"\n        ]\n    ],\n    \"id_suffix\": \"trusted_sources\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/database-databases-redis-evicition-policy.json",
    "content": "{\n    \"description\": \"Eviction policy for Redis database cluster not set to 'allkeys-lru'\",\n    \"rationale\": \"When Redis is used as a cache, it is often convenient to let it automatically evict old data as you add new data. Redis provides several eviction policies to choose from, including allkeys-lru, allkeys-lfu, volatile-lru, volatile-lfu, allkeys-random, volatile-random, and volatile-ttl 1. If you do not set an eviction policy, Redis will use the noeviction policy by default. This means that Redis will not evict any keys when the memory limit is reached, and any new values will not be saved 1. If you do not set an eviction policy and Redis runs out of memory, it will start to return errors for commands that could result in more memory being used 1. In general, it is recommended to use the allkeys-lru policy when you expect a power-law distribution in the popularity of your requests. That is, you expect a subset of elements will be accessed far more often than the rest\",\n    \"dashboard_name\": \"Databases\",\n    \"path\": \"database.databases.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"database.databases.id.eviction_policy\",\n            \"notEqual\",\n            \"allkeys_lru\"\n        ],\n        [\n            \"database.databases.id.engine\",\n            \"equal\",\n            \"redis\"\n        ]\n    ],\n    \"id_suffix\": \"eviction_policy\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/droplet-droplets-all-ports-exposed.json",
    "content": "{\n    \"description\": \"Droplets with all ports exposed to public\",\n    \"rationale\": \"Droplets should expose only required/intented ports to public internet\",\n    \"dashboard_name\": \"Droplets\",\n    \"path\": \"droplet.droplets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"droplet.droplets.id.all_ports_exposed\",\n            \"equal\",\n            \"True\"\n        ]\n    ],\n    \"id_suffix\": \"all_ports_exposed\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/droplet-droplets-backup-not-enabled.json",
    "content": "{\n    \"description\": \"Droplets with auto backups disabled\",\n    \"rationale\": \"Droplet backups feature should be enabled for disaster recovery.\",\n    \"dashboard_name\": \"Droplets\",\n    \"path\": \"droplet.droplets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"droplet.droplets.id.next_backup_window\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"next_backup_window\"\n}\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/droplet-droplets-backup-not-present.json",
    "content": "{\n    \"description\": \"Droplets having no backups present\",\n    \"rationale\": \"Droplets should have atleast 1 backup present for disaster recovery.\",\n    \"dashboard_name\": \"Droplets\",\n    \"path\": \"droplet.droplets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"droplet.droplets.id.backup_ids\",\n            \"equal\",\n            \"[]\"\n        ]\n    ],\n    \"id_suffix\": \"backup_ids\"\n}\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/droplet-droplets-custom-image.json",
    "content": "{\n    \"description\": \"Droplets with custom image\",\n    \"rationale\": \"Using custom images instead of those provided by Digital Ocean may result in reduced security control, as user-created images may not include the latest security patches and configurations that are routinely maintained and updated in provider-supplied images.\",\n    \"dashboard_name\": \"Droplets\",\n    \"path\": \"droplet.droplets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"droplet.droplets.id.image_type\",\n            \"equal\",\n            \"custom\"\n        ]\n    ],\n    \"id_suffix\": \"image_type\"\n}\n\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/droplet-droplets-features-monitoring.json",
    "content": "{\n    \"description\": \"Droplets without improved metrics monitoring enabled\",\n    \"rationale\": \"Droplets without improved metrics monitoring enabled\",\n    \"dashboard_name\": \"Droplets\",\n    \"path\": \"droplet.droplets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"droplet.droplets.id.features_monitoring\",\n            \"equal\",\n            \"False\"\n        ]\n    ],\n    \"id_suffix\": \"features_monitoring\"\n}\n\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/droplet-droplets-firewall-not-attached.json",
    "content": "{\n    \"description\": \"Droplets with no firewall attached\",\n    \"rationale\": \"Droplet should have a firewall atatched for enabling secure network configuration\",\n    \"dashboard_name\": \"Droplets\",\n    \"path\": \"droplet.droplets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"droplet.droplets.id.firewalls\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"firewalls\"\n}\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/droplet-droplets-port-22-exposed.json",
    "content": "{\n    \"description\": \"Droplets with port 22 exposed to public\",\n    \"rationale\": \"Droplets should have port 22 restricted to trusted networks\",\n    \"dashboard_name\": \"Droplets\",\n    \"path\": \"droplet.droplets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"droplet.droplets.id.port_22_exposed\",\n            \"equal\",\n            \"True\"\n        ]\n    ],\n    \"id_suffix\": \"port_22_exposed\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/droplet-droplets-snapshot-not-present.json",
    "content": "{\n    \"description\": \"Droplets having no snapshots present\",\n    \"rationale\": \"Droplets should have at least 1 snapshot present for strategic points of recovery, for instance, before a major change or update.\",\n    \"dashboard_name\": \"Droplets\",\n    \"path\": \"droplet.droplets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"droplet.droplets.id.snapshot_ids\",\n            \"equal\",\n            \"[]\"\n        ]\n    ],\n    \"id_suffix\": \"snapshot_ids\"\n}\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/kubernetes-kubernetes-autoupgrade-minor.json",
    "content": "{\n    \"description\": \"Auto-Upgrade Minor Version Patches Disabled\",\n    \"rationale\": \"Enabling auto-upgrade for minor version patches in Kubernetes on Digital Ocean enhances security by automatically applying the latest security patches and bug fixes, ensuring that the system is protected against vulnerabilities without upgrading to a new minor version.\",\n    \"dashboard_name\": \"Kubernetes\",\n    \"path\": \"kubernetes.kubernetes.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetes.kubernetes.id.auto_upgrade\",\n            \"equal\",\n            \"False\"\n        ]\n    ],\n    \"id_suffix\": \"auto_upgrade\"\n}\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/kubernetes-kubernetes-ha-enabled.json",
    "content": "{\n    \"description\": \"High Availability for Control Plane\",\n    \"rationale\": \"Enabling the High Availability Control Plane feature in Kubernetes on Digital Ocean ensures that the cluster remains operational even if one or more control nodes fail, enhancing the reliability and resilience of your applications. Please note that this feature cannot be disabled once it has been enabled.\",\n    \"dashboard_name\": \"Kubernetes\",\n    \"path\": \"kubernetes.kubernetes.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetes.kubernetes.id.ha\",\n            \"equal\",\n            \"False\"\n        ]\n    ],\n    \"id_suffix\": \"ha\"\n}\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/kubernetes-kubernetes-surge-upgrade.json",
    "content": "{\n    \"description\": \"Surge Upgrade Disabled\",\n    \"rationale\": \"Enabling surge updates in Digital Ocean allows for the creation of additional nodes during updates before pods draining, ensuring that new versions are fully operational before old ones are terminated, thus avoiding downtime.\",\n    \"dashboard_name\": \"Kubernetes\",\n    \"path\": \"kubernetes.kubernetes.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetes.kubernetes.id.surge_upgrade\",\n            \"equal\",\n            \"False\"\n        ]\n    ],\n    \"id_suffix\": \"surge_upgrade\"\n}\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/networking-domains-high-ttl.json",
    "content": "{\n    \"description\": \"Domain has a high TTL record\",\n    \"rationale\": \"Long TTLs delay the propagation of changes. For instance, if you update an IP address or switch services, clients will continue using old cached data until the TTL expires\",\n    \"dashboard_name\": \"Networking\",\n    \"path\": \"networking.domains.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"networking.domains.id.highttl_records\",\n            \"notEqual\",\n            \"False\"\n        ]\n    ],\n    \"id_suffix\": \"highttl_records\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/networking-domains-missing-dkim.json",
    "content": "{\n    \"description\": \"Domain is missing DKIM record\",\n    \"rationale\": \"DKIM helps prevent email spoofing by adding cryptographic signatures to your outgoing emails\",\n    \"dashboard_name\": \"Networking\",\n    \"path\": \"networking.domains.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"networking.domains.id.dkim_record\",\n            \"equal\",\n            \"False\"\n        ]\n    ],\n    \"id_suffix\": \"dkim_record\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/networking-domains-missing-dmarc.json",
    "content": "{\n    \"description\": \"Domain is missing DMARC record\",\n    \"rationale\": \"A DMARC policy tells a receiving email server what to do after checking a domain's Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) records, which are additional email authentication methods. Addtionally without DMARC, you won't be able receive reports about legitimate and unauthorized emails sent on behalf of your domain\",\n    \"dashboard_name\": \"Networking\",\n    \"path\": \"networking.domains.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"networking.domains.id.dmarc_record\",\n            \"equal\",\n            \"False\"\n        ]\n    ],\n    \"id_suffix\": \"dmarc_record\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/networking-domains-missing-spf.json",
    "content": "{\n    \"description\": \"Domain is missing SPF record\",\n    \"rationale\": \"Without an SPF record, attackers can spoof your domain by sending emails that appear to originate from your legitimate domain\",\n    \"dashboard_name\": \"Networking\",\n    \"path\": \"networking.domains.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"networking.domains.id.spf_record\",\n            \"equal\",\n            \"False\"\n        ]\n    ],\n    \"id_suffix\": \"spf_record\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/networking-domains-spf-overly-permissive.json",
    "content": "{\n    \"description\": \"Domain has a overly permissive SPF record\",\n    \"rationale\": \"Overly permissive SPF record allows the anyone to send emails on your domain's behalf\",\n    \"dashboard_name\": \"Networking\",\n    \"path\": \"networking.domains.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"networking.domains.id.spf_record_all\",\n            \"notEqual\",\n            \"False\"\n        ]\n    ],\n    \"id_suffix\": \"spf_record_all\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/networking-firewalls-public-ports.json",
    "content": "{\n    \"description\": \"Firewalls with publically exposed ports\",\n    \"rationale\": \"Firewalls should not expose sensitive exposed to public internet.\",\n    \"dashboard_name\": \"Networking\",\n    \"path\": \"networking.firewalls.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"networking.firewalls.id.public_ports_enabled\",\n            \"equal\",\n            \"True\"\n        ]\n    ],\n    \"id_suffix\": \"public_ports_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/networking-firewalls-quad-zero.json",
    "content": "{\n    \"description\": \"Firewalls with quad zero configuration\",\n    \"rationale\": \"Firewalls with quad zero configuration expose all ports to public internet\",\n    \"dashboard_name\": \"Networking\",\n    \"path\": \"networking.firewalls.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"networking.firewalls.id.all_ports_exposed\",\n            \"equal\",\n            \"True\"\n        ]\n    ],\n    \"id_suffix\": \"all_ports_exposed\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/networking-load-balancer-backend-keepalive-disabled.json",
    "content": "{\n    \"description\": \"Load Balancer with backend Keepalive disabled\",\n    \"rationale\": \"Consider enabling Keep-Alive to improve performance, reduce latency and load\",\n    \"dashboard_name\": \"Networking\",\n    \"path\": \"networking.load_balancers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"networking.load_balancers.id.enable_backend_keepalive\",\n            \"equal\",\n            \"False\"\n        ]\n    ],\n    \"id_suffix\": \"enable_backend_keepalive\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/networking-load-balancer-ssl-redirect-disabled.json",
    "content": "{\n    \"description\": \"Load Balancer with SSL redirects disabled\",\n    \"rationale\": \"SSL redirects should be enabled to enforce https connection\",\n    \"dashboard_name\": \"Networking\",\n    \"path\": \"networking.load_balancers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"networking.load_balancers.id.redirect_http_to_https\",\n            \"equal\",\n            \"False\"\n        ]\n    ],\n    \"id_suffix\": \"redirect_http_to_https\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/networking-load-balancer-without-droplet.json",
    "content": "{\n    \"description\": \"Load Balancer without attached Droplets\",\n    \"rationale\": \"Load Balancer without attached Droplets\",\n    \"dashboard_name\": \"Networking\",\n    \"path\": \"networking.load_balancers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"networking.load_balancers.id.droplet_ids\",\n            \"equal\",\n            \"[]\"\n        ]\n    ],\n    \"id_suffix\": \"droplet_ids\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/spaces-buckets-cors.json",
    "content": "{\n    \"description\": \"CORS not configured in bucket\",\n    \"rationale\": \"CORS configuration in a bucket may significantly restrict web-based applications from accessing resources across different domains, potentially limiting the bucket's usefulness for content delivery and integration with external web services.\",\n    \"dashboard_name\": \"Spaces\",\n    \"path\": \"spaces.buckets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"spaces.buckets.id.CORS\",\n            \"equal\",\n            \"False\"\n        ]\n    ],\n    \"id_suffix\": \"CORS\"\n}\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/spaces-buckets-public-read.json",
    "content": "{\n    \"description\": \"Bucket with public read access\",\n    \"rationale\": \"Buckets with sensitive data must be private only.\",\n    \"dashboard_name\": \"Spaces\",\n    \"path\": \"spaces.buckets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"spaces.buckets.id.public_read\",\n            \"equal\",\n            \"True\"\n        ]\n    ],\n    \"id_suffix\": \"public_read\"\n}\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/findings/spaces-buckets-public-write.json",
    "content": "{\n    \"description\": \"Bucket with public write access\",\n    \"rationale\": \"Buckets with sensitive data must be private only.\",\n    \"dashboard_name\": \"Spaces\",\n    \"path\": \"spaces.buckets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"spaces.buckets.id.public_write\",\n            \"equal\",\n            \"true\"\n        ]\n    ],\n    \"id_suffix\": \"public_write\"\n}\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/rulesets/default.json",
    "content": "{\n  \"about\": \"Default ruleset for DigitalOcean.\",\n  \"rules\": {\n    \"droplet-droplets-backup-not-enabled.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"danger\"\n      }\n    ],\n    \"droplet-droplets-snapshot-not-present.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"warning\"\n      }\n    ],\n    \"networking-load-balancer-without-droplet.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"warning\"\n      }\n    ],\n    \"droplet-droplets-custom-image.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"warning\"\n      }\n    ],\n    \"droplet-droplets-backup-not-present.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"warning\"\n      }\n    ],\n    \"droplet-droplets-firewall-not-attached.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"danger\"\n      }\n    ],\n    \"droplet-droplets-port-22-exposed.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"warning\"\n      }\n    ],\n    \"droplet-droplets-all-ports-exposed.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"danger\"\n      }\n    ],\n    \"spaces-buckets-public-read.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"danger\"\n      }\n    ],\n    \"spaces-buckets-cors.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"warning\"\n      }\n    ],\n    \"networking-firewalls-public-ports.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"warning\"\n      }\n    ],\n    \"networking-firewalls-quad-zero.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"danger\"\n      }\n    ],\n    \"networking-load-balancer-ssl-redirect-disabled.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"danger\"\n      }\n    ],\n    \"networking-load-balancer-backend-keepalive-disabled.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"warning\"\n      }\n    ],\n    \"networking-domains-missing-spf.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"danger\"\n      }\n    ],\n    \"networking-domains-missing-dkim.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"warning\"\n      }\n    ],\n    \"networking-domains-missing-dmarc.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"warning\"\n      }\n    ],\n    \"networking-domains-spf-overly-permissive.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"danger\"\n      }\n    ],\n    \"networking-domains-high-ttl.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"warning\"\n      }\n    ],\n    \"database-databases-mysql-user-legacy-encryption.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"danger\"\n      }\n    ],\n    \"database-databases-redis-evicition-policy.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"warning\"\n      }\n    ],\n    \"database-databases-postgres-connection-pools.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"warning\"\n      }\n    ],\n    \"database-databases-postgres-trusted-sources.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"danger\"\n      }\n    ],\n    \"droplet-droplets-features-monitoring.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"warning\"\n      }\n    ],\n    \"kubernetes-kubernetes-ha-enabled.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"warning\"\n      }\n    ],\n    \"kubernetes-kubernetes-surge-upgrade.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"danger\"\n      }\n    ],\n    \"kubernetes-kubernetes-autoupgrade-minor.json\": [\n      {\n        \"enabled\": true,\n        \"level\": \"warning\"\n      }\n    ]\n  }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/rules/rulesets/filters.json",
    "content": "{\n    \"about\": \"Default set of filters for Scout\",\n    \"rules\": {}\n}\n"
  },
  {
    "path": "ScoutSuite/providers/do/services.py",
    "content": "from ScoutSuite.providers.do.authentication_strategy import DoCredentials\nfrom ScoutSuite.providers.do.resources.droplet.base import Droplets\nfrom ScoutSuite.providers.do.resources.spaces.base import Spaces\nfrom ScoutSuite.providers.do.resources.networking.base import Networking\nfrom ScoutSuite.providers.do.resources.database.base import Databases\nfrom ScoutSuite.providers.do.resources.kubernetes.base import Kubernetes\nfrom ScoutSuite.providers.do.facade.base import DoFacade\nfrom ScoutSuite.providers.base.services import BaseServicesConfig\n\n\nclass DigitalOceanServicesConfig(BaseServicesConfig):\n    def __init__(self, credentials: DoCredentials = None, **kwargs):\n        super().__init__(credentials)\n\n        facade = DoFacade(credentials)\n\n        self.droplet = Droplets(facade)\n        self.networking = Networking(facade)\n        self.database = Databases(facade)\n        self.kubernetes = Kubernetes(facade)\n        if self.credentials.session:\n            self.spaces = Spaces(facade)\n\n    def _is_provider(self, provider_name):\n        return provider_name == \"do\"\n"
  },
  {
    "path": "ScoutSuite/providers/do/utils.py",
    "content": "import boto3\nfrom ScoutSuite.core.console import print_exception, print_debug, print_warning\n\n\ndef get_client(service: str, session: boto3.session.Session, region: str = None):\n    \"\"\"\n    Instantiates an DO Spaces API client\n\n    \"\"\"\n\n    try:\n        return (\n            session.client(\n                service,\n                region_name=region,\n                endpoint_url=\"https://\" + region + \".digitaloceanspaces.com\",\n            )\n            if region\n            else session.client(service)\n        )\n    except Exception as e:\n        print_exception(f\"Failed to create client for the {service} service: {e}\")\n        return None\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/gcp/authentication_strategy.py",
    "content": "import logging\nimport os\nimport warnings\n\nfrom google import auth\n\nfrom ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy, AuthenticationException\n\n\nclass GCPAuthenticationStrategy(AuthenticationStrategy):\n\n    def authenticate(self, user_account=None, service_account=None, **kwargs):\n        \"\"\"\n        Implements authentication for the GCP provider\n        Refer to https://google-auth.readthedocs.io/en/stable/reference/google.auth.html.\n        \"\"\"\n\n        try:\n\n            # Set logging level to error for libraries as otherwise generates a lot of warnings\n            logging.getLogger('googleapiclient').setLevel(logging.ERROR)\n            logging.getLogger('google.auth').setLevel(logging.ERROR)\n            logging.getLogger('google_auth_httplib2').setLevel(logging.ERROR)\n            logging.getLogger('urllib3').setLevel(logging.ERROR)\n\n            if user_account:\n                # disable GCP warning about using User Accounts\n                warnings.filterwarnings(\"ignore\", \"Your application has authenticated using end user credentials\")\n            elif service_account:\n                client_secrets_path = os.path.abspath(service_account)\n                os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = client_secrets_path\n            else:\n                raise AuthenticationException('Failed to authenticate to GCP - no supported account type')\n\n            credentials, default_project_id = auth.default()\n\n            if not credentials:\n                raise AuthenticationException('No credentials')\n\n            credentials.is_service_account = service_account is not None\n            credentials.default_project_id = default_project_id\n\n            return credentials\n\n        except Exception as e:\n            raise AuthenticationException(e)\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/facade/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/gcp/facade/base.py",
    "content": "import json\nimport asyncio\n\nfrom ScoutSuite.core.console import print_exception, print_info, print_warning, print_debug\nfrom ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade\nfrom ScoutSuite.providers.gcp.facade.cloudresourcemanager import CloudResourceManagerFacade\nfrom ScoutSuite.providers.gcp.facade.cloudsql import CloudSQLFacade\nfrom ScoutSuite.providers.gcp.facade.memorystoreredis import MemoryStoreRedisFacade\nfrom ScoutSuite.providers.gcp.facade.cloudstorage import CloudStorageFacade\nfrom ScoutSuite.providers.gcp.facade.gce import GCEFacade\nfrom ScoutSuite.providers.gcp.facade.dns import DNSFacade\nfrom ScoutSuite.providers.gcp.facade.iam import IAMFacade\nfrom ScoutSuite.providers.gcp.facade.kms import KMSFacade\nfrom ScoutSuite.providers.gcp.facade.stackdriverlogging import StackdriverLoggingFacade\nfrom ScoutSuite.providers.gcp.facade.stackdrivermonitoring import StackdriverMonitoringFacade\nfrom ScoutSuite.providers.gcp.facade.gke import GKEFacade\nfrom ScoutSuite.providers.gcp.facade.functions import FunctionsFacade\nfrom ScoutSuite.providers.gcp.facade.bigquery import BigQueryFacade\nfrom ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils\nfrom ScoutSuite.utils import format_service_name\n\n\nclass GCPFacade(GCPBaseFacade):\n    def __init__(self,\n                 default_project_id=None, project_id=None, folder_id=None, organization_id=None, all_projects=None):\n        super().__init__('cloudresourcemanager', 'v1')\n\n        self.default_project_id = default_project_id\n        self.all_projects = all_projects\n        self.project_id = project_id\n        self.folder_id = folder_id\n        self.organization_id = organization_id\n\n        self.cloudresourcemanager = CloudResourceManagerFacade()\n        self.cloudsql = CloudSQLFacade()\n        self.cloudstorage = CloudStorageFacade()\n        self.memorystoreredis = MemoryStoreRedisFacade()\n        self.gce = GCEFacade()\n        self.functions = FunctionsFacade()\n        self.bigquery = BigQueryFacade()\n        self.iam = IAMFacade()\n        self.kms = KMSFacade()\n        self.dns = DNSFacade()\n        self.stackdriverlogging = StackdriverLoggingFacade()\n        self.stackdrivermonitoring = StackdriverMonitoringFacade()\n\n        # lock to minimize concurrent calls to get_services()\n        self.projects_services_lock = False\n        self.projects_services = {}\n\n        # Instantiate facades for proprietary services\n        try:\n            self.gke = GKEFacade(self.gce)\n        except NameError as _:\n            pass\n\n    async def get_projects(self):\n        try:\n            # All projects to which the user / Service Account has access to\n            if self.all_projects:\n                return await self._get_projects_recursively(\n                    parent_type='all', parent_id=None)\n            # Project passed through the CLI\n            elif self.project_id:\n                return await self._get_projects_recursively(\n                    parent_type='project', parent_id=self.project_id)\n            # Folder passed through the CLI\n            elif self.folder_id:\n                return await self._get_projects_recursively(\n                    parent_type='folder', parent_id=self.folder_id)\n            # Organization passed through the CLI\n            elif self.organization_id:\n                return await self._get_projects_recursively(\n                    parent_type='organization', parent_id=self.organization_id)\n            # Project inferred from default configuration\n            elif self.default_project_id:\n                return await self._get_projects_recursively(\n                    parent_type='project', parent_id=self.default_project_id)\n            # Raise exception if none of the above\n            else:\n                print_info(\n                    \"Could not infer the Projects to scan and no default Project ID was found.\")\n                return []\n\n        except Exception as e:\n            print_exception(f'Failed to retrieve projects: {e}')\n            return []\n\n    async def _get_projects_recursively(self, parent_type, parent_id):\n        \"\"\"\n        Returns all the projects in a given organization or folder. For a project_id it only returns the project\n        details.\n\n        # FIXME can't currently be done with API client library as it consumes v1 which doesn't support folders\n        resource_manager_client = resource_manager.Client(credentials=self.credentials)\n        project_list = resource_manager_client.list_projects()\n        for p in project_list:\n            if p.parent['id'] == self.organization_id and p.status == 'ACTIVE':\n                projects.append(p.project_id)\n        \"\"\"\n\n        if parent_type not in ['project', 'organization', 'folder', 'all']:\n            return None\n\n        resourcemanager_client = self._get_client()\n        resourcemanager_client_v2 = self._build_arbitrary_client('cloudresourcemanager', 'v2', force_new=True)\n\n        projects = []\n\n        try:\n            projects_group = resourcemanager_client.projects()\n\n            if parent_type == 'project':\n                request = resourcemanager_client.projects().list(filter='id:\"%s\"' % parent_id)\n            elif parent_type == 'all':\n                request = resourcemanager_client.projects().list()\n            # get parent children projects\n            else:\n                request = resourcemanager_client.projects().list(filter='parent.id:\"%s\"' % parent_id)\n\n                # get parent children projects in children folders recursively\n                folder_request = resourcemanager_client_v2.folders().list(parent=f'{parent_type}s/{parent_id}')\n                folder_response = await GCPFacadeUtils.get_all('folders', folder_request, projects_group)\n                for folder in folder_response:\n                    projects.extend(await self._get_projects_recursively(\"folder\", folder['name'].strip('folders/')))\n\n            project_response = await GCPFacadeUtils.get_all('projects', request, projects_group)\n            if project_response:\n                for project in project_response:\n                    if project['lifecycleState'] == \"ACTIVE\":\n                        projects.append(project)\n            else:\n                print_exception('No Projects Found, '\n                                'you may have specified a non-existing Organization, Folder or Project')\n\n        except Exception as e:\n            print_level = print_exception\n            exception_str = str(e)\n            try:\n                if 'The service is currently unavailable' in exception_str or 'Internal error encountered' in exception_str:\n                    print_level = print_warning\n                if hasattr(e, 'content'):\n                    content = e.content.decode(\"utf-8\")\n                    content_dict = json.loads(content)\n                    exception_str = content_dict.get(\"error\").get(\"message\")\n            except Exception:\n                # The default output level and message have been set. Use those in the event of any error processing the exception.\n                pass\n\n            print_level(f'Unable to list accessible Projects: {exception_str}')\n\n        finally:\n            return projects\n\n    async def get_enabled_services(self, project_id, attempt=1, has_lock=False):\n        timeout = 60*attempt\n        if project_id not in self.projects_services:\n            # not locked, make query\n            if has_lock or not self.projects_services_lock:\n                self.projects_services_lock = True\n                try:\n                    serviceusage_client = self._build_arbitrary_client('serviceusage', 'v1', force_new=True)\n                    services = serviceusage_client.services()\n                    request = services.list(parent=f'projects/{project_id}', pageSize=200, filter=\"state:ENABLED\")\n                    services_response = await GCPFacadeUtils.get_all('services', request, services)\n                    self.projects_services[project_id] = services_response\n                    self.projects_services_lock = False\n                    return self.projects_services[project_id]\n                except Exception as e:\n                    # hit quota, wait and retry\n                    if ('API_SHARED_QUOTA_EXHAUSTED' in str(e) or 'RATE_LIMIT_EXCEEDED' in str(e)) and attempt <= 10:\n                        print_warning(f\"Service Usage quotas exceeded for project \\\"{project_id}\\\", retrying in {timeout}s\")\n                        await asyncio.sleep(timeout)\n                        return await self.get_enabled_services(project_id, attempt + 1, has_lock=True)\n                    # unknown error\n                    else:\n                        print_warning(f\"Could not fetch the state of services for project \\\"{project_id}\\\": {e}\")\n                        self.projects_services_lock = False\n                        return None\n            # locked, wait and retry\n            else:\n                if attempt <= 10:  # need to set a limit to ensure we don't hit recursion limits\n                    if attempt != 1:\n                        print_debug(f\"Lock already acquired for get_services() on project \\\"{project_id}\\\", retrying in {timeout}s\")\n                        await asyncio.sleep(timeout)\n                    # set a lower threshold for the first attempt so that execution runs faster when there aren't any issues\n                    else:\n                        await asyncio.sleep(10)\n                    return await self.get_enabled_services(project_id, attempt + 1)\n                else:\n                    print_warning(f\"Could not fetch the state of services for project \\\"{project_id}\\\", \"\n                                  f\"exiting before hitting maximum recursion\")\n                    return None\n        else:\n            return self.projects_services[project_id]\n\n    async def is_api_enabled(self, project_id, service):\n        \"\"\"\n        Given a project ID and service name, this method tries to determine if the service's API is enabled\n        \"\"\"\n\n        # These are hardcoded endpoint correspondences as there's no easy way to do this.\n        incorrect_endpoints = []\n        # All projects have IAM policies regardless of whether the IAM API is enabled.\n        if service == 'IAM':\n            return True\n        # These are hardcoded endpoint correspondences as there's no easy way to do this.\n        elif service == 'KMS':\n            endpoint = 'cloudkms'\n        elif service == 'CloudStorage':\n            endpoint = 'storage-component'\n        elif service == 'CloudSQL':\n            endpoint = 'sqladmin'\n        elif service == 'ComputeEngine':\n            endpoint = 'compute'\n        elif service == 'Functions':\n            endpoint = 'cloudfunctions'\n        elif service == 'BigQuery':\n            endpoint = 'bigquery'\n            incorrect_endpoints.append('annotation-bigquery-public-data.cloudpartnerservices.goog')\n        elif service == 'KubernetesEngine':\n            endpoint = 'container'\n        elif service == 'StackdriverLogging':\n            endpoint = 'logging'\n        elif service == 'StackdriverMonitoring':\n            endpoint = 'monitoring'\n        elif service == 'MemoryStore':\n            endpoint = 'redis'\n        elif service == 'DNS':\n            endpoint = 'dns'\n        else:\n            print_warning(f\"Could not validate the state of the {format_service_name(service.lower())} API \"\n                          f\"for project \\\"{project_id}\\\" (unknown endpoint), including it in the execution\")\n            return True\n\n        try:\n            enabled_services = await self.get_enabled_services(project_id)\n            if enabled_services == None:\n                print_warning(f\"Could not identify enabled services, including {service}\")\n                return True\n            for s in enabled_services:\n                if endpoint in s.get('name') and s.get('config').get('name') not in incorrect_endpoints:\n                    print_debug(f'{format_service_name(service.lower())} API enabled for '\n                                f'project \\\"{project_id}\\\", including')\n                    return True\n            print_info(f'{format_service_name(service.lower())} API not enabled for '\n                       f'project \\\"{project_id}\\\", skipping')\n            return False\n        except Exception as e:\n            print_warning(f\"Could not validate the state of the {format_service_name(service.lower())} API \"\n                          f\"for project \\\"{project_id}\\\": \\\"{e}\\\", including it in the execution\")\n            return True\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/facade/basefacade.py",
    "content": "# Since the HTTP library used by the Google API Client library is not\n# thread-safe, we leverage https://github.com/GoogleCloudPlatform/httplib2shim\n# resolves the following:\n#   - https://github.com/nccgroup/ScoutSuite/issues/443\n#   - https://github.com/nccgroup/ScoutSuite/issues/665\nimport httplib2shim\nhttplib2shim.patch()\n\nfrom googleapiclient import http\nfrom googleapiclient import discovery\n\nfrom ScoutSuite.utils import get_user_agent\n\n\nclass GCPBaseFacade:\n    def __init__(self, client_name: str, client_version: str):\n        self._client_name = client_name\n        self._client_version = client_version\n        self._client = None\n\n    def _build_client(self) -> discovery.Resource:\n        return self._build_arbitrary_client(self._client_name, self._client_version)\n\n    def _build_arbitrary_client(self, client_name, client_version, force_new=False):\n        \"\"\"\n        :param client_name: name of the service\n        :param client_version:  version of the client to create\n        :param force_new: whether to create a new client - useful to create arbitrary clients from facades\n        :return:\n        \"\"\"\n\n        if force_new:\n            client = discovery.build(client_name, client_version, cache_discovery=False, cache=MemoryCache())\n            http.set_user_agent(client._http, get_user_agent())  # force set custom user agent\n            return client\n        else:\n            if not self._client:\n                client = discovery.build(client_name, client_version, cache_discovery=False, cache=MemoryCache())\n                http.set_user_agent(client._http, get_user_agent())  # force set custom user agent\n                self._client = client\n            return self._client\n\n    def _get_client(self) -> discovery.Resource:\n        return self._build_client()\n\n\nclass MemoryCache:\n    \"\"\"\n    Workaround https://github.com/googleapis/google-api-python-client/issues/325#issuecomment-274349841\n    \"\"\"\n    _cache = {}\n\n    def get(self, url):\n        return MemoryCache._cache.get(url)\n\n    def set(self, url, content):\n        MemoryCache._cache[url] = content\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/facade/bigquery.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade\nfrom ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils\nfrom ScoutSuite.providers.utils import map_concurrently, run_concurrently\n\n\nclass BigQueryFacade(GCPBaseFacade):\n    def __init__(self):\n\n        super().__init__('bigquery', 'v2')  # API Client\n\n    async def get_datasets(self, project_id: str):\n        try:\n            bigquery_client = self._get_client()\n            datasets = bigquery_client.datasets()\n\n            # get list of datasets\n            request = datasets.list(projectId=project_id)\n            results = await GCPFacadeUtils.get_all('datasets', request, datasets)\n            # extract ids\n            dataset_ids = [dataset.get('id').split(':')[-1] for dataset in results]\n        except Exception as e:\n            print_exception(f'Failed to list BigQuery datasets: {e}')\n            return []\n        else:\n            return await map_concurrently(self._get_dataset, dataset_ids, project_id=project_id)\n\n    async def _get_dataset(self, dataset_id: str, project_id: str):\n        try:\n            bigquery_client = self._get_client()\n            datasets = bigquery_client.datasets()\n            request = datasets.get(projectId=project_id, datasetId=dataset_id)\n            return await run_concurrently(\n                lambda: request.execute()\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve BigQuery datasets {dataset_id}: {e}')\n            return {}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/facade/cloudresourcemanager.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade\nfrom ScoutSuite.providers.utils import run_concurrently\n\nclass CloudResourceManagerFacade(GCPBaseFacade):\n    def __init__(self):\n        super().__init__('cloudresourcemanager', 'v1')\n\n    async def get_member_bindings(self, project_id: str):\n        try:\n            cloudresourcemanager_client = self._get_client()\n            response = await run_concurrently(\n                    lambda: cloudresourcemanager_client.projects().getIamPolicy(resource=project_id).execute()\n            )\n            return response.get('bindings', [])\n        except Exception as e:\n            print_exception(f'Failed to retrieve project IAM policy bindings: {e}')\n            return []\n        \n\n\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/facade/cloudsql.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade\nfrom ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils\nfrom ScoutSuite.providers.utils import run_concurrently\n\nclass CloudSQLFacade(GCPBaseFacade):\n    def __init__(self):\n        super().__init__('sqladmin', 'v1beta4')\n\n    async def get_backups(self, project_id: str, instance_name: str):\n        try:\n            cloudsql_client = self._get_client()\n            backups_group = cloudsql_client.backupRuns()\n            request = backups_group.list(project=project_id, instance=instance_name)\n            return await GCPFacadeUtils.get_all('items', request, backups_group)\n        except Exception as e:\n            print_exception(f'Failed to retrieve database instance backups: {e}')\n            return []\n\n    async def get_database_instances(self, project_id: str):\n        try:\n            cloudsql_client = self._get_client()\n            instances_group = cloudsql_client.instances()\n            request = instances_group.list(project=project_id)\n            return await GCPFacadeUtils.get_all('items', request, instances_group)\n        except Exception as e:\n            print_exception(f'Failed to retrieve database instances: {e}')\n            return []\n\n    async def get_users(self, project_id: str, instance_name: str):\n        try:\n            cloudsql_client = self._get_client()\n            response = await run_concurrently(\n                    lambda: cloudsql_client.users().list(project=project_id, instance=instance_name).execute()\n            )\n            return response.get('items', [])\n        except Exception as e:\n            if 'The requested operation is not valid for an on-premises instance.' in str(e):\n                return []\n            if 'Invalid request since instance is not running' not in str(e):\n                print_exception(f'Failed to retrieve database instance users: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/facade/cloudstorage.py",
    "content": "from google.cloud import storage\nfrom google.api_core.gapic_v1.client_info import ClientInfo\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently\nfrom ScoutSuite.utils import get_user_agent\n\n\nclass CloudStorageFacade:\n\n    def get_client(self, project_id: str):\n        client_info = ClientInfo(user_agent=get_user_agent())\n        client = storage.Client(project=project_id,\n                                client_info=client_info)\n        return client\n\n    async def get_buckets(self, project_id: str):\n        try:\n            client = self.get_client(project_id)\n            buckets = await run_concurrently(lambda: list(client.list_buckets()))\n            await get_and_set_concurrently([self._get_and_set_bucket_logging, \n                self._get_and_set_bucket_iam_policy], buckets)\n            return buckets\n        except Exception as e:\n            print_exception(f'Failed to retrieve storage buckets: {e}')\n            return []\n\n    async def _get_and_set_bucket_logging(self, bucket):\n        try:\n            bucket_logging = await run_concurrently(lambda: bucket.get_logging())\n            setattr(bucket, 'logging', bucket_logging)\n        except Exception as e:\n            print_exception(f'Failed to retrieve bucket logging: {e}')\n            setattr(bucket, 'logging', None)\n\n    async def _get_and_set_bucket_iam_policy(self, bucket):\n        try:\n            bucket_iam_policy = await run_concurrently(lambda: bucket.get_iam_policy())\n            setattr(bucket, 'iam_policy', bucket_iam_policy)\n        except Exception as e:\n            print_exception(f'Failed to retrieve bucket IAM policy: {e}')\n            setattr(bucket, 'iam_policy',  None)\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/facade/dns.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade\nfrom ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils\nfrom ScoutSuite.providers.utils import run_concurrently\n\n\nclass DNSFacade(GCPBaseFacade):\n    def __init__(self):\n        super().__init__('dns', 'v1')\n\n    async def get_zones(self, project_id):\n        try:\n            dns_client = self._get_client()\n            return await run_concurrently(\n                lambda: dns_client.managedZones().list(project=project_id).execute()\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve zones: {e}')\n            return {}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/facade/functions.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade\nfrom ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils\nfrom ScoutSuite.providers.utils import map_concurrently, run_concurrently, get_and_set_concurrently\n\n\nclass FunctionsFacade(GCPBaseFacade):\n    def __init__(self):\n        # The version needs to be set per-function\n        super().__init__('cloudfunctions', None)  # API Client\n\n    async def get_functions_v1(self, project_id: str):\n        return await self._get_functions_version(\"v1\", project_id)\n\n    async def get_functions_v2(self, project_id: str):\n        return await self._get_functions_version(\"v2alpha\", project_id)\n\n    async def _get_functions_version(self, api_version: str, project_id: str):\n        try:\n            # get list of functions\n            list_results = await self._list_functions_version(project_id, api_version)\n            # get list of function names\n            functions_list = [function.get('name') for function in list_results]\n        except Exception as e:\n            print_exception(f'Failed to list Cloud Functions functions ({api_version}): {e}')\n            return []\n        else:\n            functions = await map_concurrently(self._get_function_version, functions_list, api_version=api_version)\n            await get_and_set_concurrently([self._get_and_set_function_iam_policy],\n                                           functions,\n                                           api_version=api_version)\n            return functions\n\n    async def _list_functions_version(self, project_id: str, api_version: str):\n        functions_client = self._build_arbitrary_client(self._client_name, api_version, force_new=True)\n        parent = f'projects/{project_id}/locations/-'\n        functions = functions_client.projects().locations().functions()\n        request = functions.list(parent=parent)\n        results = await GCPFacadeUtils.get_all('functions', request, functions)\n        return results\n\n    async def _get_function_version(self, name: str, api_version: str):\n        try:\n            functions_client = self._build_arbitrary_client(self._client_name, api_version, force_new=True)\n            functions = functions_client.projects().locations().functions()\n            request = functions.get(name=name)\n            return await run_concurrently(lambda: request.execute())\n        except Exception as e:\n            print_exception(f'Failed to get Cloud Functions functions ({api_version}): {e}')\n            return {}\n\n    async def _get_and_set_function_iam_policy(self, function, api_version: str):\n        try:\n            functions_client = self._build_arbitrary_client(self._client_name, api_version, force_new=True)\n            functions = functions_client.projects().locations().functions()\n            request = functions.getIamPolicy(resource=function.get('name'))\n            policy = await run_concurrently(lambda: request.execute())\n            # setattr(function, 'bindings', policy.get('bindings', []))\n            function['bindings'] = policy.get('bindings', [])\n        except Exception as e:\n            print_exception(f'Failed to get bindings for Cloud Functions function {function.get(\"name\")} '\n                            f'({api_version}): {e}')\n            function['bindings'] = []\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/facade/gce.py",
    "content": "from ScoutSuite.core.console import print_exception, print_warning\nfrom ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade\nfrom ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils\nfrom ScoutSuite.providers.utils import run_concurrently\n\n\nclass GCEFacade(GCPBaseFacade):\n    def __init__(self):\n        super().__init__('compute', 'v1')\n\n    async def get_disks(self, project_id, zone):\n        try:\n            gce_client = self._get_client()\n            request = gce_client.disks().list(project=project_id, zone=zone)\n            disks_group = gce_client.disks()\n            return await GCPFacadeUtils.get_all('items', request, disks_group)\n        except Exception as e:\n            print_exception(f'Failed to retrieve disks: {e}')\n            return []\n\n    async def get_firewalls(self, project_id):\n        try:\n            gce_client = self._get_client()\n            request = gce_client.firewalls().list(project=project_id)\n            firewalls_group = gce_client.firewalls()\n            return await GCPFacadeUtils.get_all('items', request, firewalls_group)\n        except Exception as e:\n            print_exception(f'Failed to retrieve firewalls: {e}')\n            return []\n\n    async def get_instances(self, project_id, zone):\n        try:\n            instances = []\n            gce_client = self._get_client()\n            request = gce_client.instances().list(project=project_id, zone=zone)\n            instances_group = gce_client.instances()\n            instances = await GCPFacadeUtils.get_all('items', request, instances_group)\n        except Exception as e:\n            print_exception(f'Failed to retrieve compute instances: {e}')\n        else:\n            await self._add_metadata(project_id, instances)\n        finally:\n            return instances\n\n    async def _add_metadata(self, project_id, instances):\n        project = await self.get_project(project_id)\n        common_instance_metadata = self.metadata_to_dict(project['commonInstanceMetadata'])\n        for instance in instances:\n            instance['metadata'] = self.metadata_to_dict(instance['metadata'])\n            instance['commonInstanceMetadata'] = common_instance_metadata\n\n    def metadata_to_dict(self, metadata):\n        return {item['key']: item['value'] for item in metadata['items']} if 'items' in metadata else {}\n\n    async def get_networks(self, project_id):\n        try:\n            gce_client = self._get_client()\n            request = gce_client.networks().list(project=project_id)\n            networks_group = gce_client.networks()\n            return await GCPFacadeUtils.get_all('items', request, networks_group)\n        except Exception as e:\n            print_exception(f'Failed to retrieve networks: {e}')\n            return []\n\n    async def get_project(self, project_id):\n        try:\n            gce_client = self._get_client()\n            return await run_concurrently(\n                lambda: gce_client.projects().get(project=project_id).execute()\n            )\n        except Exception as e:\n            print_exception(f'Failed to retrieve GCE project: {e}')\n            return None\n\n    async def get_regions(self, project_id):\n        try:\n            gce_client = self._get_client()\n            request = gce_client.regions().list(project=project_id)\n            regions_group = gce_client.regions()\n            return await GCPFacadeUtils.get_all('items', request, regions_group)\n        except Exception as e:\n            print_exception(f'Failed to retrieve regions: {e}')\n            return []\n\n    async def get_snapshots(self, project_id):\n        try:\n            gce_client = self._get_client()\n            request = gce_client.snapshots().list(project=project_id)\n            snapshots_group = gce_client.snapshots()\n            return await GCPFacadeUtils.get_all('items', request, snapshots_group)\n        except Exception as e:\n            print_exception(f'Failed to retrieve snapshots: {e}')\n            return []\n\n    async def get_subnetwork(self, project_id, region, subnetwork_id):\n        try:\n            gce_client = self._get_client()\n            return await run_concurrently(\n                lambda: gce_client.subnetworks().get(project=project_id, region=region,\n                                                     subnetwork=subnetwork_id).execute()\n            )\n        except Exception as e:\n            if 'was not found' in str(e):\n                print_warning(f'Failed to retrieve subnetwork: {e}')\n            else:\n                print_exception(f'Failed to retrieve subnetwork: {e}')\n            return None\n\n    async def get_subnetworks(self, project_id, region):\n        try:\n            gce_client = self._get_client()\n            request = gce_client.subnetworks().list(project=project_id, region=region)\n            subnetworks_group = gce_client.subnetworks()\n            return await GCPFacadeUtils.get_all('items', request, subnetworks_group)\n        except Exception as e:\n            if 'was not found' in str(e):\n                print_warning(f'Failed to retrieve subnetworks: {e}')\n            else:\n                print_exception(f'Failed to retrieve subnetworks: {e}')\n            return []\n\n    async def get_zones(self, project_id):\n        try:\n            gce_client = self._get_client()\n            request = gce_client.zones().list(project=project_id)\n            zones_group = gce_client.zones()\n            return await GCPFacadeUtils.get_all('items', request, zones_group)\n        except Exception as e:\n            print_exception(f'Failed to retrieve zones: {e}')\n            return []\n\n    async def get_forwarding_rules(self, project_id, region):\n        try:\n            gce_client = self._get_client()\n            request = gce_client.forwardingRules().list(project=project_id, region=region)\n            forwarding_rules = gce_client.forwardingRules()\n            return await GCPFacadeUtils.get_all('items', request, forwarding_rules)\n        except Exception as e:\n            print_exception(f'Failed to retrieve forwarding_rules: {e}')\n            return []\n\n    async def get_global_forwarding_rules(self, project_id):\n        try:\n            gce_client = self._get_client()\n            request = gce_client.globalForwardingRules().list(project=project_id)\n            forwarding_rules = gce_client.globalForwardingRules()\n            return await GCPFacadeUtils.get_all('items', request, forwarding_rules)\n        except Exception as e:\n            print_exception(f'Failed to retrieve forwarding_rules: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/facade/gke.py",
    "content": "import re\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.gcp.facade.base import GCPBaseFacade\nfrom ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently\n\n\nclass GKEFacade(GCPBaseFacade):\n    def __init__(self, gce_facade):\n        super(GKEFacade, self).__init__('container', 'v1beta1')\n        self._gce_facade = gce_facade\n\n    async def get_clusters(self, project_id):\n        try:\n            gke_client = self._get_client()\n            response = await run_concurrently(\n                lambda: gke_client.projects().locations().clusters().list(parent=f\"projects/{project_id}/locations/-\").execute()\n            )\n            clusters = response.get('clusters', [])\n            await get_and_set_concurrently([self._get_and_set_private_google_access_enabled],\n                                           clusters, project_id=project_id)\n            return clusters\n        except Exception as e:\n            print_exception('Failed to retrieve clusters: {}'.format(e))\n            return []\n\n    async def _get_and_set_private_google_access_enabled(self, cluster, project_id):\n        try:\n            region = self._get_cluster_region(cluster)\n            subnetwork_project_id = self._get_cluster_subnetwork_project(cluster)\n            subnetwork = await self._gce_facade.get_subnetwork(subnetwork_project_id, region, cluster['subnetwork'])\n            if subnetwork:\n                cluster['privateIpGoogleAccess'] = subnetwork.get('privateIpGoogleAccess')\n            else:\n                cluster['privateIpGoogleAccess'] = None\n        except Exception as e:\n            print_exception('Failed to retrieve cluster private IP Google access config: {}'.format(e))\n            cluster['privateIpGoogleAccess'] = None\n\n    # The cluster location is given as <region>-<zone>. See the the following link for more info: \n    # https://cloud.google.com/compute/docs/regions-zones/#identifying_a_region_or_zone\n    def _get_cluster_region(self, cluster):\n        region_regex = re.compile(\"^([\\\\w]+-[\\\\w]+)\")\n        result = region_regex.search(cluster['location'])\n        return result.group(1)\n\n    # Subnetwork can be in different project\n    # networkConfig.subnetwork is like projects/{project}/regions/{region}/subnetworks/{subnetworkname}\n    def _get_cluster_subnetwork_project(self, cluster):\n        return cluster['networkConfig']['subnetwork'].split('/')[1]\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/facade/iam.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade\nfrom ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils\nfrom ScoutSuite.providers.utils import run_concurrently\n\nclass IAMFacade(GCPBaseFacade):\n    def __init__(self):\n        super().__init__('iam', 'v1')\n\n    async def get_service_accounts(self, project_id: str):\n        try:\n            name = f'projects/{project_id}'\n            iam_client = self._get_client()\n            request = iam_client.projects().serviceAccounts().list(name=name)\n            service_accounts_group = iam_client.projects().serviceAccounts()\n            return await GCPFacadeUtils.get_all('accounts', request, service_accounts_group)\n        except Exception as e:\n            print_exception(f'Failed to retrieve service accounts: {e}')\n            return []\n\n    async def get_service_account_bindings(self, project_id: str, service_account_email: str):\n        try:\n            resource = f'projects/{project_id}/serviceAccounts/{service_account_email}'\n            iam_client = self._get_client()\n            response = await run_concurrently(\n                    lambda: iam_client.projects().serviceAccounts().getIamPolicy(resource=resource).execute()\n            )\n            return response.get('bindings', [])\n        except Exception as e:\n            print_exception(f'Failed to retrieve service account IAM policy bindings: {e}')\n            return []\n\n    async def get_service_account_keys(self, project_id: str, service_account_email: str, key_types: list=[]):\n        try:\n            name = f'projects/{project_id}/serviceAccounts/{service_account_email}'\n            iam_client = self._get_client()\n            response = await run_concurrently(\n                    lambda: iam_client.projects().serviceAccounts().keys().list(name=name,\n                                                                                keyTypes=key_types).execute()\n            )\n            return response.get('keys', [])\n        except Exception as e:\n            print_exception(f'Failed to retrieve service account keys: {e}')\n            return []\n\n    async def get_service_account_key(self, key_name: str):\n        try:\n            iam_client = self._get_client()\n            response = await run_concurrently(\n                lambda: iam_client.projects().serviceAccounts().keys().get(name=key_name,\n                                                                           fields='').execute()\n            )\n            return response\n        except Exception as e:\n            print_exception(f'Failed to retrieve service account keys: {e}')\n            return []\n\n    async def get_role_definition(self, role: str):\n        try:\n            role = role.split(\"_withcond_\")[0] # remove the condition key to get the actual role\n            iam_client = self._get_client()\n            if 'projects/' in role:\n                response = await run_concurrently(\n                    lambda: iam_client.projects().roles().get(name=role).execute()\n                )\n            elif 'organizations/' in role:\n                response = await run_concurrently(\n                    lambda: iam_client.organizations().roles().get(name=role).execute()\n                )\n            else:\n                response = await run_concurrently(\n                    lambda: iam_client.roles().get(name=role).execute()\n                )\n            return response\n        except Exception as e:\n            print_exception(f'Failed to retrieve IAM role definition for role {role}: {e}')\n            return {}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/facade/kms.py",
    "content": "from google.cloud import kms\nfrom google.api_core.gapic_v1.client_info import ClientInfo\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade\nfrom ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils\nfrom ScoutSuite.providers.utils import run_concurrently\nfrom ScoutSuite.utils import get_user_agent\n\n\nclass KMSFacade(GCPBaseFacade):\n    def __init__(self):\n        # This facade is currently using both libraries as the Cloud Client library doesn't support locations\n        # Cloud Client\n        client_info = ClientInfo(user_agent=get_user_agent())\n        self.cloud_client = kms.KeyManagementServiceClient(client_info=client_info)\n        super().__init__('cloudkms', 'v1')  # API Client\n\n    async def get_locations(self, project_id: str):\n\n        try:\n            kms_client = self._get_client()\n            parent = f'projects/{project_id}'\n            locations = kms_client.projects().locations()\n            request = locations.list(name=parent)\n            return await GCPFacadeUtils.get_all('locations', request, locations)\n        except Exception as e:\n            print_exception(f'Failed to retrieve KMS locations: {e}')\n            return []\n\n    async def list_key_rings(self, project_id: str):\n\n        try:\n            locations = await self.get_locations(project_id)\n            key_rings = {}\n            for l in locations:\n                parent = self.cloud_client.location_path(project_id, l['locationId'])\n                key_rings[l['locationId']] = await run_concurrently(\n                    lambda: list(self.cloud_client.list_key_rings(parent)))\n            return key_rings\n        except Exception as e:\n            if 'Billing is disabled for project' not in str(e):\n                print_exception(f'Failed to retrieve KMS key rings: {e}')\n            return {}\n\n    async def list_keys(self, project_id: str, location: str, keyring_name: str):\n\n        try:\n            parent = self.cloud_client.key_ring_path(project_id, location, keyring_name)\n            kms_client = self._get_client()\n            cryptokeys = kms_client.projects().locations().keyRings().cryptoKeys()\n            request = cryptokeys.list(parent=parent)\n            return await GCPFacadeUtils.get_all('cryptoKeys', request, cryptokeys)\n        except Exception as e:\n            print_exception(f'Failed to retrieve KMS keys for key ring {keyring_name}: {e}')\n            return []\n\n    async def keys_iam_policy(self, project_id: str, location: str, keyring_name: str, key_name: str):\n\n        try:\n            parent = self.cloud_client.crypto_key_path(project_id, location, keyring_name, key_name)\n            kms_client = self._get_client()\n            cryptokeys = kms_client.projects().locations().keyRings().cryptoKeys()\n            request = cryptokeys.getIamPolicy(resource=parent)\n            return await GCPFacadeUtils.get_all('bindings', request, cryptokeys)\n        except Exception as e:\n            print_exception(f'Failed to retrieve KMS binding policy for key {key_name}: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/facade/memorystoreredis.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade\nfrom ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils\n\n\nclass MemoryStoreRedisFacade(GCPBaseFacade):\n    def __init__(self):\n        super().__init__('redis', 'v1beta1')\n\n    async def get_redis_instances(self, project_id: str):\n        # Retrieves Redis Instances using the Cloud Memorystore API\n        try:\n            formatted_parent = f'projects/{project_id}/locations/-'\n            cloudmem_client = self._get_client()\n            instances_group = cloudmem_client.projects().locations().instances()\n            request = instances_group.list(parent=formatted_parent)\n            return await GCPFacadeUtils.get_all('instances', request, instances_group)\n        except Exception as e:\n            print_exception(f'Failed to retrieve redis instances: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/facade/stackdriverlogging.py",
    "content": "from google.cloud import logging as stackdriverlogging\nfrom google.api_core.gapic_v1.client_info import ClientInfo\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.utils import run_concurrently\nfrom ScoutSuite.utils import get_user_agent\n\n\nclass StackdriverLoggingFacade:\n\n    def get_client(self, project_id: str):\n        client_info = ClientInfo(user_agent=get_user_agent())\n        client = stackdriverlogging.Client(project=project_id,\n                                           client_info=client_info)\n        return client\n\n    async def get_sinks(self, project_id: str):\n        try:\n            client = self.get_client(project_id)\n            return await run_concurrently(lambda: [sink for sink in client.list_sinks()])\n        except Exception as e:\n            print_exception(f'Failed to retrieve sinks: {e}')\n            return []\n\n    async def get_metrics(self, project_id: str):\n        try:\n            client = self.get_client(project_id)\n            return await run_concurrently(lambda: [metric for metric in client.list_metrics()])\n        except Exception as e:\n            print_exception(f'Failed to retrieve metrics: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/facade/stackdrivermonitoring.py",
    "content": "from google.cloud import monitoring as stackdrivermonitoring\nfrom google.api_core.gapic_v1.client_info import ClientInfo\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.utils import run_concurrently\nfrom ScoutSuite.utils import get_user_agent\n\n\nclass StackdriverMonitoringFacade:\n    # TODO find a way to skip the project if it's not configured as a stackdriver workspace\n\n    def get_uptime_client(self):\n        client_info = ClientInfo(user_agent=get_user_agent())\n        client = stackdrivermonitoring.UptimeCheckServiceClient(client_info=client_info)\n        return client\n\n    def get_alerts_client(self):\n        client_info = ClientInfo(user_agent=get_user_agent())\n        client = stackdrivermonitoring.AlertPolicyServiceClient(client_info=client_info)\n        return client\n\n    async def get_uptime_checks(self, project_id: str):\n        try:\n            client = self.get_uptime_client()\n            name = client.project_path(project_id)\n            return await run_concurrently(lambda: [r for r in client.list_uptime_check_configs(name)])\n        except Exception as e:\n            if 'is not a workspace' not in getattr(e, 'message', '') and '404' not in str(e):\n                print_exception(f'Failed to retrieve uptime checks: {e}')\n            return []\n\n    async def get_alert_policies(self, project_id: str):\n        try:\n            client = self.get_alerts_client()\n            name = client.project_path(project_id)\n            return await run_concurrently(lambda: [r for r in client.list_alert_policies(name)])\n        except Exception as e:\n            if 'is not a workspace' not in getattr(e, 'message', '') and '404' not in str(e):\n                print_exception(f'Failed to retrieve alert policies: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/facade/utils.py",
    "content": "from ScoutSuite.providers.utils import run_concurrently\n\n\nclass GCPFacadeUtils:\n    @staticmethod\n    async def _get_all(resources, resource_key: str, request, resources_group):\n        while request is not None:\n            response = request.execute()\n            resources.extend(response.get(resource_key, []))\n            request = await run_concurrently(\n                lambda: resources_group.list_next(previous_request=request, previous_response=response)\n            )\n\n    @staticmethod\n    async def get_all(resource_key: str, request, resources_group):\n        resources = []\n        await GCPFacadeUtils._get_all(resources, resource_key, request, resources_group)\n        return resources\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/metadata.json",
    "content": "{\n  \"security\": {\n    \"iam\": {\n      \"resources\": {\n        \"users\": {\n          \"cols\": 2,\n          \"path\": \"services.iam.projects.id.users\"\n        },\n        \"groups\": {\n          \"cols\": 2,\n          \"path\": \"services.iam.projects.id.groups\"\n        },\n        \"service_accounts\": {\n          \"cols\": 2,\n          \"path\": \"services.iam.projects.id.service_accounts\"\n        },\n        \"domains\": {\n          \"cols\": 2,\n          \"path\": \"services.iam.projects.id.domains\"\n        },\n        \"bindings\": {\n          \"cols\": 2,\n          \"path\": \"services.iam.projects.id.bindings\"\n        },\n        \"bindings_separation_duties\": {\n          \"cols\": 2,\n          \"path\": \"services.iam.projects.id.bindings_separation_duties\"\n        }\n      }\n    },\n    \"kms\": {\n      \"resources\": {\n        \"keyrings\": {\n          \"cols\": 2,\n          \"path\": \"services.kms.projects.id.keyrings\"\n        }\n      }\n    }\n  },\n  \"compute\": {\n    \"computeengine\": {\n      \"resources\": {\n        \"instances\": {\n          \"cols\": 2,\n          \"path\": \"services.computeengine.projects.id.zones.id.instances\"\n        },\n        \"snapshots\": {\n          \"cols\": 2,\n          \"path\": \"services.computeengine.projects.id.snapshots\"\n        },\n        \"firewalls\": {\n          \"cols\": 2,\n          \"path\": \"services.computeengine.projects.id.firewalls\"\n        },\n        \"networks\": {\n          \"cols\": 2,\n          \"path\": \"services.computeengine.projects.id.networks\"\n        },\n        \"subnetworks\": {\n          \"cols\": 2,\n          \"path\": \"services.computeengine.projects.id.regions.id.subnetworks\"\n        },\n        \"forwarding_rules\": {\n          \"cols\": 2,\n          \"path\": \"services.computeengine.projects.id.regions.id.forwarding_rules\"\n        },\n        \"global_forwarding_rules\": {\n          \"cols\": 2,\n          \"path\": \"services.computeengine.projects.id.global_forwarding_rules\"\n        }\n      }\n    },\n    \"kubernetesengine\": {\n      \"resources\": {\n        \"clusters\": {\n          \"cols\": 2,\n          \"path\": \"services.kubernetesengine.projects.id.clusters\"\n        }\n      }\n    },\n    \"functions\": {\n      \"resources\": {\n        \"functions_v1\": {\n          \"cols\": 2,\n          \"path\": \"services.functions.projects.id.functions_v1\"\n        },\n        \"functions_v2\": {\n          \"cols\": 2,\n          \"path\": \"services.functions.projects.id.functions_v2\"\n        }\n      }\n    }\n  },\n  \"network\": {\n    \"dns\": {\n      \"resources\": {\n        \"managed_zones\": {\n          \"cols\": 2,\n          \"path\": \"services.dns.projects.id.managed_zones\"\n        }\n      }\n  }},\n  \"storage\": {\n    \"cloudstorage\": {\n      \"resources\": {\n        \"buckets\": {\n          \"cols\": 2,\n          \"path\": \"services.cloudstorage.projects.id.buckets\"\n        }\n      }\n    }\n  },\n  \"database\": {\n    \"cloudsql\": {\n      \"resources\": {\n        \"instances\": {\n          \"cols\": 2,\n          \"path\": \"services.cloudsql.projects.id.instances\"\n        }\n      }\n    },\n    \"cloudmemorystore\": {\n      \"resources\": {\n        \"redis_instances\": {\n          \"cols\": 2,\n          \"path\": \"services.cloudmemorystore.projects.id.redis_instances\"\n        }\n      }\n    },\n    \"bigquery\": {\n      \"resources\": {\n        \"datasets\": {\n          \"cols\": 2,\n          \"path\": \"services.bigquery.projects.id.datasets\"\n        }\n      }\n    }\n  },\n  \"management\": {\n    \"stackdriverlogging\": {\n      \"resources\": {\n        \"sinks\": {\n          \"cols\": 2,\n          \"path\": \"services.stackdriverlogging.projects.id.sinks\"\n        },\n        \"metrics\": {\n          \"cols\": 2,\n          \"path\": \"services.stackdriverlogging.projects.id.metrics\"\n        },\n        \"logging_metrics\": {\n          \"cols\": 2,\n          \"path\": \"services.stackdriverlogging.projects.id.logging_metrics\"\n        }\n      }\n    },\n    \"stackdrivermonitoring\": {\n      \"resources\": {\n        \"uptime_checks\": {\n          \"cols\": 2,\n          \"path\": \"services.stackdrivermonitoring.projects.id.uptime_checks\"\n        },\n        \"alert_policies\": {\n          \"cols\": 2,\n          \"path\": \"services.stackdrivermonitoring.projects.id.alert_policies\"\n        },\n        \"monitoring_alert_policies\": {\n          \"cols\": 2,\n          \"path\": \"services.stackdrivermonitoring.projects.id.monitoring_alert_policies\"\n        }\n      }\n    }\n  }\n}\n\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/provider.py",
    "content": "import os\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.base.provider import BaseProvider\nfrom ScoutSuite.providers.gcp.services import GCPServicesConfig\n\n\nclass GCPProvider(BaseProvider):\n    \"\"\"\n    Implements provider for GCP\n    \"\"\"\n\n    def __init__(self,\n                 project_id=None, folder_id=None, organization_id=None, all_projects=None,\n                 report_dir=None, timestamp=None, services=None, skipped_services=None, result_format='json', **kwargs):\n        services = [] if services is None else services\n        skipped_services = [] if skipped_services is None else skipped_services\n\n        self.metadata_path = '%s/metadata.json' % os.path.split(\n            os.path.abspath(__file__))[0]\n\n        self.provider_code = 'gcp'\n        self.provider_name = 'Google Cloud Platform'\n        self.environment = 'default'\n\n        self.all_projects = all_projects\n        self.project_id = project_id\n        self.folder_id = folder_id\n        self.organization_id = organization_id\n\n        self.credentials = kwargs['credentials']\n        self._set_account_id()\n\n        self.services = GCPServicesConfig(self.credentials, self.credentials.default_project_id,\n                                          self.project_id, self.folder_id, self.organization_id, self.all_projects)\n\n        self.result_format = result_format\n\n        super().__init__(report_dir, timestamp,\n                         services, skipped_services, result_format)\n\n    def get_report_name(self):\n        \"\"\"\n        Returns the name of the report using the provider's configuration\n        \"\"\"\n        if self.account_id:\n            return f'gcp-{self.account_id}'\n        else:\n            return 'gcp'\n\n    def _set_account_id(self):\n        # All accessible projects\n        if self.all_projects:\n            # Service Account\n            if self.credentials.is_service_account and hasattr(self.credentials, 'service_account_email'):\n                self.account_id = self.credentials.service_account_email\n            else:\n                # TODO use username email (can't find it...)\n                self.account_id = 'user-account'\n        # Project passed through the CLI\n        elif self.project_id:\n            self.account_id = self.project_id\n        # Folder passed through the CLI\n        elif self.folder_id:\n            self.account_id = self.folder_id\n        # Organization passed through the CLI\n        elif self.organization_id:\n            self.account_id = self.organization_id\n        # Project inferred from default configuration\n        elif self.credentials.default_project_id:\n            self.account_id = self.credentials.default_project_id\n        else:\n            self.account_id = 'unknown-project-id'\n\n    def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):\n        \"\"\"\n        Tweak the GCP config to match cross-resources and clean any fetching artifacts\n\n        :param ip_ranges:\n        :param ip_ranges_name_key:\n        :return: None\n        \"\"\"\n\n        self._match_instances_and_snapshots()\n        self._match_networks_and_instances()\n        self._match_networks_and_firewalls()\n        self._match_subnetworks_and_instances()\n\n        super().preprocessing()\n\n    def _match_instances_and_snapshots(self):\n        \"\"\"\n        Compare Compute Engine instances and snapshots to identify instance disks that do not have a snapshot.\n\n        :return:\n        \"\"\"\n\n        try:\n            if 'computeengine' in self.service_list:\n                for project in self.services['computeengine']['projects'].values():\n                    for zone in project['zones'].values():\n                        for instance in zone['instances'].values():\n                            for instance_disk in instance['disks'].values():\n                                instance_disk['snapshots'] = []\n                                for disk in project['snapshots'].values():\n                                    if disk['status'] == 'READY' and \\\n                                            disk['source_disk_url'] == instance_disk['source_url']:\n                                        instance_disk['snapshots'].append(disk)\n\n                                instance_disk['latest_snapshot'] = max(instance_disk['snapshots'],\n                                                                       key=lambda x: x['creation_timestamp']) \\\n                                    if instance_disk['snapshots'] else None\n        except Exception as e:\n            print_exception('Unable to match instances and snapshots: {}'.format(e))\n\n    def _match_networks_and_instances(self):\n        \"\"\"\n        For each network, math instances in that network\n\n        :return:\n        \"\"\"\n\n        try:\n            if 'computeengine' in self.service_list:\n                for project in self.services['computeengine']['projects'].values():\n                    for network in project['networks'].values():\n                        network['instances'] = []\n                        for zone in project['zones'].values():\n                            # Skip the counts contained in the zones dictionary\n                            if zone is int:\n                                continue\n                            for instance in zone['instances'].values():\n                                instance['network_id'] = None\n                                for network_interface in instance['network_interfaces']:\n                                    if network_interface['network'] == network['network_url']:\n                                        network['instances'].append({'instance_id': instance['id'],\n                                                                     'instance_zone': instance['zone']})\n                                        network_interface['network_id'] = network['id']\n        except Exception as e:\n            print_exception('Unable to match instances and networks: {}'.format(e))\n\n    def _match_networks_and_firewalls(self):\n        \"\"\"\n        For each network, math firewall rules in that network\n\n        :return:\n        \"\"\"\n\n        try:\n            if 'computeengine' in self.service_list:\n                for project in self.services['computeengine']['projects'].values():\n                    for network in project['networks'].values():\n                        network['firewalls'] = []\n                        for firewall in project['firewalls'].values():\n                            firewall['network_id'] = None\n                            if firewall['network_url'] == network['network_url']:\n                                network['firewalls'].append(firewall['id'])\n                                firewall['network_id'] = network['id']\n        except Exception as e:\n            print_exception('Unable to match firewalls and networks: {}'.format(e))\n\n    def _match_subnetworks_and_instances(self):\n        \"\"\"\n        For each subnetwork, math instances in that subnetwork\n\n        :return:\n        \"\"\"\n\n        try:\n            if 'computeengine' in self.service_list:\n                for project in self.services['computeengine']['projects'].values():\n                    for region in project['regions'].values():\n                        for subnetwork in region['subnetworks'].values():\n                            subnetwork['instances'] = []\n                            for zone in project['zones'].values():\n                                # Skip the counts contained in the zones dictionary\n                                if zone is int:\n                                    continue\n                                for instance in zone['instances'].values():\n                                    instance['subnetwork_id'] = None\n                                    for network_interface in instance['network_interfaces']:\n                                        if network_interface['subnetwork'] == subnetwork['subnetwork_url']:\n                                            subnetwork['instances'].append({'instance_id': instance['id'],\n                                                                         'instance_zone': instance['zone']})\n                                            network_interface['subnetwork_id'] = subnetwork['id']\n                                            network_interface['subnetwork_region'] = subnetwork['region']\n        except Exception as e:\n            print_exception('Unable to match instances and subnetworks: {}'.format(e))\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/base.py",
    "content": "\"\"\"This module provides implementations for CompositeResources for GCP.\"\"\"\n\nfrom ScoutSuite.providers.base.resources.base import CompositeResources\n\n\nclass GCPCompositeResources(CompositeResources):\n\n    \"\"\"This class represents a collection of Resources from GCP. Classes extending GCPCompositeResources should define a\n    \"_children\" attribute which consists of a list of tuples describing the children. The tuples are expected to\n    respect the following format: (<child_class>, <child_name>). The child_name is used by indicates the name under\n    which the child will be stored in the parent object.\n    \"\"\"\n    \n    pass\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/bigquery/base.py",
    "content": "from ScoutSuite.providers.gcp.resources.bigquery.datasets import Datasets\nfrom ScoutSuite.providers.gcp.resources.projects import Projects\n\n\nclass BigQuery(Projects):\n    _children = [\n        (Datasets, 'datasets')\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/bigquery/datasets.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Datasets(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_datasets = await self.facade.bigquery.get_datasets(self.project_id)\n        for raw_dataset in raw_datasets:\n            dataset_id, dataset = self._parse_dataset(raw_dataset)\n            self[dataset_id] = dataset\n\n    def _parse_dataset(self, raw_dataset):\n        dataset_dict = {}\n        dataset_dict['id'] = get_non_provider_id(raw_dataset.get('id'))\n        dataset_dict['name'] = raw_dataset.get('datasetReference').get('datasetId')\n        dataset_dict['location'] = raw_dataset.get('location')\n        dataset_dict['creation_time'] = int(raw_dataset.get('creationTime'))\n        dataset_dict['last_modified_time'] = int(raw_dataset.get('lastModifiedTime'))\n        dataset_dict['default_encryption_configuration'] = \\\n            raw_dataset.get('defaultEncryptionConfiguration', {}).get('kmsKeyName')\n\n        # format bindings in a way that's easier to query\n        dataset_dict['bindings'] = {}\n        for entry in raw_dataset.get('access'):\n            role = entry.get('role')\n            if role not in dataset_dict['bindings'].keys():\n                dataset_dict['bindings'][role] = []\n            for k, v in entry.items():\n                if k != 'role':\n                    dataset_dict['bindings'][role].append({\"type\": k,\n                                                           \"member\": v})\n\n        return dataset_dict['id'], dataset_dict\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/cloudsql/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/cloudsql/backups.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\n\n\nclass Backups(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str, instance_name: str):\n        super().__init__(facade)\n        self.project_id = project_id\n        self.instance_name = instance_name\n\n    async def fetch_all(self):\n        raw_backups = await self.facade.cloudsql.get_backups(self.project_id, self.instance_name)\n        for raw_backup in raw_backups:\n            if raw_backup['status'] == 'SUCCESSFUL':\n                backup_id, backup = self._parse_backup(raw_backup)\n                self[backup_id] = backup\n\n    def _parse_backup(self, raw_backup):\n        backup_dict = {}\n        backup_dict['id'] = raw_backup['id']\n        backup_dict['backup_url'] = raw_backup['selfLink'],\n        backup_dict['creation_timestamp'] = raw_backup['endTime'],\n        backup_dict['status'] = raw_backup['status'],\n        backup_dict['type'] = raw_backup['type']\n        return backup_dict['id'], backup_dict\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/cloudsql/base.py",
    "content": "from ScoutSuite.providers.gcp.resources.projects import Projects\nfrom ScoutSuite.providers.gcp.resources.cloudsql.database_instances import DatabaseInstances\n\n\nclass CloudSQL(Projects):\n    _children = [ \n        (DatabaseInstances, 'instances')\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.gcp.resources.base import GCPCompositeResources\nfrom ScoutSuite.providers.gcp.resources.cloudsql.backups import Backups\nfrom ScoutSuite.providers.gcp.resources.cloudsql.users import Users\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass DatabaseInstances(GCPCompositeResources):\n    _children = [\n        (Backups, 'backups'),\n        (Users, 'users')\n    ]\n\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_instances = await self.facade.cloudsql.get_database_instances(self.project_id)\n        for raw_instance in raw_instances:\n            instance_id, instance = self._parse_instance(raw_instance)\n            self[instance_id] = instance\n        await self._fetch_children_of_all_resources(\n            resources=self,\n            scopes={instance_id: {'project_id': self.project_id, 'instance_name': instance['name']}\n                    for instance_id, instance in self.items()})\n        self._set_last_backup_timestamps(self.items())\n\n    def _parse_instance(self, raw_instance):\n        instance_dict = {}\n\n        instance_dict['id'] = get_non_provider_id(raw_instance['name'])\n        instance_dict['name'] = raw_instance['name']\n        instance_dict['project_id'] = raw_instance['project']\n        instance_dict['automatic_backup_enabled'] = raw_instance['settings'].get('backupConfiguration', {}).get('enabled')\n        instance_dict['database_version'] = raw_instance['databaseVersion']\n        instance_dict['log_enabled'] = self._is_log_enabled(raw_instance)\n        instance_dict['ssl_required'] = self._is_ssl_required(raw_instance)\n        instance_dict['authorized_networks'] = raw_instance['settings'].get('ipConfiguration', {}).get('authorizedNetworks', [])\n\n        if raw_instance['settings'].get('databaseFlags', None):\n            instance_dict['local_infile_off'] = self._mysql_local_infile_flag_off(raw_instance)\n\n            instance_dict['log_checkpoints_on'] = self._postgres_flags_on(raw_instance, 'log_checkpoints')\n            instance_dict['log_connections_on'] = self._postgres_flags_on(raw_instance, 'log_connections')\n            instance_dict['log_disconnections_on'] = self._postgres_flags_on(raw_instance, 'log_disconnections')\n            instance_dict['log_lock_waits_on'] = self._postgres_flags_on(raw_instance, 'log_lock_waits')\n            instance_dict['log_min_messages'] = self._postgres_log_min_error_statement_flags(raw_instance)\n            instance_dict['log_temp_files_0'] = self._postgres_log_temp_files_flags_0(raw_instance)\n            instance_dict['log_min_duration_statement_-1'] = self._postgres_log_min_duration_statement_flags_1(\n                raw_instance)\n\n            instance_dict['cross_db_ownership_chaining_off'] = self._sqlservers_cross_db_ownership_chaining_flag_off(\n                raw_instance, 'cross db ownership chaining')\n            instance_dict['contained_database_authentication_off'] = self._sqlservers_cross_db_ownership_chaining_flag_off(\n                raw_instance, 'contained database authentication')\n\n        else:\n            instance_dict['local_infile_off'] = True\n\n            instance_dict['log_checkpoints_on'] = self._check_database_type(raw_instance)\n            instance_dict['log_connections_on'] = self._check_database_type(raw_instance)\n            instance_dict['log_disconnections_on'] = self._check_database_type(raw_instance)\n            instance_dict['log_lock_waits_on'] = self._check_database_type(raw_instance)\n            instance_dict['log_min_messages'] = self._check_database_type(raw_instance)\n            instance_dict['log_temp_files_0'] = self._check_database_type(raw_instance)\n            instance_dict['log_min_duration_statement_-1'] = self._check_database_type(raw_instance)\n\n            instance_dict['cross_db_ownership_chaining_off'] = True\n            instance_dict['contained_database_authentication_off'] = True\n\n        # check if is or has a failover replica\n        instance_dict['has_failover_replica'] = raw_instance.get('failoverReplica', []) != []\n        instance_dict['is_failover_replica'] = raw_instance.get('masterInstanceName', '') != ''\n\n        # network interfaces\n        instance_dict['public_ip'] = None\n        instance_dict['private_ip'] = None\n        instance_dict['outgoing_ip'] = None\n        for address in raw_instance.get('ipAddresses', []):\n            if address['type'] == 'PRIMARY':\n                instance_dict['public_ip'] = address['ipAddress']\n            elif address['type'] == 'PRIVATE':\n                instance_dict['private_ip'] = address['ipAddress']\n            elif address['type'] == 'OUTGOING':\n                instance_dict['outgoing_ip'] = address['ipAddress']\n            else:\n                print_exception('Unknown Cloud SQL instance IP address type: {}'.format(address['type']))\n\n        return instance_dict['id'], instance_dict\n\n    def _is_log_enabled(self, raw_instance):\n        return raw_instance['settings'].get('backupConfiguration', {}).get('binaryLogEnabled')\n\n    def _is_ssl_required(self, raw_instance):\n        return raw_instance['settings'].get('ipConfiguration', {}).get('requireSsl', False)\n\n    def _set_last_backup_timestamps(self, instances):\n        for instance_id, _ in instances:\n            self[instance_id]['last_backup_timestamp'] = self._get_last_backup_timestamp(\n                self[instance_id]['backups'])\n\n    def _get_last_backup_timestamp(self, backups):\n        if not backups:\n            return None\n        last_backup_id = max(backups.keys(), key=(\n            lambda k: backups[k]['creation_timestamp']))\n        return backups[last_backup_id]['creation_timestamp']\n\n    def _mysql_local_infile_flag_off(self, raw_instance):\n        if 'MYSQL' in raw_instance['databaseVersion']:\n            for flag in raw_instance['settings'].get('databaseFlags', []):\n                if flag['name'] == 'local_infile' and flag['value'] == 'on':\n                    return False\n        return True\n\n    def _check_database_type(self, raw_instance):\n        if 'POSTGRES' in raw_instance['databaseVersion']:\n            return False\n        return None\n\n    def _postgres_flags_on(self, raw_instance, flag_name: str):\n        if 'POSTGRES' in raw_instance['databaseVersion']:\n            for flag in raw_instance['settings'].get('databaseFlags', []):\n                if flag['name'] == flag_name and flag['value'] != 'off':\n                    return True\n            return False\n        else:\n            return None\n\n    def _postgres_log_min_error_statement_flags(self, raw_instance):\n        if 'POSTGRES' in raw_instance['databaseVersion']:\n            for flag in raw_instance['settings'].get('databaseFlags', []):\n                if flag['name'] == 'log_min_error_statement' and flag['value'] is not None:\n                    return True\n            return False\n        else:\n            return None\n\n    def _postgres_log_temp_files_flags_0(self, raw_instance):\n        if 'POSTGRES' in raw_instance['databaseVersion']:\n            for flag in raw_instance['settings'].get('databaseFlags', []):\n                if flag['name'] == 'log_temp_files' and flag['value'] == 0:\n                    return True\n            return False\n        else:\n            return None\n\n    def _postgres_log_min_duration_statement_flags_1(self, raw_instance):\n        if 'POSTGRES' in raw_instance['databaseVersion']:\n            for flag in raw_instance['settings'].get('databaseFlags', []):\n                if flag['name'] == 'log_min_duration_statement' and flag['value'] == -1:\n                    return True\n            return False\n        else:\n            return None\n\n    def _sqlservers_cross_db_ownership_chaining_flag_off(self, raw_instance, flag_name: str):\n        if 'SQLSERVER' in raw_instance['databaseVersion']:\n            for flag in raw_instance['settings'].get('databaseFlags', []):\n                if flag['name'] == flag_name and flag['value'] == 'off':\n                    return True\n            return False\n        else:\n            return None\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/cloudsql/users.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\n\n\nclass Users(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str, instance_name: str):\n        super().__init__(facade)\n        self.project_id = project_id\n        self.instance_name = instance_name\n\n    async def fetch_all(self):\n        raw_users = await self.facade.cloudsql.get_users(self.project_id, self.instance_name)\n        for raw_user in raw_users:\n            user_name, user = self._parse_user(raw_user)\n            self[user_name] = user\n\n    def _parse_user(self, raw_user):\n        user_dict = {}\n        user_dict['name'] = raw_user['name']\n        user_dict['host'] = raw_user.get('host')\n        return user_dict['name'], user_dict\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/cloudstorage/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/cloudstorage/base.py",
    "content": "from ScoutSuite.providers.gcp.resources.projects import Projects\nfrom ScoutSuite.providers.gcp.resources.cloudstorage.buckets import Buckets\n\n\nclass CloudStorage(Projects):\n    _children = [ \n        (Buckets, 'buckets')\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.utils import get_non_provider_id\nfrom ScoutSuite.core.console import print_exception\n\n\nclass Buckets(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_buckets = await self.facade.cloudstorage.get_buckets(self.project_id)\n        for raw_bucket in raw_buckets:\n            bucket_id, bucket = self._parse_bucket(raw_bucket)\n            self[bucket_id] = bucket\n\n    def _parse_bucket(self, raw_bucket):\n        bucket_dict = {}\n        bucket_dict['id'] = get_non_provider_id(raw_bucket.id)\n        bucket_dict['name'] = raw_bucket.name\n        bucket_dict['project_id'] = self.project_id\n        bucket_dict['project_number'] = raw_bucket.project_number\n        bucket_dict['creation_date'] = raw_bucket.time_created\n        bucket_dict['location'] = raw_bucket.location\n        bucket_dict['storage_class'] = raw_bucket.storage_class.lower()\n        bucket_dict['versioning_enabled'] = raw_bucket.versioning_enabled\n        bucket_dict['logging_enabled'] = raw_bucket.logging is not None\n\n        bucket_dict['public_access_prevention'] = raw_bucket.iam_configuration.public_access_prevention\n\n        iam_configuration = raw_bucket.iam_configuration.get('uniformBucketLevelAccess') or \\\n            raw_bucket.iam_configuration.get('bucketPolicyOnly')\n        if iam_configuration:\n            bucket_dict['uniform_bucket_level_access'] = iam_configuration.get(\"enabled\", False)\n        else:\n            bucket_dict['uniform_bucket_level_access'] = None\n\n        if bucket_dict['uniform_bucket_level_access']:\n            bucket_dict['acls'] = []\n            bucket_dict['default_object_acl'] = []\n        else:\n            try:\n                bucket_dict['acls'] = list(raw_bucket.acl)\n            except Exception as e:\n                print_exception(f'Failed to retrieve storage bucket ACLs: {e}')\n                bucket_dict['acls'] = []\n            try:\n                bucket_dict['default_object_acl'] = list(raw_bucket.default_object_acl)\n            except Exception as e:\n                print_exception(f'Failed to retrieve storage bucket object ACLs: {e}')\n                bucket_dict['default_object_acl'] = []\n\n        bucket_dict['member_bindings'] = self._get_cloudstorage_bucket_iam_member_bindings(raw_bucket)\n\n        return bucket_dict['id'], bucket_dict\n\n    def _get_cloudstorage_bucket_iam_member_bindings(self, raw_bucket):\n        bucket_iam_policy = raw_bucket.iam_policy\n        member_bindings = {}\n        if bucket_iam_policy:\n            for binding in bucket_iam_policy._bindings:\n                for member in binding['members']:\n                    if member not in member_bindings:\n                        member_bindings[member] = [binding['role']]\n                    else:\n                        member_bindings[member].append(binding['role'])\n        return member_bindings\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/dns/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/dns/base.py",
    "content": "from ScoutSuite.providers.gcp.resources.projects import Projects\nfrom ScoutSuite.providers.gcp.resources.dns.managed_zones import ManagedZones\n\n\nclass DNS(Projects):\n    _children = [ \n        (ManagedZones, 'managed_zones')\n     ]\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/dns/managed_zones.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\n\n\nclass ManagedZones(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_zones = await self.facade.dns.get_zones(self.project_id)\n        for raw_zone in raw_zones.get('managedZones', []):\n            zone_id, zone = self._parse_zone(raw_zone)\n            self[zone_id] = zone\n\n    def _parse_zone(self, raw_zone):\n        zone_dict = {}\n        zone_dict['id'] = raw_zone['id']\n        zone_dict['name'] = raw_zone['name']\n        zone_dict['description'] = self._get_description(raw_zone)\n        zone_dict['dns_name'] = raw_zone['dnsName']\n        zone_dict['name_servers'] = raw_zone.get('nameServers', None)\n        zone_dict['visibility'] = raw_zone['visibility']\n        zone_dict['creation_timestamp'] = raw_zone['creationTime']\n\n        dnssec_config = raw_zone.get('dnssecConfig',None)\n        if dnssec_config:\n            zone_dict['dnssec_enabled'] = True if dnssec_config['state'] == 'on' else False\n            zone_dict['dnssec_keys'] = self._get_keys(dnssec_config,zone_dict)\n        else:\n            zone_dict['dnssec_enabled'] = False\n            zone_dict['dnssec_keys'] = None\n            zone_dict['key_signing_algorithm'] = None\n            zone_dict['zone_signing_algorithm']=None\n        return zone_dict['id'], zone_dict\n\n    def _get_description(self, raw_zone):\n        description = raw_zone.get('description')\n        return description if description else 'N/A'\n\n    def _get_keys(self, dnssec_config,zone_dict):\n        raw_keys = dnssec_config.get('defaultKeySpecs', None)\n        if not raw_keys:\n            return None\n        key_dict = {}\n        for raw_key in raw_keys:\n            key_dict[raw_key['keyType']]={\n                'key_type': raw_key['keyType'],\n                'key_algorithm': raw_key['algorithm'],\n                'length': raw_key['keyLength'],\n            }\n            if raw_key['keyType'] == 'keySigning':\n                zone_dict['key_signing_algorithm'] = raw_key['algorithm']\n            elif raw_key['keyType'] == 'zoneSigning':\n                zone_dict['zone_signing_algorithm'] = raw_key['algorithm']\n\n\n\n        return key_dict\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/functions/base.py",
    "content": "from ScoutSuite.providers.gcp.resources.functions.functions_v1 import FunctionsV1\nfrom ScoutSuite.providers.gcp.resources.functions.functions_v2 import FunctionsV2\nfrom ScoutSuite.providers.gcp.resources.projects import Projects\n\nclass Functions(Projects):\n    _children = [\n        (FunctionsV1, 'functions_v1'),\n        (FunctionsV2, 'functions_v2')\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/functions/functions_v1.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.utils import get_non_provider_id\nfrom ScoutSuite.providers.gcp.resources.functions.utils import get_environment_secrets\n\n\nclass FunctionsV1(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_functions = await self.facade.functions.get_functions_v1(self.project_id)\n        for raw_function in raw_functions:\n            function_id, function = self._parse_function(raw_function)\n            self[function_id] = function\n\n    def _parse_function(self, raw_function):\n        function_dict = {}\n\n        function_dict['id'] = get_non_provider_id(raw_function['name'])\n        function_dict['name'] = raw_function['name'].split('/')[-1]\n        function_dict['status'] = raw_function['status']\n        function_dict['update_time'] = raw_function['updateTime']\n        function_dict['version_id'] = raw_function['versionId']\n\n        function_dict['runtime'] = raw_function['runtime']\n        function_dict['memory'] = raw_function['availableMemoryMb']\n        function_dict['timeout'] = raw_function['timeout']\n        if raw_function.get('maxInstances', False):\n            function_dict['max_instances'] = raw_function['maxInstances']\n        function_dict['docker_registry'] = raw_function['dockerRegistry']\n        function_dict['url'] = raw_function.get('httpsTrigger', {}).get('url')\n        function_dict['security_level'] = 'SECURE_ALWAYS' if function_dict['url'] is None else raw_function.get('httpsTrigger', {}).get('securityLevel')\n        function_dict['ingress_settings'] = raw_function['ingressSettings']\n\n        function_dict['bindings'] = raw_function['bindings']\n\n        function_dict['environment_variables'] = raw_function.get('environmentVariables', {})\n        function_dict['environment_variables_secrets'] = get_environment_secrets(function_dict['environment_variables'])\n\n        function_dict['labels'] = raw_function['labels']\n\n        return function_dict['id'], function_dict\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/functions/functions_v2.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.utils import get_non_provider_id\nfrom ScoutSuite.providers.gcp.resources.functions.utils import get_environment_secrets\n\n\nclass FunctionsV2(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_functions = await self.facade.functions.get_functions_v2(self.project_id)\n        for raw_function in raw_functions:\n            function_id, function = self._parse_function(raw_function)\n            self[function_id] = function\n\n    def _parse_function(self, raw_function):\n        function_dict = {}\n\n        function_dict['id'] = get_non_provider_id(raw_function['name'])\n        function_dict['name'] = raw_function['name'].split('/')[-1]\n        function_dict['status'] = raw_function['state']\n        function_dict['update_time'] = raw_function['updateTime']\n        function_dict['version_id'] = raw_function.get('serviceConfig', {}).get('revision')\n\n        function_dict['runtime'] = raw_function.get('buildConfig', {}).get('runtime')\n        function_dict['memory'] = raw_function.get('serviceConfig', {}).get('availableMemory')\n        function_dict['timeout'] = raw_function.get('serviceConfig', {}).get('timeoutSeconds')\n        function_dict['max_instances'] = raw_function.get('serviceConfig', {}).get('maxInstanceCount')\n\n        function_dict['url'] = raw_function.get('serviceConfig', {}).get('uri')\n        function_dict['ingress_settings'] = raw_function.get('serviceConfig', {}).get('ingressSettings')\n\n        function_dict['service_account'] = raw_function.get('serviceConfig', {}).get('serviceAccountEmail')\n        function_dict['bindings'] = raw_function['bindings']\n\n        function_dict['environment_variables'] = raw_function.get('serviceConfig', {}).get('environmentVariables', {})\n        function_dict['environment_variables_secrets'] = get_environment_secrets(function_dict['environment_variables'])\n\n        function_dict['labels'] = raw_function['labels']\n\n        return function_dict['id'], function_dict\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/functions/utils.py",
    "content": "from ScoutSuite.providers.utils import is_secret\n\n\ndef get_environment_secrets(environment_variables):\n    secrets = []\n    for k, v in environment_variables.items():\n        secrets.append(is_secret(k))\n        secrets.append(is_secret(v))\n    # return None values\n    return [secret for secret in secrets if secret]\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/gce/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/gce/base.py",
    "content": "from ScoutSuite.providers.gcp.resources.projects import Projects\nfrom ScoutSuite.providers.gcp.resources.gce.firewalls import Firewalls\nfrom ScoutSuite.providers.gcp.resources.gce.networks import Networks\nfrom ScoutSuite.providers.gcp.resources.gce.regions import GCERegions\nfrom ScoutSuite.providers.gcp.resources.gce.snapshots import Snapshots\nfrom ScoutSuite.providers.gcp.resources.gce.zones import GCEZones\nfrom ScoutSuite.providers.gcp.resources.gce.global_forwarding_rules import GlobalForwardingRules\n\n\nclass ComputeEngine(Projects):\n    _children = [ \n        (Firewalls, 'firewalls'),\n        (Networks, 'networks'),\n        (GCERegions, 'regions'),\n        (Snapshots, 'snapshots'),\n        (GCEZones, 'zones'),\n        (GlobalForwardingRules, \"global_forwarding_rules\"),\n     ]\n\n    async def fetch_all(self):\n        await Projects.fetch_all(self)\n        # Instances and Subnetworks are resources with 2 levels of filtering \n        # (project and region/zone), so we need to propagate their count up.\n        # Normally this would be done by setting the resource counts in the Regions\n        # and Zones classes, but having a \"resource_name_count\" field in their \n        # dictionary causes errors in the rule engine.\n        self['instances_count'] = sum(sum(\n            zone['instances_count'] for zone in project['zones'].values()) for project in self['projects'].values())\n        self['subnetworks_count'] = sum(sum(\n            region['subnetworks_count'] for region in project['regions'].values())\n                                        for project in self['projects'].values())\n        del self['regions_count']\n        del self['zones_count']\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/gce/disks.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Disks(Resources):\n    def _parse_disk(self, raw_disk):\n        disk_dict = {}\n        disk_dict['id'] = get_non_provider_id(raw_disk['deviceName'])\n        disk_dict['type'] = raw_disk.get('type')\n        disk_dict['mode'] = raw_disk.get('mode')\n        disk_dict['source_url'] = raw_disk.get('source')\n        disk_dict['source_device_name'] = raw_disk.get('deviceName')\n        disk_dict['bootable'] = raw_disk.get('boot')\n        disk_dict['encrypted_with_csek'] = self._is_encrypted_with_csek(raw_disk)\n        return disk_dict['id'], disk_dict\n\n    def _is_encrypted_with_csek(self, raw_disk):\n        return 'diskEncryptionKey' in raw_disk \\\n               and 'sha256' in raw_disk.get('diskEncryptionKey') \\\n               and raw_disk['diskEncryptionKey']['sha256'] != ''\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/gce/firewalls.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\n\n\nclass Firewalls(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_firewalls = await self.facade.gce.get_firewalls(self.project_id)\n        for raw_firewall in raw_firewalls:\n            firewall_id, firewall = self._parse_firewall(raw_firewall)\n            self[firewall_id] = firewall\n\n    def _parse_firewall(self, raw_firewall):\n        firewall_dict = {}\n        firewall_dict['id'] = raw_firewall['id']\n        firewall_dict['project_id'] = raw_firewall['selfLink'].split('/')[-4]\n        firewall_dict['name'] = raw_firewall['name']\n        firewall_dict['description'] = self._get_description(raw_firewall)\n        firewall_dict['creation_timestamp'] = raw_firewall['creationTimestamp']\n        firewall_dict['network'] = raw_firewall['network'].split('/')[-1]\n        firewall_dict['network_url'] = raw_firewall['network']\n        firewall_dict['priority'] = raw_firewall['priority']\n        firewall_dict['source_ranges'] = raw_firewall.get('sourceRanges', [])\n        firewall_dict['destination_ranges'] = raw_firewall.get('destinationRanges', [])\n        firewall_dict['source_tags'] = raw_firewall.get('sourceTags', [])\n        firewall_dict['target_tags'] = raw_firewall.get('targetTags', [])\n        firewall_dict['direction'] = raw_firewall['direction']\n        firewall_dict['disabled'] = raw_firewall['disabled']\n        firewall_dict['logs'] = raw_firewall['logConfig'].get('enable', False)\n\n        self._parse_firewall_rules(firewall_dict, raw_firewall)\n        return firewall_dict['id'], firewall_dict\n\n    def _parse_firewall_rules(self, firewall_dict, raw_firewall):\n        for direction in ['allowed', 'denied']:\n            direction_string = '%s_traffic' % direction\n            firewall_dict[direction_string] = {\n                'tcp': [],\n                'udp': []\n            }\n            if direction in raw_firewall:\n                firewall_dict['action'] = direction\n                for rule in raw_firewall[direction]:\n                    # everything\n                    if rule['IPProtocol'] == 'all':\n                        firewall_dict[direction_string][\"tcp\"] = ['0-65535']\n                        firewall_dict[direction_string][\"udp\"] = ['0-65535']\n                        firewall_dict[direction_string][\"icmp\"] = ['Portless Protocol']\n                    # protocols that do not support ports\n                    elif rule['IPProtocol'] not in firewall_dict[direction_string]:\n                        # only including ICMP\n                        if rule['IPProtocol'] == 'icmp':\n                            firewall_dict[direction_string][\"icmp\"] = ['Portless Protocol']\n                        else:\n                            pass\n                    # protocols that support ports\n                    else:\n                        if firewall_dict[direction_string][rule['IPProtocol']] != ['0-65535']:\n                            if 'ports' in rule:\n                                firewall_dict[direction_string][rule['IPProtocol']] += rule['ports']\n                            else:\n                                firewall_dict[direction_string][rule['IPProtocol']] = ['0-65535']\n                # remove empty values\n                firewall_dict[direction_string] = {k: v for k, v in firewall_dict[direction_string].items() if v}\n\n    def _get_description(self, raw_firewall):\n        description = raw_firewall.get('description')\n        return description if description else 'N/A'\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/gce/forwarding_rules.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\n\n\nclass ForwardingRules(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str, region: str):\n        super().__init__(facade)\n        self.project_id = project_id\n        self.region = region\n\n    async def fetch_all(self):\n        raw_rules = await self.facade.gce.get_forwarding_rules(self.project_id, self.region)\n        for raw_rule in raw_rules:\n            rule_id, rule = self._parse_forwarding_rule(raw_rule)\n            self[rule_id] = rule\n\n    def _parse_forwarding_rule(self, raw_forwarding_rule):\n        forwarding_rule_dict = {}\n        forwarding_rule_dict['id'] = raw_forwarding_rule.get(\"id\")\n        forwarding_rule_dict['name'] = raw_forwarding_rule.get(\"name\")\n        forwarding_rule_dict['creation_timestamp'] = raw_forwarding_rule.get(\"creationTimestamp\")\n        forwarding_rule_dict['description'] = raw_forwarding_rule.get(\"description\")\n        forwarding_rule_dict['region'] = raw_forwarding_rule.get(\"region\")\n        forwarding_rule_dict['ip_address'] = raw_forwarding_rule.get(\"IPAddress\")\n        forwarding_rule_dict['ip_protocol'] = raw_forwarding_rule.get(\"IPProtocol\")\n        forwarding_rule_dict['all_ports'] = raw_forwarding_rule.get(\"allPorts\", False)\n        forwarding_rule_dict['port_range'] = raw_forwarding_rule.get(\"portRange\", \"\")\n        forwarding_rule_dict['ports'] = raw_forwarding_rule.get(\"ports\", [])\n        forwarding_rule_dict['target'] = raw_forwarding_rule.get(\"target\")\n        forwarding_rule_dict['load_balancing_scheme'] = raw_forwarding_rule.get(\"loadBalancingScheme\")\n        forwarding_rule_dict['network_tier'] = raw_forwarding_rule.get(\"networkTier\")\n\n        forwarding_rule_dict['subnetwork'] = raw_forwarding_rule.get(\"subnetwork\")\n        forwarding_rule_dict['network'] = raw_forwarding_rule.get(\"network\")\n        forwarding_rule_dict['backend_service'] = raw_forwarding_rule.get(\"backendService\")\n        forwarding_rule_dict['service_label'] = raw_forwarding_rule.get(\"serviceLabel\")\n        forwarding_rule_dict['service_name'] = raw_forwarding_rule.get(\"serviceName\")\n        forwarding_rule_dict['labels'] = raw_forwarding_rule.get(\"labels\")\n        forwarding_rule_dict['ip_version'] = raw_forwarding_rule.get(\"ipVersion\")\n        forwarding_rule_dict['allow_global_access'] = raw_forwarding_rule.get(\"allowGlobalAccess\")\n\n        return forwarding_rule_dict['id'], forwarding_rule_dict"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/gce/global_forwarding_rules.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\n\n\nclass GlobalForwardingRules(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_rules = await self.facade.gce.get_global_forwarding_rules(self.project_id)\n        for raw_rule in raw_rules:\n            rule_id, rule = self._parse_forwarding_rule(raw_rule)\n            self[rule_id] = rule\n\n    def _parse_forwarding_rule(self, raw_global_forwarding_rule):\n        global_forwarding_rule_dict = {}\n        global_forwarding_rule_dict['id'] = raw_global_forwarding_rule.get(\"id\")\n        global_forwarding_rule_dict['name'] = raw_global_forwarding_rule.get(\"name\")\n        global_forwarding_rule_dict['creation_timestamp'] = raw_global_forwarding_rule.get(\"creationTimestamp\")\n        global_forwarding_rule_dict['description'] = raw_global_forwarding_rule.get(\"description\")\n        global_forwarding_rule_dict['ip_address'] = raw_global_forwarding_rule.get(\"IPAddress\")\n        global_forwarding_rule_dict['ip_protocol'] = raw_global_forwarding_rule.get(\"IPProtocol\")\n        global_forwarding_rule_dict['all_ports'] = raw_global_forwarding_rule.get(\"allPorts\", False)\n        global_forwarding_rule_dict['port_range'] = raw_global_forwarding_rule.get(\"portRange\", \"\")\n        global_forwarding_rule_dict['ports'] = raw_global_forwarding_rule.get(\"ports\", [])\n        global_forwarding_rule_dict['target'] = raw_global_forwarding_rule.get(\"target\")\n        global_forwarding_rule_dict['load_balancing_scheme'] = raw_global_forwarding_rule.get(\"loadBalancingScheme\")\n        global_forwarding_rule_dict['network_tier'] = raw_global_forwarding_rule.get(\"networkTie\")\n\n        global_forwarding_rule_dict['subnetwork'] = raw_global_forwarding_rule.get(\"subnetwork\")\n        global_forwarding_rule_dict['network'] = raw_global_forwarding_rule.get(\"network\")\n        global_forwarding_rule_dict['backend_service'] = raw_global_forwarding_rule.get(\"backendService\")\n        global_forwarding_rule_dict['service_label'] = raw_global_forwarding_rule.get(\"serviceLabel\")\n        global_forwarding_rule_dict['service_name'] = raw_global_forwarding_rule.get(\"serviceName\")\n        global_forwarding_rule_dict['labels'] = raw_global_forwarding_rule.get(\"labels\")\n        global_forwarding_rule_dict['ip_version'] = raw_global_forwarding_rule.get(\"ipVersion\")\n        global_forwarding_rule_dict['allow_global_access'] = raw_global_forwarding_rule.get(\"allowGlobalAccess\")\n\n        return global_forwarding_rule_dict['id'], global_forwarding_rule_dict"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/gce/instance_disks.py",
    "content": "from ScoutSuite.providers.gcp.resources.gce.disks import Disks\n\n\nclass InstanceDisks(Disks):\n    def __init__(self, facade, instance):\n        super().__init__(facade)\n        self.instance = instance\n\n    def fetch_all(self):\n        raw_disks = self.instance.get('disks', {})\n        for raw_disk in raw_disks:\n            disk_id, disk = self._parse_disk(raw_disk)\n            self[disk_id] = disk\n        # We need self.instance to get the disks, but we do \n        # not want to have it in the generated JSON.\n        del self.instance\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/gce/instances.py",
    "content": "from ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.gcp.resources.base import GCPCompositeResources\nfrom ScoutSuite.providers.gcp.resources.gce.instance_disks import InstanceDisks\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Instances(GCPCompositeResources):\n    _children = [\n        (InstanceDisks, 'disks')\n    ]\n\n    def __init__(self, facade: GCPFacade, project_id: str, zone: str):\n        super().__init__(facade)\n        self.project_id = project_id\n        self.zone = zone\n\n    async def fetch_all(self):\n        raw_instances = await self.facade.gce.get_instances(self.project_id, self.zone)\n        for raw_instance in raw_instances:\n            instance_id, instance = self._parse_instance(raw_instance)\n            self[instance_id] = instance\n            self[instance_id]['disks'].fetch_all()\n\n    def _parse_instance(self, raw_instance):\n        instance_dict = {}\n        instance_dict['id'] = get_non_provider_id(raw_instance['name'])\n        instance_dict['project_id'] = self.project_id\n        instance_dict['name'] = raw_instance['name']\n        instance_dict['description'] = self._get_description(raw_instance)\n        instance_dict['creation_timestamp'] = raw_instance['creationTimestamp']\n        instance_dict['zone'] = raw_instance['zone'].split('/')[-1]\n        instance_dict['tags'] = raw_instance['tags']\n        instance_dict['status'] = raw_instance['status']\n        instance_dict['zone_url_'] = raw_instance['zone']\n        instance_dict['network_interfaces'] = raw_instance['networkInterfaces']\n        instance_dict['deletion_protection_enabled'] = raw_instance['deletionProtection']\n        instance_dict['block_project_ssh_keys_enabled'] = self._is_block_project_ssh_keys_enabled(raw_instance)\n        instance_dict['oslogin_enabled'] = self._is_oslogin_enabled(raw_instance)\n        instance_dict['ip_forwarding_enabled'] = raw_instance.get(\"canIpForward\", False)\n        instance_dict['serial_port_enabled'] = self._is_serial_port_enabled(raw_instance)\n        instance_dict['disks'] = InstanceDisks(self.facade, raw_instance)\n        instance_dict['public_ip_addresses'] = self._public_ip_adresses(raw_instance)\n\n        if 'serviceAccounts' in raw_instance and raw_instance.get('serviceAccounts'):\n            instance_dict['service_account'] = raw_instance.get('serviceAccounts')[0].get('email')\n            instance_dict['access_scopes'] = raw_instance.get('serviceAccounts')[0].get('scopes')\n            instance_dict['default_service_account'] = \\\n                self._is_default_service_account(instance_dict['service_account'])\n            instance_dict['full_access_apis'] = self._allow_full_access_to_all_cloud_api(raw_instance)\n        else:\n            instance_dict['service_account'] = None\n            instance_dict['access_scopes'] = None\n            instance_dict['default_service_account'] = False\n            instance_dict['full_access_apis'] = False\n\n        if 'shieldedInstanceConfig' in raw_instance:\n            instance_dict['shielded_enable'] = self._shielded_vm_enabled(raw_instance)\n        else:\n            instance_dict['shielded_enable'] = False\n\n        return instance_dict['id'], instance_dict\n\n    def _get_description(self, raw_instance):\n        description = raw_instance.get('description')\n        return description if description else 'N/A'\n\n    def _is_block_project_ssh_keys_enabled(self, raw_instance):\n        return raw_instance['metadata'].get('block-project-ssh-keys') == 'true'\n\n    def _is_oslogin_enabled(self, raw_instance):\n        instance_logging_enabled = raw_instance['metadata'].get('enable-oslogin')\n        project_logging_enabled = raw_instance['commonInstanceMetadata'].get('enable-oslogin')\n        return instance_logging_enabled == 'TRUE' \\\n               or instance_logging_enabled is None and project_logging_enabled == 'TRUE'\n\n    def _is_serial_port_enabled(self, raw_instance):\n        return raw_instance['metadata'].get('serial-port-enable') == 'true'\n\n    def _is_default_service_account(self, service_account: str):\n        if '-compute@developer.gserviceaccount.com' in service_account:\n            return True\n        return False\n\n    def _allow_full_access_to_all_cloud_api(self, raw_instance):\n        if '-compute@developer.gserviceaccount.com' in raw_instance.get('serviceAccounts')[0].get('email'):\n            for scope in raw_instance.get('serviceAccounts')[0].get('scopes'):\n                if scope == 'https://www.googleapis.com/auth/cloud-platform':\n                    return True\n        return False\n\n    def _shielded_vm_enabled(self, raw_instance):\n        vtpm = raw_instance['shieldedInstanceConfig'].get('enableVtpm', False)\n        integrity_monitoring = raw_instance['shieldedInstanceConfig'].get('enableIntegrityMonitoring', False)\n        secure_boot = raw_instance['shieldedInstanceConfig'].get('enableSecureBoot', False)\n        return vtpm and integrity_monitoring and secure_boot\n\n    def _public_ip_adresses(self, raw_instance):\n        for network in raw_instance['networkInterfaces']:\n            access_configs = network.get('accessConfigs', None)\n            if access_configs:\n                return True\n        return False\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/gce/networks.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\n\n\nclass Networks(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_networks = await self.facade.gce.get_networks(self.project_id)\n        for raw_network in raw_networks:\n            network_id, network = self._parse_network(raw_network)\n            self[network_id] = network\n\n    def _parse_network(self, raw_network):\n        network_dict = {}\n        network_dict['id'] = raw_network['id']\n        network_dict['project_id'] = raw_network['selfLink'].split('/')[-4]\n        network_dict['name'] = raw_network['name']\n\n        network_dict['description'] = self._get_description(raw_network)\n        network_dict['creation_timestamp'] = raw_network['creationTimestamp']\n        network_dict['auto_subnet'] = raw_network.get('autoCreateSubnetworks', None)\n        network_dict['routing_config'] = raw_network['routingConfig']\n\n        network_dict['network_url'] = raw_network['selfLink']\n        network_dict['subnetwork_urls'] = raw_network.get('subnetworks', None)\n        # Network is legacy if there is no subnets\n        network_dict['legacy_mode'] = True \\\n            if (raw_network.get('subnetworks', None) is None or not raw_network.get('subnetworks', None)) and \\\n            raw_network.get('autoCreateSubnetworks', None) is None \\\n            else False\n\n        return network_dict['id'], network_dict\n\n    def _get_description(self, raw_network):\n        description = raw_network.get('description')\n        return description if description else 'N/A'\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/gce/regions.py",
    "content": "from ScoutSuite.providers.gcp.resources.regions import Regions\nfrom ScoutSuite.providers.gcp.resources.gce.subnetworks import Subnetworks\nfrom ScoutSuite.providers.gcp.resources.gce.forwarding_rules import ForwardingRules\n\n\nclass GCERegions(Regions):\n    _children = [\n        (Subnetworks, 'subnetworks'),\n        (ForwardingRules, \"forwarding_rules\"),\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/gce/snapshots.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\n\n\nclass Snapshots(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_snapshots = await self.facade.gce.get_snapshots(self.project_id)\n        for raw_snapshot in raw_snapshots:\n            snapshot_id, snapshot = self._parse_snapshot(raw_snapshot)\n            self[snapshot_id] = snapshot\n\n    def _parse_snapshot(self, raw_snapshot):\n        snapshot_dict = {}\n        snapshot_dict['id'] = raw_snapshot['id']\n        snapshot_dict['name'] = raw_snapshot['name']\n        snapshot_dict['description'] = self._get_description(raw_snapshot)\n        snapshot_dict['creation_timestamp'] = raw_snapshot['creationTimestamp']\n        snapshot_dict['status'] = raw_snapshot['status']\n        snapshot_dict['source_disk_id'] = raw_snapshot['sourceDiskId']\n        snapshot_dict['source_disk_url'] = raw_snapshot['sourceDisk']\n        return snapshot_dict['id'], snapshot_dict\n\n    def _get_description(self, raw_snapshot):\n        description = raw_snapshot.get('description')\n        return description if description else 'N/A'\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/gce/subnetworks.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\n\n\nclass Subnetworks(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str, region: str):\n        super().__init__(facade)\n        self.project_id = project_id\n        self.region = region\n\n    async def fetch_all(self):\n        raw_subnetworks = await self.facade.gce.get_subnetworks(self.project_id, self.region)\n        for raw_subnetwork in raw_subnetworks:\n            subnetwork_id, subnetwork = self._parse_subnetwork(raw_subnetwork)\n            self[subnetwork_id] = subnetwork\n\n    def _parse_subnetwork(self, raw_subnetwork):\n        subnetwork_dict = {}\n        subnetwork_dict['id'] = raw_subnetwork['id']\n        subnetwork_dict['project_id'] = raw_subnetwork['selfLink'].split('/')[-5]\n        subnetwork_dict['region'] = raw_subnetwork['region'].split('/')[-1]\n        subnetwork_dict['name'] = \"{}-{}\".format(raw_subnetwork['name'], subnetwork_dict['region'])\n        subnetwork_dict['gateway_address'] = raw_subnetwork['gatewayAddress']\n        subnetwork_dict['ip_range'] = raw_subnetwork['ipCidrRange']\n        subnetwork_dict['creation_timestamp'] = raw_subnetwork['creationTimestamp']\n        subnetwork_dict['private_ip_google_access'] = raw_subnetwork['privateIpGoogleAccess']\n\n        subnetwork_dict['subnetwork_url'] = raw_subnetwork['selfLink']\n        subnetwork_dict['network_url'] = raw_subnetwork['network']\n\n        if 'logConfig' in raw_subnetwork:\n            subnetwork_dict['flowlogs_enabled'] = raw_subnetwork['logConfig']['enable']\n        else:\n            # Set as UNKNOWN for now. For instance, some projects' \n            # default networks with flow logs enabled do not have a logConfig \n            # stanza in JSON output.\n            subnetwork_dict['flowlogs_enabled'] = \"UNKNOWN\"\n\n        return subnetwork_dict['id'], subnetwork_dict\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/gce/zones.py",
    "content": "from ScoutSuite.providers.gcp.resources.gce.instances import Instances\nfrom ScoutSuite.providers.gcp.resources.zones import Zones\n\n\nclass GCEZones(Zones):\n    _children = [\n        (Instances, 'instances'),\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/gke/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/gke/base.py",
    "content": "from ScoutSuite.providers.gcp.resources.projects import Projects\nfrom ScoutSuite.providers.gcp.resources.gke.clusters import Clusters\n\n\nclass KubernetesEngine(Projects):\n    _children = [\n        (Clusters, 'clusters')\n    ]\n\n    async def fetch_all(self):\n        await Projects.fetch_all(self)\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/gke/clusters.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.gcp.resources.gke.node_pools import NodePools\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Clusters(Resources):\n    def __init__(self, facade: GCPFacade, project_id):\n        super(Clusters, self).__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_clusters = await self.facade.gke.get_clusters(self.project_id)\n        for raw_cluster in raw_clusters:\n            cluster_id, cluster = await self._parse_cluster(raw_cluster)\n            self[cluster_id] = cluster\n            self[cluster_id]['node_pools'].fetch_all()\n\n    async def _parse_cluster(self, raw_cluster):\n        cluster_dict = {}\n        cluster_dict['id'] = get_non_provider_id(raw_cluster['name'])\n        cluster_dict['name'] = raw_cluster['name']\n        cluster_dict['location'] = raw_cluster['location']\n        cluster_dict['status'] = raw_cluster['status']\n        cluster_dict['type'] = \"Zonal\" if raw_cluster['location'].count(\"-\") > 1 else \"Regional\"\n        cluster_dict['alias_ip_enabled'] = raw_cluster.get('ipAllocationPolicy', {}).get('useIpAliases', False)\n        cluster_dict['basic_authentication_enabled'] = self._is_basic_authentication_enabled(raw_cluster)\n        cluster_dict['client_certificate_enabled'] = self._is_client_certificate_enabled(raw_cluster)\n        cluster_dict['pod_security_policy_enabled'] = self._is_pod_security_policy_enabled(raw_cluster)\n        cluster_dict['dashboard_status'] = self._get_dashboard_status(raw_cluster)\n        cluster_dict['has_limited_scopes'] = self._has_limited_scopes(raw_cluster)\n        cluster_dict['image_type'] = raw_cluster.get('nodeConfig', {}).get('imageType', None)\n        cluster_dict['labels'] = raw_cluster.get('resourceLabels', [])\n        cluster_dict['has_labels'] = len(cluster_dict['labels']) > 0\n        cluster_dict['endpoint'] = raw_cluster.get('endpoint')\n        cluster_dict['legacy_abac_enabled'] = raw_cluster.get('legacyAbac', {}).get('enabled', False)\n        cluster_dict['logging_enabled'] = self._is_logging_enabled(raw_cluster)\n        cluster_dict['master_authorized_networks_enabled'] = raw_cluster.get('masterAuthorizedNetworksConfig', {}).get('enabled', False)\n        cluster_dict['monitoring_enabled'] = self._is_monitoring_enabled(raw_cluster)\n        cluster_dict['network_policy_enabled'] = raw_cluster.get('networkPolicy', {}).get('enabled', False)\n        cluster_dict['node_pools'] = NodePools(raw_cluster)\n        cluster_dict['scopes'] = self._get_scopes(raw_cluster)\n        cluster_dict['service_account'] = raw_cluster.get('nodeConfig', {}).get('serviceAccount', None)\n        cluster_dict['master_authorized_networks_config'] = self._get_master_authorized_networks_config(raw_cluster)\n        cluster_dict['application_layer_encryption_enabled'] = raw_cluster.get('databaseEncryption', {}).get('state', None) == 'ENCRYPTED'\n        cluster_dict['workload_identity_enabled'] = raw_cluster.get('workloadIdentityConfig', {}).get('workloadPool', '').endswith('.svc.id.goog')\n        cluster_dict['metadata_server_enabled'] = self._metadata_server_enabled(raw_cluster.get('nodePools', []))\n        cluster_dict['release_channel'] = raw_cluster.get('releaseChannel', {}).get('channel', None)\n        cluster_dict['shielded_nodes_enabled'] = raw_cluster.get('shieldedNodes', {}).get('enabled', False)\n        cluster_dict['binary_authorization_enabled'] = raw_cluster.get('binaryAuthorization', {}).get('enabled', False)\n        cluster_dict['private_ip_google_access_enabled'] = raw_cluster.get('privateIpGoogleAccess', False)\n        cluster_dict['private_nodes_enabled'] = raw_cluster.get('privateClusterConfig', {}).get('enablePrivateNodes', False)\n        cluster_dict['private_endpoint_enabled'] = raw_cluster.get('privateClusterConfig', {}).get('enablePrivateEndpoint', False)\n        cluster_dict['public_endpoint'] = raw_cluster.get('privateClusterConfig', {}).get('publicEndpoint', None)\n        cluster_dict['private_endpoint'] = raw_cluster.get('privateClusterConfig', {}).get('privateEndpoint', None)\n\n        return cluster_dict['id'], cluster_dict\n\n    def _metadata_server_enabled(self, node_pools):\n        for pool in node_pools:\n            if pool.get('config', {}).get('workloadMetadataConfig', {}) == {}:\n                return False\n        return True\n\n    def _get_master_authorized_networks_config(self, raw_cluster):\n        if raw_cluster.get('masterAuthorizedNetworksConfig'):\n            config = raw_cluster.get('masterAuthorizedNetworksConfig')\n            config['includes_public_cidr'] = False\n            for block in config.get('cidrBlocks', []):\n                if block.get('cidrBlock') == '0.0.0.0/0':\n                    config['includes_public_cidr'] = True\n            return config\n        else:\n            return {\n                'enabled': False,\n                'cidrBlocks': [],\n                'includes_public_cidr': False\n            }\n\n    def _is_pod_security_policy_enabled(self, raw_cluster):\n        if 'podSecurityPolicyConfig' in raw_cluster:\n            return raw_cluster['podSecurityPolicyConfig'].get('enabled', False)\n        return False\n\n        return raw_cluster['masterAuth'].get('username', '') != ''\n\n    def _is_basic_authentication_enabled(self, raw_cluster):\n        return raw_cluster['masterAuth'].get('username', '') != ''\n\n    def _is_client_certificate_enabled(self, raw_cluster):\n        return raw_cluster['masterAuth'].get('clientCertificate', '') != ''\n\n    def _is_logging_enabled(self, raw_cluster):\n        return raw_cluster['loggingService'] != 'none'\n\n    def _is_monitoring_enabled(self, raw_cluster):\n        return raw_cluster['monitoringService'] != 'none'\n\n    def _parse_scope(self, scope_url):\n        return scope_url.split('/')[-1]\n\n    def _get_scopes(self, raw_cluster):\n        return [self._parse_scope(scope_url) for scope_url in raw_cluster['nodeConfig'].get('oauthScopes', [])]\n\n    def _has_limited_scopes(self, raw_cluster):\n        minimum_scopes = {'devstorage.read_only', 'logging.write', 'monitoring'}\n        cluster_scopes = self._get_scopes(raw_cluster)\n        return all(scope in minimum_scopes for scope in cluster_scopes)\n\n    def _get_dashboard_status(self, raw_cluster):\n        is_disabled = 'kubernetesDashboard' not in raw_cluster['addonsConfig'] or \\\n                      raw_cluster['addonsConfig']['kubernetesDashboard'].get('disabled')\n        return 'Disabled' if is_disabled else 'Enabled'\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/gke/node_pools.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\n\n\nclass NodePools(Resources):\n    def __init__(self, cluster):\n        super(NodePools, self).__init__(service_facade=None)\n        self.cluster = cluster\n\n    def fetch_all(self):\n        raw_node_pools = self.cluster['nodePools']\n        for raw_node_pool in raw_node_pools:\n            node_pool_id, node_pool = self._parse_node_pool(raw_node_pool)\n            self[node_pool_id] = node_pool\n        # We need self.cluster to get the node pools, but we do \n        # not want to have it in the generated JSON.\n        del self.cluster\n\n    def _parse_node_pool(self, raw_node_pool):\n        node_pool_dict = {}\n        node_pool_dict['id'] = raw_node_pool['name']\n        node_pool_dict['status'] = raw_node_pool['status']\n        node_pool_dict['auto_repair_enabled'] = \\\n            raw_node_pool.get('management', {}).get('autoRepair', False)\n        node_pool_dict['auto_upgrade_enabled'] = \\\n            raw_node_pool.get('management', {}).get('autoUpgrade', False)\n        node_pool_dict['secure_boot_enabled'] = \\\n            raw_node_pool.get('config', {}).get('shieldedInstanceConfig', {}).get('enableSecureBoot', False)\n        node_pool_dict['integrity_monitoring_enabled'] = \\\n            raw_node_pool.get('config', {}).get('shieldedInstanceConfig', {}).get('enableIntegrityMonitoring', False)\n        node_pool_dict['legacy_metadata_endpoints_enabled'] = \\\n            raw_node_pool['config'].get('metadata', {}).get('disable-legacy-endpoints') == 'false'\n        return node_pool_dict['id'], node_pool_dict\n\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/iam/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/iam/base.py",
    "content": "from ScoutSuite.providers.gcp.resources.projects import Projects\nfrom ScoutSuite.providers.gcp.resources.iam.member_bindings import Bindings\nfrom ScoutSuite.providers.gcp.resources.iam.users import Users\nfrom ScoutSuite.providers.gcp.resources.iam.groups import Groups\nfrom ScoutSuite.providers.gcp.resources.iam.domains import Domains\nfrom ScoutSuite.providers.gcp.resources.iam.service_accounts import ServiceAccounts\nfrom ScoutSuite.providers.gcp.resources.iam.bindings_separation_duties import BindingsSeparationDuties\n\n\nclass IAM(Projects):\n    _children = [\n        (Bindings, 'bindings'),\n        (Users, 'users'),\n        (Groups, 'groups'),\n        (ServiceAccounts, 'service_accounts'),\n        (Domains, \"domains\"),\n        (BindingsSeparationDuties, 'bindings_separation_duties')\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/iam/bindings_separation_duties.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\n\n\nclass BindingsSeparationDuties(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_bindings = await self.facade.cloudresourcemanager.get_member_bindings(self.project_id)\n        binding_id, binding = await self._parse_binding_separation(raw_bindings)\n        self[binding_id] = binding\n\n    async def _parse_binding_separation(self, raw_bindings):\n        binding_dict = {}\n        binding_dict['id'] = self.project_id\n        binding_dict['name'] = self.project_id\n        binding_dict[\"account_separation_duties\"] = self.ensure_seperation_duties(raw_bindings)\n        binding_dict[\"kms_separation_duties\"] = self.ensure_KMS_seperation_duties(raw_bindings)\n\n        return binding_dict['id'], binding_dict\n\n    def ensure_seperation_duties(self, raw_bindings):\n        # This function checks if a member has both the iam.serviceAccountAdmin role and iam.serviceAccountUser role.\n        # If the roles do have a common member the function returns False\n        list_members_role_admin = []\n        list_members_role_other = []\n        for binding in raw_bindings:\n            role = binding['role'].split('/')[-1]\n            if role == 'iam.serviceAccountAdmin':\n                list_members_role_admin = binding['members']\n            if role == 'iam.serviceAccountUser':\n                list_members_role_other = binding['members']\n\n        common_members = list(set(list_members_role_admin).intersection(list_members_role_other))\n        if common_members:\n            return False\n        return True\n\n    def ensure_KMS_seperation_duties(self, raw_bindings):\n        # This function checks if a member has both the cloudkms.admin role and either\n        # cloudkms.cryptoKeyEncrypterDecrypter, cloudkms.cryptoKeyEncrypter, cloudkms.cryptoKeyDecrypter role.\n        # If the roles do have a common member the function returns False\n        list_members_role_admin = []\n        list_members_role_others = {\"cloudkms.cryptoKeyEncrypterDecrypter\": [],\n                                    \"cloudkms.cryptoKeyEncrypter\": [],\n                                    \"cloudkms.cryptoKeyDecrypter\": []}\n        for binding in raw_bindings:\n            role = binding['role'].split('/')[-1]\n            if role == 'cloudkms.admin':\n                list_members_role_admin = binding['members']\n            if role == 'cloudkms.cryptoKeyEncrypterDecrypter':\n                list_members_role_others['cloudkms.cryptoKeyEncrypterDecrypter'] = binding['members']\n            if role == 'cloudkms.cryptoKeyEncrypter':\n                list_members_role_others['cloudkms.cryptoKeyEncrypter'] = binding['members']\n            if role == 'cloudkms.cryptoKeyDecrypter':\n                list_members_role_others['cloudkms.cryptoKeyDecrypter'] = binding['members']\n\n        common_members1 = list(\n            set(list_members_role_admin).intersection(list_members_role_others['cloudkms.cryptoKeyEncrypterDecrypter']))\n        common_members2 = list(\n            set(list_members_role_admin).intersection(list_members_role_others['cloudkms.cryptoKeyEncrypter']))\n        common_members3 = list(\n            set(list_members_role_admin).intersection(list_members_role_others['cloudkms.cryptoKeyDecrypter']))\n        if common_members1 or common_members2 or common_members3:\n            return False\n        return True\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/iam/domains.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Domains(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_bindings = await self.facade.cloudresourcemanager.get_member_bindings(self.project_id)\n        parsed_domains = self._parse_binding(raw_bindings)\n        for domain_id in parsed_domains.keys():\n            self[parsed_domains[domain_id]['id']] = parsed_domains[domain_id]\n\n    def _parse_binding(self, raw_bindings):\n\n        parsed_groups = {}\n        for binding in raw_bindings:\n            role = binding['role'].split('/')[-1]\n            if 'members' in binding:\n                for member in binding['members']:\n                    member_type, entity = member.split(':')[:2]\n                    if member_type == 'domain':\n                        if entity not in parsed_groups.keys():\n                            parsed_groups[entity] = {'id': get_non_provider_id(entity),\n                                                    'name': entity,\n                                                    'roles': [role]}\n                        else:\n                            parsed_groups[entity]['roles'].append(role)\n        return parsed_groups\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/iam/groups.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Groups(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_bindings = await self.facade.cloudresourcemanager.get_member_bindings(self.project_id)\n        parsed_groups = self._parse_binding(raw_bindings)\n        for group_id in parsed_groups.keys():\n            self[parsed_groups[group_id]['id']] = parsed_groups[group_id]\n\n    def _parse_binding(self, raw_bindings):\n\n        parsed_groups = {}\n        for binding in raw_bindings:\n            role = binding['role'].split('/')[-1]\n            if 'members' in binding:\n                for member in binding['members']:\n                    member_type, entity = member.split(':')[:2]\n                    if member_type == 'group':\n                        if entity not in parsed_groups.keys():\n                            parsed_groups[entity] = {'id': get_non_provider_id(entity),\n                                                    'name': entity,\n                                                    'roles': [role]}\n                        else:\n                            parsed_groups[entity]['roles'].append(role)\n        return parsed_groups\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/iam/keys.py",
    "content": "from ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.base.resources.base import Resources\n\n\nclass Keys(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str, service_account_email: str):\n        super().__init__(facade)\n        self.project_id = project_id\n        self.service_account_email = service_account_email \n\n    async def fetch_all(self):\n        # fetch system managed keys\n        raw_keys = await self.facade.iam.get_service_account_keys(self.project_id, self.service_account_email, ['SYSTEM_MANAGED'])\n        for raw_key in raw_keys:\n            key_id, key = await self._parse_key(raw_key, 'SYSTEM_MANAGED')\n            self[key_id] = key\n        # fetch user managed keys\n        raw_keys = await self.facade.iam.get_service_account_keys(self.project_id, self.service_account_email, ['USER_MANAGED'])\n        for raw_key in raw_keys:\n            key_id, key = await self._parse_key(raw_key, 'USER_MANAGED')\n            self[key_id] = key\n\n    async def _parse_key(self, raw_key, key_type):\n        key_dict = {}\n        # The name of the key has the following format:\n        # projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}\n        # https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys\n        key_dict['id'] = raw_key['name'].split('/')[-1]\n        key_dict['valid_after'] = raw_key['validAfterTime']\n        key_dict['valid_before'] = raw_key['validBeforeTime']\n        key_dict['key_algorithm'] = raw_key['keyAlgorithm']\n        key_dict['key_type'] = key_type\n\n        return key_dict['id'], key_dict\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/iam/member_bindings.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Bindings(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_bindings = await self.facade.cloudresourcemanager.get_member_bindings(self.project_id)\n        for raw_binding in raw_bindings:\n            binding_id, binding = await self._parse_binding(raw_binding)\n            self[binding_id] = binding\n\n    async def _parse_binding(self, raw_binding):\n        binding_dict = {}\n        binding_dict['id'] = get_non_provider_id(raw_binding['role'])\n        binding_dict['name'] = raw_binding['role'].split('/')[-1]\n        binding_dict['members'] = self._parse_members(raw_binding)\n        binding_dict['custom_role'] = 'projects/' in raw_binding['role']\n\n        role_definition = await self.facade.iam.get_role_definition(raw_binding['role'])\n\n        binding_dict['title'] = role_definition.get('title')\n        binding_dict['description'] = role_definition.get('description')\n        binding_dict['permissions'] = role_definition.get('includedPermissions')\n\n        return binding_dict['id'], binding_dict\n\n    def _parse_members(self, raw_binding):\n        members_dict = {'users': [], 'groups': [], 'service_accounts': [], 'domains': []}\n        \n        if 'members' not in raw_binding:\n            return members_dict\n\n        type_map = { \n            'user': 'users', \n            'group': 'groups', \n            'serviceAccount': 'service_accounts',\n            'domain': 'domains'\n        }\n        \n        # We want to group the members by type, so we need to parse their type and entity.\n        # The members are given as strings with the format <member_type>:<member_entity>\n        # See the GCP Resource Manager API reference for more info:\n        # https://cloud.google.com/resource-manager/reference/rest/Shared.Types/Binding \n        for member in raw_binding['members']:\n            member_type, entity = member.split(':')[:2]\n            if member_type in type_map:\n                members_dict[type_map[member_type]].append(entity)\n            elif member_type == 'deleted':\n                pass\n            else:\n                print_exception(f'Type {member_type} not handled')\n        \n        return members_dict\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/iam/service_account_bindings.py",
    "content": "from ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.base.resources.base import Resources\n\n\nclass ServiceAccountBindings(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str, service_account_email: str):\n        super().__init__(facade)\n        self.project_id = project_id\n        self.service_account_email = service_account_email \n\n    async def fetch_all(self):\n        raw_bindings = await self.facade.iam.get_service_account_bindings(self.project_id, self.service_account_email)\n        for raw_binding in raw_bindings:\n            binding_id, binding = self._parse_binding(raw_binding)\n            self[binding_id] = binding\n\n    def _parse_binding(self, raw_binding):\n        return len(self), raw_binding\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/iam/service_accounts.py",
    "content": "from ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.gcp.resources.base import GCPCompositeResources\nfrom ScoutSuite.providers.gcp.resources.iam.service_account_bindings import ServiceAccountBindings\nfrom ScoutSuite.providers.gcp.resources.iam.keys import Keys\nimport re\n\n\nclass ServiceAccounts(GCPCompositeResources):\n    _children = [\n        (ServiceAccountBindings, 'bindings'),\n        (Keys, 'keys')\n    ]\n\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_service_accounts = await self.facade.iam.get_service_accounts(self.project_id)\n        for raw_service_account in raw_service_accounts:\n            service_account_id, service_account = self._parse_service_account(\n                raw_service_account)\n            self[service_account_id] = service_account\n            await self._fetch_children(\n                self[service_account_id],\n                scope={'project_id': self.project_id, 'service_account_email': service_account['email']})\n\n    def _parse_service_account(self, raw_service_account):\n        service_account_dict = {}\n        service_account_dict['id'] = raw_service_account['uniqueId']\n        service_account_dict['display_name'] = raw_service_account.get(\n            'displayName', 'N/A')\n        service_account_dict['name'] = raw_service_account['email']\n        service_account_dict['email'] = raw_service_account['email']\n        service_account_dict['project_id'] = raw_service_account['projectId']\n\n        pattern = re.compile(r'.+@{}\\.iam\\.gserviceaccount\\.com'.format(service_account_dict['project_id']))\n        if pattern.match(service_account_dict['email']):\n            service_account_dict['default_service_account'] = False\n        else:\n            service_account_dict['default_service_account'] = True\n\n        return service_account_dict['id'], service_account_dict\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/iam/users.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Users(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_bindings = await self.facade.cloudresourcemanager.get_member_bindings(self.project_id)\n        parsed_users = self._parse_binding(raw_bindings)\n        for user_id in parsed_users.keys():\n            self[parsed_users[user_id]['id']] = parsed_users[user_id]\n\n    def _parse_binding(self, raw_bindings):\n\n        parsed_users = {}\n        for binding in raw_bindings:\n            role = binding['role'].split('/')[-1]\n            if 'members' in binding:\n                for member in binding['members']:\n                    member_type, entity = member.split(':')[:2]\n                    if member_type == 'user':\n                        if entity not in parsed_users.keys():\n                            parsed_users[entity] = {'id': get_non_provider_id(entity),\n                                                    'name': entity,\n                                                    'roles': [role]}\n                        else:\n                            parsed_users[entity]['roles'].append(role)\n        return parsed_users\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/kms/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/kms/base.py",
    "content": "from ScoutSuite.providers.gcp.resources.kms.keyrings import KeyRings\nfrom ScoutSuite.providers.gcp.resources.projects import Projects\n\n\nclass KMS(Projects):\n    _children = [\n        (KeyRings, 'keyrings')\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/kms/keyrings.py",
    "content": "from ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.gcp.resources.base import GCPCompositeResources\nfrom ScoutSuite.providers.gcp.resources.kms.keys import Keys\n\n\nclass KeyRings(GCPCompositeResources):\n    _children = [\n        (Keys, 'keys')\n    ]\n\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_keyrings = await self.facade.kms.list_key_rings(self.project_id)\n        for location in raw_keyrings.keys():\n            for raw_keyring in raw_keyrings.get(location, []):\n                keyring_id, keyring = self._parse_keyring(raw_keyring, location)\n                self[keyring_id] = keyring\n\n        await self._fetch_children_of_all_resources(\n            resources=self,\n            scopes={keyring_id: {'project_id': self.project_id, 'keyring_name': keyring['name'],\n                                 'location': keyring['location']}\n                    for keyring_id, keyring in self.items()})\n\n    def _parse_keyring(self, raw_keyring, location):\n        keyring_dict = {}\n        keyring_dict['id'] = raw_keyring.name\n        keyring_dict['name'] = raw_keyring.name.split('/')[-1]\n        keyring_dict['location'] = location\n        return keyring_dict['id'], keyring_dict\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/kms/keys.py",
    "content": "from datetime import datetime, timezone\n\nimport dateutil\n\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.gcp.resources.base import GCPCompositeResources\nfrom ScoutSuite.providers.gcp.resources.kms.kms_policy import KMSPolicy\n\n\nclass Keys(GCPCompositeResources):\n    _children = [\n        (KMSPolicy, 'kms_iam_policy')\n    ]\n\n    def __init__(self, facade: GCPFacade, project_id: str, keyring_name: str, location: str):\n        super().__init__(facade)\n        self.project_id = project_id\n        self.keyring_name = keyring_name\n        self.location = location\n\n    async def fetch_all(self):\n        raw_keys = await self.facade.kms.list_keys(self.project_id, self.location, self.keyring_name)\n        for raw_key in raw_keys:\n            key_id, key = self._parse_key(raw_key)\n            self[key_id] = key\n\n        await self._fetch_children_of_all_resources(\n            resources=self,\n            scopes={key_id: {'project_id': self.project_id, 'keyring_name': self.keyring_name,\n                             'location': self.location, 'key_name': key['id']}\n                    for key_id, key in self.items()})\n\n    def _parse_key(self, raw_key):\n        key_dict = {}\n\n        key_dict['id'] = raw_key['name'].split('/')[-1]\n        key_dict['state'] = raw_key.get('primary', {}).get('state', None)\n        key_dict['creation_datetime'] = raw_key.get('primary', {}).get('createTime', None)\n        key_dict['protection_level'] = raw_key.get('primary', {}).get('protectionLevel', None)\n        key_dict['algorithm'] = raw_key.get('primary', {}).get('algorithm', None)\n        key_dict['next_rotation_datetime'] = raw_key.get('nextRotationTime', None)\n        key_dict['purpose'] = raw_key['purpose']\n\n        key_dict['rotation_period'] = raw_key.get('rotationPeriod', None)\n        if key_dict['rotation_period']:\n            rotation_period = int(\"\".join(filter(str.isdigit, key_dict['rotation_period'])))\n            # get values in days instead of seconds\n            key_dict['rotation_period'] = rotation_period//(24*3600)\n\n        key_dict['next_rotation_time_days'] = None\n        if key_dict['next_rotation_datetime']:\n            next_rotation_time = dateutil.parser.parse(key_dict['next_rotation_datetime']) - datetime.now(timezone.utc)\n            key_dict['next_rotation_time_days'] = next_rotation_time.days\n        return key_dict['id'], key_dict\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/kms/kms_policy.py",
    "content": "from ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass KMSPolicy(Resources):\n\n    def __init__(self, facade: GCPFacade, project_id: str, keyring_name: str, location: str, key_name: str):\n        super().__init__(facade)\n        self.project_id = project_id\n        self.keyring_name = keyring_name\n        self.location = location\n        self.key_name = key_name\n\n    async def fetch_all(self):\n        raw_kms_bindings = await self.facade.kms.keys_iam_policy(self.project_id, self.location, self.keyring_name, self.key_name)\n        for raw_kms_binding in raw_kms_bindings:\n            kms_binding_id, kms_bindings = await self._parse_binding(raw_kms_binding)\n            self[kms_binding_id] = kms_bindings\n\n    async def _parse_binding(self, kms_raw_binding):\n        kms_binding_dict = {}\n        kms_binding_dict['id'] = get_non_provider_id(kms_raw_binding['role'])\n        kms_binding_dict['name'] = kms_raw_binding['role'].split('/')[-1]\n        kms_binding_dict['members'] = kms_raw_binding['members']\n        kms_binding_dict['custom_role'] = 'projects/' in kms_raw_binding['role']\n        kms_binding_dict['anonymous_public_accessible'] = self.keys_not_anonymous_public_accessible(kms_raw_binding)\n\n        role_definition = await self.facade.iam.get_role_definition(kms_raw_binding['role'])\n\n        kms_binding_dict['title'] = role_definition.get('title')\n        kms_binding_dict['description'] = role_definition.get('description')\n        kms_binding_dict['permissions'] = role_definition.get('includedPermissions')\n\n        return kms_binding_dict['id'], kms_binding_dict\n\n    def keys_not_anonymous_public_accessible(self, kms_raw_binding):\n        if 'allUsers' in kms_raw_binding['members'] or 'allAuthenticatedUsers' in kms_raw_binding['members']:\n            return False\n        return True\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/memorystore/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/memorystore/base.py",
    "content": "from ScoutSuite.providers.gcp.resources.projects import Projects\nfrom ScoutSuite.providers.gcp.resources.memorystore.redis_instances import RedisInstances\n\n\nclass MemoryStore(Projects):\n    _children = [ \n        (RedisInstances, 'redis_instances')\n     ]\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/memorystore/redis_instances.py",
    "content": "from ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.gcp.resources.base import GCPCompositeResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass RedisInstances(GCPCompositeResources):\n\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_instances = await self.facade.memorystoreredis.get_redis_instances(self.project_id)\n        for raw_instance in raw_instances:\n            instance_id, instance = self._parse_instance(raw_instance)\n            self[instance_id] = instance\n\n    def _parse_instance(self, raw_instance):\n        instance_dict = {}\n\n        instance_dict['id'] = get_non_provider_id(raw_instance['name'])\n        instance_dict['name'] = raw_instance.get('displayName')\n        instance_dict['project_id'] = self.project_id\n        instance_dict['location'] = raw_instance['locationId']\n        instance_dict['redis_version'] = raw_instance['redisVersion']\n        instance_dict['port'] = raw_instance['port']\n        instance_dict['tier'] = raw_instance['tier']\n        instance_dict['memory_size_gb'] = raw_instance['memorySizeGb']\n        instance_dict['authorized_network'] = raw_instance['authorizedNetwork']\n        instance_dict['connect_mode'] = raw_instance['connectMode']\n        instance_dict['transit_encryption_mode'] = raw_instance['transitEncryptionMode']\n        instance_dict['ssl_required'] = self._is_ssl_required(raw_instance)\n        instance_dict['auth_enabled'] = self._is_auth_required(raw_instance)\n\n        return instance_dict['id'], instance_dict\n\n    def _is_ssl_required(self, raw_instance):\n        # Checks if transit encryption mode is SERVER_AUTHENTICATION. Otherwise, SSL\n        # is not enabled.\n        is_ssl_required = raw_instance.get('transitEncryptionMode', False)\n        if is_ssl_required == 'SERVER_AUTHENTICATION':\n            return True\n        return False\n\n    def _is_auth_required(self, raw_instance):\n        is_auth_enabled = raw_instance.get('authEnabled', False)\n        return is_auth_enabled\n\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/projects.py",
    "content": "from ScoutSuite.providers.gcp.resources.base import GCPCompositeResources\n\n\nclass Projects(GCPCompositeResources):\n\n    \"\"\"This class represents a collection of GCP Resources that are grouped by project. \n    Classes extending Projects should implement the method _fetch_children() with a project ID as paramater.\n    The children resources will be stored with the following structure {<projects>: {<project_id>: {<child_name>: {<child_id>: <child_instance>}}}}.\n    \"\"\"\n\n    async def fetch_all(self):\n        \"\"\"This method fetches all the GCP projects that can be accessed with the given run configuration.\n        It then fetches all the children defined in _children and groups them by project.\n        \"\"\"\n\n        raw_projects = await self.facade.get_projects()\n\n        self['projects'] = {}\n        # For each project, validate that the corresponding service API is enabled before including it in the execution.\n        for p in raw_projects:\n            enabled = await self.facade.is_api_enabled(p['projectId'], self.__class__.__name__)\n            if enabled:\n                self['projects'][p['projectId']] = {}\n\n        await self._fetch_children_of_all_resources(\n            resources=self['projects'],\n            scopes={project_id: {'project_id': project_id} for project_id in self['projects']})\n        self._set_counts()\n\n    def _set_counts(self):\n        for _, child_name in self._children:\n            self[child_name + '_count'] = sum([project[child_name + '_count']\n                                               for project in self['projects'].values()])\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/regions.py",
    "content": "from ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.gcp.resources.base import GCPCompositeResources\n\n\nclass Regions(GCPCompositeResources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_regions = await self.facade.gce.get_regions(self.project_id)\n        for raw_region in raw_regions:\n            self[raw_region['name']] = {}\n        await self._fetch_children_of_all_resources(\n            resources=self,\n            scopes={region: {'project_id': self.project_id, 'region': region} for region in self})\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/stackdriverlogging/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/stackdriverlogging/base.py",
    "content": "from ScoutSuite.providers.gcp.resources.projects import Projects\nfrom ScoutSuite.providers.gcp.resources.stackdriverlogging.logging_metrics import LoggingMetrics\nfrom ScoutSuite.providers.gcp.resources.stackdriverlogging.sinks import Sinks\nfrom ScoutSuite.providers.gcp.resources.stackdriverlogging.metrics import Metrics\n\n\nclass StackdriverLogging(Projects):\n    _children = [ \n        (Sinks, 'sinks'),\n        (Metrics, 'metrics'),\n        (LoggingMetrics, 'logging_metrics')\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/stackdriverlogging/logging_metrics.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\n\n\nclass LoggingMetrics(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_metrics = await self.facade.stackdriverlogging.get_metrics(self.project_id)\n        metric = self._parse_metric(raw_metrics)\n        self[self.project_id] = metric\n\n    def _parse_metric(self, raw_metrics):\n        metric_dict = {}\n        metric_dict['project_ownership_assignments'] =\\\n            self._specific_filter_present(raw_metrics, '(protoPayload.serviceName=\"cloudresourcemanager.googleapis'\n                                                       '.com\") AND (ProjectOwnership OR projectOwnerInvitee) OR ('\n                                                       'protoPayload.serviceData.policyDelta.bindingDeltas.action'\n                                                       '=\"REMOVE\" AND '\n                                                       \"protoPayload.serviceData.policyDelta.bindingDeltas.role\"\n                                                       '=\"roles/owner\") OR ('\n                                                       'protoPayload.serviceData.policyDelta.bindingDeltas.action'\n                                                       '=\"ADD\" AND '\n                                                       'protoPayload.serviceData.policyDelta.bindingDeltas.role'\n                                                       '=\"roles/owner\")')\n        metric_dict['audit_config_change'] = \\\n            self._specific_filter_present(raw_metrics, 'protoPayload.methodName=\"SetIamPolicy\" AND '\n                                                       'protoPayload.serviceData.policyDelta.auditConfigDeltas:*')\n        metric_dict['custom_role_change'] = \\\n            self._specific_filter_present(raw_metrics, 'resource.type=\"iam_role\" AND protoPayload.methodName =  '\n                                                       '\"google.iam.admin.v1.CreateRole\" OR '\n                                                       'protoPayload.methodName=\"google.iam.admin.v1.DeleteRole\" OR '\n                                                       'protoPayload.methodName=\"google.iam.admin.v1.UpdateRole\"')\n        metric_dict['vpc_network_firewall_rule_change'] = \\\n            self._specific_filter_present(raw_metrics, 'resource.type=\"gce_firewall_rule\" AND '\n                                                       'jsonPayload.event_subtype=\"compute.firewalls.patch\" OR '\n                                                       'jsonPayload.event_subtype=\"compute.firewalls.insert\"')\n        metric_dict['vpc_network_route_change'] = \\\n            self._specific_filter_present(raw_metrics, 'resource.type=\"gce_route\" AND '\n                                                       'jsonPayload.event_subtype=\"compute.routes.delete\" OR '\n                                                       'jsonPayload.event_subtype=\"compute.routes.insert\"')\n        metric_dict['vpc_network_change'] = \\\n            self._specific_filter_present(raw_metrics, 'resource.type=gce_network AND '\n                                                       'jsonPayload.event_subtype=\"compute.networks.insert\" OR '\n                                                       'jsonPayload.event_subtype=\"compute.networks.patch\" OR '\n                                                       'jsonPayload.event_subtype=\"compute.networks.delete\"  OR '\n                                                       'jsonPayload.event_subtype=\"compute.networks.removePeering\" OR '\n                                                       'jsonPayload.event_subtype=\"compute.networks.addPeering\"')\n        metric_dict['cloud_storage_iam_permission_change'] = \\\n            self._specific_filter_present(raw_metrics, 'resource.type=gcs_bucket AND '\n                                                       'protoPayload.methodName=\"storage.setIamPermissions\"')\n        metric_dict['sql_instance_conf_change'] = \\\n            self._specific_filter_present(raw_metrics, 'protoPayload.methodName=\"cloudsql.instances.update\"')\n\n        return metric_dict\n\n    def _specific_filter_present(self, raw_metrics, filter_value: str):\n        for metric in raw_metrics:\n            if metric.filter_ == filter_value:\n                return True\n        return False\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/stackdriverlogging/metrics.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\n\n\nclass Metrics(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_metrics = await self.facade.stackdriverlogging.get_metrics(self.project_id)\n        for raw_metric in raw_metrics:\n            metric_name, metric = self._parse_metric(raw_metric)\n            self[metric_name] = metric\n\n    def _parse_metric(self, raw_metric):\n        metric_dict = {}\n        metric_dict['name'] = raw_metric.name\n        metric_dict['description'] = raw_metric.description\n        metric_dict['filter'] = raw_metric.filter_\n        return metric_dict['name'], metric_dict\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/stackdriverlogging/sinks.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\n\n\nclass Sinks(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_sinks = await self.facade.stackdriverlogging.get_sinks(self.project_id)\n        for raw_sink in raw_sinks:\n            sink_name, sink = self._parse_sink(raw_sink)\n            self[sink_name] = sink\n\n    def _parse_sink(self, raw_sink):\n        sink_dict = {}\n        sink_dict['name'] = raw_sink.name\n        sink_dict['filter'] = raw_sink.filter_\n        sink_dict['destination'] = raw_sink.destination\n        return sink_dict['name'], sink_dict\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/stackdrivermonitoring/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/stackdrivermonitoring/alert_policies.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass AlertPolicies(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_alert_policies = await self.facade.stackdrivermonitoring.get_alert_policies(self.project_id)\n        for raw_alert_policy in raw_alert_policies:\n            alert_policy_name, alert_policy = self._parse_alert_policy(raw_alert_policy)\n            self[alert_policy_name] = alert_policy\n\n    def _parse_alert_policy(self, raw_alert_policy):\n        alert_policy_dict = {}\n        alert_policy_dict['id'] = get_non_provider_id(raw_alert_policy.name)\n        alert_policy_dict['name'] = raw_alert_policy.display_name\n        alert_policy_dict['combiner'] = raw_alert_policy.combiner\n        alert_policy_dict['creation_record'] = raw_alert_policy.creation_record\n        alert_policy_dict['mutation_record'] = raw_alert_policy.mutation_record\n        alert_policy_dict['conditions'] = raw_alert_policy.conditions\n        alert_policy_dict['enabled'] = raw_alert_policy.enabled\n        return alert_policy_dict['id'], alert_policy_dict\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/stackdrivermonitoring/base.py",
    "content": "from ScoutSuite.providers.gcp.resources.projects import Projects\nfrom ScoutSuite.providers.gcp.resources.stackdrivermonitoring.monitoring_alert_policies import MonitoringAlertPolicies\nfrom ScoutSuite.providers.gcp.resources.stackdrivermonitoring.uptime_checks import UptimeChecks\nfrom ScoutSuite.providers.gcp.resources.stackdrivermonitoring.alert_policies import AlertPolicies\n\n\nclass StackdriverMonitoring(Projects):\n    _children = [ \n        (UptimeChecks, 'uptime_checks'),\n        (AlertPolicies, 'alert_policies'),\n        (MonitoringAlertPolicies, 'monitoring_alert_policies')\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/stackdrivermonitoring/monitoring_alert_policies.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\n\n\nclass MonitoringAlertPolicies(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_alert_policies = await self.facade.stackdrivermonitoring.get_alert_policies(self.project_id)\n        alert_policy = self._parse_alert_policy(raw_alert_policies)\n        self[self.project_id] = alert_policy\n\n    def _parse_alert_policy(self, raw_alert_policies):\n        alert_policy_dict = {}\n        alert_policy_dict['project_ownership_assignments'] = \\\n            self._specific_alert_policy_present(raw_alert_policies)\n        alert_policy_dict['audit_config_change'] = self._specific_alert_policy_present(raw_alert_policies)\n        alert_policy_dict['custom_role_change'] = self._specific_alert_policy_present(raw_alert_policies)\n        alert_policy_dict['vpc_network_firewall_rule_change'] = self._specific_alert_policy_present(raw_alert_policies)\n        alert_policy_dict['vpc_network_route_change'] = self._specific_alert_policy_present(raw_alert_policies)\n        alert_policy_dict['vpc_network_change'] = self._specific_alert_policy_present(raw_alert_policies)\n        alert_policy_dict['cloud_storage_iam_permission_change'] = \\\n            self._specific_alert_policy_present(raw_alert_policies)\n        alert_policy_dict['sql_instance_conf_change'] = self._specific_alert_policy_present(raw_alert_policies)\n        return alert_policy_dict\n\n    def _specific_alert_policy_present(self, alert_policies):\n        for alert_policy in alert_policies:\n            for condition in alert_policy.conditions:\n                if condition.condition_threshold.filter == 'metric.type=\\\"logging.googleapis.com/user/<Log Metric ' \\\n                                                           'Name>\\\"' and alert_policy.enabled.value:\n                    return True\n        return False\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/stackdrivermonitoring/uptime_checks.py",
    "content": "from ScoutSuite.providers.base.resources.base import Resources\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass UptimeChecks(Resources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_uptime_checks = await self.facade.stackdrivermonitoring.get_uptime_checks(self.project_id)\n        for raw_uptime_check in raw_uptime_checks:\n            uptime_check_name, uptime_check = self._parse_uptime_check(raw_uptime_check)\n            self[uptime_check_name] = uptime_check\n\n    def _parse_uptime_check(self, raw_uptime_check):\n        uptime_check_dict = {}\n        uptime_check_dict['id'] = get_non_provider_id(raw_uptime_check.name)\n        uptime_check_dict['name'] = raw_uptime_check.display_name\n        uptime_check_dict['monitored_resource'] = raw_uptime_check.monitored_resource\n        uptime_check_dict['http_check'] = raw_uptime_check.http_check\n        uptime_check_dict['period'] = raw_uptime_check.period\n        uptime_check_dict['timeout'] = raw_uptime_check.timeout\n        return uptime_check_dict['id'], uptime_check_dict\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/resources/zones.py",
    "content": "from ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.gcp.resources.base import GCPCompositeResources\n\n\nclass Zones(GCPCompositeResources):\n    def __init__(self, facade: GCPFacade, project_id: str):\n        super().__init__(facade)\n        self.project_id = project_id\n\n    async def fetch_all(self):\n        raw_zones = await self.facade.gce.get_zones(self.project_id)\n        for raw_zone in raw_zones:\n            self[raw_zone['name']] = {}\n        await self._fetch_children_of_all_resources(\n            resources=self,\n            scopes={zone: {'project_id': self.project_id, 'zone': zone} for zone in self})\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/bigquery-dataset-member.json",
    "content": "{\n    \"description\": \"Datasets Accessible by \\\"_ARG_0_\\\"\",\n    \"rationale\": \"Allowing anonymous and/or public access grants permissions to anyone to access the dataset's content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous and/or public access to a dataset is not allowed.\",\n    \"remediation\": \"Delete any permissions assigned to the <samp>allUsers</samp> and <samp>allAuthenticatedUsers</samp> members.\",\n    \"dashboard_name\": \"Datasets\",\n    \"display_path\": \"bigquery.projects.id.datasets.id\",\n    \"path\": \"bigquery.projects.id.datasets.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"bigquery.projects.id.datasets.id.bindings\",\n            \"containString\",\n            \"_ARG_0_\"\n        ]\n    ],\n    \"key\": \"bigquery-dataset-_ARG_0_\",\n    \"arg_names\": [\n        \"Member\"\n    ],\n    \"id_suffix\": \"permissions\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/bigquery-encryption-no-cmk.json",
    "content": "{\n    \"description\": \"Dataset Not Encrypted with Customer-Managed Keys (CMKs)\",\n    \"rationale\": \"Encrypting datasets with Cloud KMS Customer-Managed Keys (CMKs) will allow for a more granular control over data encryption/decryption process.\",\n    \"dashboard_name\": \"Datasets\",\n    \"display_path\": \"bigquery.projects.id.datasets.id\",\n    \"path\": \"bigquery.projects.id.datasets.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"bigquery.projects.id.datasets.id.default_encryption_configuration\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"default_encryption_configuration\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudsql-allows-root-login-from-any-host.json",
    "content": "{\n    \"description\": \"Instance Allows Root Login from Any Host\",\n    \"rationale\": \"Root access to MySQL Database Instances should be allowed only through trusted IPs.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.4\"\n        }\n    ],\n    \"references\": [\n        \"https://forsetisecurity.org/docs/latest/concepts/best-practices.html#cloud-sql\",\n        \"https://cloud.google.com/blog/products/gcp/best-practices-for-securing-your-google-cloud-databases\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"cloudsql.projects.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudsql.projects.id.instances.id.database_version\",\n            \"match\",\n            \"MYSQL.*\"\n        ],\n        [\n            \"cloudsql.projects.id.instances.id.\",\n            \"withKey\",\n            \"users\"\n        ],\n        [\n            \"cloudsql.projects.id.instances.id.users\",\n            \"withKey\",\n            \"root\"\n        ],\n        [\n            \"or\",\n            [\n                \"cloudsql.projects.id.instances.id.users.root.host\",\n                \"equal\",\n                \"%\"\n            ],\n            [\n                \"cloudsql.projects.id.instances.id.users.root.host\",\n                \"equal\",\n                \"0.0.0.0\"\n            ],\n            [\n                \"cloudsql.projects.id.instances.id.users.root.host\",\n                \"equal\",\n                \"/0\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"root_access_from_any_host\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-backups-disabled.json",
    "content": "{\n    \"description\": \"Instance with Automatic Backups Disabled\",\n    \"rationale\": \"Backups provide a way to restore a Cloud SQL instance to recover lost data or recover from a problem with that instance. Automated backups need to be set for any instance that contains data that should be protected from loss or damage.\",\n    \"remediation\": \"From console:<ol><li>Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.</li><li>Select the instance where the backups need to be configured.</li><li>Click <samp>Edit</samp></li><li>In the <samp>Backups</samp> section, check `Enable automated backups', and choose a backup window.</li><li>Click <samp>Save</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"6.7\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/sql/docs/mysql/backup-recovery/backups\",\n        \"https://cloud.google.com/sql/docs/postgres/backup-recovery/backing-up\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"cloudsql.projects.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudsql.projects.id.instances.id.automatic_backup_enabled\",\n            \"false\",\n            \"\"\n        ],\n        [\n            \"cloudsql.projects.id.instances.id.is_failover_replica\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"automatic_backup_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-public-range.json",
    "content": "{\n    \"description\": \"Database Instances Allowing Access from Public Ranges\",\n    \"rationale\": \"To minimize attack surface on a Database server instance, only trusted/known and required IP(s) should be allow-listed to connect to it. An authorized network should not have IPs/networks configured to broad public ranges which will allow access to the instance from arbitrary hosts.\",\n    \"remediation\": \"From console:<ol><li>Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.</li><li>Click the instance name to open its Instance details page.</li><li>Under the <samp>Configuration</samp> section click <samp>Edit configurations</samp>.</li><li>Under <samp>Configuration options</samp> expand the <samp>Connectivity</samp> section.</li><li>Click the <samp>delete</samp> icon for the egregious authorized network</li><li>Click <samp>Save</samp> to update the instance.</li></ol>\",\n    \"compliance\": [],\n    \"references\": [\n        \"https://cloud.google.com/sql/docs/mysql/configure-ip\",\n        \"https://console.cloud.google.com/iam-admin/orgpolicies/sql-restrictAuthorizedNetworks\",\n        \"https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints\",\n        \"https://cloud.google.com/sql/docs/mysql/connection-org-policy\"\n    ],\n    \"dashboard_name\": \"Authorized Networks\",\n    \"display_path\": \"cloudsql.projects.id.instances.id\",\n    \"path\": \"cloudsql.projects.id.instances.id.authorized_networks.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudsql.projects.id.instances.id.public_ip\",\n            \"notEmpty\",\n            \"\"\n        ],\n        [\n            \"cloudsql.projects.id.instances.id.public_ip\",\n            \"notEqual\",\n            \"None\"\n        ],\n        [\n            \"cloudsql.projects.id.instances.id.authorized_networks.id.value\",\n            \"isPublicSubnet\",\n            \"\"\n        ],\n        [\n            \"cloudsql.projects.id.instances.id.authorized_networks.id.value\",\n            \"isSubnetRange\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"open_to_the_world\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-the-world.json",
    "content": "{\n    \"description\": \"Database Instances Allowing Public Access (0.0.0.0/0)\",\n    \"rationale\": \"To minimize attack surface on a Database server instance, only trusted/known and required IP(s) should be allow-listed to connect to it. An authorized network should not have IPs/networks configured to 0.0.0.0/0 which will allow access to the instance from anywhere in the world.\",\n    \"remediation\": \"From console:<ol><li>Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.</li><li>Click the instance name to open its Instance details page.</li><li>Under the <samp>Configuration</samp> section click <samp>Edit configurations</samp>.</li><li>Under <samp>Configuration options</samp> expand the <samp>Connectivity</samp> section.</li><li>Click the <samp>delete</samp> icon for the authorized network <samp>0.0.0.0/0.</samp></li><li>Click <samp>Save</samp> to update the instance.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.2\"\n        },\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"6.5\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/sql/docs/mysql/configure-ip\",\n        \"https://console.cloud.google.com/iam-admin/orgpolicies/sql-restrictAuthorizedNetworks\",\n        \"https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints\",\n        \"https://cloud.google.com/sql/docs/mysql/connection-org-policy\"\n    ],\n    \"dashboard_name\": \"Authorized Networks\",\n    \"display_path\": \"cloudsql.projects.id.instances.id\",\n    \"path\": \"cloudsql.projects.id.instances.id.authorized_networks.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudsql.projects.id.instances.id.public_ip\",\n            \"notEmpty\",\n            \"\"\n        ],\n        [\n            \"cloudsql.projects.id.instances.id.public_ip\",\n            \"notEqual\",\n            \"None\"\n        ],\n        [\n            \"cloudsql.projects.id.instances.id.authorized_networks.id.value\",\n            \"match\",\n            \".*/0\"\n        ]\n    ],\n    \"id_suffix\": \"open_to_the_world\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-no-binary-logging.json",
    "content": "{\n    \"description\": \"Instance with Binary Logging Disabled\",\n    \"rationale\": \"The benefits of enabling binary logs (replication, scalability, auditability, point-in-time data recovery, etc.) can improve the security posture of the Cloud SQL instance.\",\n    \"references\": [\n        \"https://cloud.google.com/sql/docs/mysql/instance-settings\",\n        \"https://cloud.google.com/sql/docs/mysql/replication/tips\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"cloudsql.projects.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"or\",\n            [\n                \"cloudsql.projects.id.instances.id.log_enabled\",\n                \"false\",\n                \"\"\n            ],\n            [\n                \"cloudsql.projects.id.instances.id.log_enabled\",\n                \"null\",\n                \"\"\n            ]\n        ],\n        [\n            \"cloudsql.projects.id.instances.id.is_failover_replica\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"log_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-ssl-not-required.json",
    "content": "{\n    \"description\": \"Instance Not Requiring Mutual TLS Authentication for Incoming Connections\",\n    \"rationale\": \"SQL database connections if successfully trapped (MITM) can reveal sensitive data such as credentials, database queries, query outputs etc. For improved security, it is recommended to require mutual authentication, which involves using certificates to authenticate both the client and server.\",\n    \"remediation\": \"From console:<ol><li>Go to  https://console.cloud.google.com/sql/instances.</li><li>Click on an instance name to see its configuration overview.</li><li>In the left-side panel, select <samp>Connections</samp></li><li>In the <samp>SSL connections</samp> section, click <samp>Allow only SSL connections.</samp></li><li>Under <samp>Configure SSL server certificates</samp> click <samp>Create new certificate.</samp></li><li>Under <samp>Configure SSL server certificates</samp> click <samp>Create a client certificate.</samp></li><li>Follow the instructions shown to learn how to connect to your instance.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.1\"\n        },\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"6.4\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/sql/docs/postgres/configure-ssl-instance\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"cloudsql.projects.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"or\",\n            [\n                \"cloudsql.projects.id.instances.id.ssl_required\",\n                \"null\",\n                \"\"\n            ],\n            [\n                \"cloudsql.projects.id.instances.id.ssl_required\",\n                \"false\",\n                \"\"\n            ]\n        ],\n        [\n            \"cloudsql.projects.id.instances.id.is_failover_replica\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"ssl_required\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-with-no-backups.json",
    "content": "{\n    \"description\": \"Instance with No Backups\",\n    \"rationale\": \"Weekly or monthly backups should be created of all databases holding sensitive information.\",\n    \"references\": [\n        \"https://cloud.google.com/sql/docs/mysql/backup-recovery/backups\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"cloudsql.projects.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudsql.projects.id.instances.id\",\n            \"withKey\",\n            \"backups\"\n        ],\n        [\n            \"cloudsql.projects.id.instances.id.backups\",\n            \"empty\",\n            \"\"\n        ],\n        [\n            \"cloudsql.projects.id.instances.id.is_failover_replica\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"last_backup_timestamp\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudsql-instances-public-ips.json",
    "content": "{\n    \"description\": \"Database Instances with Public IPs\",\n    \"rationale\": \"To lower the organization's attack surface, Cloud SQL databases should not have public IPs. Private IPs provide improved network security and lower latency for your application.\",\n    \"remediation\": \"From console:<ol><li>Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.</li><li>Click the instance name to open its Instance details page.</li><li>Select the <samp>Connections</samp> tab.</li><li>Deselect the <samp>Public IP</samp> checkbox.</li><li>Click <samp>Save</samp> to update the instance.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"6.6\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/sql/docs/mysql/configure-private-ip\",\n        \"https://cloud.google.com/sql/docs/mysql/private-ip\",\n        \"https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints\",\n        \"https://console.cloud.google.com/iam-admin/orgpolicies/sql-restrictPublicIp\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"cloudsql.projects.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudsql.projects.id.instances.id.public_ip\",\n            \"notEmpty\",\n            \"\"\n        ],\n        [\n            \"cloudsql.projects.id.instances.id.public_ip\",\n            \"notEqual\",\n            \"None\"\n        ]\n    ],\n    \"id_suffix\": \"public_ip\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudsql-mysql-instances-local-infile-on.json",
    "content": "{\n    \"description\": \"Local Infile Database Flag for MySQL Instance Is on\",\n    \"rationale\": \"The local_infile flag controls the server-side LOCAL capability for LOAD DATA statements. Depending on the local_infile setting, the server refuses or permits local data loading by clients that have LOCAL enabled on the client side. To explicitly cause the server to refuse LOAD DATA LOCAL statements (regardless of how client programs and libraries are configured at build time or runtime), start mysqld with local_infile disabled. local_infile can also be set at runtime.\",\n    \"remediation\": \"From console:<ol><li>Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.</li><li>Select the MySQL instance where the database flag needs to be enabled.</li><li>Click <samp>Edit</samp></li><li>Scroll down to the <samp>Flags</samp> section.</li><li>To set a flag that has not been set on the instance before, click <samp>Add item</samp>, choose the flag <samp>local_infile</samp> from the drop-down menu, and set its value to <samp>off</samp>.</li><li>Click <samp>Save</samp></li><li>Confirm the changes under <samp>Flags</samp> on the Overview page.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"6.1.2\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/sql/docs/mysql/flags\",\n        \"https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_local_infile\",\n        \"https://dev.mysql.com/doc/refman/5.7/en/load-data-local.html\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"cloudsql.projects.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudsql.projects.id.instances.id.local_infile_off\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"local_infile_off\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-checkpoints-off.json",
    "content": "{\n    \"description\": \"Log Checkpoints Database Flag for PostgreSQL Instance Is off\",\n    \"rationale\": \"Enabling log_checkpoints causes checkpoints and restart points to be logged in the server log. Some statistics are included in the log messages, including the number of buffers written and the time spent writing them. This parameter can only be set in the postgresql.conf file or on the server command line. This recommendation is applicable to PostgreSQL database instances.\",\n    \"remediation\": \"From console:<ol><li>Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.</li><li>Select the PostgreSQL instance where the database flag needs to be enabled.</li><li>Click <samp>Edit</samp></li><li>Scroll down to the <samp>Flags</samp> section.</li><li>To set a flag that has not been set on the instance before, click <samp>Add item</samp>, choose the flag <samp>log_checkpoints</samp> from the drop-down menu, and set its value to <samp>off</samp>.</li><li>Click <samp>Save</samp></li><li>Confirm the changes under <samp>Flags</samp> on the Overview page.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"6.2.1\"\n        }\n    ],\n    \"references\": [\n        \"https://www.postgresql.org/docs/9.6/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHAT\",\n        \"https://cloud.google.com/sql/docs/postgres/flags#setting_a_database_flag\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"cloudsql.projects.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudsql.projects.id.instances.id.log_checkpoints_on\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"log_checkpoints_on\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-connections-off.json",
    "content": "{\n    \"description\": \"Log Connections Database Flag for PostgreSQL Instance Is off\",\n    \"rationale\": \"PostgreSQL does not log attempted connections by default. Enabling the log_connections setting will create log entries for each attempted connection as well as successful completion of client authentication which can be useful in troubleshooting issues and to determine any unusual connection attempts to the server. This recommendation is applicable to PostgreSQL database instances.\",\n    \"remediation\": \"From console:<ol><li>Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.</li><li>Select the PostgreSQL instance where the database flag needs to be enabled.</li><li>Click <samp>Edit</samp></li><li>Scroll down to the <samp>Flags</samp> section.</li><li>To set a flag that has not been set on the instance before, click <samp>Add item</samp>, choose the flag <samp>log_connections</samp> from the drop-down menu, and set its value to <samp>off</samp>.</li><li>Click <samp>Save</samp></li><li>Confirm the changes under <samp>Flags</samp> on the Overview page.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"6.2.2\"\n        }\n    ],\n    \"references\": [\n        \"https://www.postgresql.org/docs/9.6/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHAT\",\n        \"https://cloud.google.com/sql/docs/postgres/flags\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"cloudsql.projects.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudsql.projects.id.instances.id.log_connections_on\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"log_connections_on\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-disconnections-off.json",
    "content": "{\n    \"description\": \"Log Disconnections Database Flag for PostgreSQL Instance Is off\",\n    \"rationale\": \"PostgreSQL does not log session details such as duration and session end by default. Enabling the log_disconnections setting will create log entries at the end of each session which can be useful in troubleshooting issues and determine any unusual activity across a time period. The log_disconnections and log_connections work hand in hand and generally, the pair would be enabled/disabled together. This recommendation is applicable to PostgreSQL database instances.\",\n    \"remediation\": \"From console:<ol><li>Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.</li><li>Select the PostgreSQL instance where the database flag needs to be enabled.</li><li>Click <samp>Edit</samp></li><li>Scroll down to the <samp>Flags</samp> section.</li><li>To set a flag that has not been set on the instance before, click <samp>Add item</samp>, choose the flag <samp>log_disconnections</samp> from the drop-down menu, and set its value to <samp>off</samp>.</li><li>Click <samp>Save</samp></li><li>Confirm the changes under <samp>Flags</samp> on the Overview page.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"6.2.3\"\n        }\n    ],\n    \"references\": [\n        \"https://www.postgresql.org/docs/9.6/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHAT\",\n        \"https://cloud.google.com/sql/docs/postgres/flags\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"cloudsql.projects.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudsql.projects.id.instances.id.log_disconnections_on\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"log_disconnections_on\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-lock-waits-off.json",
    "content": "{\n    \"description\": \"Log Lock Waits Database Flag for PostgreSQL Instance Is off\",\n    \"rationale\": \"The deadlock timeout defines the time to wait on a lock before checking for any conditions. Frequent run overs on deadlock timeout can be an indication of an underlying issue. Logging such waits on locks by enabling the log_lock_waits flag can be used to identify poor performance due to locking delays or if a specially-crafted SQL is attempting to starve resources through holding locks for excessive amounts of time. This recommendation is applicable to PostgreSQL database instances.\",\n    \"remediation\": \"From console:<ol><li>Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.</li><li>Select the PostgreSQL instance where the database flag needs to be enabled.</li><li>Click <samp>Edit</samp></li><li>Scroll down to the <samp>Flags</samp> section.</li><li>To set a flag that has not been set on the instance before, click <samp>Add item</samp>, choose the flag <samp>log_lock_waits</samp> from the drop-down menu, and set its value to <samp>off</samp>.</li><li>Click <samp>Save</samp></li><li>Confirm the changes under <samp>Flags</samp> on the Overview page.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"6.2.4\"\n        }\n    ],\n    \"references\": [\n        \"https://www.postgresql.org/docs/9.6/runtime-config-logging.html#GUC-LOG-MIN-DURATION-STATEMENT\",\n        \"https://cloud.google.com/sql/docs/postgres/flags\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"cloudsql.projects.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudsql.projects.id.instances.id.log_lock_waits_on\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"log_lock_waits_on\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-min-duration-not-set-1.json",
    "content": "{\n    \"description\": \"Log Min Duration Statement Database Flag for PostgreSQL Instance Is Not Set to -1\",\n    \"rationale\": \"Logging SQL statements may include sensitive information that should not be recorded in logs. This recommendation is applicable to PostgreSQL database instances.\",\n    \"remediation\": \"From console:<ol><li>Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.</li><li>Select the PostgreSQL instance where the database flag needs to be enabled.</li><li>Click <samp>Edit</samp></li><li>Scroll down to the <samp>Flags</samp> section.</li><li>To set a flag that has not been set on the instance before, click <samp>Add item</samp>, choose the flag <samp>log_min_duration_statement</samp> from the drop-down menu, and set its value to <samp>-1</samp>.</li><li>Click <samp>Save</samp></li><li>Confirm the changes under <samp>Flags</samp> on the Overview page.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"6.2.7\"\n        }\n    ],\n    \"references\": [\n        \"https://www.postgresql.org/docs/current/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHAT\",\n        \"https://cloud.google.com/sql/docs/postgres/flags\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"cloudsql.projects.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudsql.projects.id.instances.id.log_min_duration_statement_-1\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"log_min_duration_statement_-1\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-min-messages-not-set.json",
    "content": "{\n    \"description\": \"Log Min Messages Database Flag for PostgreSQL Instance Is Not Set\",\n    \"rationale\": \"Auditing helps in troubleshooting operational problems and also permits forensic analysis. If log_min_error_statement is not set to the correct value, messages may not be classified as error messages appropriately. Considering general log messages as error messages would make it difficult to find actual errors, while considering only stricter severity levels as error messages may skip actual errors to log their SQL statements. The log_min_error_statement flag should be set in accordance with the organization's logging policy. This recommendation is applicable to PostgreSQL database instances.\",\n    \"remediation\": \"From console:<ol><li>Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.</li><li>Select the PostgreSQL instance where the database flag needs to be enabled.</li><li>Click <samp>Edit</samp></li><li>Scroll down to the <samp>Flags</samp> section.</li><li>To set a flag that has not been set on the instance before, click <samp>Add item</samp>, choose the flag <samp>log_min_error_statement</samp> from the drop-down menu, and set appropriate value.</li><li>Click <samp>Save</samp></li><li>Confirm the changes under <samp>Flags</samp> on the Overview page.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"6.2.5\"\n        }\n    ],\n    \"references\": [\n        \"https://www.postgresql.org/docs/9.6/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHEN\",\n        \"https://cloud.google.com/sql/docs/postgres/flags\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"cloudsql.projects.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudsql.projects.id.instances.id.log_min_messages\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"log_min_messages\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-temp-files-not-set-0.json",
    "content": "{\n    \"description\": \"Log Temp Files Database Flag for PostgreSQL Instance Is Not Set to 0\",\n    \"rationale\": \"If all temporary files are not logged, it may be more difficult to identify potential performance issues that may be due to either poor application coding or deliberate resource starvation attempts.\",\n    \"remediation\": \"From console:<ol><li>Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.</li><li>Select the PostgreSQL instance where the database flag needs to be enabled.</li><li>Click <samp>Edit</samp></li><li>Scroll down to the <samp>Flags</samp> section.</li><li>To set a flag that has not been set on the instance before, click <samp>Add item</samp>, choose the flag <samp>log_temp_files</samp> from the drop-down menu, and set its value to <samp>0</samp>.</li><li>Click <samp>Save</samp></li><li>Confirm the changes under <samp>Flags</samp> on the Overview page.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"6.2.6\"\n        }\n    ],\n    \"references\": [\n        \"https://www.postgresql.org/docs/9.6/runtime-config-logging.html#GUC-LOG-TEMP-FILES\",\n        \"https://cloud.google.com/sql/docs/postgres/flags\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"cloudsql.projects.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudsql.projects.id.instances.id.log_temp_files_0\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"log_temp_files_0\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudsql-sqlservers-instances-contained-database-authentication-on.json",
    "content": "{\n    \"description\": \"Contained Database Authentication Database Flag for SQLServers Instance Is on\",\n    \"rationale\": \"A contained database includes all database settings and metadata required to define the database and has no configuration dependencies on the instance of the Database Engine where the database is installed. Users can connect to the database without authenticating a login at the Database Engine level. Isolating the database from the Database Engine makes it possible to easily move the database to another instance of SQL Server. Contained databases have some unique threats that should be understood and mitigated by SQL Server Database Engine administrators. Most of the threats are related to the USER WITH PASSWORD authentication process, which moves the authentication boundary from the Database Engine level to the database level, hence this is recommended to disable this flag.\",\n    \"remediation\": \"From console:<ol><li>Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.</li><li>Select the MySQL instance where the database flag needs to be enabled.</li><li>Click <samp>Edit</samp></li><li>Scroll down to the <samp>Flags</samp> section.</li><li>To set a flag that has not been set on the instance before, click <samp>Add item</samp>, choose the flag <samp>contained database authentication</samp> from the drop-down menu, and set its value to <samp>off</samp>.</li><li>Click <samp>Save</samp></li><li>Confirm the changes under <samp>Flags</samp> on the Overview page.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"6.3.2\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/sql/docs/sqlserver/flags\",\n        \"https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/contained-database-authentication-server-configuration-option?view=sql-server-ver15\",\n        \"https://learn.microsoft.com/en-us/sql/relational-databases/databases/security-best-practices-with-contained-databases?view=sql-server-ver15\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"cloudsql.projects.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudsql.projects.id.instances.id.contained_database_authentication_off\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"contained_database_authentication_off\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json",
    "content": "{\n    \"description\": \"Cross DB Ownership Chaining Database Flag for SQLServers Instance Is on\",\n    \"rationale\": \"Use the cross db ownership for chaining option to configure cross-database ownership chaining for an instance of Microsoft SQL Server. This server option allows you to control cross-database ownership chaining at the database level or to allow cross-database ownership chaining for all databases. Enabling cross db ownership is not recommended unless all of the databases hosted by the instance of SQL Server must participate in cross-database ownership chaining and you are aware of the security implications of this setting. This recommendation is applicable to SQL Server database instances.\",\n    \"remediation\": \"From console:<ol><li>Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.</li><li>Select the MySQL instance where the database flag needs to be enabled.</li><li>Click <samp>Edit</samp></li><li>Scroll down to the <samp>Flags</samp> section.</li><li>To set a flag that has not been set on the instance before, click <samp>Add item</samp>, choose the flag <samp>cross db ownership chaining</samp> from the drop-down menu, and set its value to <samp>off</samp>.</li><li>Click <samp>Save</samp></li><li>Confirm the changes under <samp>Flags</samp> on the Overview page.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"6.3.1\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/sql/docs/sqlserver/flags\",\n        \"https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/cross-db-ownership-chaining-server-configuration-option?view=sql-server-ver15\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"cloudsql.projects.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudsql.projects.id.instances.id.cross_db_ownership_chaining_off\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"cross_db_ownership_chaining_off\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-member.json",
    "content": "{\n    \"description\": \"Bucket Accessible by \\\"_ARG_0_\\\"\",\n    \"rationale\": \"Allowing anonymous and/or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous and/or public access to a bucket is not allowed.\",\n    \"remediation\": \"\\\"From console:<ol><li>Go to <samp>Storage browser</samp> by visiting https://console.cloud.google.com/storage/browser.</li><li>Click on the bucket name to go to its <samp>Bucket details</samp> page.</li><li>Click on the <samp>Permissions</samp> tab.</li><li>Click <samp>Delete</samp> button in front of <samp>allUsers</samp> and <samp>allAuthenticatedUsers</samp> to remove that particular role assignment.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"5.1\"\n        },\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"5.1\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/storage/docs/access-control/iam-reference\",\n        \"https://cloud.google.com/storage/docs/access-control/making-data-public\",\n        \"https://cloud.google.com/storage/docs/gsutil/commands/iam\"\n    ],\n    \"dashboard_name\": \"Buckets\",\n    \"display_path\": \"cloudstorage.projects.id.buckets.id\",\n    \"path\": \"cloudstorage.projects.id.buckets.id\",\n    \"conditions\": [\n        \"and\",\n        [\"or\",\n            [\n                \"cloudstorage.projects.id.buckets.id.member_bindings\",\n                \"withKey\",\n                \"_ARG_0_\"\n            ],\n            [\n                \"cloudstorage.projects.id.buckets.id.acls\",\n                \"containString\",\n                \"_ARG_0_\"\n            ]\n        ],\n        [\n            \"cloudstorage.projects.id.buckets.id.public_access_prevention\",\n            \"notEqual\",\n            \"enforced\"\n        ],\n        [\n            \"cloudstorage.projects.id.buckets.id.public_access_prevention\",\n            \"notEqual\",\n            \"inherited\"\n        ]\n    ],\n    \"key\": \"cloudstorage-bucket-_ARG_0_\",\n    \"arg_names\": [\n        \"Member\",\n        \"Description\"\n    ],\n    \"id_suffix\": \"_ARG_0_\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-logging.json",
    "content": "{\n    \"description\": \"Bucket with Logging Disabled\",\n    \"rationale\": \"Enable access and storage logs, in order to capture all events which may affect objects within target buckets.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"5.3\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/storage/docs/access-logs\"\n    ],\n    \"dashboard_name\": \"Buckets\",\n    \"path\": \"cloudstorage.projects.id.buckets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudstorage.projects.id.buckets.id.logging_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"logging_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-public-access-prevention.json",
    "content": "{\n    \"description\": \"Bucket with Private Access Prevention Not Enforced\",\n    \"rationale\": \"Public access prevention protects Cloud Storage buckets and objects from being accidentally exposed to the public. When you enforce public access prevention, no one can make data in applicable buckets public through IAM policies or ACLs.<br><br>Note that even if a bucket does not have public access prevention explicitly enforced in its settings, it might still inherit public access prevention, which occurs if the organization policy constraint <samp>storage.publicAccessPrevention</samp> is set on the project, folder, or organization that the bucket exists within. For this reason, the bucket state can only be set to <samp>enforced</samp> or <samp>inherited</samp>.\",\n    \"references\": [\n        \"https://cloud.google.com/storage/docs/public-access-prevention\"\n    ],\n    \"dashboard_name\": \"Buckets\",\n    \"path\": \"cloudstorage.projects.id.buckets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudstorage.projects.id.buckets.id.public_access_prevention\",\n            \"notEqual\",\n            \"enforced\"\n        ],\n        [\n            \"cloudstorage.projects.id.buckets.id.public_access_prevention\",\n            \"notEqual\",\n            \"inherited\"\n        ]\n    ],\n    \"id_suffix\": \"public_access_prevention\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-versioning.json",
    "content": "{\n    \"description\": \"Bucket with Versioning Disabled\",\n    \"rationale\": \"Enable Object Versioning to protect Cloud Storage data from being overwritten or accidentally deleted.\",\n    \"references\": [\n        \"https://cloud.google.com/storage/docs/using-object-versioning\"\n    ],\n    \"dashboard_name\": \"Buckets\",\n    \"path\": \"cloudstorage.projects.id.buckets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudstorage.projects.id.buckets.id.versioning_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"versioning_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/cloudstorage-uniform-bucket-level-access-disabled.json",
    "content": "{\n    \"description\": \"Uniform Bucket-Level Access Is Disabled\",\n    \"rationale\": \"It is recommended to use uniform bucket-level access to unify and simplify how you grant access to your Cloud Storage resources. In order to support a uniform permissioning system, Cloud Storage has uniform bucket-level access. Using this feature disables ACLs for all Cloud Storage resources: access to Cloud Storage resources then is granted exclusively through Cloud IAM. Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.\",\n    \"remediation\": \"From console:<ol><li>Open the Cloud Storage browser in the Google Cloud Console by visiting: https://console.cloud.google.com/storage/browser</li><li>In the list of buckets, click on the name of the desired bucket.</li><li>Select the <samp>Permissions</samp> tab near the top of the page.</li><li>In the text box that starts with <samp>This bucket uses fine-grained access control</samp>..., click <samp>Edit</samp>.</li><li>In the pop-up menu that appears, select <samp>Uniform</samp>.</li><li>Click <samp>Save</samp>.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"5.2\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/storage/docs/uniform-bucket-level-access\",\n        \"https://cloud.google.com/storage/docs/using-uniform-bucket-level-access\",\n        \"https://cloud.google.com/storage/docs/org-policy-constraints#uniform-bucket\"\n    ],\n    \"dashboard_name\": \"Buckets\",\n    \"display_path\": \"cloudstorage.projects.id.buckets.id\",\n    \"path\": \"cloudstorage.projects.id.buckets.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cloudstorage.projects.id.buckets.id.uniform_bucket_level_access\",\n            \"false\",\n            \"\"\n        ],\n        [\n            \"cloudstorage.projects.id.buckets.id.uniform_bucket_level_access\",\n            \"equal\",\n            \"None\"\n        ]\n    ],\n    \"id_suffix\": \"uniform_bucket_level_access\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-default-rule-in-use.json",
    "content": "{\n    \"description\": \"Default Firewall Rule in Use\",\n    \"rationale\": \"Some default firewall rules were in use. This could potentially expose sensitive services or protocols to other networks.\",\n    \"dashboard_name\": \"Firewall Rule\",\n    \"path\": \"computeengine.projects.id.firewalls.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.firewalls.id.name\",\n            \"containAtLeastOneOf\",\n            [\n                \"default-allow-internal\",\n                \"default-allow-icmp\",\n                \"default-allow-rdp\",\n                \"default-allow-ssh\",\n                \"auto-mode-vpc-allow-icmp\",\n                \"auto-mode-vpc-allow-internal\",\n                \"auto-mode-vpc-allow-rdp\",\n                \"auto-mode-vpc-allow-ssh\"\n            ]\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.disabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"name\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-all-ports.json",
    "content": "{\n    \"description\": \"Firewall Rule Opens All Ports (0-65535)\",\n    \"rationale\": \"The firewall rule allows access to all ports. This widens the attack surface of the infrastructure and makes it easier for an attacker to reach potentially sensitive services over the network.\",\n    \"dashboard_name\": \"Firewall Rule Elements\",\n    \"display_path\": \"computeengine.projects.id.firewalls.id\",\n    \"path\": \"computeengine.projects.id.firewalls.id.allowed_traffic.id.ports.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.firewalls.id.action\",\n            \"equal\",\n            \"allowed\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.disabled\",\n            \"notTrue\",\n            \"\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.direction\",\n            \"equal\",\n            \"INGRESS\"\n        ],\n        [\"or\",\n            [\n                \"computeengine.projects.id.firewalls.id.allowed_traffic.id.\",\n                \"equal\",\n                \"0-65535\"\n            ],\n            [\n                \"computeengine.projects.id.firewalls.id.allowed_traffic.id.\",\n                \"equal\",\n                \"1-65535\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"permissive_ports\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-internal-traffic.json",
    "content": "{\n    \"description\": \"Firewall Rule Allows Internal Traffic\",\n    \"rationale\": \"Firewall rule allows ingress connections for all protocols and ports among instances in the network.\",\n    \"dashboard_name\": \"Firewall Rule Elements\",\n    \"display_path\": \"computeengine.projects.id.firewalls.id\",\n    \"path\": \"computeengine.projects.id.firewalls.id.allowed_traffic.id.ports.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.firewalls.id.action\",\n            \"equal\",\n            \"allowed\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.disabled\",\n            \"notTrue\",\n            \"\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.direction\",\n            \"equal\",\n            \"INGRESS\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.source_ranges\",\n            \"containAtLeastOneOf\",\n            \"10.128.0.0/9\"\n        ],\n        [\"or\",\n            [\n                \"computeengine.projects.id.firewalls.id.allowed_traffic.id.\",\n                \"equal\",\n                \"0-65535\"\n            ],\n            [\n                \"computeengine.projects.id.firewalls.id.allowed_traffic.id.\",\n                \"equal\",\n                \"1-65535\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"permissive_ports\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-port-range.json",
    "content": "{\n    \"description\": \"Firewall Rule Allows Port Range(s)\",\n    \"rationale\": \"It was found that the firewall rule was using port ranges. Sometimes, ranges could include unintended ports that should not be exposed. As a result, when possible, explicit port lists should be used instead.\",\n    \"dashboard_name\": \"Firewall Rule Elements\",\n    \"display_path\": \"computeengine.projects.id.firewalls.id\",\n    \"path\": \"computeengine.projects.id.firewalls.id.allowed_traffic.id.ports.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.firewalls.id.action\",\n            \"equal\",\n            \"allowed\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.disabled\",\n            \"notTrue\",\n            \"\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.direction\",\n            \"equal\",\n            \"INGRESS\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.allowed_traffic.id.\",\n            \"match\",\n            \"[0-9]+-[0-9]+\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.allowed_traffic.id.\",\n            \"notEqual\",\n            \"0-65535\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.allowed_traffic.id.\",\n            \"notEqual\",\n            \"1-65535\"\n        ]\n    ],\n    \"id_suffix\": \"permissive_ports\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-public-access.json",
    "content": "{\n    \"description\": \"Firewall Rule Allows Public Access (0.0.0.0/0)\",\n    \"rationale\": \"The firewall rule was found to be exposing potentially open ports to all source addresses. Ports are commonly probed by automated scanning tools, and could be an indicator of sensitive services exposed to Internet. If such services need to be exposed, a restriction on the source address could help to reduce the attack surface of the infrastructure.\",\n    \"dashboard_name\": \"Firewall Rules\",\n    \"path\": \"computeengine.projects.id.firewalls.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.firewalls.id.action\",\n            \"equal\",\n            \"allowed\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.disabled\",\n            \"notTrue\",\n            \"\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.direction\",\n            \"equal\",\n            \"INGRESS\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.source_ranges\",\n            \"containAtLeastOneOf\",\n            \"0.0.0.0/0\"\n        ]\n    ],\n    \"id_suffix\": \"source_ranges\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-all-ports-to-all.json",
    "content": "{\n    \"description\": \"Firewall Rule Allows Public Access (0.0.0.0/0) to All Ports (0-65535)\",\n    \"rationale\": \"The firewall rule was found to be exposing all ports to all source addresses. Ports are commonly probed by automated scanning tools, and could be an indicator of sensitive services exposed to Internet. If such services need to be exposed, a restriction on the source address could help to reduce the attack surface of the infrastructure.\",\n    \"dashboard_name\": \"Firewall Rule Elements\",\n    \"display_path\": \"computeengine.projects.id.firewalls.id\",\n    \"path\": \"computeengine.projects.id.firewalls.id.allowed_traffic.id.ports.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.firewalls.id.action\",\n            \"equal\",\n            \"allowed\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.disabled\",\n            \"notTrue\",\n            \"\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.direction\",\n            \"equal\",\n            \"INGRESS\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.source_ranges\",\n            \"containAtLeastOneOf\",\n            \"0.0.0.0/0\"\n        ],\n        [\"or\",\n            [\n                \"computeengine.projects.id.firewalls.id.allowed_traffic.id.\",\n                \"equal\",\n                \"0-65535\"\n            ],\n            [\n                \"computeengine.projects.id.firewalls.id.allowed_traffic.id.\",\n                \"equal\",\n                \"1-65535\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"permissive_ports\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-sensitive-port-to-all.json",
    "content": "{\n    \"description\": \"Firewall _ARG_0_ Rule Allows Public Access (0.0.0.0/0) to a Sensitive Port\",\n    \"rationale\": \"The firewall rule was found to be exposing a well-known port to all source addresses. Well-known ports are commonly probed by automated scanning tools, and could be an indicator of sensitive services exposed to Internet. If such services need to be exposed, a restriction on the source address could help to reduce the attack surface of the infrastructure.\",\n    \"dashboard_name\": \"Firewall Rule Elements\",\n    \"display_path\": \"computeengine.projects.id.firewalls.id\",\n    \"path\": \"computeengine.projects.id.firewalls.id.allowed_traffic.id.ports.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.firewalls.id.action\",\n            \"equal\",\n            \"allowed\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.disabled\",\n            \"notTrue\",\n            \"\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.direction\",\n            \"equal\",\n            \"_ARG_0_\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.source_ranges\",\n            \"containAtLeastOneOf\",\n            \"0.0.0.0/0\"\n        ],\n        [\n            \"computeengine.projects.id.firewalls.id.allowed_traffic.id.\",\n            \"containAtLeastOneOf\",\n            [\n                \"21\",\n                \"22\",\n                \"23\",\n                \"53\",\n                \"1433\",\n                \"1521\",\n                \"3306\",\n                \"3389\",\n                \"27017\",\n                \"54322\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"permissive_ports\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-instance-block-project-ssh-keys-disabled.json",
    "content": "{\n    \"description\": \"Block Project SSH Keys Disabled\",\n    \"rationale\": \"Project-wide SSH keys are stored in Compute/Project-meta-data. Project wide SSH keys can be used to login into all the instances within project. Using project-wide SSH keys eases the SSH key management but if compromised, poses the security risk which can impact all the instances within project.\",\n    \"remediation\": \"From console:<ol><li>Go to the <samp>VM instances</samp> page by visiting https://console.cloud.google.com/compute/instances.</li><li>Click on the name of the Impacted instance</li><li>Click <samp>Edit</samp> in the toolbar.</li><li>Under SSH Keys, go to the <samp>Block project-wide SSH keys</samp> checkbox.</li><li>To block users with project-wide SSH keys from connecting to this instance, select <samp>Block project-wide SSH keys</samp></li><li>Click <samp>Save</samp> at the bottom of the page</li><li>Repeat steps for every impacted Instance</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"4.3\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"computeengine.projects.id.zones.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.zones.id.instances.id.block_project_ssh_keys_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"block_project_ssh_keys_disabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-instance-connecting-serial-ports-enabled.json",
    "content": "{\n    \"description\": \"Enable Connecting to Serial Ports Is Enabled\",\n    \"rationale\": \"The interactive serial console does not support IP-based access restrictions such as IP allow-lists. If you enable the interactive serial console on an instance, clients can attempt to connect to that instance from any IP address. This allows anybody to connect to that instance if they know the correct SSH key, username, project ID, zone, and instance name.\",\n    \"remediation\": \"From console:<ol><li>Login to Google Cloud console</li><li>Go to Computer Engine</li><li>Go to VM instances</li><li>Click on the Specific VM</li><li>Click <samp>Edit</samp></li><li>Unselect <samp>Enable connecting to serial ports</samp> below <samp>Remote access</samp>block.</li><li>Click <samp>Save</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"4.5\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/compute/docs/instances/interacting-with-serial-console\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"computeengine.projects.id.zones.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.zones.id.instances.id.serial_port_enabled\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"serial_port_enabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-instance-default-service-account.json",
    "content": "{\n    \"description\": \"Instances Configured to Use Default Service Account\",\n    \"rationale\": \"The default Compute Engine service account has the Editor role on the project, which allows read and write access to most Google Cloud Services. To defend against privilege escalations if your VM is compromised and prevent an attacker from gaining access to all of your project, it is recommended to not use the default Compute Engine service account. Instead, you should create a new service account and assigning only the permissions needed by your instance.<br> The default Compute Engine service account is named [PROJECT_NUMBER]-compute@developer.gserviceaccount.com.\",\n    \"remediation\": \"From console:<ol><li>Go to the <samp>VM instances</samp> page by visiting https://console.cloud.google.com/compute/instances.</li><li>Click on the instance name to go to its <samp>VM instance details</samp> page.</li><li>Click <samp>STOP</samp> and then click <samp>Edit</samp></li><li>Under the section <samp>Service Account</samp>, select a service account other that the default Compute Engine service account. You may first need to create a new service account.</li><li>Click <samp>Save</samp> and then click <samp>START</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"4.1\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/compute/docs/access/service-accounts\",\n        \"https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances\",\n        \"https://cloud.google.com/sdk/gcloud/reference/compute/instances/set-service-account\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"computeengine.projects.id.zones.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.zones.id.instances.id.default_service_account\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"service_account\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-instance-disk-not-csek-encrypted.json",
    "content": "{\n    \"description\": \"VM Disks Not Customer-Supplied Encryption Keys (CSEK) Encrypted\",\n    \"rationale\": \"By default, Google Compute Engine encrypts all data at rest. Compute Engine handles and manages this encryption for you without any additional actions on your part. However, if you wanted to control and manage this encryption yourself, you can provide your own encryption keys.\",\n    \"remediation\": \"From console:<ol><li>Go to Compute Engine <samp>DIsks</samp> by visiting https://console.cloud.google.com/compute/disks.</li><li>Click <samp>CREATE DISK</samp>.</li><li>Set <samp>Encryption type</samp> to <samp>Customer supplied</samp></li><li>Provide the <samp>Key</samp> in the box.</li><li>Select <samp>Wrapped key</samp>.</li><li>Click <samp>Create</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"4.7\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/compute/docs/disks/customer-supplied-encryption#encrypt_a_new_persistent_disk_with_your_own_keys\",\n        \"https://cloud.google.com/compute/docs/reference/rest/v1/disks/get\",\n        \"https://cloud.google.com/compute/docs/disks/customer-supplied-encryption#key_file\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"display_path\": \"computeengine.projects.id.zones.id.instances.id\",\n    \"path\": \"computeengine.projects.id.zones.id.instances.id.disks.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.zones.id.instances.id.disks.id.encrypted_with_csek\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"encrypted_with_csek\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-instance-disk-with-no-snapshot.json",
    "content": "{\n    \"description\": \"Instance Disk without Snapshots\",\n    \"rationale\": \"You should have snapshots of your in-use or available disks taken on a regular basis to enable disaster recovery efforts.\",\n    \"references\": [\n        \"https://cloud.google.com/compute/docs/disks/create-snapshots\",\n        \"https://cloud.google.com/compute/docs/disks/scheduled-snapshots\",\n        \"https://cloud.google.com/compute/docs/disks/snapshot-best-practices\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"display_path\": \"computeengine.projects.id.zones.id.instances.id\",\n    \"path\": \"computeengine.projects.id.zones.id.instances.id.disks.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.zones.id.instances.id.disks.id.snapshots\",\n            \"empty\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"latest_snapshot\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-instance-full-api-access.json",
    "content": "{\n    \"description\": \"Instances Configured to Use Default Service Account with Full Access to All Cloud APIs\",\n    \"rationale\": \"When an instance is configured with Compute Engine default service account with Scope Allow full access to all Cloud APIs, based on IAM roles assigned to the user(s) accessing Instance, it may allow user to perform cloud operations/API calls that user is not supposed to perform leading to successful privilege escalation.\",\n    \"remediation\": \"From console:<ol><li>Go to the <samp>VM instances</samp> page by visiting https://console.cloud.google.com/compute/instances.</li><li>Click on the impacted VM instance.</li><li>If the instance is not stopped, click the <samp>Stop</samp> button. Wait for the instance to be stopped.</li><li>Next, click the <samp>Edit</samp> button.</li><li>Scroll down to the <samp>Service Account</samp> section.</li><li>Select a different service account or ensure that <samp>Allow full access to all Cloud APIs</samp> is not selected.</li><li>Click the <samp>Save</samp> button to save your changes and then click <samp>START</samp></li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"4.2\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances\",\n        \"https://cloud.google.com/compute/docs/access/service-accounts\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"computeengine.projects.id.zones.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.zones.id.instances.id.full_access_apis\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"full_access_apis\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-instance-ip-forwarding-enabled.json",
    "content": "{\n    \"description\": \"IP Forwarding Is Enabled\",\n    \"rationale\": \"Compute Engine instance cannot forward a packet unless the source IP address of the packet matches the IP address of the instance. Similarly, GCP won't deliver a packet whose destination IP address is different than the IP address of the instance receiving the packet. However, both capabilities are required if you want to use instances to help route packets.\",\n    \"remediation\": \"From console:<ol><li>Go to the <samp>VM instances</samp> page by visiting https://console.cloud.google.com/compute/instances.</li><li>Select the <samp>VM Instance</samp> you want to remediate.</li><li>Click the <samp>Delete</samp> button.</li><li>On the 'VM Instances' page, click `CREATE INSTANCE'.</li><li>Create a new instance with the desired configuration. By default, the instance is configured to not allow IP forwarding.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"4.6\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/vpc/docs/using-routes#canipforward\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"computeengine.projects.id.zones.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.zones.id.instances.id.ip_forwarding_enabled\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"ip_forwarding_enabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-instance-os-login-disabled.json",
    "content": "{\n    \"description\": \"OS Login Disabled\",\n    \"rationale\": \"Enabling osLogin ensures that SSH keys used to connect to instances are mapped with IAM users. Revoking access to IAM user will revoke all the SSH keys associated with that particular user. It facilitates centralized and automated SSH key pair management which is useful in handling cases like response to compromised SSH key pairs and/or revocation of external/third-party/Vendor users.\",\n    \"remediation\": \"From console:<ol><li>Go to the VM compute metadata page by visiting https://console.cloud.google.com/compute/metadata.</li><li>Click <samp>Edit</samp>></li><li>Add a metadata entry where the key is <samp>enable-oslogin</samp> and the value is <samp>TRUE</samp>.</li><li>Click <samp>Save</samp> to apply the changes.</li><li>For every instances that overrides the project setting, go to the <samp>VM Instances</samp> page at https://console.cloud.google.com/compute/instances.</li><li>Click the name of the instance on which you want to remove the metadata value.</li><li>At the top of the instance details page, click <samp>Edit</samp> to edit the instance settings.</li><li>Under <samp>Custom metadata</samp>, remove any entry with key <samp>enable-oslogin</samp> and the value is <samp>FALSE</samp></li><li>At the bottom of the instance details page, click <samp>Save</samp> to apply your changes to the instance.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"4.4\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"computeengine.projects.id.zones.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.zones.id.instances.id.oslogin_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"oslogin_disabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-instance-public-ip-adresses.json",
    "content": "{\n    \"description\": \"Instances Have Public IP Addresses\",\n    \"rationale\": \"To reduce your attack surface, Compute instances should not have public IP addresses. Instead, instances should be configured behind load balancers, to minimize the instance's exposure to the internet.\",\n    \"remediation\": \"From console:<ol><li>Go to the <samp>VM instances</samp> page by visiting https://console.cloud.google.com/compute/instances.</li><li>Click on the instance name to go the <samp>Instance detail</samp> page.</li><li>Click <samp>Edit</samp></li><li>For each Network interface, ensure that <samp>External IP</samp> is set to <samp>None</samp>.</li><li>Click <samp>Done</samp> and then click <samp>Save</samp>.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"4.9\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/load-balancing/docs/backend-service#backends_and_external_ip_addresses\",\n        \"https://cloud.google.com/compute/docs/instances/connecting-advanced#sshbetweeninstances\",\n        \"https://cloud.google.com/compute/docs/instances/connecting-to-instance\",\n        \"https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address#unassign_ip\",\n        \"https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"computeengine.projects.id.zones.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.zones.id.instances.id.public_ip_addresses\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"public_ip_addresses\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-instance-shielded-vm-disabled.json",
    "content": "{\n    \"description\": \"Shielded VM Disabled\",\n    \"rationale\": \"Shielded VM offers verifiable integrity of your Compute Engine VM instances, so you can be confident your instances haven't been compromised by boot-or kernel-level malware or rootkits. Shielded VM's verifiable integrity is achieved through the use of Secure Boot, virtual trusted platform module (vTPM)-enabled Measured Boot, and integrity monitoring.\",\n    \"remediation\": \"From console:<ol><li>Go to the <samp>VM instances</samp> page by visiting https://console.cloud.google.com/compute/instances.</li><li>Click on the instance name to see its <samp>VM Instance detail</samp> page.</li><li>Click <samp>STOP</samp> to stop the instance.<li>When the instance has stopped, click <samp>Edit</samp></li><li>In the Shielded VM section, select <samp>Turn on vTPM</samp> and <samp>Turn on Integrity Monitoring</samp>.</li><li>Optionally, if you do not use any custom or unsigned drivers on the instance, also select <samp>Turn on Secure Boot</samp>.</li><li>Click the <samp>Save</samp> button to modify the instance and then click <samp>START</samp> to restart it.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"4.8\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/compute/docs/instances/modifying-shielded-vm\",\n        \"https://cloud.google.com/shielded-vm\",\n        \"https://cloud.google.com/security/shielded-cloud/shielded-vm#organization-policy-constraint\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"computeengine.projects.id.zones.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.zones.id.instances.id.shielded_enable\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"shielded_enable\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-instance-with-deletion-protection-disabled.json",
    "content": "{\n    \"description\": \"Instance without Deletion Protection\",\n    \"rationale\": \"It is good practice to enable this feature on production instances, to ensure that they may not be deleted by accident.\",\n    \"references\": [\n        \"https://cloud.google.com/compute/docs/instances/preventing-accidental-vm-deletion\"\n    ],\n    \"dashboard_name\": \"Instances\",\n    \"path\": \"computeengine.projects.id.zones.id.instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.zones.id.instances.id.deletion_protection_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"deletion_protection_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-loadbalancer-forwarding-rule-forwards-sensitive-port.json",
    "content": "{\n    \"description\": \"External Load Balancer Rule Forwards a Non-Standard Port\",\n    \"rationale\": \"The Load Balancer rule was found to be forwarding a non-standard port (80 or 443), potentially exposing a sensitive service. If such services need to be exposed, a restriction on the source address could help to reduce the attack surface of the infrastructure.\",\n    \"dashboard_name\": \"Forwarding Rule\",\n    \"path\": \"computeengine.projects.id.regions.id.forwarding_rules.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.regions.id.forwarding_rules.id.load_balancing_scheme\",\n            \"equal\",\n            \"EXTERNAL\"\n        ],\n        [\n            \"or\",\n            [\n                \"computeengine.projects.id.regions.id.forwarding_rules.id.all_ports\",\n                \"true\",\n                \"\"\n            ],\n            [\n                \"and\",\n                [\n                    \"computeengine.projects.id.regions.id.forwarding_rules.id.port_range\",\n                    \"notEqual\",\n                    \"\"\n                ],\n                [\n                    \"computeengine.projects.id.regions.id.forwarding_rules.id.port_range\",\n                    \"containNoneOf\",\n                    [\n                        \"80-80\",\n                        \"443-443\",\n                        \"80-80,443-443\"\n                    ]\n                ]\n            ],\n            [\n                \"and\",\n                [\n                    \"computeengine.projects.id.regions.id.forwarding_rules.id.ports\",\n                    \"notEmpty\",\n                    \"\"\n                ],\n                [\n                    \"computeengine.projects.id.regions.id.forwarding_rules.id.ports\",\n                    \"containNoneOf\",\n                    [\n                        \"80\",\n                        \"443\"\n                    ]\n                ]\n            ]\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-loadbalancer-global-forwarding-rule-forwards-sensitive-port.json",
    "content": "{\n    \"description\": \"External Load Balancer Global Rule Forwards a Non-Standard Port\",\n    \"rationale\": \"The Load Balancer rule was found to be forwarding a non-standard port (80 or 443), potentially exposing a sensitive service. If such services need to be exposed, a restriction on the source address could help to reduce the attack surface of the infrastructure.\",\n    \"dashboard_name\": \"Forwarding Rule\",\n    \"path\": \"computeengine.projects.id.global_forwarding_rules.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.global_forwarding_rules.id.load_balancing_scheme\",\n            \"equal\",\n            \"EXTERNAL\"\n        ],\n        [\n            \"or\",\n            [\n                \"computeengine.projects.id.global_forwarding_rules.id.all_ports\",\n                \"true\",\n                \"\"\n            ],\n            [\n                \"and\",\n                [\n                    \"computeengine.projects.id.global_forwarding_rules.id.port_range\",\n                    \"notEqual\",\n                    \"\"\n                ],\n                [\n                    \"computeengine.projects.id.global_forwarding_rules.id.port_range\",\n                    \"containNoneOf\",\n                    [\n                        \"80-80\",\n                        \"443-443\",\n                        \"80-80,443-443\"\n                    ]\n                ]\n            ],\n            [\n                \"and\",\n                [\n                    \"computeengine.projects.id.global_forwarding_rules.id.ports\",\n                    \"notEmpty\",\n                    \"\"\n                ],\n                [\n                    \"computeengine.projects.id.global_forwarding_rules.id.ports\",\n                    \"containNoneOf\",\n                    [\n                        \"80\",\n                        \"443\"\n                    ]\n                ]\n            ]\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-network-default-in-use.json",
    "content": "{\n    \"description\": \"Default Network Should Be Removed\",\n    \"rationale\": \"The default network has a preconfigured network configuration and automatically generates insecure firewall rules. These automatically created firewall rules do not get audit logged and cannot be configured to enable firewall rule logging.\",\n    \"remediation\": \"From  Console:<ol><li>Go to <samp>VPC networks</samp> page by visiting: https://console.cloud.google.com/networking/networks/list</li><li>Click the network named <samp>default</samp></li><li>On the network detail page, click <samp>EDIT</samp></li><li>Click <samp>DELETE VPC NETWORK</samp> </li><li>If needed, create a new network to replace the default network</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.1\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/compute/docs/networking#firewall_rules\",\n        \"https://cloud.google.com/compute/docs/reference/latest/networks/insert\",\n        \"https://cloud.google.com/compute/docs/reference/latest/networks/delete\",\n        \"https://cloud.google.com/vpc/docs/firewall-rules-logging\",\n        \"https://cloud.google.com/vpc/docs/vpc#default-network\",\n        \"https://cloud.google.com/sdk/gcloud/reference/compute/networks/delete\"\n    ],\n    \"dashboard_name\": \"Networks\",\n    \"path\": \"computeengine.projects.id.networks.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.networks.id.name\",\n            \"equal\",\n            \"default\"\n        ]\n    ],\n    \"id_suffix\": \"name\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-network-legacy-in-use.json",
    "content": "{\n    \"description\": \"Legacy Network Should Be Removed\",\n    \"rationale\": \"Legacy networks have a single network IPv4 prefix range and a single gateway IP address for the whole network. The network is global in scope and spans all cloud regions. Subnetworks cannot be created in a legacy network and are unable to switch from legacy to auto or custom subnet networks. Legacy networks can have an impact for high network traffic projects and are subject to a single point of contention or failure.\",\n    \"remediation\": \"For each Google Cloud Platform project,<ol><li>1. Follow the documentation and create a non-legacy network suitable for the organization's requirements.</li><li>Follow the documentation and delete the networks in the <samp>legacy</samp> mode.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.2\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/vpc/docs/using-legacy#creating_a_legacy_network\",\n        \"https://cloud.google.com/vpc/docs/using-legacy#deleting_a_legacy_network\"\n    ],\n    \"dashboard_name\": \"Networks\",\n    \"path\": \"computeengine.projects.id.networks.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.networks.id.legacy_mode\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"legacy_mode\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-network-with-no-instances.json",
    "content": "{\n    \"description\": \"Network without Instances\",\n    \"rationale\": \"Maintaining unused resources increases risks of misconfigurations and increases the difficulty of audits.\",\n    \"dashboard_name\": \"Networks\",\n    \"path\": \"computeengine.projects.id.networks.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.networks.id.instances\",\n            \"empty\",\n            \"\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-old-disk-snapshot.json",
    "content": "{\n    \"description\": \"Old Instance Disk Snapshot\",\n    \"rationale\": \"Disk snapshots that are over 90 days are likely to be outdated.\",\n    \"references\": [\n        \"https://cloud.google.com/compute/docs/disks/create-snapshots\",\n        \"https://cloud.google.com/compute/docs/disks/scheduled-snapshots\",\n        \"https://cloud.google.com/compute/docs/disks/snapshot-best-practices\"\n    ],\n    \"dashboard_name\": \"Snapshots\",\n    \"path\": \"computeengine.projects.id.snapshots.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.snapshots.id.status\",\n            \"equal\",\n            \"READY\"\n        ],\n        [\n            \"computeengine.projects.id.snapshots.id.creation_timestamp\",\n            \"olderThan\",\n            [\n                \"90\",\n                \"days\"\n            ]\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/computeengine-vpc-flow-logs-disabled.json",
    "content": "{\n    \"description\": \"VPC Flow Logs Not Enabled\",\n    \"rationale\": \"VPC Flow Logs were not enabled for this subnet. It is best practice to enable Flow Logs to some degree in order to have network visibility in the event of resource compromise, as well as source data for threat detections.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"3.8\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging\"\n    ],\n    \"dashboard_name\": \"Subnetwork\",\n    \"path\": \"computeengine.projects.id.regions.id.subnetworks.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"computeengine.projects.id.regions.id.subnetworks.id.flowlogs_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"flowlogs_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/dns-zones-dnssec-not-enabled.json",
    "content": "{\n    \"description\": \"DNSSEC Is Not Enabled for Cloud DNS\",\n    \"rationale\": \"Domain Name System Security Extensions (DNSSEC) adds security to the DNS protocol by enabling DNS responses to be validated. Having a trustworthy DNS that translates a domain name like www.example.com into its associated IP address is an increasingly important building block of today\\u2019s web-based applications. Attackers can hijack this process of domain/IP lookup and redirect users to a malicious site through DNS hijacking and man-in-the-middle attacks. DNSSEC helps mitigate the risk of such attacks by cryptographically signing DNS records. As a result, it prevents attackers from issuing fake DNS responses that may misdirect browsers to nefarious websites.\",\n    \"remediation\": \"From Console:<ol><li>Go to Cloud DNS by visiting https://console.cloud.google.com/net-services/dns/zones.</li><li>For each zone of <samp>Type Public</samp>, set <samp>DNSSEC</samp> to <samp>ON</samp>.</li></ol>\",\n    \"references\": [\n        \"https://cloudplatform.googleblog.com/2017/11/DNSSEC-now-available-in-Cloud-DNS.html\",\n        \"https://cloud.google.com/dns/dnssec-config#enabling\",\n        \"https://cloud.google.com/dns/dnssec\"\n    ],\n    \"dashboard_name\": \"Cloud DNS\",\n    \"path\": \"dns.projects.id.managed_zones.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"dns.projects.id.managed_zones.id.dnssec_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"dnssec_enabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/dns-zones-key-signing-key-using-rsasha1.json",
    "content": "{\n    \"description\": \"DNSSEC Key-signing Key Uses RSASHA1\",\n    \"rationale\": \"The algorithm used for key signing should be a recommended one and it should be strong. When enabling DNSSEC for a managed zone, or creating a managed zone with DNSSEC, the user can select the DNSSEC signing algorithms and the denial-of-existence type. Changing the DNSSEC settings is only effective for a managed zone if DNSSEC is not already enabled. If there is a need to change the settings for a managed zone where it has been enabled, turn DNSSEC off and then re-enable it with different settings.\",\n    \"remediation\": \"From Console:<ol><li>If it is necessary to change the settings for a managed zone where it has been enabled, NSSEC must be turned off and re-enabled with different settings. To turn off DNSSEC, run the following command:<br><code>gcloud dns managed-zones update ZONE_NAME --dnssec-state off</code></br></li><li>To update key-signing for a reported managed DNS Zone, run the following command:<br><code> gcloud dns managed-zones update ZONE_NAME --dnssec-state on --ksk-algorithm KSK_ALGORITHM --ksk-key-length KSK_KEY_LENGTH --zsk-algorithm ZSK_ALGORITHM --zsk-key-length ZSK_KEY_LENGTH --denial-of-existence DENIAL_OF_EXISTENCE</code></br></li></ol>\",\n    \"references\": [\n        \"https://cloud.google.com/dns/dnssec-advanced#advanced_signing_options\"\n    ],\n    \"dashboard_name\": \"Cloud DNS\",\n    \"path\": \"dns.projects.id.managed_zones.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"dns.projects.id.managed_zones.id.key_signing_algorithm\",\n            \"equal\",\n            \"rsasha1\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/dns-zones-zone-signing-key-using-rsasha1.json",
    "content": "{\n    \"description\": \"DNSSEC Zone-signing Key Uses RSASHA1\",\n    \"rationale\": \"The algorithm used for key signing should be a recommended one and it should be strong. When enabling DNSSEC for a managed zone, or creating a managed zone with DNSSEC, the user can select the DNSSEC signing algorithms and the denial-of-existence type. Changing the DNSSEC settings is only effective for a managed zone if DNSSEC is not already enabled. If there is a need to change the settings for a managed zone where it has been enabled, turn DNSSEC off and then re-enable it with different settings.\",\n    \"remediation\": \"From Console:<ol><li>If it is necessary to change the settings for a managed zone where it has been enabled, NSSEC must be turned off and re-enabled with different settings. To turn off DNSSEC, run the following command:<br><code>gcloud dns managed-zones update ZONE_NAME --dnssec-state off</code></br></li><li>To update key-signing for a reported managed DNS Zone, run the following command:<br><code> gcloud dns managed-zones update ZONE_NAME --dnssec-state on --ksk-algorithm KSK_ALGORITHM --ksk-key-length KSK_KEY_LENGTH --zsk-algorithm ZSK_ALGORITHM --zsk-key-length ZSK_KEY_LENGTH --denial-of-existence DENIAL_OF_EXISTENCE</code></br></li></ol>\",\n    \"references\": [\n        \"https://cloud.google.com/dns/dnssec-advanced#advanced_signing_options\"\n    ],\n    \"dashboard_name\": \"Cloud DNS\",\n    \"path\": \"dns.projects.id.managed_zones.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"dns.projects.id.managed_zones.id.zone_signing_algorithm\",\n            \"equal\",\n            \"rsasha1\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/functions-v1-allowing-http.json",
    "content": "{\n    \"description\": \"Functions Allowing HTTP Traffic (Gen 1)\",\n    \"rationale\": \"Use of a secure protocol (HTTPS) is best practice for encrypted communication. A function allowing HTTP traffic can be vulnerable to eavesdropping and man-in-the-middle attacks.\",\n    \"references\": [\n        \"https://cloud.google.com/logging/docs/reference/audit/appengine/rest/Shared.Types/SecurityLevel\"\n    ],\n    \"dashboard_name\": \"Functions\",\n    \"path\": \"functions.projects.id.functions_v1.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"functions.projects.id.functions_v1.id.security_level\",\n            \"notEqual\",\n            \"SECURE_ALWAYS\"\n        ]\n    ],\n    \"id_suffix\": \"security_level\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/functions-v1-environment-variables-secrets.json",
    "content": "{\n    \"description\": \"Potential Secrets in Function Environment Variables (Gen 1)\",\n    \"rationale\": \"Anyone who can access the function can view the configured secrets. Best practice is to store configuration secrets in Secret Manager (or similar).\",\n    \"dashboard_name\": \"Functions\",\n    \"path\": \"functions.projects.id.functions_v1.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"functions.projects.id.functions_v1.id.environment_variables_secrets\",\n            \"notEmpty\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"environment_variables_secrets\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/functions-v1-member.json",
    "content": "{\n    \"description\": \"Functions Accessible by \\\"_ARG_0_\\\"\",\n    \"rationale\": \"Allowing anonymous and/or public access grants permissions to anyone to access the function's configuration and content. This configuration should be restricted to follow the principle of least privilege\",\n    \"references\": [\n        \"https://cloud.google.com/logging/docs/reference/audit/appengine/rest/Shared.Types/SecurityLevel\"\n    ],\n    \"dashboard_name\": \"Functions\",\n    \"path\": \"functions.projects.id.functions_v1.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"functions.projects.id.functions_v1.id.bindings\",\n            \"containString\",\n            \"_ARG_0_\"\n        ]\n    ],\n    \"key\": \"functions-v1-function-_ARG_0_\",\n    \"arg_names\": [\n        \"Member\"\n    ],\n    \"id_suffix\": \"bindings\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/functions-v1-public-endpoint.json",
    "content": "{\n    \"description\": \"Public Function Endpoint (Gen 1)\",\n    \"rationale\": \"The Cloud Function's ingress configuration allowed all traffic, potentially exposing undesired functionality. It is recommended that traffic reaching functions be routed via a load balancer, to minimize the attack surface.\",\n    \"dashboard_name\": \"Functions\",\n    \"display_path\": \"functions.projects.id.functions_v1.id\",\n    \"path\": \"functions.projects.id.functions_v1.id.bindings.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"functions.projects.id.functions_v1.id.ingress_settings\",\n            \"equal\",\n            \"ALLOW_ALL\"\n        ],\n        [\n            \"functions.projects.id.functions_v1.id.bindings.id.role\",\n            \"equal\",\n            \"roles/viewer\"\n        ],\n        [\n            \"functions.projects.id.functions_v1.id.bindings.id.members\",\n            \"containString\",\n            \"allUsers\"\n        ]\n    ],\n    \"id_suffix\": \"ingress_settings\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/functions-v2-environment-variables-secrets.json",
    "content": "{\n    \"description\": \"Potential Secrets in Function Environment Variables (Gen 2)\",\n    \"rationale\": \"Anyone who can access the function can view the configured secrets. Best practice is to store configuration secrets in Secret Manager (or similar).\",\n    \"dashboard_name\": \"Functions\",\n    \"path\": \"functions.projects.id.functions_v2.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"functions.projects.id.functions_v2.id.environment_variables_secrets\",\n            \"notEmpty\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"environment_variables_secrets\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/functions-v2-public-endpoint.json",
    "content": "{\n    \"description\": \"Public Function Endpoint (Gen 2)\",\n    \"rationale\": \"The Cloud Function's ingress configuration allowed all traffic, potentially exposing undesired functionality. It is recommended that traffic reaching functions be routed via a load balancer, to minimize the attack surface.\",\n    \"dashboard_name\": \"Functions\",\n    \"path\": \"functions.projects.id.functions_v2.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"functions.projects.id.functions_v2.id.ingress_settings\",\n            \"equal\",\n            \"ALLOW_ALL\"\n        ]\n    ],\n    \"id_suffix\": \"ingress_settings\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/iam-gmail-accounts-used.json",
    "content": "{\n    \"description\": \"Gmail Account in Use\",\n    \"rationale\": \"It is recommended fully-managed corporate Google accounts be used for increased visibility, auditing, and controlling access to Cloud Platform resources. Email accounts based outside of the user's organization, such as personal accounts, should not be used for business purposes.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.1\"\n        },\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.1\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations#manage-identities\",\n        \"https://support.google.com/work/android/answer/6371476\",\n        \"https://cloud.google.com/sdk/gcloud/reference/organizations/get-iam-policy\",\n        \"https://cloud.google.com/sdk/gcloud/reference/beta/resource-manager/folders/get-iam-policy\",\n        \"https://cloud.google.com/sdk/gcloud/reference/projects/get-iam-policy\",\n        \"https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints\",\n        \"https://cloud.google.com/resource-manager/docs/organization-policy/restricting-domains\"\n    ],\n    \"dashboard_name\": \"Users\",\n    \"path\": \"iam.projects.id.users.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.projects.id.users.id.name\",\n            \"match\",\n            \".+@gmail[.]com\"\n        ]\n    ],\n    \"id_suffix\": \"name\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/iam-lack-of-service-account-key-rotation.json",
    "content": "{\n    \"description\": \"Lack of User-Managed Service Account Key Rotation\",\n    \"rationale\": \"Rotating Service Account keys will reduce the window of opportunity for an access key that is associated with a compromised or terminated account to be used. User-managed Service Account keys should be rotated to ensure that data cannot be accessed with an old key which might have been lost, cracked, or stolen. It should be ensured that keys are rotated every 90 days.<br>This issue does not apply to system-managed keys, as they are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key's lifetime.\",\n    \"remediation\": \"From console: <br>Delete any external (user-managed) Service Account Key older than 90 days: <ol><li>Go to <samp>APIs & Services\\\\Credentials</samp> using <samp>https://console.cloud.google.com/apis/credentials</samp></li><li>In the Section <samp>Service Account Keys</samp>, for every external (user-managed) service account key where <samp>creation date</samp> is greater than or equal to the past 90 days, click <samp>Delete Bin Icon</samp> to <samp>Delete Service Account key</samp></li></ol> <br>Create a new external (user-managed) Service Account Key for a Service Account:<ol><li>Go to <samp>APIs & Services\\\\Credentials</samp> using <samp>https://console.cloud.google.com/apis/credentials</samp></li><li>Click <samp>Create Credentials</samp> and <samp>Select Service Account Key.</samp></li><li>Choose the service account in the drop-down list for which an External (user-managed) Service Account key needs to be created.</li><li>Select the desired key type format among <samp>JSON</samp> or <samp>P12</samp>.</li><li>Click <samp>Create</samp>. It will download the <samp>private key</samp>. Keep it safe.</li><li>Click <samp>close</samp> if prompted</li><li>The site will redirect to the <samp>APIs & Services\\\\Credentials</samp> page. Make a note of the new <samp>ID</samp> displayed in the <samp>Service account keys</samp> section.</li></ol> \",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.6\"\n        },\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.7\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/iam/docs/understanding-service-accounts#managing_service_account_keys\",\n        \"https://cloud.google.com/sdk/gcloud/reference/iam/service-accounts/keys/list\",\n        \"https://cloud.google.com/iam/docs/service-accounts\",\n        \"https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts.keys\"\n    ],\n    \"dashboard_name\": \"Service Accounts\",\n    \"display_path\": \"iam.projects.id.service_accounts.id\",\n    \"path\": \"iam.projects.id.service_accounts.id.keys.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.projects.id.service_accounts.id.keys.id.valid_after\",\n            \"olderThan\",\n            [\n                \"90\",\n                \"days\"\n            ]\n        ],\n        [\n            \"iam.projects.id.service_accounts.id.keys.id.key_type\",\n            \"equal\",\n            \"USER_MANAGED\"\n        ]\n    ],\n    \"id_suffix\": \"valid_after\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/iam-primitive-role-in-use.json",
    "content": "{\n    \"description\": \"Basic Role in Use\",\n    \"rationale\": \"Basic roles grant significant privileges. In most cases, usage of these roles is not recommended and does not follow security best practice.<br><br><b>Note: </b>This rule may flag Google-Managed Service Accounts. Google services rely on these Service Accounts having access to the project, and recommends not removing or changing the Service Account's role (see https://cloud.google.com/iam/docs/service-accounts#google-managed).\",\n    \"remediation\": \"From Console: <ol><li>Go to <samp>IAM & admin/IAM</samp> using <samp>https://console.cloud.google.com/iam-admin/iam</samp></li><li>Got to the <samp>Members</samp></li><li>Identify <samp>User-Managed user created</samp> service account with roles containing <samp>*Admin</samp> or <samp>*admin</samp> or role matching <samp>Editor</samp> or role matching <samp>Owner</samp></li><li>Click the <samp>Delete bin</samp> icon to remove the role from the member (service account in this case)</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.4\"\n        },\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.5\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/sdk/gcloud/reference/iam/service-accounts/\",\n        \"https://cloud.google.com/iam/docs/understanding-roles\",\n        \"https://cloud.google.com/iam/docs/understanding-service-accounts\"\n    ],\n    \"dashboard_name\": \"Bindings\",\n    \"path\": \"iam.projects.id.bindings.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.projects.id.bindings.id.name\",\n            \"containAtLeastOneOf\",\n            [\n                \"owner\",\n                \"editor\",\n                \"viewer\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"name\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/iam-role-account-separation-duties-is-false.json",
    "content": "{\n    \"description\": \"Separation of Duties Not Enforced for Service Account\",\n    \"rationale\": \"Separation of duties is the concept of ensuring that one individual does not have all necessary permissions to be able to complete a malicious action. In Cloud IAM-service accounts, this could be an action such as using a service account to access resources that user should not normally have access to. No user should have Service Account Admin and Service Account User roles assigned at the same time.\",\n    \"remediation\": \"From console:<ol><li>Go to <samp>IAM & Admin/IAM</samp> using <samp>https://console.cloud.google.com/iam-admin/iam</samp>.</li><li>For any member having both <samp>Service Account Admin</samp> and <samp>Service account User</samp> roles granted/assigned, click the <samp>Delete Bin</samp> icon to remove either role from the member.<br> Removal of a role should be done based on the business requirements.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.8\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/iam/docs/service-accounts\",\n        \"https://cloud.google.com/iam/docs/understanding-roles\",\n        \"https://cloud.google.com/iam/docs/granting-changing-revoking-access\"\n    ],\n    \"dashboard_name\": \"Project\",\n    \"path\": \"iam.projects.id.bindings_separation_duties.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.projects.id.bindings_separation_duties.id.account_separation_duties\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"account_separation_duties\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/iam-role-assigned-to-domain.json",
    "content": "{\n    \"description\": \"IAM Role Assigned to Domain\",\n    \"rationale\": \"Roles granted to Workspace domains grant permissions to all users of the domain's Organization, which goes against the principle of least privilege.\",\n    \"references\": [\n        \"https://cloud.google.com/iam/docs/understanding-roles\",\n        \"https://cloud.google.com/iam/docs/using-iam-securely\"\n    ],\n    \"dashboard_name\": \"Bindings\",\n    \"path\": \"iam.projects.id.bindings.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.projects.id.bindings.id.members.domains\",\n            \"notEmpty\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"domains\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/iam-role-assigned-to-user.json",
    "content": "{\n    \"description\": \"IAM Role Assigned to User\",\n    \"rationale\": \"Best practices recommends granting roles to a Google Suite group instead of to individual users when possible. It is easier to add members to and remove members from a group instead of updating a Cloud IAM policy to add or remove users.\",\n    \"references\": [\n        \"https://cloud.google.com/iam/docs/understanding-roles\",\n        \"https://cloud.google.com/iam/docs/using-iam-securely\"\n    ],\n    \"dashboard_name\": \"Bindings\",\n    \"path\": \"iam.projects.id.bindings.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.projects.id.bindings.id.members.users\",\n            \"notEmpty\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"users\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/iam-role-kms-separation-duties-is-false.json",
    "content": "{\n    \"description\": \"Separation of Duties Not Enforced for KMS\",\n    \"rationale\": \"Separation of duties is the concept of ensuring that one individual does not have all necessary permissions to be able to complete a malicious action. In Cloud KMS, this could be an action such as using a key to access and decrypt data a user should not normally have access to. Separation of duties is a business control typically used in larger organizations, meant to help avoid security or privacy incidents and errors. It is considered best practice. No user(s) should have Cloud KMS Admin and any of the Cloud KMS CryptoKey Encrypter/Decrypter, Cloud KMS CryptoKey Encrypter, Cloud KMS CryptoKey Decrypter roles assigned at the same time.\",\n    \"remediation\": \"From console:<ol><li>Go to <samp>IAM & Admin/IAM</samp> using <samp>https://console.cloud.google.com/iam-admin/iam</samp>.</li><li>For any member having <samp>Cloud KMS Admin</samp> and any of the <samp>Cloud KMS CryptoKey Encrypter/Decrypter, Cloud KMS CryptoKey Encrypter, Cloud KMS CryptoKey Decrypter</samp> roles granted/assigned, click the <samp>Delete Bin</samp> icon to remove either role from the member.<br> Removal of a role should be done based on the business requirements.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.11\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/kms/docs/separation-of-duties\"\n    ],\n    \"dashboard_name\": \"Project\",\n    \"path\": \"iam.projects.id.bindings_separation_duties.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.projects.id.bindings_separation_duties.id.kms_separation_duties\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"kms_separation_duties\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/iam-sa-has-admin-privileges.json",
    "content": "{\n    \"description\": \"Service Account with Admin Privileges\",\n    \"rationale\": \"Service accounts represent service-level security of the Resources (application or a VM) which can be determined by the roles assigned to it. Enrolling Service Accounts with administrative privileges grants full access to assigned application or a VM, Service Account Access holder can user.<br><br><b>Note: </b>This rule may flag Google-Managed Service Accounts. Google services rely on these Service Accounts having access to the project, and recommends not removing or changing the Service Account's role\",\n    \"remediation\": \"From Console: <ol><li>Go to <samp>IAM & admin/IAM</samp> using <samp>https://console.cloud.google.com/iam-admin/iam</samp></li><li>Got to the <samp>Members</samp></li><li>Identify <samp>User-Managed user created</samp> service account with roles containing <samp>*Admin</samp> or <samp>*admin</samp> or role matching <samp>Editor</samp> or role matching <samp>Owner</samp></li><li>Click the <samp>Delete bin</samp> icon to remove the role from the member (service account in this case)</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.4\"\n        },\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.5\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/sdk/gcloud/reference/iam/service-accounts/\",\n        \"https://cloud.google.com/iam/docs/understanding-roles\",\n        \"https://cloud.google.com/iam/docs/understanding-service-accounts\"\n    ],\n    \"dashboard_name\": \"Bindings\",\n    \"path\": \"iam.projects.id.bindings.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"or\",\n            [\n                \"iam.projects.id.bindings.id.name\",\n                \"containAtLeastOneOf\",\n                [\n                    \"editor\",\n                    \"owner\"\n                ]\n            ],\n            [\n                \"iam.projects.id.bindings.id.name\",\n                \"match\",\n                \".*admin\"\n            ]\n        ],\n        [\n            \"iam.projects.id.bindings.id.members.service_accounts\",\n            \"notEmpty\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"service_accounts\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/iam-service-account-user-member.json",
    "content": "{\n    \"description\": \"_ARG_1_\",\n    \"rationale\": \"Access to the Service Account User role (roles/iam.serviceAccountUser) should be restricted, as members granted this role on a service account can use it to indirectly access all the resources to which the service account has access. \",\n    \"references\": [\n        \"https://cloud.google.com/iam/docs/service-accounts#user-role\"\n    ],\n    \"dashboard_name\": \"Service Accounts\",\n    \"display_path\": \"iam.projects.id.service_accounts.id\",\n    \"path\": \"iam.projects.id.service_accounts.id.bindings.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.projects.id.service_accounts.id.bindings.id.members\",\n            \"containAtLeastOneOf\",\n            \"_ARG_0_\"\n        ]\n    ],\n    \"key\": \"iam-service-account-user-_ARG_0_\",\n    \"arg_names\": [\n        \"Member\",\n        \"Description\"\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/iam-service-account-with-user-managed-keys.json",
    "content": "{\n    \"description\": \"User-Managed Service Account Keys\",\n    \"rationale\": \"It is recommended to prevent use of user-managed service account keys, as anyone who has access to the keys will be able to access resources through the service account. Best practice recommends using GCP-managed keys, which are used by Cloud Platform services such as App Engine and Compute Engine. These keys cannot be downloaded. Google will keep the keys and automatically rotate them on an approximately weekly basis.\",\n    \"remediation\": \"From Console: <ol><li>Go to the IAM page in the GCP Console using <samp>https://console.cloud.google.com/iam-admin/iam</samp></li><li>In the left navigation pane, click <samp>Service accounts</samp>. All service accounts and their corresponding keys are listed.</li><li>Click the service account.</li><li>Click the <samp>edit</samp> and delete the keys.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.3\"\n        },\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.4\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/iam/docs/understanding-service-accounts#managing_service_account_keys\",\n        \"https://cloud.google.com/resource-manager/docs/organization-policy/restricting-service-accounts\"\n    ],\n    \"dashboard_name\": \"Service Accounts\",\n    \"display_path\": \"iam.projects.id.service_accounts.id\",\n    \"path\": \"iam.projects.id.service_accounts.id.keys.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.projects.id.service_accounts.id.keys.id.key_type\",\n            \"equal\",\n            \"USER_MANAGED\"\n        ]\n    ],\n    \"id_suffix\": \"key_type\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/iam-user-has-sa-user-role.json",
    "content": "{\n    \"description\": \"User with Privileged Service Account Roles at the Project Level\",\n    \"rationale\": \"Granting the iam.serviceAccountUser, iam.serviceAccountTokenCreator, or iam.serviceAccountActor role to a user for a project gives the user access to all service accounts in the project, including service accounts that may be created in the future. This can result into elevation of privileges by using service accounts and corresponding Compute Engine instances.\",\n    \"remediation\": \"From console: <ol><li>Go to the IAM page in the GCP Console by visiting: https://console.cloud.google.com/iam-admin/iam.</li><li>Click on the filter table text bar. Type <samp>Role: Service Account User</samp></li><li>Click the <samp>Delete Bin<samp> icon in front of the role <samp>Service Account User</samp> for every user listed as a result of a filter.</li><li>Click on the filter table text bar. Type <samp>Role: Service Account Token Creator<samp></li><li>Click the <samp>Delete Bin</samp> icon in front of the role <samp>Service Account Token Creator</samp> for every user listed as a result of a filter.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"1.5\"\n        },\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.6\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/iam/docs/service-accounts\",\n        \"https://cloud.google.com/iam/docs/granting-changing-revoking-access\",\n        \"https://cloud.google.com/iam/docs/understanding-roles\",\n        \"https://cloud.google.com/iam/docs/granting-changing-revoking-access\",\n        \"https://console.cloud.google.com/iam-admin/iam\"\n    ],\n    \"dashboard_name\": \"Bindings\",\n    \"path\": \"iam.projects.id.bindings.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"iam.projects.id.bindings.id.name\",\n            \"containAtLeastOneOf\",\n            [\n                \"iam.serviceAccountUser\",\n                \"iam.serviceAccountTokenCreator\",\n                \"iam.serviceAccountActor\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"user_has_sa_user_role\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kms-cryptokeys-anonymously-publicly-accessible.json",
    "content": "{\n    \"description\": \"Cloud KMS Cryptokeys Anonymously or Publicly Accessible\",\n    \"rationale\": \"Granting permissions to allUsers or allAuthenticatedUsers allows anyone to access the data set. Such access might not be desirable if sensitive data is stored at the location. In this case, ensure that anonymous and/or public access to a Cloud KMS cryptokey is not allowed.\",\n    \"remediation\": \"From command line:<ol><li>List all Cloud KMS <samp>Cryptokeys</samp>: <br> gcloud kms keys list --keyring=[key_ring_name] --location=global --format=json | jq '.[].name'</li><li>Remove IAM policy binding for a KMS key to remove access to <samp>allUsers</samp> and <samp>allAuthenticatedUsers</samp> using the below command.<br> gcloud kms keys remove-iam-policy-binding [key_name] --keyring=[key_ring_name] --location=global --member='allAuthenticatedUsers' --role='[role]' <br> gcloud kms keys remove-iam-policy-binding [key_name] --keyring=[key_ring_name] --location=global --member='allUsers' --role='[role]'</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.9\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/sdk/gcloud/reference/kms/keys/remove-iam-policy-binding\",\n        \"https://cloud.google.com/sdk/gcloud/reference/kms/keys/set-iam-policy\",\n        \"https://cloud.google.com/sdk/gcloud/reference/kms/keys/get-iam-policy\",\n        \"https://cloud.google.com/kms/docs/resource-hierarchy#key_resource_id\"\n    ],\n    \"dashboard_name\": \"KMS Bindings\",\n    \"display_path\": \"kms.projects.id.keyrings.id\",\n    \"path\": \"kms.projects.id.keyrings.id.keys.id.kms_iam_policy.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kms.projects.id.keyrings.id.keys.id.state\",\n            \"equal\",\n            \"ENABLED\"\n        ],\n        [\n            \"kms.projects.id.keyrings.id.keys.id.kms_iam_policy.id.anonymous_public_accessible\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"anonymous_public_accessible\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kms-encryption-keys-not-rotated.json",
    "content": "{\n    \"description\": \"KMS Encryption Not Rotated within 90 Days\",\n    \"rationale\": \"Set a key rotation period and starting time. A key can be created with a specified rotation period, which is the time between when new key versions are generated automatically. A key is used to protect some corpus of data. A collection of files could be encrypted with the same key and people with decrypt permissions on that key would be able to decrypt those files. Therefore, it's necessary to make sure the rotation period is set to a specific time.\",\n    \"remediation\": \"From console:<ol><li>Got to <samp>Cryptographic Keys</samp> by visiting: https://console.cloud.google.com/security/kms.</li><li>Click on the specific key ring</li><li>From the list of keys, choose the specific key and Click on <samp>Right side pop up the blade (3 dots).</samp></li><li>Click on <samp>Edit rotation period.</samp></li><li>On the pop-up window, <samp>Select a new rotation period</samp> in days which should be less than 90 and then choose <samp>Starting on</samp> date (date from which the rotation period begins).</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"1.10\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/kms/docs/key-rotation#frequency_of_key_rotation\",\n        \"https://cloud.google.com/kms/docs/re-encrypt-data\"\n    ],\n    \"dashboard_name\": \"Keys\",\n    \"display_path\": \"kms.projects.id.keyrings.id\",\n    \"path\": \"kms.projects.id.keyrings.id.keys.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kms.projects.id.keyrings.id.keys.id.state\",\n            \"equal\",\n            \"ENABLED\"\n        ],\n        [\n            \"or\",\n            [\n                \"kms.projects.id.keyrings.id.keys.id.rotation_period\",\n                \"equal\",\n                \"None\"\n            ],\n            [\n                \"kms.projects.id.keyrings.id.keys.id.rotation_period\",\n                \"moreThan\",\n                \"90\"\n            ]\n        ],\n        [\n            \"or\",\n            [\n                \"kms.projects.id.keyrings.id.keys.id.next_rotation_time_days\",\n                \"equal\",\n                \"None\"\n            ],\n            [\n                \"kms.projects.id.keyrings.id.keys.id.next_rotation_time_days\",\n                \"moreThan\",\n                \"90\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"rotation_period\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-basic-authentication-enabled.json",
    "content": "{\n    \"description\": \"Basic Authentication Enabled\",\n    \"rationale\": \"Basic authentication allows a user to authenticate to the cluster with a username and password and it is stored in plain text without any encryption. Disabling Basic authentication will prevent attacks like brute force. Its recommended to use either client certificate or IAM for authentication.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.10\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.8.1\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_authn_methods\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#evaluation_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.basic_authentication_enabled\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"basic_authentication_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-certificate-authentication-enabled.json",
    "content": "{\n    \"description\": \"Certificate Authentication Enabled\",\n    \"rationale\": \"Unless applications use the client certificate authentication method, it should be disabled.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.8.2\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_authn_methods\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#evaluation_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.client_certificate_enabled\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"client_certificate_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-alias-ip-disabled.json",
    "content": "{\n    \"description\": \"Alias IP Disabled\",\n    \"rationale\": \"With Alias IPs ranges enabled, Kubernetes Engine clusters can allocate IP addresses from a CIDR block known to Google Cloud Platform. This makes your cluster more scalable and allows your cluster to better interact with other GCP products and entities.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.13\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.6.2\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.alias_ip_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"alias_ip_disabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-application-layer-encryption-disabled.json",
    "content": "{\n    \"description\": \"Application-Layer Secrets Encryption Disabled\",\n    \"rationale\": \"By default, GKE encrypts customer content stored at rest, including Secrets. GKE handles and manages this default encryption without any additional action.<br>Application-layer Secrets Encryption provides an additional layer of security for sensitive data, such as user defined Secrets and Secrets required for the operation of the cluster, such as service account keys, which are all stored in etcd.<br>Using this functionality, you can use a key, that you manage in Cloud KMS, to encrypt data at the application layer. This protects against attackers in the event that they manage to gain access to etcd.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.3.1\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/encrypting-secrets\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"application_layer_encryption_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"application_layer_encryption_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-binary-authorization-disabled.json",
    "content": "{\n    \"description\": \"Binary Authorization Disabled\",\n    \"rationale\": \"Binary Authorization provides software supply-chain security for images that you deploy to GKE from Google Container Registry (GCR) or another container image registry.<br>Binary Authorization requires images to be signed by trusted authorities during the development process. These signatures are then validated at deployment time. By enforcing validation, you can gain tighter control over your container environment by ensuring only verified images are integrated into the build-and-release process.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.10.5\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/binary-authorization/\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.binary_authorization_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"binary_authorization_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-has-no-labels.json",
    "content": "{\n    \"description\": \"Clusters Lacking Labels\",\n    \"rationale\": \"Labels enable users to map their own organizational structures onto system objects in a loosely coupled fashion, without requiring clients to store these mappings. Labels can also be used to apply specific security settings and auto configure objects at creation.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.5\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#use_namespaces_and_rbac_to_restrict_access_to_cluster_resources\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.has_labels\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"has_no_labels\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-logging-disabled.json",
    "content": "{\n    \"description\": \"Cluster Logging Disabled\",\n    \"rationale\": \"You should enable cluster logging and use a logging service so your cluster can export logs about its activities.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.1\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.7.1\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://kubernetes.io/docs/tasks/debug-application-cluster/audit/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#stackdriver_logging\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.logging_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"logging_disabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-master-authorized-networks-disabled.json",
    "content": "{\n    \"description\": \"Master Authorized Networks Disabled\",\n    \"rationale\": \"Master authorized networks blocks untrusted IP addresses from outside Google Cloud Platform. Addresses from inside GCP can still reach your master through HTTPS provided that they have the necessary Kubernetes credentials.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.4\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.6.3\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/authorized-networks\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.master_authorized_networks_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"master_authorized_networks_disabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-metadata-server-disabled.json",
    "content": "{\n    \"description\": \"GKE Metadata Server Disabled\",\n    \"rationale\": \"Every GKE node stores its metadata on a metadata server. Some of this metadata, such as kubelet credentials and the VM instance identity token, is sensitive and should not be exposed to a Kubernetes workload.<br>Enabling the GKE Metadata server prevents pods (that are not running on the host network) from accessing this metadata and facilitates Workload Identity.<br>When unspecified, the default setting allows running pods to have full access to the node's underlying metadata server.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.4.2\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/protecting-cluster-metadata#concealment\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"metadata_server_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"metadata_server_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-monitoring-disabled.json",
    "content": "{\n    \"description\": \"Cluster Monitoring Disabled\",\n    \"rationale\": \"You should enable cluster monitoring and use a monitoring service so your cluster can export metrics about its activities.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.2\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.7.1\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#stackdriver_logging\",\n        \"https://cloud.google.com/monitoring/kubernetes-engine#about-skm\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.monitoring_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"monitoring_disabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-network-policy-disabled.json",
    "content": "{\n    \"description\": \"Network Policy Disabled\",\n    \"rationale\": \"By default, pods are non-isolated; they accept traffic from any source. Pods become isolated by having a NetworkPolicy that selects them. Once there is any NetworkPolicy in a namespace selecting a particular pod, that pod will reject any connections that are not allowed by any NetworkPolicy.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.11\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.6.7\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_with_network_policy\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/security-overview#network_security\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.network_policy_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"network_policy_disabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-pod-security-policy-config-disabled.json",
    "content": "{\n    \"description\": \"Pod Security Policy Disabled\",\n    \"rationale\": \"A Pod Security Policy is a cluster-level resource that controls security sensitive aspects of the pod specification. The PodSecurityPolicy objects define a set of conditions that a pod must run with in order to be accepted into the system, as well as defaults for the related fields.\",\n    \"remediation\": \"Enable the Pod Security Policy. By default, Pod Security Policy is disabled when you create a new cluster.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.14\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.10.3\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.pod_security_policy_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"pod_security_policy_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-private-endpoint-disabled.json",
    "content": "{\n    \"description\": \"Private Cluster Endpoint Disabled\",\n    \"rationale\": \"In a private cluster, the master node has two endpoints, a private and public endpoint. The private endpoint is the internal IP address of the master, behind an internal load balancer in the master's VPC network. Nodes communicate with the master using the private endpoint. The public endpoint enables the Kubernetes API to be accessed from outside the master's VPC network.<br>Although Kubernetes API requires an authorized token to perform sensitive actions, a vulnerability could potentially expose the Kubernetes publicly with unrestricted access. Additionally, an attacker may be able to identify the current cluster and Kubernetes API version and determine whether it is vulnerable to an attack.<br>Unless required, disabling public endpoint will help prevent such threats, and require the attacker to be on the master's VPC network to perform any attack on the Kubernetes API.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.15\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.6.4\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.private_endpoint_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"private_endpoint_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-private-google-access-disabled.json",
    "content": "{\n    \"description\": \"Private Google Access Disabled\",\n    \"rationale\": \"Enabling Private Google Access allows hosts on a subnetwork to use a private IP address to reach Google APIs rather than an external IP address.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.16\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.private_ip_google_access_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"private_ip_google_access_disabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-release-channel.json",
    "content": "{\n    \"description\": \"Cluster Not Subscribed to Release Channel\",\n    \"rationale\": \"Release Channels signal a graduating level of stability and production-readiness. These are based on observed performance of GKE clusters running that version and represent experience and confidence in the cluster version.<br>The Regular release channel upgrades every few weeks and is for production users who need features not yet offered in the Stable channel. These versions have passed internal validation, but don't have enough historical data to guarantee their stability. Known issues generally have known workarounds.<br>The Stable release channel upgrades every few months and is for production users who need stability above all else, and for whom frequent upgrades are too risky. These versions have passed internal validation and have been shown to be stable and reliable in production, based on the observed performance of those clusters.<br>Critical security patches are delivered to all release channels.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.5.4\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/release-channels\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.release_channel\",\n            \"containNoneOf\",\n            [\n                \"REGULAR\",\n                \"STABLE\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"release_channel\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-shielded-nodes-disabled.json",
    "content": "{\n    \"description\": \"Shielded GKE Nodes Disabled\",\n    \"rationale\": \"Shielded GKE nodes protects clusters against boot- or kernel-level malware or rootkits which persist beyond infected OS.<br>Shielded GKE nodes run firmware which is signed and verified using Google's Certificate Authority, ensuring that the nodes' firmware is unmodified and establishing the root of trust for Secure Boot. GKE node identity is strongly protected via virtual Trusted Platform Module (vTPM) and verified remotely by the master node before the node joins the cluster.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.5.5\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.shielded_nodes_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"shielded_nodes_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-workload-identity-disabled.json",
    "content": "{\n    \"description\": \"Workload Identity Disabled\",\n    \"rationale\": \"Enabling Workload Identity manages the distribution and rotation of Service account keys for the workloads to use.<br>Kubernetes workloads should not use cluster node service accounts to authenticate to Google Cloud APIs. Each Kubernetes Workload that needs to authenticate to other Google services using Cloud IAM should be provisioned a dedicated Service account.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.2.2\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"workload_identity_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"workload_identity_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-dashboard-enabled.json",
    "content": "{\n    \"description\": \"Kubernetes Dashboard Enabled\",\n    \"rationale\": \"You should disable the Kubernetes Web UI (Dashboard) when running on Kubernetes Engine. The Kubernetes Web UI (Dashboard) is backed by a highly privileged Kubernetes Service Account. The Cloud Console provides much of the same functionality, so you don't need this functionality.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.6\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.10.1\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#disable_kubernetes_dashboard\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.dashboard_status\",\n            \"equal\",\n            \"Enabled\"\n        ]\n    ],\n    \"id_suffix\": \"dashboard_status\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-default-service-account-used.json",
    "content": "{\n    \"description\": \"Default Service Account in Use\",\n    \"rationale\": \"Each GKE node has a Service Account associated with it. By default, nodes are given the Compute Engine default service account. This account has broad access by default, making it useful to wide variety of applications, but it has more permissions than are required to run your Kubernetes Engine cluster. You should create and use a minimally privileged service account to run your GKE cluster instead of using the Compute Engine default service account.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.17\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.2.1\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#use_least_privilege_sa\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.service_account\",\n            \"equal\",\n            \"default\"\n        ]\n    ],\n    \"id_suffix\": \"default_service_account_used\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-legacy-abac-enabled.json",
    "content": "{\n    \"description\": \"Legacy Authorization (ABAC) Enabled\",\n    \"rationale\": \"The legacy authorizer in Kubernetes grants broad, statically defined permissions. To ensure that RBAC limits permissions correctly, you must disable the legacy authorizer. RBAC has significant security advantages, can help you ensure that users only have access to cluster resources within their own namespace and is now stable in Kubernetes.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.3\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.8.4\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#leave_abac_disabled_default_for_110\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.legacy_abac_enabled\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"legacy_abac_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-legacy-metadata-endpoints-enabled.json",
    "content": "{\n    \"description\": \"Legacy Metadata Endpoints Enabled\",\n    \"rationale\": \"The instance metadata server exposed legacy v0.1 and v1beta1 endpoints, which do not enforce metadata query headers. This is a feature in the v1 APIs that makes it more difficult for a potential attacker to retrieve instance metadata, such as Server-Side Request Forgery (SSRF). Unless specifically required, we recommend you disable these legacy APIs.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.4.1\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#protect_node_metadata_default_for_112\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"display_path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id.node_pools.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.node_pools.id.legacy_metadata_endpoints_enabled\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"legacy_metadata_endpoints_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-auto-repair-disabled.json",
    "content": "{\n    \"description\": \"Nodes with Auto-Repair Disabled\",\n    \"rationale\": \"Auto-repair helps maintain the cluster nodes in a healthy, running state.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.7\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.5.2\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-repair\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"display_path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id.node_pools.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.node_pools.id.auto_repair_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"auto_repair_disabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-auto-upgrade-disabled.json",
    "content": "{\n    \"description\": \"Nodes with Auto-Upgrade Disabled\",\n    \"rationale\": \"Auto-upgrades automatically ensures that security updates are applied and kept up to date.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.8\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.5.3\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-upgrades\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"display_path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id.node_pools.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.node_pools.id.auto_upgrade_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"auto_upgrade_disabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-container-optimized-os-not-used.json",
    "content": "{\n    \"description\": \"Lack of Container-Optimized OS Node Images\",\n    \"rationale\": \"It is recommended to use container-optimized OS images, as they provide improved support, security and stability.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.9\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.5.1\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/container-optimized-os/docs/concepts/features-and-benefits\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/node-images\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.image_type\",\n            \"containNoneOf\",\n            [\n                \"COS\",\n                \"COS_CONTAINERD\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"container_optimized_os_not_used\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-integrity-monitoring-disabled.json",
    "content": "{\n    \"description\": \"Nodes with Integrity Monitoring Disabled\",\n    \"rationale\": \"The Integrity Monitoring feature should be enabled for GKE cluster nodes in order to monitor and automatically check the runtime boot integrity of shielded cluster nodes using Cloud Monitoring service.\",\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"display_path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id.node_pools.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.node_pools.id.integrity_monitoring_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"integrity_monitoring_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-secure-boot-disabled.json",
    "content": "{\n    \"description\": \"Nodes with Secure Boot Disabled\",\n    \"rationale\": \"The Secure Boot feature should be enabled for GKE cluster nodes in order to protect them against malware and rootkits. Secure Boot helps ensure that the system runs only authentic software by verifying the digital signature of all boot components, and halting the boot process if the signature verification fails.\",\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"display_path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id.node_pools.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.node_pools.id.secure_boot_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"secure_boot_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-private-nodes-disabled.json",
    "content": "{\n    \"description\": \"Private Cluster Nodes Disabled\",\n    \"rationale\": \"Private Nodes are nodes with no public IP addresses. Disabling public IP addresses on cluster nodes restricts access to only internal networks, forcing attackers to obtain local network access before attempting to compromise the underlying Kubernetes hosts.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.15\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.6.5\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.private_nodes_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"private_nodes_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/kubernetesengine-scopes-not-limited.json",
    "content": "{\n    \"description\": \"Lack of Access Scope Limitation\",\n    \"rationale\": \"If you are not creating a separate service account for your nodes, you should limit the scopes of the node service account to reduce the oportunity for privilege escalation. This ensures that the default service account does not have permissions beyond those necessary to run your cluster. While the default scopes are limited, they may include scopes beyond the minimally required ones needed to run your cluster. If you are accessing private images in Google Container Registry, the minimally required scopes are only logging.write, monitoring, and devstorage.read_only.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.18\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/access-scopes\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.has_limited_scopes\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"scopes_not_limited\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-auth-not-enabled.json",
    "content": "{\n    \"description\": \"Memory Instance Allows Unauthenticated Connections\",\n    \"rationale\": \"All incoming connections to Cloud Memorystore databases should require the use of authentication and SSL.\",\n    \"compliance\": [],\n    \"references\": [\n        \"https://cloud.google.com/memorystore/docs/redis/managing-auth\"\n    ],\n    \"dashboard_name\": \"Redis Instances\",\n    \"path\": \"cloudmemorystore.projects.id.redis_instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudmemorystore.projects.id.redis_instances.id.auth_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"auth_enabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-ssl-not-required.json",
    "content": "{\n    \"description\": \"Memory Instance Not Requiring SSL for Incoming Connections\",\n    \"rationale\": \"All incoming connections to Cloud Memorystore databases should require the use of SSL.\",\n    \"compliance\": [],\n    \"references\": [\n        \"https://cloud.google.com/memorystore/docs/redis/securing-tls-connections\"\n    ],\n    \"dashboard_name\": \"Redis Instances\",\n    \"path\": \"cloudmemorystore.projects.id.redis_instances.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cloudmemorystore.projects.id.redis_instances.id.ssl_required\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"ssl_required\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json",
    "content": "{\n    \"description\": \"Log Metric Filter Doesn't Exist for Audit Configuration Changes\",\n    \"rationale\": \"Configuring the metric filter and alerts for audit configuration changes ensures the recommended state of audit configuration is maintained so that all activities in the project are audit-able at any point in time.\",\n    \"remediation\": \"From console: <ol><li>Go to <samp>Logging/Logs</samp> by visiting https://console.cloud.google.com/logs/metrics and click \\\"CREATE METRIC\\\".</li><li>Click the down arrow symbol on the <samp>Filter Bar</samp> at the rightmost corner and select <samp>Convert to Advanced Filter</samp>.</li><li>Clear any text and add: <br> <samp> protoPayload.methodName=\\\"SetIamPolicy\\\" AND protoPayload.serviceData.policyDelta.auditConfigDeltas:*</samp></li><li>Click <samp>Submit Filter</samp>. The logs display based on the filter text entered by the user.</li><li>In the <samp>Metric Editor</samp> menu on the right,fill out the name field. Set <samp>Units</samp> to <samp>1</samp>(default) and the <samp>Type</samp> to <samp>Counter</samp>. This ensures that the log metric counts the number of log entries matching the advanced logs query.</li><li>Click <samp>CreateMetric</samp>.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.5\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/logging/docs/logs-based-metrics/\",\n        \"https://cloud.google.com/monitoring/custom-metrics/\",\n        \"https://cloud.google.com/monitoring/alerts/\",\n        \"https://cloud.google.com/logging/docs/reference/tools/gcloud-logging\",\n        \"https://cloud.google.com/logging/docs/audit/configure-data-access#getiampolicy-setiampolicy\"\n    ],\n    \"dashboard_name\": \"Logging Configurations\",\n    \"path\": \"stackdriverlogging.projects.id.logging_metrics.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stackdriverlogging.projects.id.logging_metrics.id.audit_config_change\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"audit_config_change\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json",
    "content": "{\n    \"description\": \"Log Metric Filter Doesn't Exist for Cloud Storage IAM Permission Changes\",\n    \"rationale\": \"Monitoring changes to cloud storage bucket permissions may reduce the time needed to detect and correct permissions on sensitive cloud storage buckets and objects inside the bucket.\",\n    \"remediation\": \"From console: <ol><li>Go to <samp>Logging/Logs</samp> by visiting https://console.cloud.google.com/logs/metrics and click \\\"CREATE METRIC\\\".</li><li>Click the down arrow symbol on the <samp>Filter Bar</samp> at the rightmost corner and select <samp>Convert to Advanced Filter</samp>.</li><li>Clear any text and add: <br> <samp> resource.type=gcs_bucket AND protoPayload.methodName=\\\"storage.setIamPermissions\\\"</samp></li><li>Click <samp>Submit Filter</samp>. The logs display based on the filter text entered by the user.</li><li>In the <samp>Metric Editor</samp> menu on the right,fill out the name field. Set <samp>Units</samp> to <samp>1</samp>(default) and the <samp>Type</samp> to <samp>Counter</samp>. This ensures that the log metric counts the number of log entries matching the advanced logs query.</li><li>Click <samp>CreateMetric</samp>.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.10\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/logging/docs/logs-based-metrics/\",\n        \"https://cloud.google.com/monitoring/custom-metrics/\",\n        \"https://cloud.google.com/monitoring/alerts/\",\n        \"https://cloud.google.com/logging/docs/reference/tools/gcloud-logging\",\n        \"https://cloud.google.com/storage/docs\",\n        \"https://cloud.google.com/storage/docs/access-control/iam-roles\"\n    ],\n    \"dashboard_name\": \"Logging Configurations\",\n    \"path\": \"stackdriverlogging.projects.id.logging_metrics.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stackdriverlogging.projects.id.logging_metrics.id.cloud_storage_iam_permission_change\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"cloud_storage_iam_permission_change\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-custom-role-changes.json",
    "content": "{\n    \"description\": \"Log Metric Filter Doesn't Exist for Custom Role Changes\",\n    \"rationale\": \"Google Cloud IAM provides predefined roles that give granular access to specific Google Cloud Platform resources and prevent unwanted access to other resources. However, to cater to organization-specific needs, Cloud IAM also provides the ability to create custom roles. Project owners and administrators with the Organization Role Administrator role or the IAM Role Administrator role can create custom roles. Monitoring role creation, deletion and updating activities will help in identifying any over-privileged role at early stages.\",\n    \"remediation\": \"From console: <ol><li>Go to <samp>Logging/Logs</samp> by visiting https://console.cloud.google.com/logs/metrics and click \\\"CREATE METRIC\\\".</li><li>Click the down arrow symbol on the <samp>Filter Bar</samp> at the rightmost corner and select <samp>Convert to Advanced Filter</samp>.</li><li>Clear any text and add: <br> <samp> resource.type=\\\"iam_role\\\" AND protoPayload.methodName =  \\\"google.iam.admin.v1.CreateRole\\\" OR protoPayload.methodName=\\\"google.iam.admin.v1.DeleteRole\\\" OR protoPayload.methodName=\\\"google.iam.admin.v1.UpdateRole\\\"</samp></li><li>Click <samp>Submit Filter</samp>. The logs display based on the filter text entered by the user.</li><li>In the <samp>Metric Editor</samp> menu on the right,fill out the name field. Set <samp>Units</samp> to <samp>1</samp>(default) and the <samp>Type</samp> to <samp>Counter</samp>. This ensures that the log metric counts the number of log entries matching the advanced logs query.</li><li>Click <samp>CreateMetric</samp>.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.6\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/logging/docs/logs-based-metrics/\",\n        \"https://cloud.google.com/monitoring/custom-metrics/\",\n        \"https://cloud.google.com/monitoring/alerts/\",\n        \"https://cloud.google.com/logging/docs/reference/tools/gcloud-logging\",\n        \"https://cloud.google.com/iam/docs/understanding-custom-roles\"\n    ],\n    \"dashboard_name\": \"Logging Configurations\",\n    \"path\": \"stackdriverlogging.projects.id.logging_metrics.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stackdriverlogging.projects.id.logging_metrics.id.custom_role_change\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"custom_role_change\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json",
    "content": "{\n    \"description\": \"Log Metric Filter Doesn't Exist for Project Ownership Assignments/Changes\",\n    \"rationale\": \"Project ownership has the highest level of privileges on a project. To avoid misuse of project resources, the project ownership assignment/change actions mentioned above should be monitored and alerted to concerned recipients.\",\n    \"remediation\": \"From console: <ol><li>Go to <samp>Logging/Logs</samp> by visiting https://console.cloud.google.com/logs/metrics and click \\\"CREATE METRIC\\\".</li><li>Click the down arrow symbol on the <samp>Filter Bar</samp> at the rightmost corner and select <samp>Convert to Advanced Filter</samp>.</li><li>Clear any text and add: <br> <samp> (protoPayload.serviceName=\\\"cloudresourcemanager.googleapis.com\\\") AND (ProjectOwnership OR projectOwnerInvitee) OR (protoPayload.serviceData.policyDelta.bindingDeltas.action=\\\"REMOVE\\\" AND protoPayload.serviceData.policyDelta.bindingDeltas.role=\\\"roles/owner\\\") OR (protoPayload.serviceData.policyDelta.bindingDeltas.action=\\\"ADD\\\" AND protoPayload.serviceData.policyDelta.bindingDeltas.role=\\\"roles/owner\\\")</samp></li><li>Click <samp>Submit Filter</samp>. The logs display based on the filter text entered by the user.</li><li>In the <samp>Metric Editor</samp> menu on the right,fill out the name field. Set <samp>Units</samp> to <samp>1</samp>(default) and the <samp>Type</samp> to <samp>Counter</samp>. This ensures that the log metric counts the number of log entries matching the advanced logs query.</li><li>Click <samp>CreateMetric</samp>.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.4\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/logging/docs/logs-based-metrics/\",\n        \"https://cloud.google.com/monitoring/custom-metrics/\",\n        \"https://cloud.google.com/monitoring/alerts/\",\n        \"https://cloud.google.com/logging/docs/reference/tools/gcloud-logging\"\n    ],\n    \"dashboard_name\": \"Logging Configurations\",\n    \"path\": \"stackdriverlogging.projects.id.logging_metrics.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stackdriverlogging.projects.id.logging_metrics.id.project_ownership_assignments\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"project_ownership_assignments\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json",
    "content": "{\n    \"description\": \"Log Metric Filter Doesn't Exist for SQL Instance Configuration Changes\",\n    \"rationale\": \"Monitoring changes to SQL instance configuration changes may reduce the time needed to detect and correct misconfigurations done on the SQL server.\",\n    \"remediation\": \"From console: <ol><li>Go to <samp>Logging/Logs</samp> by visiting https://console.cloud.google.com/logs/metrics and click \\\"CREATE METRIC\\\".</li><li>Click the down arrow symbol on the <samp>Filter Bar</samp> at the rightmost corner and select <samp>Convert to Advanced Filter</samp>.</li><li>Clear any text and add: <br> <samp> protoPayload.methodName=\\\"cloudsql.instances.update\\\"</samp></li><li>Click <samp>Submit Filter</samp>. The logs display based on the filter text entered by the user.</li><li>In the <samp>Metric Editor</samp> menu on the right,fill out the name field. Set <samp>Units</samp> to <samp>1</samp>(default) and the <samp>Type</samp> to <samp>Counter</samp>. This ensures that the log metric counts the number of log entries matching the advanced logs query.</li><li>Click <samp>CreateMetric</samp>.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.11\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/logging/docs/logs-based-metrics/\",\n        \"https://cloud.google.com/monitoring/custom-metrics/\",\n        \"https://cloud.google.com/monitoring/alerts/\",\n        \"https://cloud.google.com/logging/docs/reference/tools/gcloud-logging\",\n        \"https://cloud.google.com/storage/docs\",\n        \"https://cloud.google.com/sql/docs/\",\n        \"https://cloud.google.com/sql/docs/mysql/\",\n        \"https://cloud.google.com/sql/docs/postgres/\"\n    ],\n    \"dashboard_name\": \"Logging Configurations\",\n    \"path\": \"stackdriverlogging.projects.id.logging_metrics.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stackdriverlogging.projects.id.logging_metrics.id.sql_instance_conf_change\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"sql_instance_conf_change\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-changes.json",
    "content": "{\n    \"description\": \"Log Metric Filter Doesn't Exist for VPC Network Changes\",\n    \"rationale\": \"It is possible to have more than one VPC within a project. In addition, it is also possible to create a peer connection between two VPCs enablingnetwork traffic to route between VPCs.Monitoring changes to a VPC will help ensure VPC traffic flow is not getting impacted.\",\n    \"remediation\": \"From console: <ol><li>Go to <samp>Logging/Logs</samp> by visiting https://console.cloud.google.com/logs/metrics and click \\\"CREATE METRIC\\\".</li><li>Click the down arrow symbol on the <samp>Filter Bar</samp> at the rightmost corner and select <samp>Convert to Advanced Filter</samp>.</li><li>Clear any text and add: <br> <samp>resource.type=gce_network AND jsonPayload.event_subtype=\\\"compute.networks.insert\\\" \\n85| P a g eOR jsonPayload.event_subtype=\\\"compute.networks.patch\\\" OR jsonPayload.event_subtype=\\\"compute.networks.delete\\\"  OR jsonPayload.event_subtype=\\\"compute.networks.removePeering\\\" OR jsonPayload.event_subtype=\\\"compute.networks.addPeering\\\" </samp></li><li>Click <samp>Submit Filter</samp>. The logs display based on the filter text entered by the user.</li><li>In the <samp>Metric Editor</samp> menu on the right,fill out the name field. Set <samp>Units</samp> to <samp>1</samp>(default) and the <samp>Type</samp> to <samp>Counter</samp>. This ensures that the log metric counts the number of log entries matching the advanced logs query.</li><li>Click <samp>CreateMetric</samp>.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.9\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/logging/docs/logs-based-metrics/\",\n        \"https://cloud.google.com/monitoring/custom-metrics/\",\n        \"https://cloud.google.com/monitoring/alerts/\",\n        \"https://cloud.google.com/logging/docs/reference/tools/gcloud-logging\",\n        \"https://cloud.google.com/vpc/docs/overview\"\n    ],\n    \"dashboard_name\": \"Logging Configurations\",\n    \"path\": \"stackdriverlogging.projects.id.logging_metrics.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stackdriverlogging.projects.id.logging_metrics.id.vpc_network_change\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"vpc_network_change\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json",
    "content": "{\n    \"description\": \"Log Metric Filter Doesn't Exist for VPC Network Firewall Rule Changes\",\n    \"rationale\": \"Monitoring for Create or Update Firewall rule events gives insight to network access changes and may reduce the time it takes to detect suspicious activity.\",\n    \"remediation\": \"From console: <ol><li>Go to <samp>Logging/Logs</samp> by visiting https://console.cloud.google.com/logs/metrics and click \\\"CREATE METRIC\\\".</li><li>Click the down arrow symbol on the <samp>Filter Bar</samp> at the rightmost corner and select <samp>Convert to Advanced Filter</samp>.</li><li>Clear any text and add: <br> <samp> resource.type=\\\"gce_firewall_rule\\\" AND jsonPayload.event_subtype=\\\"compute.firewalls.patch\\\" OR jsonPayload.event_subtype=\\\"compute.firewalls.insert\\\"</samp></li><li>Click <samp>Submit Filter</samp>. The logs display based on the filter text entered by the user.</li><li>In the <samp>Metric Editor</samp> menu on the right,fill out the name field. Set <samp>Units</samp> to <samp>1</samp>(default) and the <samp>Type</samp> to <samp>Counter</samp>. This ensures that the log metric counts the number of log entries matching the advanced logs query.</li><li>Click <samp>CreateMetric</samp>.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.7\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/logging/docs/logs-based-metrics/\",\n        \"https://cloud.google.com/monitoring/custom-metrics/\",\n        \"https://cloud.google.com/monitoring/alerts/\",\n        \"https://cloud.google.com/logging/docs/reference/tools/gcloud-logging\",\n        \"https://cloud.google.com/vpc/docs/firewalls\"\n    ],\n    \"dashboard_name\": \"Logging Configurations\",\n    \"path\": \"stackdriverlogging.projects.id.logging_metrics.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stackdriverlogging.projects.id.logging_metrics.id.vpc_network_firewall_rule_change\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"vpc_network_firewall_rule_change\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json",
    "content": "{\n    \"description\": \"Log Metric Filter Doesn't Exist for VPC Network Route Changes\",\n    \"rationale\": \"Google Cloud Platform (GCP) routes define the paths network traffic takes from a VM instance to another destination. The other destination can be inside the organization VPC network (such as another VM) or outside of it. Every route consists of a destination and a next hop. Traffic whose destination IP is within the destination range is sent to the next hop for delivery. Monitoring changes to route tables will help ensure that all VPC traffic flows through an expected path.\",\n    \"remediation\": \"From console: <ol><li>Go to <samp>Logging/Logs</samp> by visiting https://console.cloud.google.com/logs/metrics and click \\\"CREATE METRIC\\\".</li><li>Click the down arrow symbol on the <samp>Filter Bar</samp> at the rightmost corner and select <samp>Convert to Advanced Filter</samp>.</li><li>Clear any text and add: <br> <samp> resource.type=\\\"gce_route\\\" AND jsonPayload.event_subtype=\\\"compute.routes.delete\\\" OR jsonPayload.event_subtype=\\\"compute.routes.insert\\\"</samp></li><li>Click <samp>Submit Filter</samp>. The logs display based on the filter text entered by the user.</li><li>In the <samp>Metric Editor</samp> menu on the right,fill out the name field. Set <samp>Units</samp> to <samp>1</samp>(default) and the <samp>Type</samp> to <samp>Counter</samp>. This ensures that the log metric counts the number of log entries matching the advanced logs query.</li><li>Click <samp>CreateMetric</samp>.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.8\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/logging/docs/logs-based-metrics/\",\n        \"https://cloud.google.com/monitoring/custom-metrics/\",\n        \"https://cloud.google.com/monitoring/alerts/\",\n        \"https://cloud.google.com/logging/docs/reference/tools/gcloud-logging\",\n        \"https://cloud.google.com/storage/docs/access-control/iam\"\n    ],\n    \"dashboard_name\": \"Logging Configurations\",\n    \"path\": \"stackdriverlogging.projects.id.logging_metrics.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stackdriverlogging.projects.id.logging_metrics.id.vpc_network_route_change\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"vpc_network_route_change\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-no-export-sinks.json",
    "content": "{\n    \"description\": \"Lack of Export Sinks\",\n    \"rationale\": \"Export sinks for Stackdriver logging were not found. As a result, logs would be deleted after the configured retention period, and would not be backed up.\",\n    \"references\": [\n        \"https://cloud.google.com/logging\",\n        \"https://cloud.google.com/logging/docs/export\"\n    ],\n    \"dashboard_name\": \"Logging Configurations\",\n    \"display_path\": \"stackdriverlogging.projects.id.sinks\",\n    \"path\": \"stackdriverlogging.projects.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stackdriverlogging.projects.id.sinks\",\n            \"empty\",\n            \"\"\n        ]\n    ]\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json",
    "content": "{\n    \"description\": \"Alerts Doesn't Exist for Audit Configuration Changes\",\n    \"rationale\": \"Configuring the metric filter and alerts for audit configuration changes ensures the recommended state of audit configuration is maintained so that all activities in the project are audit-able at any point in time.\",\n    \"remediation\": \"From console: <ol><li>Identify the audit configuration changes metric under the section <samp>User-defined Metrics</samp> at https://console.cloud.google.com/logs/metrics.</li><li>Click the 3-dot icon in the rightmost column for the desired metric and select <samp>Create alert from Metric</samp>. A new page opens.</li><li>Fill out the alert policy configuration and click <samp>Save</samp>. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project:: <br> <samp>Set `Aggregator` to `Count`<br> Set `Configuration`: <br> -Condition: above <br> -Threshold: 0 <br> -For: most recent value </samp></li><li>Configure the desired notifications channels in the section <samp>Notifications.</samp></li><li>Name the policy and click <samp>Save</samp>.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.5\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/logging/docs/logs-based-metrics/\",\n        \"https://cloud.google.com/monitoring/custom-metrics/\",\n        \"https://cloud.google.com/monitoring/alerts/\",\n        \"https://cloud.google.com/logging/docs/reference/tools/gcloud-logging\",\n        \"https://cloud.google.com/logging/docs/audit/configure-data-access#getiampolicy-setiampolicy\"\n    ],\n    \"dashboard_name\": \"Monitoring Alerts\",\n    \"path\": \"stackdrivermonitoring.projects.id.monitoring_alert_policies.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stackdrivermonitoring.projects.id.monitoring_alert_policies.id.audit_config_change\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"audit_config_change\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json",
    "content": "{\n    \"description\": \"Alerts Doesn't Exist for Cloud Storage IAM Permission Changes\",\n    \"rationale\": \"Monitoring changes to cloud storage bucket permissions may reduce the time needed to detect and correct permissions on sensitive cloud storage buckets and objects inside the bucket.\",\n    \"remediation\": \"From console: <ol><li>Identify the cloud storage IAM permission changes metric under the section <samp>User-defined Metrics</samp> at https://console.cloud.google.com/logs/metrics.</li><li>Click the 3-dot icon in the rightmost column for the desired metric and select <samp>Create alert from Metric</samp>. A new page opens.</li><li>Fill out the alert policy configuration and click <samp>Save</samp>. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project:: <br> <samp>Set `Aggregator` to `Count`<br> Set `Configuration`: <br> -Condition: above <br> -Threshold: 0 <br> -For: most recent value </samp></li><li>Configure the desired notifications channels in the section <samp>Notifications.</samp></li><li>Name the policy and click <samp>Save</samp>.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.10\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/logging/docs/logs-based-metrics/\",\n        \"https://cloud.google.com/monitoring/custom-metrics/\",\n        \"https://cloud.google.com/monitoring/alerts/\",\n        \"https://cloud.google.com/logging/docs/reference/tools/gcloud-logging\",\n        \"https://cloud.google.com/storage/docs\",\n        \"https://cloud.google.com/storage/docs/access-control/iam-roles\"\n    ],\n    \"dashboard_name\": \"Monitoring Alerts\",\n    \"path\": \"stackdrivermonitoring.projects.id.monitoring_alert_policies.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stackdrivermonitoring.projects.id.monitoring_alert_policies.id.cloud_storage_iam_permission_change\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"cloud_storage_iam_permission_change\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-custom-role-changes.json",
    "content": "{\n    \"description\": \"Alerts Doesn't Exist for Custom Role Changes\",\n    \"rationale\": \"Google Cloud IAM provides predefined roles that give granular access to specific Google Cloud Platform resources and prevent unwanted access to other resources. However, to cater to organization-specific needs, Cloud IAM also provides the ability to create custom roles. Project owners and administrators with the Organization Role Administrator role or the IAM Role Administrator role can create custom roles. Monitoring role creation, deletion and updating activities will help in identifying any over-privileged role at early stages.\",\n    \"remediation\": \"From console: <ol><li>Identify the custom role changes metric under the section <samp>User-defined Metrics</samp> at https://console.cloud.google.com/logs/metrics.</li><li>Click the 3-dot icon in the rightmost column for the desired metric and select <samp>Create alert from Metric</samp>. A new page opens.</li><li>Fill out the alert policy configuration and click <samp>Save</samp>. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project:: <br> <samp>Set `Aggregator` to `Count`<br> Set `Configuration`: <br> -Condition: above <br> -Threshold: 0 <br> -For: most recent value </samp></li><li>Configure the desired notifications channels in the section <samp>Notifications.</samp></li><li>Name the policy and click <samp>Save</samp>.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.6\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/logging/docs/logs-based-metrics/\",\n        \"https://cloud.google.com/monitoring/custom-metrics/\",\n        \"https://cloud.google.com/monitoring/alerts/\",\n        \"https://cloud.google.com/logging/docs/reference/tools/gcloud-logging\",\n        \"https://cloud.google.com/iam/docs/understanding-custom-roles\"\n    ],\n    \"dashboard_name\": \"Monitoring Alerts\",\n    \"path\": \"stackdrivermonitoring.projects.id.monitoring_alert_policies.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stackdrivermonitoring.projects.id.monitoring_alert_policies.id.custom_role_change\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"custom_role_change\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json",
    "content": "{\n    \"description\": \"Alerts Doesn't Exist for Project Ownership Assignments/Changes\",\n    \"rationale\": \"Project ownership has the highest level of privileges on a project. To avoid misuse of project resources, the project ownership assignment/change actions mentioned above should be monitored and alerted to concerned recipients.\",\n    \"remediation\": \"From console: <ol><li>Identify the project ownership assignment/changes metric under the section <samp>User-defined Metrics</samp> at https://console.cloud.google.com/logs/metrics.</li><li>Click the 3-dot icon in the rightmost column for the desired metric and select <samp>Create alert from Metric</samp>. A new page opens.</li><li>Fill out the alert policy configuration and click <samp>Save</samp>. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project:: <br> <samp>Set `Aggregator` to `Count`<br> Set `Configuration`: <br> -Condition: above <br> -Threshold: 0 <br> -For: most recent value </samp></li><li>Configure the desired notifications channels in the section <samp>Notifications.</samp></li><li>Name the policy and click <samp>Save</samp>.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.4\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/logging/docs/logs-based-metrics/\",\n        \"https://cloud.google.com/monitoring/custom-metrics/\",\n        \"https://cloud.google.com/monitoring/alerts/\",\n        \"https://cloud.google.com/logging/docs/reference/tools/gcloud-logging\"\n    ],\n    \"dashboard_name\": \"Monitoring Alerts\",\n    \"path\": \"stackdrivermonitoring.projects.id.monitoring_alert_policies.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stackdrivermonitoring.projects.id.monitoring_alert_policies.id.project_ownership_assignments\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"project_ownership_assignments\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json",
    "content": "{\n    \"description\": \"Alerts Doesn't Exist for SQL Instance Configuration Changes\",\n    \"rationale\": \"Monitoring changes to SQL instance configuration changes may reduce the time needed to detect and correct misconfigurations done on the SQL server.\",\n    \"remediation\": \"From console: <ol><li>Identify the sql instance configuration changes metric under the section <samp>User-defined Metrics</samp> at https://console.cloud.google.com/logs/metrics.</li><li>Click the 3-dot icon in the rightmost column for the desired metric and select <samp>Create alert from Metric</samp>. A new page opens.</li><li>Fill out the alert policy configuration and click <samp>Save</samp>. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project:: <br> <samp>Set `Aggregator` to `Count`<br> Set `Configuration`: <br> -Condition: above <br> -Threshold: 0 <br> -For: most recent value </samp></li><li>Configure the desired notifications channels in the section <samp>Notifications.</samp></li><li>Name the policy and click <samp>Save</samp>.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.11\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/logging/docs/logs-based-metrics/\",\n        \"https://cloud.google.com/monitoring/custom-metrics/\",\n        \"https://cloud.google.com/monitoring/alerts/\",\n        \"https://cloud.google.com/logging/docs/reference/tools/gcloud-logging\",\n        \"https://cloud.google.com/storage/docs\",\n        \"https://cloud.google.com/sql/docs/\",\n        \"https://cloud.google.com/sql/docs/mysql/\",\n        \"https://cloud.google.com/sql/docs/postgres/\"\n    ],\n    \"dashboard_name\": \"Monitoring Alerts\",\n    \"path\": \"stackdrivermonitoring.projects.id.monitoring_alert_policies.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stackdrivermonitoring.projects.id.monitoring_alert_policies.id.sql_instance_conf_change\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"sql_instance_conf_change\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-changes.json",
    "content": "{\n    \"description\": \"Alerts Doesn't Exist for VPC Network Changes\",\n    \"rationale\": \"It is possible to have more than one VPC within a project. In addition, it is also possible to create a peer connection between two VPCs enablingnetwork traffic to route between VPCs. Monitoring changes to a VPC will help ensure VPC traffic flow is not getting impacted.\",\n    \"remediation\": \"From console: <ol><li>Identify the vpc network changes metric under the section <samp>User-defined Metrics</samp> at https://console.cloud.google.com/logs/metrics.</li><li>Click the 3-dot icon in the rightmost column for the desired metric and select <samp>Create alert from Metric</samp>. A new page opens.</li><li>Fill out the alert policy configuration and click <samp>Save</samp>. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project:: <br> <samp>Set `Aggregator` to `Count`<br> Set `Configuration`: <br> -Condition: above <br> -Threshold: 0 <br> -For: most recent value </samp></li><li>Configure the desired notifications channels in the section <samp>Notifications.</samp></li><li>Name the policy and click <samp>Save</samp>.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.9\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/logging/docs/logs-based-metrics/\",\n        \"https://cloud.google.com/monitoring/custom-metrics/\",\n        \"https://cloud.google.com/monitoring/alerts/\",\n        \"https://cloud.google.com/logging/docs/reference/tools/gcloud-logging\",\n        \"https://cloud.google.com/vpc/docs/overview\"\n    ],\n    \"dashboard_name\": \"Monitoring Alerts\",\n    \"path\": \"stackdrivermonitoring.projects.id.monitoring_alert_policies.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stackdrivermonitoring.projects.id.monitoring_alert_policies.id.vpc_network_change\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"vpc_network_change\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json",
    "content": "{\n    \"description\": \"Alerts Doesn't Exist for VPC Network Firewall Rule Changes\",\n    \"rationale\": \"Monitoring for Create or Update Firewall rule events gives insight to network access changes and may reduce the time it takes to detect suspicious activity.\",\n    \"remediation\": \"From console: <ol><li>Identify the vpc network firewall rule changes metric under the section <samp>User-defined Metrics</samp> at https://console.cloud.google.com/logs/metrics.</li><li>Click the 3-dot icon in the rightmost column for the desired metric and select <samp>Create alert from Metric</samp>. A new page opens.</li><li>Fill out the alert policy configuration and click <samp>Save</samp>. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project:: <br> <samp>Set `Aggregator` to `Count`<br> Set `Configuration`: <br> -Condition: above <br> -Threshold: 0 <br> -For: most recent value </samp></li><li>Configure the desired notifications channels in the section <samp>Notifications.</samp></li><li>Name the policy and click <samp>Save</samp>.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.7\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/logging/docs/logs-based-metrics/\",\n        \"https://cloud.google.com/monitoring/custom-metrics/\",\n        \"https://cloud.google.com/monitoring/alerts/\",\n        \"https://cloud.google.com/logging/docs/reference/tools/gcloud-logging\",\n        \"https://cloud.google.com/vpc/docs/firewalls\"\n    ],\n    \"dashboard_name\": \"Monitoring Alerts\",\n    \"path\": \"stackdrivermonitoring.projects.id.monitoring_alert_policies.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stackdrivermonitoring.projects.id.monitoring_alert_policies.id.vpc_network_firewall_rule_change\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"vpc_network_firewall_rule_change\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json",
    "content": "{\n    \"description\": \"Alerts Doesn't Exist for VPC Network Route Changes\",\n    \"rationale\": \"Google Cloud Platform (GCP) routes define the paths network traffic takes from a VM instance to another destination. The other destination can be inside the organization VPC network (such as another VM) or outside of it. Every route consists of a destination and a next hop. Traffic whose destination IP is within the destination range is sent to the next hop for delivery. Monitoring changes to route tables will help ensure that all VPC traffic flows through an expected path.\",\n    \"remediation\": \"From console: <ol><li>Identify the vpc network route changes metric under the section <samp>User-defined Metrics</samp> at https://console.cloud.google.com/logs/metrics.</li><li>Click the 3-dot icon in the rightmost column for the desired metric and select <samp>Create alert from Metric</samp>. A new page opens.</li><li>Fill out the alert policy configuration and click <samp>Save</samp>. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project:: <br> <samp>Set `Aggregator` to `Count`<br> Set `Configuration`: <br> -Condition: above <br> -Threshold: 0 <br> -For: most recent value </samp></li><li>Configure the desired notifications channels in the section <samp>Notifications.</samp></li><li>Name the policy and click <samp>Save</samp>.</li></ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.1.0\",\n            \"reference\": \"2.8\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/logging/docs/logs-based-metrics/\",\n        \"https://cloud.google.com/monitoring/custom-metrics/\",\n        \"https://cloud.google.com/monitoring/alerts/\",\n        \"https://cloud.google.com/logging/docs/reference/tools/gcloud-logging\",\n        \"https://cloud.google.com/storage/docs/access-control/iam\"\n    ],\n    \"dashboard_name\": \"Monitoring Alerts\",\n    \"path\": \"stackdrivermonitoring.projects.id.monitoring_alert_policies.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stackdrivermonitoring.projects.id.monitoring_alert_policies.id.vpc_network_route_change\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"vpc_network_route_change\"\n}"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json",
    "content": "{\n    \"about\": \"This ruleset attempts to cover as many recommendations from the CIS Google Cloud Platform Foundation v1.0.0.\",\n    \"rules\": {\n        \"cloudsql-allows-root-login-from-any-host.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-instance-ssl-not-required.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudstorage-bucket-member.json\": [\n            {\n                \"args\": [\n                    \"allUsers\",\n                    \"Bucket with 'allUsers' permissions\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"allAuthenticatedUsers\",\n                    \"Bucket with 'allAuthenticatedUsers' permissions\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cloudstorage-bucket-no-logging.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-gmail-accounts-used.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-lack-of-service-account-key-rotation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-sa-has-admin-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-service-account-with-user-managed-keys.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-user-has-sa-user-role.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-basic-authentication-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-certificate-authentication-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-alias-ip-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-has-no-labels.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-logging-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-master-authorized-networks-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-monitoring-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-network-policy-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-pod-security-policy-config-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-private-google-access-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-dashboard-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-default-service-account-used.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-legacy-abac-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-legacy-metadata-endpoints-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-node-auto-repair-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-node-auto-upgrade-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-node-container-optimized-os-not-used.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-private-nodes-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-scopes-not-limited.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ]\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json",
    "content": "{\n    \"about\": \"This ruleset attempts to cover as many recommendations from the CIS Google Cloud Platform Foundation v1.1.0.\",\n    \"rules\": {\n        \"cloudsql-instances-public-ips.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cloudsql-mysql-instances-local-infile-on.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-postgresql-instances-log-checkpoints-off.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-postgresql-instances-log-connections-off.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-postgresql-instances-log-disconnections-off.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-postgresql-instances-log-lock-waits-off.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-postgresql-instances-log-min-duration-not-set-1.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-postgresql-instances-log-min-messages-not-set.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-postgresql-instances-log-temp-files-not-set-0.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-sqlservers-instances-contained-database-authentication-on.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudstorage-uniform-bucket-level-access-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-block-project-ssh-keys-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-connecting-serial-ports-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-default-service-account.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-disk-not-csek-encrypted.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-full-api-access.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-ip-forwarding-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-os-login-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-public-ip-adresses.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-shielded-vm-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-network-default-in-use.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-network-legacy-in-use.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"dns-zones-dnssec-not-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"dns-zones-key-signing-key-using-rsasha1\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"dns-zones-zone-signing-key-using-rsasha1\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-role-account-separation-duties-is-false.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-role-kms-separation-duties-is-false.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kms-cryptokeys-anonymously-publicly-accessible.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"kms-encryption-keys-not-rotated.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdriverlogging-metric-filter-does-not-exist-custom-role-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdriverlogging-metric-filter-does-not-exist-vpc-network-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdrivermonitoring-alerts-does-not-exist-custom-role-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdrivermonitoring-alerts-does-not-exist-vpc-network-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ]\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/rulesets/default.json",
    "content": "{\n    \"about\": \"This ruleset consists of numerous rules that are considered standard by NCC Group. The rules enabled range from violations of well-known security best practices to gaps resulting from less-known security implications of provider-specific mechanisms. Additional rules exist, some of them requiring extra-parameters to be configured, and some of them being applicable to a limited number of users.\",\n    \"rules\": {\n        \"bigquery-dataset-member.json\": [\n            {\n                \"args\": [\n                    \"allUsers\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"allAuthenticatedUsers\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"bigquery-encryption-no-cmk.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-allows-root-login-from-any-host.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-instance-backups-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-instance-is-open-to-public-range.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cloudsql-instance-is-open-to-the-world.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cloudsql-instance-no-binary-logging.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-instance-ssl-not-required.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-instance-with-no-backups.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-instances-public-ips.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cloudsql-mysql-instances-local-infile-on.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-postgresql-instances-log-checkpoints-off.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-postgresql-instances-log-connections-off.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-postgresql-instances-log-disconnections-off.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-postgresql-instances-log-lock-waits-off.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-postgresql-instances-log-min-duration-not-set-1.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-postgresql-instances-log-min-messages-not-set.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-postgresql-instances-log-temp-files-not-set-0.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-sqlservers-instances-contained-database-authentication-on.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudstorage-bucket-member.json\": [\n            {\n                \"args\": [\n                    \"allUsers\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"allAuthenticatedUsers\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cloudstorage-bucket-no-public-access-prevention.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudstorage-bucket-no-logging.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudstorage-bucket-no-versioning.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cloudstorage-uniform-bucket-level-access-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-firewall-default-rule-in-use.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-firewall-rule-allows-all-ports.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-firewall-rule-allows-internal-traffic.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-firewall-rule-allows-port-range.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-firewall-rule-allows-public-access.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-firewall-rule-opens-all-ports-to-all.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-firewall-rule-opens-sensitive-port-to-all.json\": [\n            {\n                \"args\": [\n                    \"INGRESS\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-block-project-ssh-keys-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-connecting-serial-ports-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-default-service-account.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-disk-not-csek-encrypted.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-disk-with-no-snapshot.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-full-api-access.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-ip-forwarding-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-os-login-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-public-ip-adresses.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-shielded-vm-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-instance-with-deletion-protection-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-loadbalancer-forwarding-rule-forwards-sensitive-port.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-loadbalancer-global-forwarding-rule-forwards-sensitive-port.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-network-default-in-use.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-network-legacy-in-use.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-network-with-no-instances.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-old-disk-snapshot.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"computeengine-vpc-flow-logs-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"dns-zones-dnssec-not-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"dns-zones-key-signing-key-using-rsasha1.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"dns-zones-zone-signing-key-using-rsasha1.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"functions-v1-allowing-http.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"functions-v1-environment-variables-secrets.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"functions-v1-member.json\": [\n            {\n                \"args\": [\n                    \"allUsers\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            },\n            {\n                \"args\": [\n                    \"allAuthenticatedUsers\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"functions-v1-public-endpoint.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"functions-v2-environment-variables-secrets.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"functions-v2-public-endpoint.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-gmail-accounts-used.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-lack-of-service-account-key-rotation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-primitive-role-in-use.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-role-account-separation-duties-is-false.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-role-assigned-to-domain.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"iam-role-assigned-to-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-role-kms-separation-duties-is-false.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-sa-has-admin-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-service-account-user-member.json\": [\n            {\n                \"args\": [\n                    \"allUsers\",\n                    \"Service Account with 'allUsers' Service Account User\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"allAuthenticatedUsers\",\n                    \"Service Account with 'allAuthenticatedUsers' Service Account User\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-service-account-with-user-managed-keys.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"iam-user-has-sa-user-role.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kms-cryptokeys-anonymously-publicly-accessible.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"kms-encryption-keys-not-rotated.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-basic-authentication-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-certificate-authentication-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-alias-ip-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-application-layer-encryption-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-binary-authorization-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-has-no-labels.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-logging-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-master-authorized-networks-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-metadata-server-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-monitoring-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-network-policy-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-pod-security-policy-config-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-private-endpoint-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-private-google-access-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-release-channel.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-shielded-nodes-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-workload-identity-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-dashboard-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-default-service-account-used.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-legacy-abac-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-legacy-metadata-endpoints-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-node-auto-repair-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-node-auto-upgrade-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-node-container-optimized-os-not-used.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-node-integrity-monitoring-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-node-secure-boot-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-private-nodes-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-scopes-not-limited.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"memorystore-redis-instance-auth-not-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"memorystore-redis-instance-ssl-not-required.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdriverlogging-metric-filter-does-not-exist-custom-role-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdriverlogging-metric-filter-does-not-exist-vpc-network-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdriverlogging-no-export-sinks.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdrivermonitoring-alerts-does-not-exist-custom-role-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdrivermonitoring-alerts-does-not-exist-vpc-network-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ]\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/rules/rulesets/filters.json",
    "content": "{\n    \"about\": \"Default set of filters for Scout\",\n    \"rules\": {}\n}\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/services.py",
    "content": "from ScoutSuite.providers.base.services import BaseServicesConfig\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.gcp.resources.cloudsql.base import CloudSQL\nfrom ScoutSuite.providers.gcp.resources.memorystore.base import MemoryStore\nfrom ScoutSuite.providers.gcp.resources.cloudstorage.base import CloudStorage\nfrom ScoutSuite.providers.gcp.resources.gce.base import ComputeEngine\nfrom ScoutSuite.providers.gcp.resources.iam.base import IAM\nfrom ScoutSuite.providers.gcp.resources.kms.base import KMS\nfrom ScoutSuite.providers.gcp.resources.dns.base import DNS\nfrom ScoutSuite.providers.gcp.resources.functions.base import Functions\nfrom ScoutSuite.providers.gcp.resources.bigquery.base import BigQuery\nfrom ScoutSuite.providers.gcp.resources.stackdriverlogging.base import StackdriverLogging\nfrom ScoutSuite.providers.gcp.resources.stackdrivermonitoring.base import StackdriverMonitoring\nfrom ScoutSuite.providers.gcp.resources.gke.base import KubernetesEngine\n\n\nclass GCPServicesConfig(BaseServicesConfig):\n\n    def __init__(self, credentials=None, default_project_id=None,\n                 project_id=None, folder_id=None, organization_id=None, all_projects=None,\n                 **kwargs):\n\n        super().__init__(credentials)\n\n        facade = GCPFacade(default_project_id, project_id, folder_id, organization_id, all_projects)\n\n        self.cloudsql = CloudSQL(facade)\n        self.cloudmemorystore = MemoryStore(facade)\n        self.cloudstorage = CloudStorage(facade)\n        self.computeengine = ComputeEngine(facade)\n        self.functions = Functions(facade)\n        self.bigquery = BigQuery(facade)\n        self.iam = IAM(facade)\n        self.kms = KMS(facade)\n        self.stackdriverlogging = StackdriverLogging(facade)\n        self.stackdrivermonitoring = StackdriverMonitoring(facade)\n        self.kubernetesengine = KubernetesEngine(facade)\n        self.dns = DNS(facade)\n\n    def _is_provider(self, provider_name):\n        return provider_name == 'gcp'\n"
  },
  {
    "path": "ScoutSuite/providers/gcp/utils.py",
    "content": "from ScoutSuite.core.console import print_exception\n\n\ndef is_throttled(exception):\n    \"\"\"\n    Determines whether the exception is due to API throttling.\n\n    :param exception:                   Exception raised\n    :return:                            True if it's a throttling exception else False\n    \"\"\"\n    throttled_errors = [\n        'Quota exceeded',\n        'API_SHARED_QUOTA_EXHAUSTED',\n        'RATE_LIMIT_EXCEEDED'\n    ]\n    try:\n        if any(error in str(exception) for error in throttled_errors):\n            return True\n        else:\n            return False\n    except Exception as e:\n        print_exception(f'Unable to validate exception {exception} for GCP throttling: {e}')\n        return False\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/kubernetes/authentication_strategy.py",
    "content": "import logging\nimport enum\n\nfrom google.auth.credentials import Credentials as GCPCredentials\nfrom kubernetes import config, client\nfrom ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy\nfrom ScoutSuite.providers.aws.authentication_strategy import AWSAuthenticationStrategy, AWSCredentials\nfrom ScoutSuite.providers.azure.authentication_strategy import AzureAuthenticationStrategy, AzureCredentials\nfrom ScoutSuite.providers.gcp.authentication_strategy import GCPAuthenticationStrategy\n\n\nclass KubernetesCredentials:\n    def __init__(self) -> None:\n        self.cluster_provider: str = None\n        self.cluster_context: str = None\n        self.api_client: client.ApiClient = None\n        self.fetch_local: bool = False\n        \n        self.aws: AWSCredentials = None\n        self.azure: AzureCredentials = None\n        self.gcp: GCPCredentials = None\n\nclass ClusterProvider(enum.Enum):\n    # Azure\n    AKS = 'aks'\n    # AWS\n    EKS = 'eks'\n    # GCP\n    GKE = 'gke'\n\nclass ResourceTemplates(enum.Enum):\n    RESOURCE_CONTAINERS = 'kubernetes_resource_containers'\n    RESOURCE_HOST = 'kubernetes_resource_host'\n\nclass KubernetesAuthenticationStrategy(AuthenticationStrategy):\n    '''\n    Implements authentication for the Kubernetes provider.\n    '''\n\n    def authenticate(self, **kwargs):\n        '''Obtain credentials to interact with the Kubernetes cluster'''\n\n        logging.getLogger('kubernetes.client.rest').setLevel(logging.ERROR)\n\n        cluster_provider = kwargs.get('kubernetes_cluster_provider')\n        config_file = kwargs.get('kubernetes_config_file')\n        context = kwargs.get('kubernetes_context')\n        persist_config = kwargs.get('kubernetes_persist_config')\n        fetch_local = kwargs.get('kubernetes_fetch_local')\n\n        credentials = KubernetesCredentials()\n        if cluster_provider in [ClusterProvider.AKS.value]:\n            subscription_id = subscription_id=kwargs.get('kubernetes_azure_subscription_id')\n            credentials.azure = AzureAuthenticationStrategy().authenticate(cli=True, subscription_id=subscription_id)\n\n        elif cluster_provider in [ClusterProvider.EKS.value]:\n            credentials.aws = AWSAuthenticationStrategy().authenticate()\n\n        elif cluster_provider in [ClusterProvider.GKE.value]:\n            credentials.gcp = GCPAuthenticationStrategy().authenticate(user_account=True)\n\n        config.load_kube_config(config_file, context, None, persist_config)\n\n        credentials.cluster_provider = cluster_provider\n        credentials.cluster_context = context or config.list_kube_config_contexts(config_file)[1]['context']['cluster']\n        credentials.api_client = config.new_client_from_config(config_file, context, persist_config)\n        credentials.fetch_local = fetch_local\n\n        return credentials\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/facade/__init__.py",
    "content": "from ScoutSuite.providers.azure.facade.loggingmonitoring import LoggingMonitoringFacade\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.kubernetes.authentication_strategy import ClusterProvider, KubernetesCredentials\nfrom ScoutSuite.providers.kubernetes.facade.core import CoreFacade\nfrom ScoutSuite.providers.kubernetes.facade.eks import EKSFacade\nfrom ScoutSuite.providers.kubernetes.facade.extra import ExtraFacade\nfrom ScoutSuite.providers.kubernetes.facade.version import VersionFacade\n\n\nclass KubernetesFacade:\n    def __init__(self, credentials: KubernetesCredentials):\n        self.eks = None\n        self.azure_monitoring = None\n        self.gcp = None\n\n        self.core = CoreFacade(credentials)\n        self.extra = ExtraFacade(credentials)\n        self.version = VersionFacade(credentials)\n\n        if credentials.cluster_provider == ClusterProvider.AKS.value:\n            self.azure_monitoring = LoggingMonitoringFacade(credentials)\n\n        elif credentials.cluster_provider == ClusterProvider.EKS.value:\n            self.eks = EKSFacade(credentials)\n\n        elif credentials.cluster_provider == ClusterProvider.GKE.value:\n            self.gcp = GCPFacade(credentials)\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/facade/base.py",
    "content": "from json import dumps, loads\nfrom yaml import safe_dump\n\nfrom google.auth.credentials import Credentials as GCPCredentials\nfrom kubernetes.client.exceptions import ApiException\n\nfrom ScoutSuite.core.console import print_error, print_info\nfrom ScoutSuite.providers.aws.authentication_strategy import AWSCredentials\nfrom ScoutSuite.providers.azure.authentication_strategy import AzureCredentials\nfrom ScoutSuite.providers.kubernetes.authentication_strategy import ClusterProvider, KubernetesCredentials\nfrom ScoutSuite.providers.kubernetes.utils import format_api_version, format_resource_id, format_resource_kind, format_resource_name\n\n\nfrom ScoutSuite import __version__\n\n\nclass KubernetesBaseFacade:\n    def continue_upon_exception(function):\n        def continue_upon_exception_callback(self, **kwargs):\n            try:\n                return function(self, **kwargs)\n            except ApiException as api_exception:\n                print(api_exception)\n                print_error(f'[{api_exception.__class__.__name__}] {function.__module__}.{function.__name__}: {api_exception.reason}')\n                return None\n            except Exception as exception:\n                print(exception)\n                print_error(f'[{exception.__class__.__name__}] {function.__module__}.{function.__name__}: {exception}')\n                return None\n        return continue_upon_exception_callback\n\n    def __init__(self, credentials: KubernetesCredentials) -> None:\n        self.resource_definitions = None\n        self.data = None\n        self.cluster_provider = None\n        self.api_client = credentials.api_client\n        self.api_client.user_agent = f'Scout Suite {__version__}'\n\n        if isinstance(credentials, AzureCredentials):\n            self.cluster_provider = ClusterProvider.AKS.value\n        elif isinstance(credentials, AWSCredentials):\n            self.cluster_provider = ClusterProvider.EKS.value\n        elif isinstance(credentials, GCPCredentials):\n            self.cluster_provider = ClusterProvider.GKE.value\n\n    def get(self, path) -> dict:\n        if not path:\n            return {}\n        if path[0] != '/':\n            path = '/' + path\n        print_info(f'GET {path}')\n\n        try:\n            return loads(self.api_client.call_api(path, 'GET', auth_settings=['BearerToken'], response_type='json', _preload_content=False)[0].data)\n        except:\n            print_error(f'Failed to get {path}')\n            return None\n\n    @classmethod\n    def parse_data(self, raw_resources):\n        parsed_output = {}\n\n        for kind in raw_resources or {}:\n            resources = {}\n            resource_exists = False\n\n            for raw_version in raw_resources[kind]:\n                resource_items = raw_resources[kind][raw_version]\n                if len(resource_items) == 0: continue\n\n                resource_exists = True\n\n                version = format_api_version(raw_version)\n                resources[version] = {\n                    'namespaced': False,\n                    'namespaces': {},\n                    'resources': {}\n                }\n\n                for item in resource_items:\n                    metadata: dict = item['metadata']\n                    name: str = metadata['name']\n                    namespace: str = metadata.get('namespace')\n                    formatted_id: str = format_resource_id(name, namespace)\n\n                    formatted_data: dict = {\n                        'json': dumps(item, indent=2, separators=(',', ': ')),\n                        'yaml': safe_dump(item),\n                        'data': item,\n                        'metadata': metadata,\n                        'stringified_metadata': safe_dump(metadata),\n                        'stringified_data': {},\n                        'stringified_annotations': safe_dump(metadata.get('annotations')) if metadata.get('annotations') else None,\n                        'version': raw_version,\n                        'kind': kind\n                    }\n\n                    del formatted_data['data']['metadata']\n                    for key in formatted_data['data']:\n                        formatted_data['stringified_data'][key] = safe_dump(formatted_data['data'][key])\n\n                    owner_references = metadata.get('ownerReferences', [])\n                    if len(owner_references) > 0:\n                        formatted_data['ownerReferences'] = []\n                        for ref in owner_references:\n                            formatted_kind = format_resource_kind(ref['kind'])\n                            formatted_version = format_api_version(ref['apiVersion'])\n                            formatted_name = format_resource_name(ref['name'])\n\n                            text = f'''{ref['apiVersion']}/{ref['kind']}/{ref['name']}'''\n                            if namespace and ref['kind'] != 'Node':\n                                formatted_name = format_resource_id(formatted_name, namespace)\n                                text = f'''[{namespace}] ''' + text\n\n                            formatted_data['ownerReferences'].append({\n                                'href': f'''#services.{formatted_kind}.{formatted_version}.{formatted_name}.view'''.replace('\"', '\\\\\"'),\n                                'text': text,\n                            })\n\n                    role_ref = item.get('roleRef')\n                    if role_ref:\n                        ref_api_group = role_ref.get('apiGroup')\n                        ref_kind = role_ref.get('kind')\n                        ref_name = role_ref.get('name')\n\n                        ref_text = f'''{ref_api_group}/{ref_kind}/{ref_name}'''\n                        if namespace:\n                            ref_text = f'[{namespace}] {ref_text}'\n                            ref_name = f'[{namespace}] {ref_name}'\n\n                        ref_href = f'''#services.{format_resource_kind(ref_kind)}.{version}.{format_resource_id(ref_name, namespace)}.view'''\n                        formatted_data['roleRef'] = {\n                            'href': ref_href,\n                            'text': ref_text,\n                        }\n\n                    resources[version]['resources'][formatted_id] = formatted_data\n                    if namespace:\n                        resources[version]['namespaced'] = True\n                        resources[version]['namespaces'][format_resource_name(namespace)] = namespace\n\n            if resource_exists:\n                parsed_output[format_resource_kind(kind)] = resources\n\n        return parsed_output"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/facade/core.py",
    "content": "from ScoutSuite.core.console import print_error\nfrom ScoutSuite.providers.kubernetes.facade.base import KubernetesBaseFacade\n\n\nclass CoreFacade(KubernetesBaseFacade):\n    def __init__(self, credentials):\n        super().__init__(credentials)\n\n    def get_resource_definitions(self) -> dict:\n        if self.resource_definitions != None:\n            return self.resource_definitions\n\n        self.resource_definitions = {}\n        for version in self.get('/api')['versions']:\n            self.resource_definitions[version] = self.get(f'/api/{version}')['resources']\n\n        return self.resource_definitions\n\n    def get_resources(self) -> dict:\n        if self.data != None: return self.data\n\n        data = {}\n        core_resource_definitions = self.get_resource_definitions()\n\n        for version in core_resource_definitions:\n            core_resources = core_resource_definitions[version]\n            for api_resource in core_resources:\n                if 'list' not in api_resource['verbs']: continue\n                endpoint = f'''/api/{version}/{api_resource['name']}'''\n                \n                resources = self.get(endpoint)\n                if not resources:\n                    continue\n                \n                resource_items = resources['items']\n                kind = api_resource['kind']\n\n                # Redact sensitive resources\n                if kind in ['Secret']:\n                    for i in range(len(resource_items)):\n                        # Do not naively assume all secrets have `data`\n                        secret_data = resource_items[i].get('data')\n                        if not secret_data: continue\n\n                        # Do not assume `data` is a dictionary either\n                        if type(secret_data) == dict:\n                            for key in secret_data:\n                                resource_items[i]['data'][key] = 'REDACTED'\n                        elif type(secret_data) == str:\n                            resource_items[i]['data'] = 'REDACTED'\n                        elif type(secret_data) == list:\n                            for j in range(len(secret_data)):\n                                resource_items[i]['data'][j] = 'REDACTED'\n\n                data[kind] = data.get(kind, {})\n                data[kind][version] = resource_items\n\n        self.data = self.parse_data(data)\n        return self.data"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/facade/eks.py",
    "content": "from ScoutSuite.providers.kubernetes.authentication_strategy import KubernetesCredentials\nfrom ScoutSuite.providers.kubernetes.facade.base import KubernetesBaseFacade\n\n\nclass EKSFacade(KubernetesBaseFacade):\n    cluster = None\n\n    def __init__(self, credentials: KubernetesCredentials, **kwargs):\n        super().__init__(credentials)\n        self.context = credentials.cluster_context\n        self.session = credentials.aws.session\n        self.region = self.session.region_name\n        self.eks_client = self.session.client('eks', self.region, **kwargs)\n\n    @KubernetesBaseFacade.continue_upon_exception\n    def get_cluster(self, **kwargs):\n        if not self.cluster:\n            self.cluster = self.eks_client.describe_cluster(name=self.context.split('.')[0], **kwargs)\n        return self.cluster['cluster']"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/facade/extra.py",
    "content": "from ScoutSuite.core.console import print_error\nfrom ScoutSuite.providers.kubernetes.facade.base import KubernetesBaseFacade\n\n\nclass ExtraFacade(KubernetesBaseFacade):\n    def __init__(self, credentials):\n        super().__init__(credentials)\n        self.api_groups = None\n\n    def get_resource_definitions(self) -> dict:\n        if self.resource_definitions != None:\n            return self.resource_definitions\n\n        self.resource_definitions = self.get('/apis')\n\n        return self.resource_definitions\n\n    def get_resources(self) -> dict:\n        if self.data != None: return self.data\n\n        data = {}\n\n        extra_resources = self.get_resource_definitions()\n        for group in extra_resources['groups']:\n            for version in group['versions']:\n                endpoint = f'''/apis/{version['groupVersion']}'''\n\n                api_resources = self.get(endpoint)\n                if not api_resources:\n                    continue\n\n                for api_resource in api_resources['resources']:\n                    if 'list' not in api_resource['verbs']: continue\n                    endpoint = f'''/apis/{version['groupVersion']}/{api_resource['name']}'''\n\n                    api_resources = self.get(endpoint)\n                    if not api_resources:\n                        continue\n\n                    resources = self.get(endpoint)['items']\n                    key = api_resource['kind']\n                    data[key] = data.get(key, {})\n                    data[key][version['groupVersion']] = resources\n\n        self.data = self.parse_data(data)\n        return self.data"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/facade/version.py",
    "content": "from ScoutSuite.core.console import print_info\nfrom ScoutSuite.providers.kubernetes.facade.base import KubernetesBaseFacade\n\n\nclass VersionFacade(KubernetesBaseFacade):\n    def __init__(self, credentials):\n        super().__init__(credentials)\n\n    def get_versions(self) -> dict:\n        if self.data != None:\n            return self.data\n\n        self.data = self.get('/version')\n\n        return self.data\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/metadata.json",
    "content": "{\n  \"_scout_suite_aggregation\": {\n    \"rbac\": {\n      \"resources\": {},\n      \"summaries\": {\n        \"dangerous_grants\": {\n          \"path\": \"services.rbac.dangerous_grants\"\n        },\n        \"dodgy_subjects\": {\n          \"path\": \"services.rbac.dodgy_subjects\"\n        },\n        \"permissive_bindings\": {\n          \"path\": \"services.rbac.permissive_bindings\"\n        }\n      }\n    },\n    \"workload\": {\n      \"resources\": {},\n      \"summaries\": {\n        \"images\": {\n          \"path\": \"services.workload.images\"\n        }\n      }\n    }\n  },\n  \"a\": {\n    \"loggingmonitoring\": {\n      \"resources\": {\n        \"diagnostic_settings\": {\n          \"path\": \"services.loggingmonitoring.subscriptions.id.diagnostic_settings\"\n        },\n        \"log_alerts\": {\n          \"path\": \"services.loggingmonitoring.subscriptions.id.log_alerts\"\n        },\n        \"log_profiles\": {\n          \"path\": \"services.loggingmonitoring.subscriptions.id.log_profiles\"\n        },\n        \"resources_logging\": {\n          \"path\": \"services.loggingmonitoring.subscriptions.id.resources_logging\"\n        }\n      }\n    }\n  },\n  \"e\": {\n    \"eks\": {\n      \"resources\": {\n        \"encryption\": {\n          \"path\": \"services.eks.encryption\"\n        },\n        \"logging\": {\n          \"path\": \"services.eks.logging\"\n        },\n        \"v_p_c\": {\n          \"path\": \"services.eks.v_p_c\"\n        }\n      }\n    }\n  },\n  \"g\": {\n    \"kubernetesengine\": {\n      \"resources\": {\n        \"clusters\": {\n          \"path\": \"services.kubernetesengine.projects.id.clusters\"\n        },\n        \"node_pools\": {\n          \"path\": \"services.kubernetesengine.projects.id.node_pools\"\n        }\n      }\n    }\n  },\n  \"v\": {\n    \"version\": {\n      \"resources\": {\n        \"details\": {\n          \"cols\": 1,\n          \"path\": \"services.version.details\"\n        }\n      }\n    }\n  }\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/provider.py",
    "content": "import os\nimport re\n\nfrom ScoutSuite.core.ruleset import Ruleset\nfrom ScoutSuite.providers.base.provider import BaseProvider\nfrom ScoutSuite.providers.kubernetes.authentication_strategy import ClusterProvider, KubernetesCredentials\nfrom ScoutSuite.providers.kubernetes.resources.workload import Workload\nfrom ScoutSuite.providers.kubernetes.services import KubernetesServicesConfig\nfrom ScoutSuite.utils import formatted_service_name\n\nclass KubernetesProvider(BaseProvider):\n    \"\"\"\n    Implements provider for Kubernetes\n    \"\"\"\n\n    services_requiring_finding_deduplication = {\n        'daemon_set': True,\n        'deployment': True,\n        'replica_set': True,\n        'stateful_set': True,\n        'pod': True,\n    }\n\n    composite_resources = {\n        'loggingmonitoring': True,\n        'eks': True,\n        'kubernetesengine': True,\n        'rbac': True,\n        'version': True,\n        'workload': True\n    }\n\n    def __init__(self, **kwargs):\n        report_dir = kwargs.get('report_dir')\n        timestamp = kwargs.get('timestamp')\n        resources = kwargs.get('resources') or []\n        skipped_resources = kwargs.get('skipped_resources') or []\n        result_format = kwargs.get('result_format', 'json')\n\n        self.credentials: KubernetesCredentials = kwargs.get('credentials')\n        self.metadata_path = f'{os.path.split(os.path.abspath(__file__))[0]}/metadata.json'\n        self.environment = 'kubernetes'\n        self.provider_code = 'kubernetes'\n        self.result_format = result_format\n        self.services_config = KubernetesServicesConfig\n        self.account_id = self.credentials.cluster_context\n        self.provider_name = formatted_service_name.get(self.credentials.cluster_provider) or 'Kubernetes'\n\n        self.original_containers = {\n            'cron_job': [],\n            'deployment': [],\n            'job': [],\n            'pod': [],\n            'pod_template': [],\n            'replica_set': [],\n            'stateful_set': [],\n        }\n\n        super().__init__(report_dir, timestamp, resources, skipped_resources, result_format)\n\n    def get_report_name(self):\n        \"\"\"\n        Returns the name of the report using the provider's configuration\n        \"\"\"\n        return f'''kubernetes-{self.credentials.cluster_context.replace(':', '-')}'''\n\n    def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):\n        provider = self.credentials.cluster_provider\n\n        # delete cloud-specific services if necessary\n        if provider != ClusterProvider.AKS.value:\n            # TODO: have actual AKS findings\n            if self.metadata.get(ClusterProvider.AKS.value[0]) and self.metadata[ClusterProvider.AKS.value[0]].get('loggingmonitoring'):\n                del self.metadata[ClusterProvider.AKS.value[0]]['loggingmonitoring']\n        if provider != ClusterProvider.EKS.value:\n            if self.metadata.get(ClusterProvider.EKS.value[0]) and self.metadata[ClusterProvider.EKS.value[0]].get(ClusterProvider.EKS.value):\n                del self.metadata[ClusterProvider.EKS.value[0]][ClusterProvider.EKS.value]\n        if provider != ClusterProvider.GKE.value:\n            if self.metadata.get(ClusterProvider.GKE.value[0]) and self.metadata[ClusterProvider.GKE.value[0]].get('kubernetesengine'):\n                del self.metadata[ClusterProvider.GKE.value[0]]['kubernetesengine']\n\n        # delete empty service groups\n        service_groups_to_delete = []\n        for service_group_name in self.metadata:\n            if len(self.metadata[service_group_name]) == 0:\n                service_groups_to_delete.append(service_group_name)\n\n        for group_name in service_groups_to_delete:\n            del self.metadata[group_name]\n\n        for service_name in Workload.container_path_prefixes:\n            keys = Workload.container_path_prefixes[service_name]\n            service = self.services.get(service_name)\n            if not service: continue\n            versions = self._get_resource_versions(service)\n            for version in versions:\n                resources = service[version]['resources']\n                for resource_id in resources:\n                    spec = resources[resource_id]\n                    for key in keys:\n                        spec = spec[key]\n\n                    containers = spec['containers']\n                    self.original_containers[service_name] = list(containers)\n                    init_containers = spec.get('initContainers', [])\n                    ephemeral_containers = spec.get('ephemeralContainers', [])\n\n                    containers.extend(init_containers)\n                    containers.extend(ephemeral_containers)\n\n        return super().preprocessing(ip_ranges, ip_ranges_name_key)\n\n    def postprocessing(self, current_time, ruleset: Ruleset, run_parameters):\n        self._postprocess_regular_resources()\n        self._postprocess_composite_resource('workload')\n        self._postprocess_composite_resource('rbac')\n        \n        for service_name in Workload.container_path_prefixes:\n            keys = Workload.container_path_prefixes[service_name]\n            service = self.services.get(service_name)\n            if not service: continue\n            versions = self._get_resource_versions(service)\n            for version in versions:\n                resources = service[version]['resources']\n                for resource_id in resources:\n                    spec = resources[resource_id]\n                    for key in keys:\n                        spec = spec[key]\n\n                    spec['containers'] = self.original_containers[service_name]\n\n        ## TODO: This needs to look better.\n        # service_names = self._get_resource_versions(self.services['workload'])\n        # for service_name in service_names:\n        #     for finding_name in self.services[service_name]['findings']:\n        #         self.services['workload']['findings'][finding_name] = self.services[service_name]['findings'][finding_name]\n\n        return super().postprocessing(current_time, ruleset, run_parameters)\n\n    def _get_resource_versions(self, service: dict):\n        versions = filter(lambda key: service.get(f'{key}_count') != None, service)\n        return list(versions)\n\n    def _load_resource_metadata(self, service_group, service_name, versions):\n        self.metadata[service_group] = self.metadata.get(service_group, {})\n        self.metadata[service_group][service_name] = self.metadata[service_group].get(service_name, {})\n        self.metadata[service_group][service_name]['resources'] = self.metadata[service_group][service_name].get('resources', {})\n        self.metadata[service_group][service_name]['summaries'] = self.metadata[service_group][service_name].get('summaries', {})\n\n        for version in versions:\n            self.metadata[service_group][service_name]['resources'][version] = {\n                'path': f'services.{service_name}.{version}'\n            }\n\n    def _postprocess_regular_resources(self):\n        for service_name in self.services:\n            service_group = service_name[0]\n            service = self.services[service_name]\n\n            if self.composite_resources.get(service_name): continue\n\n            service_requires_finding_deduplication = self.services_requiring_finding_deduplication.get(service_name, False)\n\n            versions = self._get_resource_versions(service)\n            self._load_resource_metadata(service_group, service_name, versions)\n\n            # post-process findings\n            standalone_resources = {}\n            standalone_resources_tampered = False\n\n            for version in versions:\n                # finding de-duplication\n                if not service_requires_finding_deduplication: continue\n                service_resources = self.services[service_name][version]['resources']\n                for name in service_resources:\n                    if not service_resources[name].get('ownerReferences'):\n                        standalone_resources[f'''{service_name}.{version}.resources.{name}'''] = True\n                        standalone_resources_tampered = True\n\n            # remove resources that have owner references from findings\n            findings = self.services[service_name]['findings']\n            for finding_name in findings:\n                finding = findings[finding_name]\n\n                actual_finding_items = []\n                for finding_item in finding['items']:\n                    # e.g. pod.v1.resources.pod-name\n                    if '.'.join(finding_item.split('.')[:4]) in standalone_resources:\n                        actual_finding_items.append(finding_item)\n\n                if standalone_resources_tampered:\n                    finding['items'] = actual_finding_items\n                    finding['checked_items'] = len(standalone_resources)\n                    finding['flagged_items'] = min(finding['checked_items'], len(finding['items']))\n\n                for version in versions:\n                    items = finding['items']\n                    for i in range(len(items)):\n                        expression = f'^{service_name}\\.{version}\\.resources'\n                        items[i] = re.sub(expression, f'{service_name}.{version}', items[i])\n\n    def _postprocess_composite_resource(self, composite_resource_name):\n        service_group  = '_scout_suite_aggregation'\n        self.metadata[service_group] = self.metadata.get(service_group, {})\n\n        service = self.services[composite_resource_name]\n        versions = self._get_resource_versions(service)\n        self._load_resource_metadata(service_group, composite_resource_name, versions)"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/resources/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/kubernetes/resources/aks.py",
    "content": "from ScoutSuite.providers.azure.resources.subscriptions import Subscriptions\nfrom ScoutSuite.providers.azure.resources.loggingmonitoring.log_profiles import LogProfiles\nfrom ScoutSuite.providers.azure.resources.loggingmonitoring.diagnostic_settings import DiagnosticSettings\nfrom ScoutSuite.providers.azure.resources.loggingmonitoring.activity_log_alerts import ActivityLogAlerts\nfrom ScoutSuite.providers.azure.resources.loggingmonitoring.resources import Resources\n\n\nclass AKS(Subscriptions):\n    _children = [\n        (LogProfiles, 'log_profiles'),\n        (DiagnosticSettings, 'diagnostic_settings'),\n        (ActivityLogAlerts, 'log_alerts'),\n        (Resources, 'resources_logging')\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/resources/base.py",
    "content": "\"\"\"This module provides implementations for Resources for Kubernetes.\"\"\"\n\nfrom ScoutSuite.providers.kubernetes.facade import KubernetesFacade\nfrom ScoutSuite.providers.base.resources.base import CompositeResources, Resources\n\n\nclass KubernetesResources(Resources):\n    \"\"\"This is the base class for Kubernetes resources.\"\"\"\n\n    def __init__(self, resources):\n        self.resources = resources\n\n    async def fetch_all(self):\n        for version in self.resources:\n            data = self.resources[version]\n            self[version] = data\n            self[f'''{version}_count'''] = len(data['resources'])\n\nclass KubernetesResourcesWithFacade(Resources):\n    \"\"\"This is the base class for Kubernetes resources.\"\"\"\n\n    def __init__(self, facade: KubernetesFacade):\n        super().__init__(facade)\n        self.facade = facade\n    \n    def save(self, data):\n        if not data: return\n        for version in data:\n            self[version] = data[version]\n\nclass KubernetesCompositeResources(KubernetesResourcesWithFacade, CompositeResources):\n    \"\"\"This class represents a collection of KubernetesResources. Classes extending KubernetesResourcesWithFacade should define a\n    \"_children\" attribute which consists of a list of tuples describing the children. The tuples are expected to\n    respect the following format: (<child_class>, <child_name>). The child_name is used by indicates the name under\n    which the child will be stored in the parent object.\n    \"\"\"\n\n    async def fetch_all(self):\n        for child_class, child_name in self._children:\n            data: KubernetesResourcesWithFacade = child_class(self.facade)\n            await data.fetch_all()\n\n            self[child_name] = {}\n            for version in data:\n                self[child_name][version] = 1\n                self[f'{child_name}_{version}'] = data[version]\n                self[f'{child_name}_{version}_count'] = len(data[version]['resources'])"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/resources/eks.py",
    "content": "from ScoutSuite.providers.kubernetes.resources.base import KubernetesCompositeResources, KubernetesResourcesWithFacade\n\n\nclass ControlPlaneLogging(KubernetesResourcesWithFacade):\n    async def fetch_all(self):\n        if not self.facade.eks:\n            return\n\n        cluster = self.facade.eks.get_cluster()\n\n        '''\n        Example output of `logging_configs`:\n        [\n            {'types': ['controllerManager', 'scheduler'], 'enabled': True},\n            {'types': ['api', 'audit', 'authenticator'], 'enabled': False}\n        ]\n        '''\n        logging_config = cluster['logging']['clusterLogging']\n        for item in logging_config:\n            for log_type in item['types']:\n                item['name'] = log_type\n                item['id'] = log_type\n                self[log_type] = {\n                    'name': log_type,\n                    'id': log_type,\n                    'enabled': item['enabled']\n                }\n\nclass KMSEncryption(KubernetesResourcesWithFacade):\n    async def fetch_all(self):\n        if not self.facade.eks:\n            return\n\n        cluster = self.facade.eks.get_cluster()\n        encryption_config = cluster.get('encryptionConfig') or []\n\n        for item in encryption_config:\n            arn = item['provider']['keyArn']\n            item['name'] = arn\n            item['id'] = arn\n            self[arn] = item\n\nclass ResourcesVPCConfig(KubernetesResourcesWithFacade):\n    async def fetch_all(self):\n        if not self.facade.eks:\n            return\n\n        cluster = self.facade.eks.get_cluster()\n        vpc_config = cluster['resourcesVpcConfig']\n\n        self[vpc_config['vpcId']] = cluster['resourcesVpcConfig']\n        self[vpc_config['vpcId']]['id'] = vpc_config['vpcId']\n        self[vpc_config['vpcId']]['name'] = vpc_config['vpcId']\n\nclass EKS(KubernetesCompositeResources):\n    _children = [\n        (ControlPlaneLogging, 'logging'),\n        (KMSEncryption, 'encryption'),\n        (ResourcesVPCConfig, 'v_p_c'),\n    ]\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/resources/fake_network_policy.py",
    "content": "from ScoutSuite.providers.kubernetes.resources.base import KubernetesResourcesWithFacade\n\n\nclass FakeNetworkPolicy(KubernetesResourcesWithFacade):\n    '''Created to display network policy findings in the event that the cluster has no network policies.'''\n\n    async def fetch_all(self):\n        self['v1'] = {}\n        self['v1_count'] = 0"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/resources/gke.py",
    "content": "from ScoutSuite.providers.gcp.resources.gke.clusters import Clusters\nfrom ScoutSuite.providers.gcp.resources.projects import Projects\n\n\nclass GKE(Projects):\n    _children = [\n        (Clusters, 'clusters')\n    ]"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/resources/rbac.py",
    "content": "from ScoutSuite.providers.kubernetes.resources.base import KubernetesCompositeResources, KubernetesResourcesWithFacade\n\n\nclass ClusterRoles(KubernetesResourcesWithFacade):\n    async def fetch_all(self):\n        data = self.facade.extra.get_resources().get('cluster_role')\n        self.save(data)\n\nclass ClusterRoleBindings(KubernetesResourcesWithFacade):\n    async def fetch_all(self):\n        data = self.facade.extra.get_resources().get('cluster_role_binding')\n        self.save(data)\n\nclass Roles(KubernetesResourcesWithFacade):\n    async def fetch_all(self):\n        data = self.facade.extra.get_resources().get('role')\n        self.save(data)\n\nclass RoleBindings(KubernetesResourcesWithFacade):\n    async def fetch_all(self):\n        data = self.facade.extra.get_resources().get('role_binding')\n        self.save(data)\n\nclass RBAC(KubernetesCompositeResources):\n    _children = [\n        (ClusterRoles, 'cluster_role'),\n        (ClusterRoleBindings, 'cluster_role_binding'),\n        (Roles, 'role'),\n        (RoleBindings, 'role_binding'),\n    ]\n\n    PERMISSIVE_BINDING_KEYWORDS = ['admin', 'secret', 'manage', 'root']\n    DODGY_SUBJECTS = ['system:unauthenticated', 'system:authenticated', 'system:anonymous']\n    DANGEROUS_GRANTS = [\n        ('create', 'pods'),\n        ('create', 'pods/exec'),\n        ('get', 'secrets'),\n        ('get', 'configmaps'),\n        ('escalate', ''),\n        ('impersonate', ''),\n    ]\n\n    KEY_PERMISSIVE_BINDINGS = 'permissive_bindings'\n    KEY_DODGY_SUBJECTS = 'dodgy_subjects'\n    KEY_DANGEROUS_GRANTS = 'dangerous_grants'\n\n    async def finalize(self):\n        self[self.KEY_PERMISSIVE_BINDINGS] = {}\n        self[self.KEY_DODGY_SUBJECTS] = {}\n        self[self.KEY_DANGEROUS_GRANTS] = {}\n\n        for child_name in ['cluster_role_binding', 'role_binding']:\n            for version in self[child_name]:\n                resources = self[f'{child_name}_{version}']['resources']\n                for binding_name in resources:\n                    binding = resources[binding_name]\n                    role_name: str = binding['metadata']['name']\n\n                    # set permissive bindings for cluster roles and roles\n                    for keyword in self.PERMISSIVE_BINDING_KEYWORDS:\n                        if keyword.lower() in role_name.lower():\n                            self[self.KEY_PERMISSIVE_BINDINGS][f'''{binding['kind']}/{role_name}'''] = binding\n\n                    # set dodgy subjects\n                    for subject in binding['data'].get('subjects') or []:\n                        if subject['name'] in self.DODGY_SUBJECTS:\n                            subject_namespace = f'''[{subject['namespace']}] ''' if subject.get('namespace') else ''\n                            action = f'''{subject_namespace}{binding['version']}/{subject['kind']}/{subject['name']}'''\n                            dodgy_subjects = self[self.KEY_DODGY_SUBJECTS].get(action, [])\n                            dodgy_subjects.append(binding)\n                            self[self.KEY_DODGY_SUBJECTS][action] = dodgy_subjects\n\n        for dangerous_verb, dangerous_resource in self.DANGEROUS_GRANTS:\n            action = f'{dangerous_verb} {dangerous_resource}' if dangerous_resource else dangerous_verb\n            self[self.KEY_DANGEROUS_GRANTS][action] = []\n\n            child_name = 'cluster_role'\n            for version in self[child_name]:\n                resources = self[f'{child_name}_{version}']['resources']\n                for role_name in resources:\n                    role = resources[role_name]\n\n                    for rule in role['data'].get('rules') or []:\n\n                        verb_is_dangerous = False\n                        resource_is_dangerous = False\n\n                        for verb in rule['verbs']:\n                            if verb in ['*', dangerous_verb]:\n                                verb_is_dangerous = True\n                                break\n\n                        for _resources in rule.get('resources') or []:\n                            if _resources in ['*', dangerous_resource] or dangerous_resource == '':\n                                dangerous_resource = _resources\n                                resource_is_dangerous = True\n                                break\n\n                        if not (verb_is_dangerous and resource_is_dangerous):\n                            continue\n\n                        binding_child_name = 'cluster_role_binding'\n                        for binding_version in self[binding_child_name]:\n                            binding_resources = self[f'{binding_child_name}_{binding_version}']['resources']\n                            for binding_name in binding_resources:\n                                binding = binding_resources[binding_name]\n\n                                if binding['data']['roleRef']['name'] != role_name.split('_')[-1]:\n                                    continue\n\n                                subjects = binding['data']['subjects'] or []\n                                if len(subjects) == 0:\n                                    continue\n\n                                for subject in subjects:\n                                    self[self.KEY_DANGEROUS_GRANTS][action].append({\n                                        'kind': subject['kind'],\n                                        'name': subject['name'],\n                                        'verb': dangerous_verb,\n                                        'resource': dangerous_resource or '-',\n                                        'binding_kind': binding['data']['roleRef']['kind'],\n                                        'binding_name': binding['metadata']['name'],\n                                        'namespace': subject.get('namespace') or '-'\n                                    })\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/resources/version.py",
    "content": "from ScoutSuite.providers.kubernetes.resources.base import KubernetesResourcesWithFacade\n\n\nclass KubernetesVersions(KubernetesResourcesWithFacade):\n    async def fetch_all(self):\n        details = self.facade.version.get_versions()\n        self['details'] = {\n            'v1': details\n        }\n        self['details_count'] = len(details)\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/resources/workload.py",
    "content": "from ScoutSuite.providers.kubernetes.resources.base import KubernetesCompositeResources, KubernetesResourcesWithFacade\n\nclass Pod(KubernetesResourcesWithFacade):\n    async def fetch_all(self):\n        data = self.facade.core.get_resources().get('pod')\n        self.save(data)\n\nclass PodTemplate(KubernetesResourcesWithFacade):\n    async def fetch_all(self):\n        data = self.facade.core.get_resources().get('pod_template')\n        self.save(data)\n\nclass CronJob(KubernetesResourcesWithFacade):\n    async def fetch_all(self):\n        data = self.facade.extra.get_resources().get('cron_job')\n        self.save(data)\n\nclass DaemonSet(KubernetesResourcesWithFacade):\n    async def fetch_all(self):\n        data = self.facade.extra.get_resources().get('daemon_set')\n        self.save(data)\n\nclass Deployment(KubernetesResourcesWithFacade):\n    async def fetch_all(self):\n        data = self.facade.extra.get_resources().get('deployment')\n        self.save(data)\n\nclass Job(KubernetesResourcesWithFacade):\n    async def fetch_all(self):\n        data = self.facade.extra.get_resources().get('job')\n        self.save(data)\n\nclass ReplicaSet(KubernetesResourcesWithFacade):\n    async def fetch_all(self):\n        data = self.facade.extra.get_resources().get('replica_set')\n        self.save(data)\n\nclass StatefulSet(KubernetesResourcesWithFacade):\n    async def fetch_all(self):\n        data = self.facade.extra.get_resources().get('stateful_set')\n        self.save(data)\n\nclass Workload(KubernetesCompositeResources):\n    _children = [\n        (Pod, 'pod'),\n        (PodTemplate, 'pod_template'),\n        (CronJob, 'cron_job'),\n        (DaemonSet, 'daemon_set'),\n        (Deployment, 'deployment'),\n        (Job, 'job'),\n        (ReplicaSet, 'replica_set'),\n        (StatefulSet, 'stateful_set')\n    ]\n\n    container_path_prefixes = {\n        'pod': ['data', 'spec'],\n        'daemon_set': ['data', 'spec', 'template', 'spec'],\n        'deployment': ['data', 'spec', 'template', 'spec'],\n        'replica_set': ['data', 'spec', 'template', 'spec'],\n        'pod_template': ['data', 'spec', 'template', 'spec'],\n        'stateful_set': ['data', 'spec', 'template', 'spec'],\n        'job': ['data', 'spec', 'template', 'spec'],\n        'cron_job': ['data', 'spec', 'jobTemplate', 'spec', 'template', 'spec']\n    }\n\n    async def finalize(self):\n        self['images'] = []\n\n        for _, child_name in self._children:\n            for version in self[child_name]:\n                resources = self[f'{child_name}_{version}']['resources']\n                for resource_name in resources:\n                    spec = resources[resource_name]\n                    for key in self.container_path_prefixes[child_name]:\n                        spec = spec[key]\n\n                    containers = spec['containers']\n                    for container in containers:\n                        self['images'].append(container['image'])\n\n                    init_containers = spec.get('initContainers', [])\n                    for container in init_containers:\n                        self['images'].append(container['image'])\n\n                    ephemeral_containers = spec.get('ephemeralContainers', [])\n                    for container in ephemeral_containers:\n                        self['images'].append(container['image'])\n\n        self['images'] = list(set(self['images']))\n        self['images'].sort()"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/configmap-unnecessary-secrets.json",
    "content": "{\n    \"description\": \"Unnecessary Secrets in ConfigMap\",\n    \"rationale\": \"Kubernetes administrators are encouraged to review secrets in ConfigMap manifests and remove the unnecessary ones.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/configmap/\"\n    ],\n    \"dashboard_name\": \"ConfigMaps\",\n    \"display_path\": \"config_map.v1.id\",\n    \"path\": \"config_map.v1.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"data\",\n            \"notNull\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/cron-job-apparmor-annotation-missing.json",
    "content": "{\n    \"description\": \"AppArmor Annotation Missing\",\n    \"rationale\": \"The container.apparmor.security.beta.kubernetes.io annotation is missing. A compromised container with AppArmor disabled makes privilege escalation easier.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tutorials/security/apparmor/\"\n    ],\n    \"dashboard_name\": \"CronJobs\",\n    \"display_path\": \"cron_job.v1-batch.id\",\n    \"path\": \"cron_job.v1-batch.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cron_job.v1-batch.resources.id.metadata\",\n            \"withoutKey\",\n            \"annotations\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.metadata.annotations\",\n            \"withoutKey\",\n            \"container.apparmor.security.beta.kubernetes.io\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/cron-job-automounted-service-account-token.json",
    "content": "{\n    \"description\": \"Automounted Service Account Token\",\n    \"rationale\": \"Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\"\n    ],\n    \"dashboard_name\": \"CronJobs\",\n    \"display_path\": \"cron_job.v1-batch.id\",\n    \"path\": \"cron_job.v1-batch.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cron_job.v1-batch.resources.id.data.spec\",\n            \"withoutKey\",\n            \"automountServiceAccountToken\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.automountServiceAccountToken\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.automountServiceAccountToken\",\n            \"true\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-ability-to-modify-root-filesystem.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Ability to Modify Root Filesystem\",\n    \"rationale\": \"Root filesystems should be read-only where possible.\",\n    \"remediation\": \"spec.jobTemplate.spec.template.spec.(c|initC|ephemeralC)ontainers[].securityContext.readOnlyRootFilesystem should be explicitly set to true for the affected containers.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"CronJobs\",\n    \"display_path\": \"cron_job.v1-batch.id\",\n    \"path\": \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"readOnlyRootFilesystem\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-allowing-privilege-escalation.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Allowing Privilege Escalation\",\n    \"rationale\": \"A container should disallow privilege escalation where possible. allowPrivilegeEscalation should be explicitly set to false.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"CronJobs\",\n    \"display_path\": \"cron_job.v1-batch.id\",\n    \"path\": \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"allowPrivilegeEscalation\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-running-as-root-group.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Running As Root Group\",\n    \"rationale\": \"Where possible, runAsGroup should be set to a value greater than 0.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"CronJobs\",\n    \"display_path\": \"cron_job.v1-batch.id\",\n    \"path\": \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"and\",\n            [\n                \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.securityContext.runAsGroup\",\n                \"equal\",\n                \"0\"\n            ]\n        ],\n        [\n            \"and\",\n            [\n                \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.runAsGroup\",\n                \"equal\",\n                \"0\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsGroup\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-running-as-root-user.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Running As Root User\",\n    \"rationale\": \"Where possible, runAsUser should be set to a value greater than 0.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"CronJobs\",\n    \"display_path\": \"cron_job.v1-batch.id\",\n    \"path\": \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"and\",\n            [\n                \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.securityContext.runAsUser\",\n                \"equal\",\n                \"0\"\n            ]\n        ],\n        [\n            \"and\",\n            [\n                \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.runAsUser\",\n                \"equal\",\n                \"0\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsUser\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-with-overly-permissive-capabilities.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer with Permissive Capabilities\",\n    \"rationale\": \"A container should drop all and add the necessary capabilities by default.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"CronJobs\",\n    \"display_path\": \"cron_job.v1-batch.id\",\n    \"path\": \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"capabilities\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.capabilities\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.capabilities.drop\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"capabilities.drop\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-with-possible-root-privileges.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer with Possible Root Privileges\",\n    \"rationale\": \"Where possible, runAsNonRoot should be set to true to prevent the container from running as root.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"CronJobs\",\n    \"display_path\": \"cron_job.v1-batch.id\",\n    \"path\": \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"or\",\n            [\n                \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.securityContext.runAsNonRoot\",\n                \"null\",\n                \"\"\n            ],\n            [\n                \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.securityContext.runAsNonRoot\",\n                \"false\",\n                \"\"\n            ]\n        ],\n        [\n            \"or\",\n            [\n                \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.runAsNonRoot\",\n                \"null\",\n                \"\"\n            ],\n            [\n                \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.runAsNonRoot\",\n                \"false\",\n                \"\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsNonRoot\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-ipc-true.json",
    "content": "{\n    \"description\": \"CronJobs Using Host IPC\",\n    \"rationale\": \"A compromised pod with hostIPC set to true in PodSpec can be used as a pivot to the host IPC.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"CronJobs\",\n    \"display_path\": \"cron_job.v1-batch.id\",\n    \"path\": \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec\",\n            \"withKey\",\n            \"host_ipc\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.host_ipc\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_ipc\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-network-true.json",
    "content": "{\n    \"description\": \"CronJobs Using Host Networking\",\n    \"rationale\": \"A compromised pod with hostNetwork set to true in PodSpec can be used as a pivot to the host network.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"CronJobs\",\n    \"display_path\": \"cron_job.v1-batch.id\",\n    \"path\": \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec\",\n            \"withKey\",\n            \"host_network\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.host_network\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_network\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-pid-true.json",
    "content": "{\n    \"description\": \"CronJobs Using Host PID\",\n    \"rationale\": \"A compromised pod with hostPID set to true in PodSpec can be used as a pivot to the host PID.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"CronJobs\",\n    \"display_path\": \"cron_job.v1-batch.id\",\n    \"path\": \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec\",\n            \"withKey\",\n            \"host_pid\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.host_pid\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_pid\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/cron-job-kubernetes-container-manifest-hardening.json",
    "content": "{\n    \"description\": \"Kubernetes Container/InitContainer/EphemeralContainer Manifest Hardening\",\n    \"rationale\": \"Several security options in the affected resources could be enabled to harden assocated containers.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://www.cisecurity.org/benchmark/docker/\"\n    ],\n    \"dashboard_name\": \"CronJobs\",\n    \"display_path\": \"cron_job.v1-batch.id\",\n    \"path\": \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"allowPrivilegeEscalation\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"readOnlyRootFilesystem\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"capabilities\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.capabilities\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.capabilities.drop\",\n            \"null\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/cron-job-privileged-container-running.json",
    "content": "{\n    \"description\": \"Privileged Container/InitContainer/EphemeralContainer Running\",\n    \"rationale\": \"Access to privileged container may result in privilege escalation. Administrators are encouraged to remove the privileged status of a pod if unncessary.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\"\n    ],\n    \"dashboard_name\": \"CronJobs\",\n    \"display_path\": \"cron_job.v1-batch.id\",\n    \"path\": \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext\",\n            \"notNull\",\n            \"\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.privileged\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"privileged\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-cpu-limit.json",
    "content": "{\n    \"description\": \"Resources without Defined CPU Limit\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"CronJobs\",\n    \"display_path\": \"cron_job.v1-batch.id\",\n    \"path\": \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"cpu\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources.limits.cpu\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"cpu\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-limits.json",
    "content": "{\n    \"description\": \"Resources without Defined Limits\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"CronJobs\",\n    \"display_path\": \"cron_job.v1-batch.id\",\n    \"path\": \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources\",\n            \"withoutKey\",\n            \"limits\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"memory\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"cpu\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-memory-limit.json",
    "content": "{\n    \"description\": \"Resources without Defined Memory Limit\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"CronJobs\",\n    \"display_path\": \"cron_job.v1-batch.id\",\n    \"path\": \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"memory\"\n        ],\n        [\n            \"cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources.limits.memory\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"memory\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/daemonset-apparmor-annotation-missing.json",
    "content": "{\n    \"description\": \"AppArmor Annotation Missing\",\n    \"rationale\": \"The container.apparmor.security.beta.kubernetes.io annotation is missing. A compromised container with AppArmor disabled makes privilege escalation easier.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tutorials/security/apparmor/\"\n    ],\n    \"dashboard_name\": \"DaemonSets\",\n    \"display_path\": \"daemon_set.v1-apps.id\",\n    \"path\": \"daemon_set.v1-apps.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"daemon_set.v1-apps.resources.id.metadata\",\n            \"withoutKey\",\n            \"annotations\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.metadata.annotations\",\n            \"withoutKey\",\n            \"container.apparmor.security.beta.kubernetes.io\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/daemonset-automounted-service-account-token.json",
    "content": "{\n    \"description\": \"Automounted Service Account Token\",\n    \"rationale\": \"Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\"\n    ],\n    \"dashboard_name\": \"DaemonSets\",\n    \"display_path\": \"daemon_set.v1-apps.id\",\n    \"path\": \"daemon_set.v1-apps.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec\",\n            \"withoutKey\",\n            \"automountServiceAccountToken\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.automountServiceAccountToken\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.automountServiceAccountToken\",\n            \"true\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-ability-to-modify-root-filesystem.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Ability to Modify Root Filesystem\",\n    \"rationale\": \"Root filesystems should be read-only where possible.\",\n    \"remediation\": \"spec.template.spec.(c|initC|ephemeralC)ontainers[].securityContext.readOnlyRootFilesystem should be explicitly set to true for the affected containers.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"DaemonSets\",\n    \"display_path\": \"daemon_set.v1-apps.id\",\n    \"path\": \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.readOnlyRootFilesystem\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.readOnlyRootFilesystem\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"readOnlyRootFilesystem\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-allowing-privilege-escalation.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Allowing Privilege Escalation\",\n    \"rationale\": \"A container should disallow privilege escalation where possible. allowPrivilegeEscalation should be explicitly set to false.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"DaemonSets\",\n    \"display_path\": \"daemon_set.v1-apps.id\",\n    \"path\": \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"daemonset.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"daemonset.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"allowPrivilegeEscalation\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-running-as-root-group.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Running As Root Group\",\n    \"rationale\": \"Where possible, runAsGroup should be set to a value greater than 0.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"DaemonSets\",\n    \"display_path\": \"daemon_set.v1-apps.id\",\n    \"path\": \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"notNull\",\n            \"\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsGroup\",\n            \"equal\",\n            \"0\"\n        ]\n    ],\n    \"id_suffix\": \"runAsGroup\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-running-as-root-user.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Running As Root User\",\n    \"rationale\": \"Where possible, runAsUser should be set to a value greater than 0.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"DaemonSets\",\n    \"display_path\": \"daemon_set.v1-apps.id\",\n    \"path\": \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"notNull\",\n            \"\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsUser\",\n            \"equal\",\n            \"0\"\n        ]\n    ],\n    \"id_suffix\": \"runAsUser\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-with-overly-permissive-capabilities.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer with Permissive Capabilities\",\n    \"rationale\": \"A container should drop all and add the necessary capabilities by default.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"DaemonSets\",\n    \"display_path\": \"daemon_set.v1-apps.id\",\n    \"path\": \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"capabilities\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"capabilities.drop\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-with-possible-root-privileges.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer with Possible Root Privileges\",\n    \"rationale\": \"Where possible, runAsNonRoot should be set to true to prevent the container from running as root.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"DaemonSets\",\n    \"display_path\": \"daemon_set.v1-apps.id\",\n    \"path\": \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.runAsNonRoot\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.runAsNonRoot\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"runAsNonRoot\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-ipc-true.json",
    "content": "{\n    \"description\": \"DaemonSets Using Host IPC\",\n    \"rationale\": \"A compromised pod with hostIPC set to true in PodSpec can be used as a pivot to the host IPC.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"DaemonSets\",\n    \"display_path\": \"daemon_set.v1-apps.id\",\n    \"path\": \"daemon_set.v1-apps.resources.id.data.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec\",\n            \"withKey\",\n            \"host_ipc\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.host_ipc\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_ipc\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-network-true.json",
    "content": "{\n    \"description\": \"DaemonSets Using Host Networking\",\n    \"rationale\": \"A compromised pod with hostNetwork set to true in PodSpec can be used as a pivot to the host network.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"DaemonSets\",\n    \"display_path\": \"daemon_set.v1-apps.id\",\n    \"path\": \"daemon_set.v1-apps.resources.id.data.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec\",\n            \"withKey\",\n            \"host_network\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.host_network\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_network\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-pid-true.json",
    "content": "{\n    \"description\": \"DaemonSets Using Host PID\",\n    \"rationale\": \"A compromised pod with hostPID set to true in PodSpec can be used as a pivot to the host PID.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"DaemonSets\",\n    \"display_path\": \"daemon_set.v1-apps.id\",\n    \"path\": \"daemon_set.v1-apps.resources.id.data.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec\",\n            \"withKey\",\n            \"host_pid\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.host_pid\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_pid\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/daemonset-kubernetes-container-manifest-hardening.json",
    "content": "{\n    \"description\": \"Kubernetes Container/InitContainer/EphemeralContainer Manifest Hardening\",\n    \"rationale\": \"Several security options in the affected resources could be enabled to harden assocated containers.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://www.cisecurity.org/benchmark/docker/\"\n    ],\n    \"dashboard_name\": \"DaemonSets\",\n    \"display_path\": \"daemon_set.v1-apps.id\",\n    \"path\": \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"allowPrivilegeEscalation\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"readOnlyRootFilesystem\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"capabilities\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop\",\n            \"null\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/daemonset-privileged-container-running.json",
    "content": "{\n    \"description\": \"Privileged Container/InitContainer/EphemeralContainer Running\",\n    \"rationale\": \"Access to privileged container may result in privilege escalation. Administrators are encouraged to remove the privileged status of a pod if unncessary.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\"\n    ],\n    \"dashboard_name\": \"DaemonSets\",\n    \"display_path\": \"daemon_set.v1-apps.id\",\n    \"path\": \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"notNull\",\n            \"\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.privileged\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"privileged\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-cpu-limit.json",
    "content": "{\n    \"description\": \"Resources without Defined CPU Limit\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"DaemonSets\",\n    \"display_path\": \"daemon_set.v1-apps.id\",\n    \"path\": \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"cpu\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits.cpu\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"cpu\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-limits.json",
    "content": "{\n    \"description\": \"Resources without Defined Limits\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"DaemonSets\",\n    \"display_path\": \"daemon_set.v1-apps.id\",\n    \"path\": \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources\",\n            \"withoutKey\",\n            \"limits\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"and\",\n            [\n                \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n                \"withoutKey\",\n                \"memory\"\n            ],\n            [\n                \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n                \"withoutKey\",\n                \"cpu\"\n            ]\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-memory-limit.json",
    "content": "{\n    \"description\": \"Resources without Defined Memory Limit\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"DaemonSets\",\n    \"display_path\": \"daemon_set.v1-apps.id\",\n    \"path\": \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"memory\"\n        ],\n        [\n            \"daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits.memory\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"memory\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/deployment-apparmor-annotation-missing.json",
    "content": "{\n    \"description\": \"AppArmor Annotation Missing\",\n    \"rationale\": \"The container.apparmor.security.beta.kubernetes.io annotation is missing. A compromised container with AppArmor disabled makes privilege escalation easier.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tutorials/security/apparmor/\"\n    ],\n    \"dashboard_name\": \"Deployments\",\n    \"display_path\": \"deployment.v1-apps.id\",\n    \"path\": \"deployment.v1-apps.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"deployment.v1-apps.resources.id.metadata\",\n            \"withoutKey\",\n            \"annotations\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.metadata.annotations\",\n            \"withoutKey\",\n            \"container.apparmor.security.beta.kubernetes.io\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/deployment-automounted-service-account-token.json",
    "content": "{\n    \"description\": \"Automounted Service Account Token\",\n    \"rationale\": \"Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\"\n    ],\n    \"dashboard_name\": \"Deployments\",\n    \"display_path\": \"deployment.v1-apps.id\",\n    \"path\": \"deployment.v1-apps.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"deployment.v1-apps.resources.id.data.spec\",\n            \"withoutKey\",\n            \"automountServiceAccountToken\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.automountServiceAccountToken\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.automountServiceAccountToken\",\n            \"true\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/deployment-container-ability-to-modify-root-filesystem.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Ability to Modify Root Filesystem\",\n    \"rationale\": \"Root filesystems should be read-only where possible.\",\n    \"remediation\": \"spec.template.spec.(c|initC|ephemeralC)ontainers[].securityContext.readOnlyRootFilesystem should be explicitly set to true for the affected containers.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Deployments\",\n    \"display_path\": \"deployment.v1-apps.id\",\n    \"path\": \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"readOnlyRootFilesystem\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/deployment-container-allowing-privilege-escalation.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Allowing Privilege Escalation\",\n    \"rationale\": \"A container should disallow privilege escalation where possible. allowPrivilegeEscalation should be explicitly set to false.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Deployments\",\n    \"display_path\": \"deployment.v1-apps.id\",\n    \"path\": \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"allowPrivilegeEscalation\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/deployment-container-running-as-root-group.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Running As Root Group\",\n    \"rationale\": \"Where possible, runAsGroup should be set to a value greater than 0.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Deployments\",\n    \"display_path\": \"deployment.v1-apps.id\",\n    \"path\": \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"and\",\n            [\n                \"deployment.v1-apps.resources.id.data.spec.template.spec.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"deployment.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsGroup\",\n                \"equal\",\n                \"0\"\n            ]\n        ],\n        [\n            \"and\",\n            [\n                \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsGroup\",\n                \"equal\",\n                \"0\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsGroup\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/deployment-container-running-as-root-user.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Running As Root User\",\n    \"rationale\": \"Where possible, runAsUser should be set to a value greater than 0.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Deployments\",\n    \"display_path\": \"deployment.v1-apps.id\",\n    \"path\": \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"and\",\n            [\n                \"deployment.v1-apps.resources.id.data.spec.template.spec.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"deployment.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsUser\",\n                \"equal\",\n                \"0\"\n            ]\n        ],\n        [\n            \"and\",\n            [\n                \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsUser\",\n                \"equal\",\n                \"0\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsUser\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/deployment-container-with-overly-permissive-capabilities.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer with Permissive Capabilities\",\n    \"rationale\": \"A container should drop all and add the necessary capabilities by default.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Deployments\",\n    \"display_path\": \"deployment.v1-apps.id\",\n    \"path\": \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"capabilities\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"capabilities.drop\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/deployment-container-with-possible-root-privileges.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer with Possible Root Privileges\",\n    \"rationale\": \"Where possible, runAsNonRoot should be set to true to prevent the container from running as root.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Deployments\",\n    \"display_path\": \"deployment.v1-apps.id\",\n    \"path\": \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"or\",\n            [\n                \"deployment.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsNonRoot\",\n                \"null\",\n                \"\"\n            ],\n            [\n                \"deployment.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsNonRoot\",\n                \"false\",\n                \"\"\n            ]\n        ],\n        [\n            \"or\",\n            [\n                \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot\",\n                \"null\",\n                \"\"\n            ],\n            [\n                \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot\",\n                \"false\",\n                \"\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsNonRoot\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/deployment-host-ipc-true.json",
    "content": "{\n    \"description\": \"Deployments Using Host IPC\",\n    \"rationale\": \"A compromised pod with hostIPC set to true in PodSpec can be used as a pivot to the host IPC.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Deployments\",\n    \"display_path\": \"deployment.v1-apps.id\",\n    \"path\": \"deployment.v1-apps.resources.id.data.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec\",\n            \"withKey\",\n            \"host_ipc\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.host_ipc\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_ipc\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/deployment-host-network-true.json",
    "content": "{\n    \"description\": \"Deployments Using Host Networking\",\n    \"rationale\": \"A compromised pod with hostNetwork set to true in PodSpec can be used as a pivot to the host network.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Deployments\",\n    \"display_path\": \"deployment.v1-apps.id\",\n    \"path\": \"deployment.v1-apps.resources.id.data.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec\",\n            \"withKey\",\n            \"host_network\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.host_network\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_network\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/deployment-host-pid-true.json",
    "content": "{\n    \"description\": \"Deployments Using Host PID\",\n    \"rationale\": \"A compromised pod with hostPID set to true in PodSpec can be used as a pivot to the host PID.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Deployments\",\n    \"display_path\": \"deployment.v1-apps.id\",\n    \"path\": \"deployment.v1-apps.resources.id.data.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec\",\n            \"withKey\",\n            \"host_pid\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.host_pid\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_pid\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/deployment-kubernetes-container-manifest-hardening.json",
    "content": "{\n    \"description\": \"Kubernetes Container/InitContainer/EphemeralContainer Manifest Hardening\",\n    \"rationale\": \"Several security options in the affected resources could be enabled to harden assocated containers.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://www.cisecurity.org/benchmark/docker/\"\n    ],\n    \"dashboard_name\": \"Deployments\",\n    \"display_path\": \"deployment.v1-apps.id\",\n    \"path\": \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"allowPrivilegeEscalation\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"readOnlyRootFilesystem\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"capabilities\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop\",\n            \"null\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/deployment-privileged-container-running.json",
    "content": "{\n    \"description\": \"Privileged Container/InitContainer/EphemeralContainer Running\",\n    \"rationale\": \"Access to privileged container may result in privilege escalation. Administrators are encouraged to remove the privileged status of a pod if unncessary.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\"\n    ],\n    \"dashboard_name\": \"Deployments\",\n    \"display_path\": \"deployment.v1-apps.id\",\n    \"path\": \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"notNull\",\n            \"\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.privileged\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"privileged\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-cpu-limit.json",
    "content": "{\n    \"description\": \"Resources without Defined CPU Limit\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"Deployments\",\n    \"display_path\": \"deployment.v1-apps.id\",\n    \"path\": \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"cpu\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits.cpu\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"cpu\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-limits.json",
    "content": "{\n    \"description\": \"Resources without Defined Limits\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"Deployments\",\n    \"display_path\": \"deployment.v1-apps.id\",\n    \"path\": \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources\",\n            \"withoutKey\",\n            \"limits\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"memory\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"cpu\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-memory-limit.json",
    "content": "{\n    \"description\": \"Resources without Defined Memory Limit\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"Deployments\",\n    \"display_path\": \"deployment.v1-apps.id\",\n    \"path\": \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"memory\"\n        ],\n        [\n            \"deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits.memory\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"memory\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/eks-insufficient-control-plane-logging.json",
    "content": "{\n    \"description\": \"Insufficient Control Plane Logging\",\n    \"rationale\": \"Certain logging options are disabled in the EKS control plane, creating difficulties in asserting accountability.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html\"\n    ],\n    \"dashboard_name\": \"Configurations\",\n    \"path\": \"eks.logging.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"enabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/eks-kms-encryption-disabled.json",
    "content": "{\n    \"description\": \"KMS Encryption Disabled\",\n    \"rationale\": \"Without KMS encryption, it may be easier to obtain Kubernetes cluster secrets unauthorized.\",\n    \"references\": [\n        \"https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html\",\n        \"https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/\",\n        \"https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html\",\n        \"https://docs.aws.amazon.com/kms/latest/developerguide/overview.html\",\n        \"https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html\"\n    ],\n    \"dashboard_name\": \"Configurations\",\n    \"display_path\": \"eks.encryption.id\",\n    \"path\": \"eks\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"eks.encryption_count\",\n            \"equal\",\n            \"0\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/eks-publically-accessible-apiserver.json",
    "content": "{\n    \"description\": \"Publically Accessible API Server\",\n    \"rationale\": \" A publically accessible Kubernetes API server may enable arbitrary view or modification of cluster data.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/\",\n        \"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html\"\n    ],\n    \"dashboard_name\": \"VPC Configs\",\n    \"path\": \"eks.vpc.config\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"eks.vpc.config.endpointPublicAccess\",\n            \"true\",\n            \"\"\n        ],\n        [\n            \"eks.vpc.config.publicAccessCidrs\",\n            \"containAtLeastOneOf\",\n            \"0.0.0.0/0\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/job-apparmor-annotation-missing.json",
    "content": "{\n    \"description\": \"AppArmor Annotation Missing\",\n    \"rationale\": \"The container.apparmor.security.beta.kubernetes.io annotation is missing. A compromised container with AppArmor disabled makes privilege escalation easier.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tutorials/security/apparmor/\"\n    ],\n    \"dashboard_name\": \"Jobs\",\n    \"display_path\": \"job.v1-batch.id\",\n    \"path\": \"job.v1-batch.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"job.v1-batch.resources.id.metadata\",\n            \"withoutKey\",\n            \"annotations\"\n        ],\n        [\n            \"job.v1-batch.resources.id.metadata.annotations\",\n            \"withoutKey\",\n            \"container.apparmor.security.beta.kubernetes.io\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/job-automounted-service-account-token.json",
    "content": "{\n    \"description\": \"Automounted Service Account Token\",\n    \"rationale\": \"Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\"\n    ],\n    \"dashboard_name\": \"Jobs\",\n    \"display_path\": \"job.v1-batch.id\",\n    \"path\": \"job.v1-batch.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"job.v1-batch.resources.id.data.spec\",\n            \"withoutKey\",\n            \"automountServiceAccountToken\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.automountServiceAccountToken\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.automountServiceAccountToken\",\n            \"true\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/job-container-ability-to-modify-root-filesystem.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Ability to Modify Root Filesystem\",\n    \"rationale\": \"Root filesystems should be read-only where possible.\",\n    \"remediation\": \"spec.template.spec.(c|initC|ephemeralC)ontainers[].securityContext.readOnlyRootFilesystem should be explicitly set to true for the affected containers.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Jobs\",\n    \"display_path\": \"job.v1-batch.id\",\n    \"path\": \"job.v1-batch.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"readOnlyRootFilesystem\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/job-container-allowing-privilege-escalation.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Allowing Privilege Escalation\",\n    \"rationale\": \"A container should disallow privilege escalation where possible. allowPrivilegeEscalation should be explicitly set to false.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Jobs\",\n    \"display_path\": \"job.v1-batch.id\",\n    \"path\": \"job.v1-batch.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"allowPrivilegeEscalation\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/job-container-running-as-root-group.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Running As Root Group\",\n    \"rationale\": \"Where possible, runAsGroup should be set to a value greater than 0.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Jobs\",\n    \"display_path\": \"job.v1-batch.id\",\n    \"path\": \"job.v1-batch.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"and\",\n            [\n                \"job.v1-batch.resources.id.data.spec.template.spec.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"job.v1-batch.resources.id.data.spec.template.spec.securityContext.runAsGroup\",\n                \"equal\",\n                \"0\"\n            ]\n        ],\n        [\n            \"and\",\n            [\n                \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.runAsGroup\",\n                \"equal\",\n                \"0\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsGroup\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/job-container-running-as-root-user.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Running As Root User\",\n    \"rationale\": \"Where possible, runAsUser should be set to a value greater than 0.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Jobs\",\n    \"display_path\": \"job.v1-batch.id\",\n    \"path\": \"job.v1-batch.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"and\",\n            [\n                \"job.v1-batch.resources.id.data.spec.template.spec.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"job.v1-batch.resources.id.data.spec.template.spec.securityContext.runAsUser\",\n                \"equal\",\n                \"0\"\n            ]\n        ],\n        [\n            \"and\",\n            [\n                \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.runAsUser\",\n                \"equal\",\n                \"0\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsUser\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/job-container-with-overly-permissive-capabilities.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer with Permissive Capabilities\",\n    \"rationale\": \"A container should drop all and add the necessary capabilities by default.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Jobs\",\n    \"display_path\": \"job.v1-batch.id\",\n    \"path\": \"job.v1-batch.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"capabilities\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"capabilities.drop\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/job-container-with-possible-root-privileges.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer with Possible Root Privileges\",\n    \"rationale\": \"Where possible, runAsNonRoot should be set to true to prevent the container from running as root.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Jobs\",\n    \"display_path\": \"job.v1-batch.id\",\n    \"path\": \"job.v1-batch.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"or\",\n            [\n                \"job.v1-batch.resources.id.data.spec.template.spec.securityContext.runAsNonRoot\",\n                \"null\",\n                \"\"\n            ],\n            [\n                \"job.v1-batch.resources.id.data.spec.template.spec.securityContext.runAsNonRoot\",\n                \"false\",\n                \"\"\n            ]\n        ],\n        [\n            \"or\",\n            [\n                \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot\",\n                \"null\",\n                \"\"\n            ],\n            [\n                \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot\",\n                \"false\",\n                \"\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsNonRoot\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/job-host-ipc-true.json",
    "content": "{\n    \"description\": \"Jobs Using Host IPC\",\n    \"rationale\": \"A compromised pod with hostIPC set to true in PodSpec can be used as a pivot to the host IPC.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Jobs\",\n    \"display_path\": \"job.v1-batch.id\",\n    \"path\": \"job.v1-batch.resources.id.data.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec\",\n            \"withKey\",\n            \"host_ipc\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.host_ipc\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_ipc\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/job-host-network-true.json",
    "content": "{\n    \"description\": \"Jobs Using Host Networking\",\n    \"rationale\": \"A compromised pod with hostNetwork set to true in PodSpec can be used as a pivot to the host network.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Jobs\",\n    \"display_path\": \"job.v1-batch.id\",\n    \"path\": \"job.v1-batch.resources.id.data.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec\",\n            \"withKey\",\n            \"host_network\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.host_network\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_network\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/job-host-pid-true.json",
    "content": "{\n    \"description\": \"Jobs Using Host PID\",\n    \"rationale\": \"A compromised pod with hostPID set to true in PodSpec can be used as a pivot to the host PID.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Jobs\",\n    \"display_path\": \"job.v1-batch.id\",\n    \"path\": \"job.v1-batch.resources.id.data.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec\",\n            \"withKey\",\n            \"host_pid\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.host_pid\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_pid\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/job-kubernetes-container-manifest-hardening.json",
    "content": "{\n    \"description\": \"Kubernetes Container/InitContainer/EphemeralContainer Manifest Hardening\",\n    \"rationale\": \"Several security options in the affected resources could be enabled to harden assocated containers.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://www.cisecurity.org/benchmark/docker/\"\n    ],\n    \"dashboard_name\": \"Jobs\",\n    \"display_path\": \"job.v1-batch.id\",\n    \"path\": \"job.v1-batch.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"allowPrivilegeEscalation\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"readOnlyRootFilesystem\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"capabilities\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop\",\n            \"null\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/job-privileged-container-running.json",
    "content": "{\n    \"description\": \"Privileged Container/InitContainer/EphemeralContainer Running\",\n    \"rationale\": \"Access to privileged container may result in privilege escalation. Administrators are encouraged to remove the privileged status of a pod if unncessary.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\"\n    ],\n    \"dashboard_name\": \"Jobs\",\n    \"display_path\": \"job.v1-batch.id\",\n    \"path\": \"job.v1-batch.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"notNull\",\n            \"\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.privileged\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"privileged\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-cpu-limit.json",
    "content": "{\n    \"description\": \"Resources without Defined CPU Limit\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"Jobs\",\n    \"display_path\": \"job.v1-batch.id\",\n    \"path\": \"job.v1-batch.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"cpu\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources.limits.cpu\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"cpu\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-limits.json",
    "content": "{\n    \"description\": \"Resources without Defined Limits\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"Jobs\",\n    \"display_path\": \"job.v1-batch.id\",\n    \"path\": \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources\",\n            \"withoutKey\",\n            \"limits\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"memory\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"cpu\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-memory-limit.json",
    "content": "{\n    \"description\": \"Resources without Defined Memory Limit\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"Jobs\",\n    \"display_path\": \"job.v1-batch.id\",\n    \"path\": \"job.v1-batch.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"memory\"\n        ],\n        [\n            \"job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources.limits.memory\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"memory\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-basic-authentication-enabled.json",
    "content": "{\n    \"description\": \"Basic Authentication Enabled\",\n    \"rationale\": \"Basic authentication allows a user to authenticate to the cluster with a username and password and it is stored in plain text without any encryption. Disabling Basic authentication will prevent attacks like brute force. Its recommended to use either client certificate or IAM for authentication.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.10\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.8.1\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_authn_methods\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#evaluation_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.basic_authentication_enabled\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"basic_authentication_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-certificate-authentication-enabled.json",
    "content": "{\n    \"description\": \"Certificate Authentication Enabled\",\n    \"rationale\": \"Unless applications use the client certificate authentication method, it should be disabled.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.8.2\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_authn_methods\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#evaluation_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.client_certificate_enabled\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"client_certificate_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-alias-ip-disabled.json",
    "content": "{\n    \"description\": \"Alias IP Disabled\",\n    \"rationale\": \"With Alias IPs ranges enabled, Kubernetes Engine clusters can allocate IP addresses from a CIDR block known to Google Cloud Platform. This makes your cluster more scalable and allows your cluster to better interact with other GCP products and entities.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.13\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.6.2\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.alias_ip_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"alias_ip_disabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-application-layer-encryption-disabled.json",
    "content": "{\n    \"description\": \"Application-Layer Secrets Encryption Disabled\",\n    \"rationale\": \"By default, GKE encrypts customer content stored at rest, including Secrets. GKE handles and manages this default encryption without any additional action.<br>Application-layer Secrets Encryption provides an additional layer of security for sensitive data, such as user defined Secrets and Secrets required for the operation of the cluster, such as service account keys, which are all stored in etcd.<br>Using this functionality, you can use a key, that you manage in Cloud KMS, to encrypt data at the application layer. This protects against attackers in the event that they manage to gain access to etcd.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.3.1\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/encrypting-secrets\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"application_layer_encryption_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"application_layer_encryption_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-binary-authorization-disabled.json",
    "content": "{\n    \"description\": \"Binary Authorization Disabled\",\n    \"rationale\": \"Binary Authorization provides software supply-chain security for images that you deploy to GKE from Google Container Registry (GCR) or another container image registry.<br>Binary Authorization requires images to be signed by trusted authorities during the development process. These signatures are then validated at deployment time. By enforcing validation, you can gain tighter control over your container environment by ensuring only verified images are integrated into the build-and-release process.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.10.5\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/binary-authorization/\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.binary_authorization_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"binary_authorization_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-has-no-labels.json",
    "content": "{\n    \"description\": \"Clusters Lacking Labels\",\n    \"rationale\": \"Labels enable users to map their own organizational structures onto system objects in a loosely coupled fashion, without requiring clients to store these mappings. Labels can also be used to apply specific security settings and auto configure objects at creation.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.5\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#use_namespaces_and_rbac_to_restrict_access_to_cluster_resources\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.has_labels\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"has_no_labels\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-logging-disabled.json",
    "content": "{\n    \"description\": \"Cluster Logging Disabled\",\n    \"rationale\": \"You should enable cluster logging and use a logging service so your cluster can export logs about its activities.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.1\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.7.1\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://kubernetes.io/docs/tasks/debug-application-cluster/audit/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#stackdriver_logging\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.logging_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"logging_disabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-master-authorized-networks-disabled.json",
    "content": "{\n    \"description\": \"Master Authorized Networks Disabled\",\n    \"rationale\": \"Master authorized networks blocks untrusted IP addresses from outside Google Cloud Platform. Addresses from inside GCP can still reach your master through HTTPS provided that they have the necessary Kubernetes credentials.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.4\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.6.3\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/authorized-networks\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.master_authorized_networks_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"master_authorized_networks_disabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-metadata-server-disabled.json",
    "content": "{\n    \"description\": \"GKE Metadata Server Disabled\",\n    \"rationale\": \"Every GKE node stores its metadata on a metadata server. Some of this metadata, such as kubelet credentials and the VM instance identity token, is sensitive and should not be exposed to a Kubernetes workload.<br>Enabling the GKE Metadata server prevents pods (that are not running on the host network) from accessing this metadata and facilitates Workload Identity.<br>When unspecified, the default setting allows running pods to have full access to the node's underlying metadata server.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.4.2\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/protecting-cluster-metadata#concealment\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"metadata_server_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"metadata_server_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-monitoring-disabled.json",
    "content": "{\n    \"description\": \"Cluster Monitoring Disabled\",\n    \"rationale\": \"You should enable cluster monitoring and use a monitoring service so your cluster can export metrics about its activities.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.2\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.7.1\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#stackdriver_logging\",\n        \"https://cloud.google.com/monitoring/kubernetes-engine#about-skm\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.monitoring_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"monitoring_disabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-network-policy-disabled.json",
    "content": "{\n    \"description\": \"Network Policy Disabled\",\n    \"rationale\": \"By default, pods are non-isolated; they accept traffic from any source. Pods become isolated by having a NetworkPolicy that selects them. Once there is any NetworkPolicy in a namespace selecting a particular pod, that pod will reject any connections that are not allowed by any NetworkPolicy.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.11\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.6.7\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_with_network_policy\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/security-overview#network_security\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.network_policy_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"network_policy_disabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-pod-security-policy-config-disabled.json",
    "content": "{\n    \"description\": \"Pod Security Policy Disabled\",\n    \"rationale\": \"A Pod Security Policy is a cluster-level resource that controls security sensitive aspects of the pod specification. The PodSecurityPolicy objects define a set of conditions that a pod must run with in order to be accepted into the system, as well as defaults for the related fields.\",\n    \"remediation\": \"Enable the Pod Security Policy. By default, Pod Security Policy is disabled when you create a new cluster.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.14\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.10.3\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.pod_security_policy_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"pod_security_policy_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-private-endpoint-disabled.json",
    "content": "{\n    \"description\": \"Private Cluster Endpoint Disabled\",\n    \"rationale\": \"In a private cluster, the master node has two endpoints, a private and public endpoint. The private endpoint is the internal IP address of the master, behind an internal load balancer in the master's VPC network. Nodes communicate with the master using the private endpoint. The public endpoint enables the Kubernetes API to be accessed from outside the master's VPC network.<br>Although Kubernetes API requires an authorized token to perform sensitive actions, a vulnerability could potentially expose the Kubernetes publicly with unrestricted access. Additionally, an attacker may be able to identify the current cluster and Kubernetes API version and determine whether it is vulnerable to an attack.<br>Unless required, disabling public endpoint will help prevent such threats, and require the attacker to be on the master's VPC network to perform any attack on the Kubernetes API.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.15\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.6.4\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.private_endpoint_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"private_endpoint_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-private-google-access-disabled.json",
    "content": "{\n    \"description\": \"Private Google Access Disabled\",\n    \"rationale\": \"Enabling Private Google Access allows hosts on a subnetwork to use a private IP address to reach Google APIs rather than an external IP address.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.16\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.private_ip_google_access_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"private_ip_google_access_disabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-release-channel.json",
    "content": "{\n    \"description\": \"Cluster Not Subscribed to Release Channel\",\n    \"rationale\": \"Release Channels signal a graduating level of stability and production-readiness. These are based on observed performance of GKE clusters running that version and represent experience and confidence in the cluster version.<br>The Regular release channel upgrades every few weeks and is for production users who need features not yet offered in the Stable channel. These versions have passed internal validation, but don't have enough historical data to guarantee their stability. Known issues generally have known workarounds.<br>The Stable release channel upgrades every few months and is for production users who need stability above all else, and for whom frequent upgrades are too risky. These versions have passed internal validation and have been shown to be stable and reliable in production, based on the observed performance of those clusters.<br>Critical security patches are delivered to all release channels.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.5.4\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/release-channels\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.release_channel\",\n            \"containNoneOf\",\n            [\n                \"REGULAR\",\n                \"STABLE\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"release_channel\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-shielded-nodes-disabled.json",
    "content": "{\n    \"description\": \"Shielded GKE Nodes Disabled\",\n    \"rationale\": \"Shielded GKE nodes protects clusters against boot- or kernel-level malware or rootkits which persist beyond infected OS.<br>Shielded GKE nodes run firmware which is signed and verified using Google's Certificate Authority, ensuring that the nodes' firmware is unmodified and establishing the root of trust for Secure Boot. GKE node identity is strongly protected via virtual Trusted Platform Module (vTPM) and verified remotely by the master node before the node joins the cluster.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.5.5\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.shielded_nodes_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"shielded_nodes_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-workload-identity-disabled.json",
    "content": "{\n    \"description\": \"Workload Identity Disabled\",\n    \"rationale\": \"Enabling Workload Identity manages the distribution and rotation of Service account keys for the workloads to use.<br>Kubernetes workloads should not use cluster node service accounts to authenticate to Google Cloud APIs. Each Kubernetes Workload that needs to authenticate to other Google services using Cloud IAM should be provisioned a dedicated Service account.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.2.2\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"workload_identity_enabled\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"workload_identity_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-dashboard-enabled.json",
    "content": "{\n    \"description\": \"Kubernetes Dashboard Enabled\",\n    \"rationale\": \"You should disable the Kubernetes Web UI (Dashboard) when running on Kubernetes Engine. The Kubernetes Web UI (Dashboard) is backed by a highly privileged Kubernetes Service Account. The Cloud Console provides much of the same functionality, so you don't need this functionality.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.6\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.10.1\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#disable_kubernetes_dashboard\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.dashboard_status\",\n            \"equal\",\n            \"Enabled\"\n        ]\n    ],\n    \"id_suffix\": \"dashboard_status\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-default-service-account-used.json",
    "content": "{\n    \"description\": \"Default Service Account in Use\",\n    \"rationale\": \"Each GKE node has a Service Account associated with it. By default, nodes are given the Compute Engine default service account. This account has broad access by default, making it useful to wide variety of applications, but it has more permissions than are required to run your Kubernetes Engine cluster. You should create and use a minimally privileged service account to run your GKE cluster instead of using the Compute Engine default service account.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.17\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.2.1\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#use_least_privilege_sa\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.service_account\",\n            \"equal\",\n            \"default\"\n        ]\n    ],\n    \"id_suffix\": \"default_service_account_used\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-legacy-abac-enabled.json",
    "content": "{\n    \"description\": \"Legacy Authorization (ABAC) Enabled\",\n    \"rationale\": \"The legacy authorizer in Kubernetes grants broad, statically defined permissions. To ensure that RBAC limits permissions correctly, you must disable the legacy authorizer. RBAC has significant security advantages, can help you ensure that users only have access to cluster resources within their own namespace and is now stable in Kubernetes.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.3\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.8.4\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#leave_abac_disabled_default_for_110\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.legacy_abac_enabled\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"legacy_abac_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-legacy-metadata-endpoints-enabled.json",
    "content": "{\n    \"description\": \"Legacy Metadata Endpoints Enabled\",\n    \"rationale\": \"The instance metadata server exposed legacy v0.1 and v1beta1 endpoints, which do not enforce metadata query headers. This is a feature in the v1 APIs that makes it more difficult for a potential attacker to retrieve instance metadata, such as Server-Side Request Forgery (SSRF). Unless specifically required, we recommend you disable these legacy APIs.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.4.1\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#protect_node_metadata_default_for_112\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"display_path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id.node_pools.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.node_pools.id.legacy_metadata_endpoints_enabled\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"legacy_metadata_endpoints_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-auto-repair-disabled.json",
    "content": "{\n    \"description\": \"Nodes with Auto-Repair Disabled\",\n    \"rationale\": \"Auto-repair helps maintain the cluster nodes in a healthy, running state.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.7\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.5.2\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-repair\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"display_path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id.node_pools.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.node_pools.id.auto_repair_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"auto_repair_disabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-auto-upgrade-disabled.json",
    "content": "{\n    \"description\": \"Nodes with Auto-Upgrade Disabled\",\n    \"rationale\": \"Auto-upgrades automatically ensures that security updates are applied and kept up to date.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.8\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.5.3\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-upgrades\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"display_path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id.node_pools.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.node_pools.id.auto_upgrade_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"auto_upgrade_disabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-container-optimized-os-not-used.json",
    "content": "{\n    \"description\": \"Lack of Container-Optimized OS Node Images\",\n    \"rationale\": \"It is recommended to use container-optimized OS images, as they provide improved support, security and stability.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.9\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.5.1\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/container-optimized-os/docs/concepts/features-and-benefits\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/node-images\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.image_type\",\n            \"containNoneOf\",\n            [\n                \"COS\",\n                \"COS_CONTAINERD\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"container_optimized_os_not_used\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-integrity-monitoring-disabled.json",
    "content": "{\n    \"description\": \"Nodes with Integrity Monitoring Disabled\",\n    \"rationale\": \"The Integrity Monitoring feature should be enabled for GKE cluster nodes in order to monitor and automatically check the runtime boot integrity of shielded cluster nodes using Cloud Monitoring service.\",\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"display_path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id.node_pools.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.node_pools.id.integrity_monitoring_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"integrity_monitoring_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-secure-boot-disabled.json",
    "content": "{\n    \"description\": \"Nodes with Secure Boot Disabled\",\n    \"rationale\": \"The Secure Boot feature should be enabled for GKE cluster nodes in order to protect them against malware and rootkits. Secure Boot helps ensure that the system runs only authentic software by verifying the digital signature of all boot components, and halting the boot process if the signature verification fails.\",\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"display_path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id.node_pools.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.node_pools.id.secure_boot_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"secure_boot_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-private-nodes-disabled.json",
    "content": "{\n    \"description\": \"Private Cluster Nodes Disabled\",\n    \"rationale\": \"Private Nodes are nodes with no public IP addresses. Disabling public IP addresses on cluster nodes restricts access to only internal networks, forcing attackers to obtain local network access before attempting to compromise the underlying Kubernetes hosts.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.15\"\n        },\n        {\n            \"name\": \"CIS GKE Benchmark\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"6.6.5\"\n        }\n    ],\n    \"references\": [\n        \"https://www.cisecurity.org/benchmark/kubernetes/\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes\",\n        \"https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on\",\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.private_nodes_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"private_nodes_enabled\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-scopes-not-limited.json",
    "content": "{\n    \"description\": \"Lack of Access Scope Limitation\",\n    \"rationale\": \"If you are not creating a separate service account for your nodes, you should limit the scopes of the node service account to reduce the oportunity for privilege escalation. This ensures that the default service account does not have permissions beyond those necessary to run your cluster. While the default scopes are limited, they may include scopes beyond the minimally required ones needed to run your cluster. If you are accessing private images in Google Container Registry, the minimally required scopes are only logging.write, monitoring, and devstorage.read_only.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Google Cloud Platform Foundations\",\n            \"version\": \"1.0.0\",\n            \"reference\": \"7.18\"\n        }\n    ],\n    \"references\": [\n        \"https://cloud.google.com/kubernetes-engine/docs/how-to/access-scopes\"\n    ],\n    \"dashboard_name\": \"Clusters\",\n    \"path\": \"kubernetesengine.projects.id.clusters.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kubernetesengine.projects.id.clusters.id.has_limited_scopes\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"scopes_not_limited\"\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json",
    "content": "{\n    \"description\": \"Diagnostic Setting Does Not Exist\",\n    \"rationale\": \"A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.\",\n    \"remediation\": \"In the Azure console: <ol> <li>Go to <samp>Diagnostic settings</samp></li> <li>Click on <samp>Add diagnostic setting</samp>.</li> <li></li> <li>Add rules to allow traffic from specific network.</li>Configure the setting including the export location (This may be Log Analytics/Storage account or Event Hub) <li>Click on <samp>Save</samp></li> </ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"5.1.1\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/platform-logs-overview#export-the-activity-log-with-a-log-profile\",\n        \"https://learn.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az_monitor_log_profiles_create\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-5-centralize-security-log-management-and-analysis\"\n    ],\n    \"dashboard_name\": \"Diagnostic Settings\",\n    \"path\": \"loggingmonitoring.subscriptions.id.diagnostic_settings.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"loggingmonitoring.subscriptions.id.diagnostic_settings.id.diagnostic_exist\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"diagnostic_exist\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json",
    "content": "{\n    \"description\": \"Activity Log Alert Does Not Exist for Create Policy Assignment\",\n    \"rationale\": \"Monitoring for \\\"Create Policy Assignment\\\" events gives insight into changes done in \\\"azure policy -assignments\\\" and can reduce the time it takes to detect unsolicited changes.\",\n    \"remediation\": \"In the Azure console: <ol><li>Go to Monitor service on Azure Security Center</li><li>Select Alerts blade</li><li>Click On New alert Rule</li><li>Under Scope, click Select resource</li><li>Select the appropriate subscription under Filter by subscription</li><li>Select Policy Assignment under Filter by resource type</li><li>Select All for Filter by location</li><li>Click on the subscription from the entries populated under Resource</li><li>Verify Selection preview shows All Policy assignment (policyAssignments) and your selected subscription name</li><li>Under Condition click Select Condition</li><li>Select Create policy assignment signal</li><li>Click Done</li><li>Under Action group, select appropriate action group</li><li>Under Alert rule details, enter rule name and description</li><li>Select appropriate resource group</li><li>Check Enable alert rule upon creation checkbox</li><li>Click Create alert rule</li> </ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"5.2.1\"\n        }\n    ],\n    \"references\": [\n        \"https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/\",\n        \"https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log\",\n        \"https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate\",\n        \"https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources\"\n    ],\n    \"dashboard_name\": \"Alert Rules\",\n    \"path\": \"loggingmonitoring.subscriptions.id.log_alerts.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"loggingmonitoring.subscriptions.id.log_alerts.id.create_policy_assignment_exist\",\n            \"false\",\n            \"\"\n        ],\n        [\n            \"loggingmonitoring.subscriptions.id.log_alerts.id.create_policy_assignment_exist\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"create_policy_assignment_exist\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json",
    "content": "{\n    \"description\": \"Activity Log Alert Does Not Exist for _ARG_0_\",\n    \"rationale\": \"Monitoring for \\\"_ARG_0_\\\" events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.\",\n    \"remediation\": \"In the Azure console: <ol><li>Go to Monitor service on Azure Security Center</li><li>Select Alerts blade</li><li>Click On New alert Rule</li><li>Under Scope, click Select resource</li><li>Select the appropriate subscription under Filter by subscription</li><li>Select Policy Assignment under Filter by resource type</li><li>Select All for Filter by location</li><li>Click on the subscription from the entries populated under Resource</li><li>Verify Selection preview shows All Policy assignment (policyAssignments) and your selected subscription name</li><li>Under Condition click Select Condition</li><li>Select Create policy assignment signal</li><li>Click Done</li><li>Under Action group, select appropriate action group</li><li>Under Alert rule details, enter rule name and description</li><li>Select appropriate resource group</li><li>Check Enable alert rule upon creation checkbox</li><li>Click Create alert rule</li> </ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"_ARG_1_\"\n        }\n    ],\n    \"references\": [\n        \"https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/\",\n        \"https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log\",\n        \"https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate\",\n        \"https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources\"\n    ],\n    \"dashboard_name\": \"Alert Rules\",\n    \"path\": \"loggingmonitoring.subscriptions.id.log_alerts.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"loggingmonitoring.subscriptions.id.log_alerts.id._ARG_2_\",\n            \"false\",\n            \"\"\n        ],\n        [\n            \"loggingmonitoring.subscriptions.id.log_alerts.id._ARG_2_\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"key\": \"_ARG_2_\",\n    \"arg_names\": [\n        \"Event\",\n        \"Associated CIS rule\",\n        \"Dictionary Value\"\n    ],\n    \"id_suffix\": \"_ARG_2_\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json",
    "content": "{\n    \"description\": \"Activity Log Alert Does Not Exist for _ARG_0_\",\n    \"rationale\": \"Monitoring for \\\"_ARG_0_\\\" events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.\",\n    \"remediation\": \"In the Azure console: <ol><li>Go to Monitor service on Azure Security Center</li><li>Select Alerts blade</li><li>Click On New alert Rule</li><li>Under Scope, click Select resource</li><li>Select the appropriate subscription under Filter by subscription</li><li>Select Policy Assignment under Filter by resource type</li><li>Select All for Filter by location</li><li>Click on the subscription from the entries populated under Resource</li><li>Verify Selection preview shows All Policy assignment (policyAssignments) and your selected subscription name</li><li>Under Condition click Select Condition</li><li>Select Create policy assignment signal</li><li>Click Done</li><li>Under Action group, select appropriate action group</li><li>Under Alert rule details, enter rule name and description</li><li>Select appropriate resource group</li><li>Check Enable alert rule upon creation checkbox</li><li>Click Create alert rule</li> </ol>\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"_ARG_1_\"\n        }\n    ],\n    \"references\": [\n        \"https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/\",\n        \"https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log\",\n        \"https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate\",\n        \"https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources\"\n    ],\n    \"dashboard_name\": \"Alert Rules\",\n    \"path\": \"loggingmonitoring.subscriptions.id.log_alerts.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"loggingmonitoring.subscriptions.id.log_alerts.id._ARG_2_\",\n            \"false\",\n            \"\"\n        ],\n        [\n            \"loggingmonitoring.subscriptions.id.log_alerts.id._ARG_2_\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"key\": \"_ARG_2_\",\n    \"arg_names\": [\n        \"Event\",\n        \"Associated CIS rule\",\n        \"Dictionary Value\"\n    ],\n    \"id_suffix\": \"_ARG_2_\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-logging-key-vault-disabled.json",
    "content": "{\n    \"description\": \"Logging for Azure Key Vault Is Disabled\",\n    \"rationale\": \"Monitoring how and when key vaults are accessed, and by whom enables an audit trail of interactions with confidential information, keys and certificates managed by Azure Keyvault. Enabling logging for Key Vault saves information in an Azure storage account that the user provides. This creates a new container named insights-logs-auditevent automatically for the specified storage account, andthis same storage account can be used for collecting logs for multiple key vaults.\",\n    \"remediation\": \"Follow Microsoft Azure documentation and setup Azure Key Vault Logging.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"5.1.5\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources\"\n    ],\n    \"dashboard_name\": \"Key Vaults\",\n    \"path\": \"loggingmonitoring.subscriptions.id.resources_logging.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"loggingmonitoring.subscriptions.id.resources_logging.id.diagnostic_key_vault.audit_event_enabled\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"diagnostic_key_vault_audit_event_enabled\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json",
    "content": "{\n    \"description\": \"Audit Profile Does Not Capture All Activities\",\n    \"rationale\": \"A log profile controls how the activity log is exported. Configuring the log profile to collect logs for the categories \\\"write\\\", \\\"delete\\\" and \\\"action\\\" ensures that all the control/management plane activities performed on the subscription are exported.\",\n    \"remediation\": \"On Azure portal there is no provision to check or set categories.\",\n    \"compliance\": [\n        {\n            \"name\": \"CIS Microsoft Azure Foundations\",\n            \"version\": \"1.2.0\",\n            \"reference\": \"5.1.2\"\n        }\n    ],\n    \"references\": [\n        \"https://learn.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az-monitor-log-profiles-update\",\n        \"https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources\"\n    ],\n    \"dashboard_name\": \"Profile\",\n    \"path\": \"loggingmonitoring.subscriptions.id.log_profiles.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"loggingmonitoring.subscriptions.id.log_profiles.id.captures_all_activities\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"captures_all_activities\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-access.json",
    "content": "{\n    \"description\": \"Unrestricted Cluster Network Access\",\n    \"rationale\": \"Unrestricted cluster networks allow any compromised pod to interact with any other pods.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/cluster-administration/networking/\",\n        \"https://kubernetes.io/docs/concepts/services-networking/network-policies/\"\n    ],\n    \"dashboard_name\": \"Network Policies\",\n    \"display_path\": \"network_policy.v1.id\",\n    \"path\": \"network_policy\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"network_policy.v1_count\",\n            \"equal\",\n            \"0\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-egress.json",
    "content": "{\n    \"description\": \"Unrestricted Cluster Network Egress\",\n    \"rationale\": \"Unrestricted cluster egress controls allow any compromised pod to interact with any other pods.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/cluster-administration/networking/\",\n        \"https://kubernetes.io/docs/concepts/services-networking/network-policies/\"\n    ],\n    \"dashboard_name\": \"Network Policies\",\n    \"display_path\": \"network_policy.v1-networking-k8s-io.id\",\n    \"path\": \"network_policy.v1-networking-k8s-io.resources.id.data.spec.egress.id.data\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"network_policy.v1-networking-k8s-io.resources.id.data.spec.egress\",\n            \"notNull\",\n            \"\"\n        ],\n        [\n            \"network_policy.v1-networking-k8s-io.resources.id.data.spec.egress.id.ports\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"network_policy.v1-networking-k8s-io.resources.id.data.spec.egress.id.to\",\n            \"null\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-ingress.json",
    "content": "{\n    \"description\": \"Unrestricted Cluster Network Ingress\",\n    \"rationale\": \"Unrestricted cluster ingress controls allow any compromised pod to interact with any other pods.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/cluster-administration/networking/\",\n        \"https://kubernetes.io/docs/concepts/services-networking/network-policies/\"\n    ],\n    \"dashboard_name\": \"Network Policies\",\n    \"display_path\": \"network_policy.v1-networking-k8s-io.id\",\n    \"path\": \"network_policy.v1-networking-k8s-io.resources.id.data.spec\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"and\",\n            [\n                \"network_policy.v1-networking-k8s-io.resources.id.data.spec\",\n                \"withKey\",\n                \"policy_types\"\n            ],\n            [\n                \"network_policy.v1-networking-k8s-io.resources.id.data.spec.policy_types\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"network_policy.v1-networking-k8s-io.resources.id.data.spec.policy_types\",\n                \"notContainString\",\n                \"Ingress\"\n            ]\n        ],\n        [\n            \"and\",\n            [\n                \"network_policy.v1-networking-k8s-io.resources.id.data.spec.ingress\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"network_policy.v1-networking-k8s-io.resources.id.data.spec.ingress.id.ports\",\n                \"null\",\n                \"\"\n            ],\n            [\n                \"network_policy.v1-networking-k8s-io.resources.id.data.spec.ingress.id.from\",\n                \"null\",\n                \"\"\n            ]\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/pod-apparmor-annotation-missing.json",
    "content": "{\n    \"description\": \"AppArmor Annotation Missing\",\n    \"rationale\": \"The container.apparmor.security.beta.kubernetes.io annotation is missing. A compromised container with AppArmor disabled makes privilege escalation easier.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tutorials/security/apparmor/\"\n    ],\n    \"dashboard_name\": \"Pods\",\n    \"display_path\": \"pod.v1.id\",\n    \"path\": \"pod.v1.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"pod.v1.resources.id.metadata\",\n            \"withoutKey\",\n            \"annotations\"\n        ],\n        [\n            \"pod.v1.resources.id.metadata.annotations\",\n            \"withoutKey\",\n            \"container.apparmor.security.beta.kubernetes.io\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/pod-automounted-service-account-token.json",
    "content": "{\n    \"description\": \"Automounted Service Account Token\",\n    \"rationale\": \"Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\"\n    ],\n    \"dashboard_name\": \"Pods\",\n    \"display_path\": \"pod.v1.id\",\n    \"path\": \"pod.v1.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"pod.v1.resources.id.data.spec\",\n            \"withoutKey\",\n            \"automountServiceAccountToken\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.automountServiceAccountToken\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.automountServiceAccountToken\",\n            \"true\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/pod-container-ability-to-modify-root-filesystem.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Ability to Modify Root Filesystem\",\n    \"rationale\": \"Root filesystems should be read-only where possible.\",\n    \"remediation\": \"spec.(c|initC|ephemeralC)ontainers[].securityContext.readOnlyRootFilesystem should be explicitly set to true for the affected containers.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Pods\",\n    \"display_path\": \"pod.v1.id\",\n    \"path\": \"pod.v1.resources.id.data.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"pod.v1.resources.id.data.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"readOnlyRootFilesystem\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/pod-container-allowing-privilege-escalation.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Allowing Privilege Escalation\",\n    \"rationale\": \"A container should disallow privilege escalation where possible. allowPrivilegeEscalation should be explicitly set to false.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Pods\",\n    \"display_path\": \"pod.v1.id\",\n    \"path\": \"pod.v1.resources.id.data.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"pod.v1.resources.id.data.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"allowPrivilegeEscalation\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/pod-container-running-as-root-group.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Running As Root Group\",\n    \"rationale\": \"Where possible, runAsGroup should be set to a value greater than 0.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Pods\",\n    \"display_path\": \"pod.v1.id\",\n    \"path\": \"pod.v1.resources.id.data.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"and\",\n            [\n                \"pod.v1.resources.id.data.spec.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"pod.v1.resources.id.data.spec.securityContext.runAsGroup\",\n                \"equal\",\n                \"0\"\n            ]\n        ],\n        [\n            \"and\",\n            [\n                \"pod.v1.resources.id.data.spec.containers.id.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"pod.v1.resources.id.data.spec.containers.id.securityContext.runAsGroup\",\n                \"equal\",\n                \"0\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsGroup\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/pod-container-running-as-root-user.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Running As Root User\",\n    \"rationale\": \"Where possible, runAsUser should be set to a value greater than 0.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Pods\",\n    \"display_path\": \"pod.v1.id\",\n    \"path\": \"pod.v1.resources.id.data.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"and\",\n            [\n                \"pod.v1.resources.id.data.spec.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"pod.v1.resources.id.data.spec.securityContext.runAsUser\",\n                \"equal\",\n                \"0\"\n            ]\n        ],\n        [\n            \"and\",\n            [\n                \"pod.v1.resources.id.data.spec.containers.id.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"pod.v1.resources.id.data.spec.containers.id.securityContext.runAsUser\",\n                \"equal\",\n                \"0\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsUser\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/pod-container-with-overly-permissive-capabilities.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer with Permissive Capabilities\",\n    \"rationale\": \"A container should drop all and add the necessary capabilities by default.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Pods\",\n    \"display_path\": \"pod.v1.id\",\n    \"path\": \"pod.v1.resources.id.data.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"pod.v1.resources.id.data.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"capabilities\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext.capabilities\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext.capabilities.drop\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"capabilities.drop\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/pod-container-with-possible-root-privileges.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer with Possible Root Privileges\",\n    \"rationale\": \"Where possible, runAsNonRoot should be set to true to prevent the container from running as root.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Pods\",\n    \"display_path\": \"pod.v1.id\",\n    \"path\": \"pod.v1.resources.id.data.spec.containers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"or\",\n            [\n                \"pod.v1.resources.id.data.spec.securityContext.runAsNonRoot\",\n                \"null\",\n                \"\"\n            ],\n            [\n                \"pod.v1.resources.id.data.spec.securityContext.runAsNonRoot\",\n                \"false\",\n                \"\"\n            ]\n        ],\n        [\n            \"or\",\n            [\n                \"pod.v1.resources.id.data.spec.containers.id.securityContext.runAsNonRoot\",\n                \"null\",\n                \"\"\n            ],\n            [\n                \"pod.v1.resources.id.data.spec.containers.id.securityContext.runAsNonRoot\",\n                \"false\",\n                \"\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsNonRoot\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/pod-helm-tiller-in-use.json",
    "content": "{\n    \"description\": \"Helm/Tiller in Use\",\n    \"rationale\": \"Helm 2 and Tiller have been deprecated since 2020.\",\n    \"references\": [\n        \"https://helm.sh/blog/helm-v2-deprecation-timeline/\",\n        \"https://github.com/markround/tiller#status\"\n    ],\n    \"dashboard_name\": \"Pods\",\n    \"display_path\": \"pod.v1.id\",\n    \"path\": \"pod.v1.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"pod.v1.resources.id.data.name\",\n            \"containString\",\n            \"tiller\"\n        ],\n        [\n            \"pod.v1.resources.id.data.name\",\n            \"containString\",\n            \"tiller-deploy\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/pod-host-ipc-true.json",
    "content": "{\n    \"description\": \"Pods Using Host IPC\",\n    \"rationale\": \"A compromised pod with hostIPC set to true in PodSpec can be used as a pivot to the host IPC.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Pods\",\n    \"display_path\": \"pod.v1.id\",\n    \"path\": \"pod.v1.resources.id.data.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"pod.v1.resources.id.data.spec\",\n            \"withKey\",\n            \"host_ipc\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.host_ipc\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_ipc\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/pod-host-network-true.json",
    "content": "{\n    \"description\": \"Pods Using Host Networking\",\n    \"rationale\": \"A compromised pod with hostNetwork set to true in PodSpec can be used as a pivot to the host network.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Pods\",\n    \"display_path\": \"pod.v1.id\",\n    \"path\": \"pod.v1.resources.id.data.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"pod.v1.resources.id.data.spec\",\n            \"withKey\",\n            \"host_network\"\n        ],\n        [\n            \"host_network\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_network\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/pod-host-pid-true.json",
    "content": "{\n    \"description\": \"Pods Using Host PID\",\n    \"rationale\": \"A compromised pod with hostPID set to true in PodSpec can be used as a pivot to the host PID.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Pods\",\n    \"display_path\": \"pod.v1.id\",\n    \"path\": \"pod.v1.resources.id.data.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"pod.v1.resources.id.data.spec\",\n            \"withKey\",\n            \"host_pid\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.host_pid\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_pid\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/pod-kubernetes-container-manifest-hardening.json",
    "content": "{\n    \"description\": \"Kubernetes Container/InitContainer/EphemeralContainer Manifest Hardening\",\n    \"rationale\": \"Several security options in the affected resources could be enabled to harden assocated containers.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://www.cisecurity.org/benchmark/docker/\"\n    ],\n    \"dashboard_name\": \"Pods\",\n    \"display_path\": \"pod.v1.id\",\n    \"path\": \"pod.v1.resources.id.data.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"pod.v1.resources.id.data.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"allowPrivilegeEscalation\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"readOnlyRootFilesystem\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"capabilities\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext.capabilities\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext.capabilities.drop\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"hardening_required\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/pod-privileged-container-running.json",
    "content": "{\n    \"description\": \"Privileged Container/InitContainer/EphemeralContainer Running\",\n    \"rationale\": \"Access to privileged container may result in privilege escalation. Administrators are encouraged to remove the privileged status of a pod if unncessary. privileged should be explicitly set to false.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"Pods\",\n    \"display_path\": \"pod.v1.id\",\n    \"path\": \"pod.v1.resources.id.data.spec.containers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext\",\n            \"notNull\",\n            \"\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.securityContext.privileged\",\n            \"true\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-cpu-limit.json",
    "content": "{\n    \"description\": \"Resources without Defined CPU Limit\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"Pods\",\n    \"display_path\": \"pod.v1.id\",\n    \"path\": \"pod.v1.resources.id.data.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"cpu\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.resources.limits.cpu\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"cpu\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-limits.json",
    "content": "{\n    \"description\": \"Resources without Defined Limits\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"Pods\",\n    \"display_path\": \"pod.v1.id\",\n    \"path\": \"pod.v1.resources.id.data.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"cpu\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"memory\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.resources.limits.cpu\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.resources.limits.memory\",\n            \"null\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-memory-limit.json",
    "content": "{\n    \"description\": \"Resources without Defined Memory Limit\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"Pods\",\n    \"display_path\": \"pod.v1.id\",\n    \"path\": \"pod.v1.resources.id.data.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"memory\"\n        ],\n        [\n            \"pod.v1.resources.id.data.spec.containers.id.resources.limits.memory\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"memory\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/podtemplate-apparmor-annotation-missing.json",
    "content": "{\n    \"description\": \"AppArmor Annotation Missing\",\n    \"rationale\": \"The container.apparmor.security.beta.kubernetes.io annotation is missing. A compromised container with AppArmor disabled makes privilege escalation easier.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tutorials/security/apparmor/\"\n    ],\n    \"dashboard_name\": \"PodTemplates\",\n    \"display_path\": \"pod_template.v1-apps.id\",\n    \"path\": \"pod_template.v1-apps.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"pod_template.v1-apps.resources.id.metadata\",\n            \"withoutKey\",\n            \"annotations\"\n        ],\n        [\n            \"pod_template.v1-apps.resources.id.metadata.annotations\",\n            \"withoutKey\",\n            \"container.apparmor.security.beta.kubernetes.io\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/podtemplate-automounted-service-account-token.json",
    "content": "{\n    \"description\": \"Automounted Service Account Token\",\n    \"rationale\": \"Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\"\n    ],\n    \"dashboard_name\": \"PodTemplates\",\n    \"display_path\": \"pod_template.v1.id\",\n    \"path\": \"pod_template.v1.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"pod_template.v1.resources.id.data.spec\",\n            \"withoutKey\",\n            \"automountServiceAccountToken\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.sspec.automountServiceAccountToken\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.sspec.automountServiceAccountToken\",\n            \"true\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-ability-to-modify-root-filesystem.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Ability to Modify Root Filesystem\",\n    \"rationale\": \"Root filesystems should be read-only where possible.\",\n    \"remediation\": \"spec.template.spec.(c|initC|ephemeralC)ontainers[].securityContext.readOnlyRootFilesystem should be explicitly set to true for the affected containers.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"PodTemplates\",\n    \"display_path\": \"pod_template.v1.id\",\n    \"path\": \"pod_template.v1.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"readOnlyRootFilesystem\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-allowing-privilege-escalation.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Allowing Privilege Escalation\",\n    \"rationale\": \"A container should disallow privilege escalation where possible. allowPrivilegeEscalation should be explicitly set to false.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"PodTemplates\",\n    \"display_path\": \"pod_template.v1.id\",\n    \"path\": \"pod_template.v1.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"allowPrivilegeEscalation\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-running-as-root-group.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Running As Root Group\",\n    \"rationale\": \"Where possible, runAsGroup should be set to a value greater than 0.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"PodTemplates\",\n    \"display_path\": \"pod_template.v1.id\",\n    \"path\": \"pod_template.v1.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"and\",\n            [\n                \"pod_template.v1.resources.id.data.spec.template.spec.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"pod_template.v1.resources.id.data.spec.template.spec.securityContext.runAsGroup\",\n                \"equal\",\n                \"0\"\n            ]\n        ],\n        [\n            \"and\",\n            [\n                \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.runAsGroup\",\n                \"equal\",\n                \"0\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsGroup\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-running-as-root-user.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Running As Root User\",\n    \"rationale\": \"Where possible, runAsUser should be set to a value greater than 0.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"PodTemplates\",\n    \"display_path\": \"pod_template.v1.id\",\n    \"path\": \"pod_template.v1.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"and\",\n            [\n                \"pod_template.v1.resources.id.data.spec.template.spec.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"pod_template.v1.resources.id.data.spec.template.spec.securityContext.runAsUser\",\n                \"equal\",\n                \"0\"\n            ]\n        ],\n        [\n            \"and\",\n            [\n                \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.runAsUser\",\n                \"equal\",\n                \"0\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsUser\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-with-overly-permissive-capabilities.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer with Permissive Capabilities\",\n    \"rationale\": \"A container should drop all and add the necessary capabilities by default.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"PodTemplates\",\n    \"display_path\": \"pod_template.v1.id\",\n    \"path\": \"pod_template.v1.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"capabilities\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"capabilities.drop\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-with-possible-root-privileges.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer with Possible Root Privileges\",\n    \"rationale\": \"Where possible, runAsNonRoot should be set to true to prevent the container from running as root.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"PodTemplates\",\n    \"display_path\": \"pod_template.v1.id\",\n    \"path\": \"pod_template.v1.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"or\",\n            [\n                \"pod_template.v1.resources.id.data.spec.template.spec.securityContext.runAsNonRoot\",\n                \"null\",\n                \"\"\n            ],\n            [\n                \"pod_template.v1.resources.id.data.spec.template.spec.securityContext.runAsNonRoot\",\n                \"false\",\n                \"\"\n            ]\n        ],\n        [\n            \"or\",\n            [\n                \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot\",\n                \"null\",\n                \"\"\n            ],\n            [\n                \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot\",\n                \"false\",\n                \"\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsNonRoot\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-ipc-true.json",
    "content": "{\n    \"description\": \"PodTemplates Using Host IPC\",\n    \"rationale\": \"A compromised pod with hostIPC set to true in PodSpec can be used as a pivot to the host IPC.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"PodTemplates\",\n    \"display_path\": \"pod_template.v1.id\",\n    \"path\": \"pod_template.v1.resources.id.data.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec\",\n            \"withKey\",\n            \"host_ipc\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.host_ipc\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_ipc\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-network-true.json",
    "content": "{\n    \"description\": \"PodTemplates Using Host Networking\",\n    \"rationale\": \"A compromised pod with hostNetwork set to true in PodSpec can be used as a pivot to the host network.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"PodTemplates\",\n    \"display_path\": \"pod_template.v1.id\",\n    \"path\": \"pod_template.v1.resources.id.data.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec\",\n            \"withKey\",\n            \"host_network\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.host_network\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_network\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-pid-true.json",
    "content": "{\n    \"description\": \"PodTemplates Using Host PID\",\n    \"rationale\": \"A compromised pod with hostPID set to true in PodSpec can be used as a pivot to the host PID.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"PodTemplates\",\n    \"display_path\": \"pod_template.v1.id\",\n    \"path\": \"pod_template.v1.resources.id.data.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec\",\n            \"withKey\",\n            \"host_pid\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.host_pid\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_pid\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/podtemplate-privileged-container-running.json",
    "content": "{\n    \"description\": \"Privileged Container/InitContainer/EphemeralContainer Running\",\n    \"rationale\": \"Access to privileged container may result in privilege escalation. Administrators are encouraged to remove the privileged status of a pod if unncessary.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\"\n    ],\n    \"dashboard_name\": \"PodTemplates\",\n    \"display_path\": \"pod_template.v1.id\",\n    \"path\": \"pod_template.v1.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"notNull\",\n            \"\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.privileged\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"privileged\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-cpu-limit.json",
    "content": "{\n    \"description\": \"Resources without Defined CPU Limit\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"PodTemplates\",\n    \"display_path\": \"pod_template.v1.id\",\n    \"path\": \"pod_template.v1.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"cpu\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.resources.limits.cpu\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"cpu\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-limits.json",
    "content": "{\n    \"description\": \"Resources without Defined Limits\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"Pods\",\n    \"display_path\": \"pod_template.v1.id\",\n    \"path\": \"pod_template.v1.resources.id.data.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"pod_template.v1.resources.id.data.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"cpu\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"memory\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.containers.id.resources.limits.cpu\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.containers.id.resources.limits.memory\",\n            \"null\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-memory-limit.json",
    "content": "{\n    \"description\": \"Resources without Defined Memory Limit\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"PodTemplates\",\n    \"display_path\": \"pod_template.v1.id\",\n    \"path\": \"pod_template.v1.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"memory\"\n        ],\n        [\n            \"pod_template.v1.resources.id.data.spec.template.spec.containers.id.resources.limits.memory\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"memory\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/rbac-dangerous-grants.json",
    "content": "{\n    \"description\": \"Dangerous Grants in Role-based Access Control (RBAC) Definition\",\n    \"rationale\": \"Insufficient RBAC restrictions could enable unauthorized privilege escalation. The administrator should review the dangerous grants under RBAC.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/reference/access-authn-authz/rbac/\"\n    ],\n    \"dashboard_name\": \"RBAC grants\",\n    \"path\": \"rbac.dangerous_grants\",\n    \"conditions\": [\n        \"not\",\n        [\n            \"rbac.dangerous_grants_count\",\n            \"equal\",\n            \"0\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/rbac-dodgy-subjects.json",
    "content": "{\n    \"description\": \"Dodgy Subkects in Role-based Access Control (RBAC) Definition\",\n    \"rationale\": \"Insufficient RBAC restrictions could enable unauthorized privilege escalation. The administrator should review the dodgy subjects under RBAC.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/reference/access-authn-authz/rbac/\"\n    ],\n    \"dashboard_name\": \"RBAC subjects\",\n    \"path\": \"rbac.dodgy_subjects\",\n    \"conditions\": [\n        \"not\",\n        [\n            \"rbac.dodgy_subjects_count\",\n            \"equal\",\n            \"0\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/rbac-permissive-bindings.json",
    "content": "{\n    \"description\": \"Permissive Bindings in Role-based Access Control (RBAC) Definition\",\n    \"rationale\": \"Insufficient RBAC restrictions could enable unauthorized privilege escalation. The administrator should review the permissive bindings under RBAC.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/reference/access-authn-authz/rbac/\"\n    ],\n    \"dashboard_name\": \"RBAC bindings\",\n    \"path\": \"rbac.permissive_bindings\",\n    \"conditions\": [\n        \"not\",\n        [\n            \"rbac.permissive_bindings_count\",\n            \"equal\",\n            \"0\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/replicaset-apparmor-annotation-missing.json",
    "content": "{\n    \"description\": \"AppArmor Annotation Missing\",\n    \"rationale\": \"The container.apparmor.security.beta.kubernetes.io annotation is missing. A compromised container with AppArmor disabled makes privilege escalation easier.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tutorials/security/apparmor/\"\n    ],\n    \"dashboard_name\": \"ReplicaSets\",\n    \"display_path\": \"replica_set.v1-apps.id\",\n    \"path\": \"replica_set.v1-apps.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"replica_set.v1-apps.resources.id.metadata\",\n            \"withoutKey\",\n            \"annotations\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.metadata.annotations\",\n            \"withoutKey\",\n            \"container.apparmor.security.beta.kubernetes.io\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/replicaset-automounted-service-account-token.json",
    "content": "{\n    \"description\": \"Automounted Service Account Token\",\n    \"rationale\": \"Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\"\n    ],\n    \"dashboard_name\": \"ReplicaSets\",\n    \"display_path\": \"replica_set.v1-apps.id\",\n    \"path\": \"replica_set.v1-apps.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"replica_set.v1-apps.resources.id.data.spec\",\n            \"withoutKey\",\n            \"automountServiceAccountToken\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.automountServiceAccountToken\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.automountServiceAccountToken\",\n            \"true\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-ability-to-modify-root-filesystem.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Ability to Modify Root Filesystem\",\n    \"rationale\": \"Root filesystems should be read-only where possible.\",\n    \"remediation\": \"spec.template.spec.(c|initC|ephemeralC)ontainers[].securityContext.readOnlyRootFilesystem should be explicitly set to true for the affected containers.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"ReplicaSets\",\n    \"display_path\": \"replica_set.v1-apps.id\",\n    \"path\": \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"readOnlyRootFilesystem\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-allowing-privilege-escalation.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Allowing Privilege Escalation\",\n    \"rationale\": \"A container should disallow privilege escalation where possible. allowPrivilegeEscalation should be explicitly set to false.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"ReplicaSets\",\n    \"display_path\": \"replica_set.v1-apps.id\",\n    \"path\": \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"allowPrivilegeEscalation\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-running-as-root-group.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Running As Root Group\",\n    \"rationale\": \"Where possible, runAsGroup should be set to a value greater than 0.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"ReplicaSets\",\n    \"display_path\": \"replica_set.v1-apps.id\",\n    \"path\": \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"and\",\n            [\n                \"replica_set.v1-apps.resources.id.data.spec.template.spec.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"replica_set.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsGroup\",\n                \"equal\",\n                \"0\"\n            ]\n        ],\n        [\n            \"and\",\n            [\n                \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsGroup\",\n                \"equal\",\n                \"0\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsGroup\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-running-as-root-user.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Running As Root User\",\n    \"rationale\": \"Where possible, runAsUser should be set to a value greater than 0.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"ReplicaSets\",\n    \"display_path\": \"replica_set.v1-apps.id\",\n    \"path\": \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"and\",\n            [\n                \"replica_set.v1-apps.resources.id.data.spec.template.spec.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"replica_set.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsUser\",\n                \"equal\",\n                \"0\"\n            ]\n        ],\n        [\n            \"and\",\n            [\n                \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsUser\",\n                \"equal\",\n                \"0\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsUser\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-with-overly-permissive-capabilities.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer with Permissive Capabilities\",\n    \"rationale\": \"A container should drop all and add the necessary capabilities by default.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"ReplicaSets\",\n    \"display_path\": \"replica_set.v1-apps.id\",\n    \"path\": \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"capabilities\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"capabilities.drop\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-with-possible-root-privileges.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer with Possible Root Privileges\",\n    \"rationale\": \"Where possible, runAsNonRoot should be set to true to prevent the container from running as root.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"ReplicaSets\",\n    \"display_path\": \"replica_set.v1-apps.id\",\n    \"path\": \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"or\",\n            [\n                \"replica_set.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsNonRoot\",\n                \"null\",\n                \"\"\n            ],\n            [\n                \"replica_set.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsNonRoot\",\n                \"false\",\n                \"\"\n            ]\n        ],\n        [\n            \"or\",\n            [\n                \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot\",\n                \"null\",\n                \"\"\n            ],\n            [\n                \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot\",\n                \"false\",\n                \"\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsNonRoot\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-ipc-true.json",
    "content": "{\n    \"description\": \"ReplicaSets Using Host IPC\",\n    \"rationale\": \"A compromised pod with hostIPC set to true in PodSpec can be used as a pivot to the host IPC.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"ReplicaSets\",\n    \"display_path\": \"replica_set.v1-apps.id\",\n    \"path\": \"replica_set.v1-apps.resources.id.data.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec\",\n            \"withKey\",\n            \"host_ipc\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.host_ipc\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_ipc\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-network-true.json",
    "content": "{\n    \"description\": \"ReplicaSets Using Host Networking\",\n    \"rationale\": \"A compromised pod with hostNetwork set to true in PodSpec can be used as a pivot to the host network.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"ReplicaSets\",\n    \"display_path\": \"replica_set.v1-apps.id\",\n    \"path\": \"replica_set.v1-apps.resources.id.data.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec\",\n            \"withKey\",\n            \"host_network\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.host_network\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_network\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-pid-true.json",
    "content": "{\n    \"description\": \"ReplicaSets Using Host PID\",\n    \"rationale\": \"A compromised pod with hostPID set to true in PodSpec can be used as a pivot to the host PID.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"ReplicaSets\",\n    \"display_path\": \"replica_set.v1-apps.id\",\n    \"path\": \"replica_set.v1-apps.resources.id.data.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec\",\n            \"withKey\",\n            \"host_pid\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.host_pid\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_pid\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/replicaset-kubernetes-container-manifest-hardening.json",
    "content": "{\n    \"description\": \"Kubernetes Container/InitContainer/EphemeralContainer Manifest Hardening\",\n    \"rationale\": \"Several security options in the affected resources could be enabled to harden assocated containers.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://www.cisecurity.org/benchmark/docker/\"\n    ],\n    \"dashboard_name\": \"ReplicaSets\",\n    \"display_path\": \"replica_set.v1-apps.id\",\n    \"path\": \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"allowPrivilegeEscalation\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"readOnlyRootFilesystem\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"capabilities\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop\",\n            \"null\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/replicaset-privileged-container-running.json",
    "content": "{\n    \"description\": \"Privileged Container/InitContainer/EphemeralContainer Running\",\n    \"rationale\": \"Access to privileged container may result in privilege escalation. Administrators are encouraged to remove the privileged status of a pod if unncessary.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\"\n    ],\n    \"dashboard_name\": \"ReplicaSets\",\n    \"display_path\": \"replica_set.v1-apps.id\",\n    \"path\": \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"notNull\",\n            \"\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.privileged\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"privileged\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-cpu-limit.json",
    "content": "{\n    \"description\": \"Resources without Defined CPU Limit\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"ReplicaSets\",\n    \"display_path\": \"replica_set.v1-apps.id\",\n    \"path\": \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"cpu\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits.cpu\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"cpu\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-limits.json",
    "content": "{\n    \"description\": \"Resources without Defined Limits\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"ReplicaSets\",\n    \"display_path\": \"replica_set.v1-apps.id\",\n    \"path\": \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources\",\n            \"withoutKey\",\n            \"limits\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"memory\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"cpu\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-memory-limit.json",
    "content": "{\n    \"description\": \"Resources without Defined Memory Limit\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"ReplicaSets\",\n    \"display_path\": \"replica_set.v1-apps.id\",\n    \"path\": \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"memory\"\n        ],\n        [\n            \"replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits.memory\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"memory\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/service-helm-tiller-in-use.json",
    "content": "{\n    \"description\": \"Helm/Tiller in Use\",\n    \"rationale\": \"Helm 2 and Tiller have been deprecated since 2020.\",\n    \"references\": [\n        \"https://helm.sh/blog/helm-v2-deprecation-timeline/\",\n        \"https://github.com/markround/tiller#status\"\n    ],\n    \"dashboard_name\": \"Services\",\n    \"display_path\": \"service.v1.id\",\n    \"path\": \"service.v1.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"service.v1.resources.id.data.name\",\n            \"containString\",\n            \"tiller\"\n        ],\n        [\n            \"service.v1.resources.id.data.name\",\n            \"containString\",\n            \"tiller-deploy\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/serviceaccount-automounted-service-account-token.json",
    "content": "{\n    \"description\": \"Automounted Service Account Token\",\n    \"rationale\": \"Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\"\n    ],\n    \"dashboard_name\": \"Service Accounts\",\n    \"display_path\": \"service_account.v1.id\",\n    \"path\": \"service_account.v1.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"service_account.v1.resources.id.data\",\n            \"withoutKey\",\n            \"automountServiceAccountToken\"\n        ],\n        [\n            \"service_account.v1.resources.id.data.automountServiceAccountToken\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"service_account.v1.resources.id.data.automountServiceAccountToken\",\n            \"true\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/statefulset-apparmor-annotation-missing.json",
    "content": "{\n    \"description\": \"AppArmor Annotation Missing\",\n    \"rationale\": \"The container.apparmor.security.beta.kubernetes.io annotation is missing. A compromised container with AppArmor disabled makes privilege escalation easier.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tutorials/security/apparmor/\"\n    ],\n    \"dashboard_name\": \"StatefulSets\",\n    \"display_path\": \"stateful_set.v1-apps.id\",\n    \"path\": \"stateful_set.v1-apps.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"stateful_set.v1-apps.resources.id.metadata\",\n            \"withoutKey\",\n            \"annotations\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.metadata.annotations\",\n            \"withoutKey\",\n            \"container.apparmor.security.beta.kubernetes.io\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/statefulset-automounted-service-account-token.json",
    "content": "{\n    \"description\": \"Automounted Service Account Token\",\n    \"rationale\": \"Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\"\n    ],\n    \"dashboard_name\": \"StatefulSets\",\n    \"display_path\": \"stateful_set.v1-apps.id\",\n    \"path\": \"stateful_set.v1-apps.resources.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec\",\n            \"withoutKey\",\n            \"automountServiceAccountToken\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.automountServiceAccountToken\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.automountServiceAccountToken\",\n            \"true\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-ability-to-modify-root-filesystem.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Ability to Modify Root Filesystem\",\n    \"rationale\": \"Root filesystems should be read-only where possible.\",\n    \"remediation\": \"spec.template.spec.(c|initC|ephemeralC)ontainers[].securityContext.readOnlyRootFilesystem should be explicitly set to true for the affected containers.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"StatefulSets\",\n    \"display_path\": \"stateful_set.v1-apps.id\",\n    \"path\": \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"false\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"readOnlyRootFilesystem\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-allowing-privilege-escalation.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Allowing Privilege Escalation\",\n    \"rationale\": \"A container should disallow privilege escalation where possible. allowPrivilegeEscalation should be explicitly set to false.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"StatefulSets\",\n    \"display_path\": \"stateful_set.v1-apps.id\",\n    \"path\": \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"allowPrivilegeEscalation\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-running-as-root-group.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Running As Root Group\",\n    \"rationale\": \"Where possible, runAsGroup should be set to a value greater than 0.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"StatefulSets\",\n    \"display_path\": \"stateful_set.v1-apps.id\",\n    \"path\": \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"and\",\n            [\n                \"stateful_set.v1-apps.resources.id.data.spec.template.spec.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"stateful_set.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsGroup\",\n                \"equal\",\n                \"0\"\n            ]\n        ],\n        [\n            \"and\",\n            [\n                \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsGroup\",\n                \"equal\",\n                \"0\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsGroup\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-running-as-root-user.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer Running As Root User\",\n    \"rationale\": \"Where possible, runAsUser should be set to a value greater than 0.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"StatefulSets\",\n    \"display_path\": \"stateful_set.v1-apps.id\",\n    \"path\": \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"and\",\n            [\n                \"stateful_set.v1-apps.resources.id.data.spec.template.spec.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"stateful_set.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsUser\",\n                \"equal\",\n                \"0\"\n            ]\n        ],\n        [\n            \"and\",\n            [\n                \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n                \"notNull\",\n                \"\"\n            ],\n            [\n                \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsUser\",\n                \"equal\",\n                \"0\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsUser\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-with-overly-permissive-capabilities.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer with Permissive Capabilities\",\n    \"rationale\": \"A container should drop all and add the necessary capabilities by default.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"StatefulSets\",\n    \"display_path\": \"stateful_set.v1-apps.id\",\n    \"path\": \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"capabilities\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"capabilities.drop\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-with-possible-root-privileges.json",
    "content": "{\n    \"description\": \"Container/InitContainer/EphemeralContainer with Possible Root Privileges\",\n    \"rationale\": \"Where possible, runAsNonRoot should be set to true to prevent the container from running as root.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"StatefulSets\",\n    \"display_path\": \"stateful_set.v1-apps.id\",\n    \"path\": \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"or\",\n            [\n                \"stateful_set.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsNonRoot\",\n                \"null\",\n                \"\"\n            ],\n            [\n                \"stateful_set.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsNonRoot\",\n                \"false\",\n                \"\"\n            ]\n        ],\n        [\n            \"or\",\n            [\n                \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot\",\n                \"null\",\n                \"\"\n            ],\n            [\n                \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot\",\n                \"false\",\n                \"\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"runAsNonRoot\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-ipc-true.json",
    "content": "{\n    \"description\": \"StatefulSets Using Host IPC\",\n    \"rationale\": \"A compromised pod with hostIPC set to true in PodSpec can be used as a pivot to the host IPC.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"StatefulSets\",\n    \"display_path\": \"stateful_set.v1-apps.id\",\n    \"path\": \"stateful_set.v1-apps.resources.id.data.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec\",\n            \"withKey\",\n            \"host_ipc\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.host_ipc\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_ipc\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-network-true.json",
    "content": "{\n    \"description\": \"StatefulSets Using Host Networking\",\n    \"rationale\": \"A compromised pod with hostNetwork set to true in PodSpec can be used as a pivot to the host network.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"StatefulSets\",\n    \"display_path\": \"stateful_set.v1-apps.id\",\n    \"path\": \"stateful_set.v1-apps.resources.id.data.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec\",\n            \"withKey\",\n            \"host_network\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.host_network\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_network\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-pid-true.json",
    "content": "{\n    \"description\": \"StatefulSets Using Host PID\",\n    \"rationale\": \"A compromised pod with hostPID set to true in PodSpec can be used as a pivot to the host PID.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\"\n    ],\n    \"dashboard_name\": \"StatefulSets\",\n    \"display_path\": \"stateful_set.v1-apps.id\",\n    \"path\": \"stateful_set.v1-apps.resources.id.data.spec.template.spec\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec\",\n            \"withKey\",\n            \"host_pid\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.host_pid\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"host_pid\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/statefulset-kubernetes-container-manifest-hardening.json",
    "content": "{\n    \"description\": \"Kubernetes Container/InitContainer/EphemeralContainer Manifest Hardening\",\n    \"rationale\": \"Several security options in the affected resources could be enabled to harden assocated containers.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\",\n        \"https://www.cisecurity.org/benchmark/docker/\"\n    ],\n    \"dashboard_name\": \"StatefulSets\",\n    \"display_path\": \"stateful_set.v1-apps.id\",\n    \"path\": \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n            \"withoutKey\",\n            \"securityContext\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"allowPrivilegeEscalation\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"readOnlyRootFilesystem\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"withoutKey\",\n            \"capabilities\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop\",\n            \"null\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/statefulset-privileged-container-running.json",
    "content": "{\n    \"description\": \"Privileged Container/InitContainer/EphemeralContainer Running\",\n    \"rationale\": \"Access to privileged container may result in privilege escalation. Administrators are encouraged to remove the privileged status of a pod if unncessary.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\"\n    ],\n    \"dashboard_name\": \"StatefulSets\",\n    \"display_path\": \"stateful_set.v1-apps.id\",\n    \"path\": \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext\",\n            \"notNull\",\n            \"\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.privileged\",\n            \"true\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"privileged\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-cpu-limit.json",
    "content": "{\n    \"description\": \"Resources without Defined CPU Limit\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"StatefulSets\",\n    \"display_path\": \"stateful_set.v1-apps.id\",\n    \"path\": \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"cpu\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits.cpu\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"cpu\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-limits.json",
    "content": "{\n    \"description\": \"Resources without Defined Limits\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"StatefulSets\",\n    \"display_path\": \"stateful_set.v1-apps.id\",\n    \"path\": \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources\",\n            \"withoutKey\",\n            \"limits\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"memory\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"cpu\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-memory-limit.json",
    "content": "{\n    \"description\": \"Resources without Defined Memory Limit\",\n    \"rationale\": \"Unset resource limits could result in service denial through resource exhaustion.\",\n    \"references\": [\n        \"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\"\n    ],\n    \"dashboard_name\": \"StatefulSets\",\n    \"display_path\": \"stateful_set.v1-apps.id\",\n    \"path\": \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"null\",\n            \"\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits\",\n            \"withoutKey\",\n            \"memory\"\n        ],\n        [\n            \"stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits.memory\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"memory\"\n}"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/rulesets/aks.json",
    "content": "{\n    \"about\": \"This ruleset consists of numerous rules that are considered standard by NCC Group. The rules enabled range from violations of well-known security best practices to gaps resulting from less-known security implications of provider-specific mechanisms. Additional rules exist, some of them requiring extra-parameters to be configured, and some of them being applicable to a limited number of users.\",\n    \"rules\": {\n        \"configmap-unnecessary-secrets.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"logging-monitoring-diagnostic-setting-does-not-exist.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"warning\"\n            }\n        ],\n        \"logging-monitoring-log-alert-not-exist-create-policy-assignment.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"logging-monitoring-log-alert-not-exist-nsg.json\": [\n            {\n                \"args\": [\n                    \"Create/Update Network Security Group\",\n                    \"5.2.2\",\n                    \"create_update_NSG_exist\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"Delete Network Security Group\",\n                    \"5.2.3\",\n                    \"delete_NSG_exist\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"Create/Update Network Security Group Rule\",\n                    \"5.2.4\",\n                    \"create_update_NSG_rule_exist\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"Delete Network Security Group Rule\",\n                    \"5.2.5\",\n                    \"delete_NSG_rule_exist\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"Create/Update/Delete SQL Server Firewall Rule\",\n                    \"5.2.8\",\n                    \"create_delete_firewall_rule_exist\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"logging-monitoring-log-alert-not-exist-security-solution.json\": [\n            {\n                \"args\": [\n                    \"Create/Update Security Solution\",\n                    \"5.2.6\",\n                    \"create_update_security_solution_exist\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            },\n            {\n                \"args\": [\n                    \"Delete Security Solution\",\n                    \"5.2.7\",\n                    \"delete_security_solution_exist\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"logging-monitoring-logging-key-vault-disabled.json\": [\n            {\n                \"enabled\": false,\n                \"level\": \"warning\"\n            }\n        ],\n        \"logging-monitoring-profile-does-not-capture-all-activities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"networkpolicy-unrestricted-cluster-network-access.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"networkpolicy-unrestricted-cluster-network-egress.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"networkpolicy-unrestricted-cluster-network-ingress.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-helm-tiller-in-use.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rbac-dangerous-grants.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rbac-dodgy-subjects.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rbac-permissive-bindings.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"service-helm-tiller-in-use.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"serviceaccount-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ]\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/rulesets/default.json",
    "content": "{\n    \"about\": \"This ruleset consists of numerous rules that are considered standard by NCC Group. The rules enabled range from violations of well-known security best practices to gaps resulting from less-known security implications of provider-specific mechanisms. Additional rules exist, some of them requiring extra-parameters to be configured, and some of them being applicable to a limited number of users.\",\n    \"rules\": {\n        \"configmap-unnecessary-secrets.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"networkpolicy-unrestricted-cluster-network-access.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"networkpolicy-unrestricted-cluster-network-egress.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"networkpolicy-unrestricted-cluster-network-ingress.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-helm-tiller-in-use.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rbac-dangerous-grants.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rbac-dodgy-subjects.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rbac-permissive-bindings.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"service-helm-tiller-in-use.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"serviceaccount-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ]\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/rulesets/eks.json",
    "content": "{\n    \"about\": \"This ruleset consists of numerous rules that are considered standard by NCC Group. The rules enabled range from violations of well-known security best practices to gaps resulting from less-known security implications of provider-specific mechanisms. Additional rules exist, some of them requiring extra-parameters to be configured, and some of them being applicable to a limited number of users.\",\n    \"rules\": {\n        \"configmap-unnecessary-secrets.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"eks-insufficient-control-plane-logging.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"eks-kms-encryption-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"eks-publically-accessible-apiserver.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"networkpolicy-unrestricted-cluster-network-access.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"networkpolicy-unrestricted-cluster-network-egress.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"networkpolicy-unrestricted-cluster-network-ingress.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-helm-tiller-in-use.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rbac-dangerous-grants.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rbac-dodgy-subjects.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rbac-permissive-bindings.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"service-helm-tiller-in-use.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"serviceaccount-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ]\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/rulesets/filters.json",
    "content": "{\n    \"about\": \"Default set of filters for Scout\",\n    \"rules\": {}\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/rules/rulesets/gke.json",
    "content": "{\n    \"about\": \"This ruleset consists of numerous rules that are considered standard by NCC Group. The rules enabled range from violations of well-known security best practices to gaps resulting from less-known security implications of provider-specific mechanisms. Additional rules exist, some of them requiring extra-parameters to be configured, and some of them being applicable to a limited number of users.\",\n    \"rules\": {\n        \"configmap-unnecessary-secrets.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"cron-job-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"cron-job-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"daemonset-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"daemonset-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"deployment-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"deployment-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"job-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"job-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-basic-authentication-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-certificate-authentication-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-alias-ip-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-application-layer-encryption-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-binary-authorization-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-has-no-labels.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-logging-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-master-authorized-networks-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-metadata-server-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-monitoring-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-network-policy-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-pod-security-policy-config-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-private-endpoint-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-private-google-access-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-release-channel.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-shielded-nodes-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-cluster-workload-identity-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-dashboard-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-default-service-account-used.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-legacy-abac-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-legacy-metadata-endpoints-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-node-auto-repair-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-node-auto-upgrade-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-node-container-optimized-os-not-used.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-node-integrity-monitoring-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-node-secure-boot-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-private-nodes-disabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kubernetesengine-scopes-not-limited.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"networkpolicy-unrestricted-cluster-network-access.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"networkpolicy-unrestricted-cluster-network-egress.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"networkpolicy-unrestricted-cluster-network-ingress.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-helm-tiller-in-use.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"pod-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"pod-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"podtemplate-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"podtemplate-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rbac-dangerous-grants.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rbac-dodgy-subjects.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"rbac-permissive-bindings.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"replicaset-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"replicaset-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"service-helm-tiller-in-use.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"serviceaccount-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-apparmor-annotation-missing.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-automounted-service-account-token.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-container-ability-to-modify-root-filesystem.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-container-allowing-privilege-escalation.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-container-running-as-root-group.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-container-running-as-root-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-container-with-overly-permissive-capabilities.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-container-with-possible-root-privileges.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-host-ipc-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-host-network-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-host-pid-true.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-privileged-container-running.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"statefulset-resources-without-defined-cpu-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-resources-without-defined-limits.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"statefulset-resources-without-defined-memory-limit.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ]\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/services.py",
    "content": "from ScoutSuite.providers.azure.facade.base import AzureFacade\nfrom ScoutSuite.providers.base.services import BaseServicesConfig\nfrom ScoutSuite.providers.gcp.facade.base import GCPFacade\nfrom ScoutSuite.providers.kubernetes.authentication_strategy import ClusterProvider, KubernetesCredentials\nfrom ScoutSuite.providers.kubernetes.facade import KubernetesFacade\nfrom ScoutSuite.providers.kubernetes.resources.aks import AKS\nfrom ScoutSuite.providers.kubernetes.resources.base import KubernetesResources\nfrom ScoutSuite.providers.kubernetes.resources.eks import EKS\nfrom ScoutSuite.providers.kubernetes.resources.gke import GKE\nfrom ScoutSuite.providers.kubernetes.resources.workload import Workload\nfrom ScoutSuite.providers.kubernetes.resources.fake_network_policy import FakeNetworkPolicy\nfrom ScoutSuite.providers.kubernetes.resources.rbac import RBAC\nfrom ScoutSuite.providers.kubernetes.resources.version import KubernetesVersions\nfrom ScoutSuite.providers.kubernetes.utils import format_resource_kind\n\nclass KubernetesServicesConfig(BaseServicesConfig):\n    \"\"\"Object that holds the necessary Kubernetes configuration for all services in scope.\"\"\"\n\n    def __init__(self, credentials: KubernetesCredentials):\n        super().__init__(credentials)\n\n        if credentials.fetch_local: return\n\n        facade = KubernetesFacade(credentials)\n\n        facade.version.get_versions() # this is here to make sure the cluster is up and running\n        self.version = KubernetesVersions(facade)\n\n        core_resources = facade.core.get_resources()\n        for name in core_resources:\n            _resource = core_resources[name]\n            setattr(self, format_resource_kind(name), KubernetesResources(_resource))\n\n        extra_resources = facade.extra.get_resources()\n        for name in extra_resources:\n            _resource = extra_resources[name]\n            setattr(self, format_resource_kind(name), KubernetesResources(_resource))\n\n        self.rbac = RBAC(facade)\n        self.workload = Workload(facade)\n\n        if not hasattr(self, 'network_policy'):\n            self.network_policy = FakeNetworkPolicy(facade)\n\n        if credentials.cluster_provider == ClusterProvider.AKS.value:\n            self.loggingmonitoring = AKS(AzureFacade(credentials.azure))\n        elif credentials.cluster_provider == ClusterProvider.EKS.value:\n            self.eks = EKS(facade)\n        elif credentials.cluster_provider == ClusterProvider.GKE.value:\n            self.kubernetesengine = GKE(GCPFacade(credentials.gcp.default_project_id))\n\n    def _is_provider(self, provider_name):\n        return provider_name == 'kubernetes'"
  },
  {
    "path": "ScoutSuite/providers/kubernetes/utils.py",
    "content": "from re import sub\n\n\ndef format_resource_kind(kind: str):\n    return (kind[0] + sub('([A-Z])', '_\\\\1', kind[1:])).lower()\n\ndef format_api_version(api_version: str):\n    parts = api_version.split('/')\n    if len(parts) < 2:\n        return api_version\n    formatted_version = f'''{parts[1]}-{parts[0]}'''.replace('.', '-')\n    return formatted_version\n\ndef format_resource_name(name: str):\n    if not name: return ''\n    return sub('[^a-zA-Z0-9]', '-', name)\n\ndef format_resource_id(name: str, namespace: str = ''):\n    formatted_id = format_resource_name(name)\n    if namespace:\n        formatted_ns = format_resource_name(namespace)\n        formatted_id = f'--{formatted_ns}--{formatted_id}'\n    return formatted_id"
  },
  {
    "path": "ScoutSuite/providers/oci/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/oci/authentication_strategy.py",
    "content": "import logging\n\nfrom oci.config import from_file\nfrom oci.identity import IdentityClient\n\nfrom ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy, AuthenticationException\n\n\nclass OracleCredentials:\n\n    def __init__(self, config):\n        self.config = config\n\n    def get_scope(self):\n        if 'compartment-id' in self.config:\n            return self.config['compartment-id']\n        else:\n            return self.config['tenancy']\n\n\nclass OracleAuthenticationStrategy(AuthenticationStrategy):\n    \"\"\"\n    Implements authentication for the AWS provider\n    \"\"\"\n\n    def authenticate(self, profile=None, **kwargs):\n\n        try:\n\n            # Set logging level to error for libraries as otherwise generates a lot of warnings\n            logging.getLogger('oci').setLevel(logging.ERROR)\n\n            config = from_file(profile_name=profile)\n\n            # Get the current user\n            identity = IdentityClient(config)\n            identity.get_user(config[\"user\"]).data\n\n            return OracleCredentials(config)\n\n        except Exception as e:\n            raise AuthenticationException(e)\n"
  },
  {
    "path": "ScoutSuite/providers/oci/facade/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/oci/facade/base.py",
    "content": "from ScoutSuite.providers.oci.facade.identity import IdentityFacade\nfrom ScoutSuite.providers.oci.facade.kms import KMSFacade\nfrom ScoutSuite.providers.oci.facade.objectstorage import ObjectStorageFacade\nfrom ScoutSuite.providers.oci.authentication_strategy import OracleCredentials\n\n\nclass OracleFacade:\n    def __init__(self, credentials: OracleCredentials):\n        self._credentials = credentials\n        self._instantiate_facades()\n\n    def _instantiate_facades(self):\n        self.identity = IdentityFacade(self._credentials)\n        self.kms = KMSFacade(self._credentials)\n        self.objectstorage = ObjectStorageFacade(self._credentials)\n"
  },
  {
    "path": "ScoutSuite/providers/oci/facade/identity.py",
    "content": "from oci.identity import IdentityClient\nfrom oci.pagination import list_call_get_all_results\n\nfrom ScoutSuite.providers.oci.authentication_strategy import OracleCredentials\nfrom ScoutSuite.core.console import print_exception\n\nfrom ScoutSuite.providers.utils import run_concurrently\n\n\nclass IdentityFacade:\n    def __init__(self, credentials: OracleCredentials):\n        self._credentials = credentials\n        self._client = IdentityClient(self._credentials.config)\n\n    async def get_users(self):\n        try:\n            response = await run_concurrently(\n                lambda: list_call_get_all_results(self._client.list_users, self._credentials.get_scope()))\n            return response.data\n        except Exception as e:\n            print_exception(f'Failed to retrieve users: {e}')\n            return []\n\n    async def get_user_api_keys(self, user_id):\n        try:\n            response = await run_concurrently(\n                lambda: list_call_get_all_results(self._client.list_api_keys, user_id))\n            return response.data\n        except Exception as e:\n            print_exception(f'Failed to retrieve user api keys: {e}')\n            return []\n\n    async def get_groups(self):\n        try:\n            response = await run_concurrently(\n                lambda: list_call_get_all_results(self._client.list_groups, self._credentials.get_scope()))\n            return response.data\n        except Exception as e:\n            print_exception(f'Failed to retrieve groups: {e}')\n            return []\n\n    async def get_group_users(self, group_id):\n        try:\n            response = await run_concurrently(\n                lambda: list_call_get_all_results(self._client.list_user_group_memberships,\n                                                  self._credentials.get_scope(),\n                                                  group_id=group_id))\n            return response.data\n        except Exception as e:\n            print_exception(f'Failed to retrieve group users: {e}')\n            return []\n\n    async def get_policies(self):\n        try:\n            response = await run_concurrently(\n                lambda: list_call_get_all_results(self._client.list_policies, self._credentials.get_scope()))\n            return response.data\n        except Exception as e:\n            print_exception(f'Failed to retrieve policies: {e}')\n            return None\n\n    async def get_authentication_policy(self):\n        try:\n            response = await run_concurrently(\n                lambda: self._client.get_authentication_policy(self._credentials.config['tenancy']))\n            return response.data\n        except Exception as e:\n            print_exception(f'Failed to retrieve authentication policy: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/oci/facade/kms.py",
    "content": "from oci.key_management import KmsManagementClient, KmsVaultClient\nfrom oci.pagination import list_call_get_all_results\n\nfrom ScoutSuite.core.console import print_exception\nfrom ScoutSuite.providers.oci.authentication_strategy import OracleCredentials\nfrom ScoutSuite.providers.utils import run_concurrently\n\n\nclass KMSFacade:\n    def __init__(self, credentials: OracleCredentials):\n        self._credentials = credentials\n        self._vault_client = KmsVaultClient(self._credentials.config)\n\n    async def get_vaults(self):\n        try:\n            response = await run_concurrently(\n                lambda: list_call_get_all_results(self._vault_client.list_vaults, self._credentials.get_scope()))\n            return response.data\n        except Exception as e:\n            print_exception(f'Failed to get KMS vaults: {e}')\n            return []\n\n    async def get_keys(self, keyvault):\n        try:\n            key_client = KmsManagementClient(self._credentials.config, keyvault['management_endpoint'])\n            response = await run_concurrently(\n                lambda: list_call_get_all_results(key_client.list_keys, self._credentials.get_scope()))\n            return response.data\n        except Exception as e:\n            print_exception(f'Failed to get KMS vaults: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/oci/facade/objectstorage.py",
    "content": "from oci.object_storage import ObjectStorageClient\nfrom ScoutSuite.providers.oci.authentication_strategy import OracleCredentials\nfrom oci.pagination import list_call_get_all_results\n\nfrom ScoutSuite.providers.utils import run_concurrently\nfrom ScoutSuite.core.console import print_exception\n\n\nclass ObjectStorageFacade:\n    def __init__(self, credentials: OracleCredentials):\n        self._credentials = credentials\n        self._client = ObjectStorageClient(self._credentials.config)\n\n    async def get_namespace(self):\n        try:\n            response = await run_concurrently(\n                lambda: list_call_get_all_results(self._client.get_namespace))\n            # for some reason it returns a list of chars instead of a string\n            return ''.join(response.data)\n        except Exception as e:\n            print_exception(f'Failed to get Object Storage namespace: {e}')\n            return None\n\n    async def get_bucket_details(self, namespace, bucket_name):\n        try:\n            response = await run_concurrently(\n                lambda: self._client.get_bucket(namespace, bucket_name)\n            )\n            return response.data\n        except Exception as e:\n            print_exception(f'Failed to get Object Storage bucket details: {e}')\n            return None\n\n    async def get_buckets(self, namespace):\n        try:\n            response = await run_concurrently(\n                lambda: list_call_get_all_results(self._client.list_buckets, namespace, self._credentials.get_scope()))\n            return response.data\n        except Exception as e:\n            print_exception(f'Failed to get Object Storage buckets: {e}')\n            return []\n\n    async def get_bucket_objects(self, namespace, bucket_name):\n        try:\n            response = await run_concurrently(\n                lambda: list_call_get_all_results(self._client.list_objects, namespace, bucket_name))\n            return response.data\n        except Exception as e:\n            print_exception(f'Failed to get Object Storage bucket objects: {e}')\n            return []\n"
  },
  {
    "path": "ScoutSuite/providers/oci/metadata.json",
    "content": "{\n  \"security\": {\n    \"identity\": {\n      \"resources\": {\n        \"users\": {\n          \"cols\": 2,\n          \"path\": \"services.identity.users\"\n        },\n        \"groups\": {\n          \"cols\": 2,\n          \"path\": \"services.identity.groups\"\n        },\n        \"policies\": {\n          \"cols\": 2,\n          \"path\": \"services.identity.policies\"\n        }\n      },\n      \"summaries\": {\n        \"password_policy\": {\n          \"cols\": 1,\n          \"path\": \"services.identity.password_policy\"\n        }\n      }\n    },\n    \"kms\": {\n      \"resources\": {\n        \"keyvaults\": {\n          \"cols\": 2,\n          \"path\": \"services.kms.keyvaults\"\n        }\n      }\n    }\n  },\n  \"storage\": {\n    \"objectstorage\": {\n      \"resources\": {\n        \"buckets\": {\n          \"cols\": 2,\n          \"path\": \"services.objectstorage.buckets\"\n        }\n      }\n    }\n  }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/oci/provider.py",
    "content": "import os\n\nfrom ScoutSuite.providers.oci.services import OracleServicesConfig\nfrom ScoutSuite.providers.base.provider import BaseProvider\n\n\nclass OracleProvider(BaseProvider):\n    \"\"\"\n    Implements provider for Azure\n    \"\"\"\n\n    def __init__(self,\n                 report_dir=None, timestamp=None, services=None, skipped_services=None, **kwargs):\n\n        services = [] if services is None else services\n        skipped_services = [] if skipped_services is None else skipped_services\n\n        self.metadata_path = '%s/metadata.json' % os.path.split(os.path.abspath(__file__))[0]\n\n        self.provider_code = 'oci'\n        self.provider_name = 'Oracle Cloud Infrastructure'\n        self.environment = 'default'\n\n        self.services_config = OracleServicesConfig\n\n        self.credentials = kwargs['credentials']\n        self.account_id = self.credentials.get_scope()\n\n        super().__init__(report_dir, timestamp, services, skipped_services)\n\n    def get_report_name(self):\n        \"\"\"\n        Returns the name of the report using the provider's configuration\n        \"\"\"\n        if self.account_id:\n            return f'oracle-{self.account_id}'\n        else:\n            return 'oracle'\n\n    def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None):\n\n        super().preprocessing()\n\n"
  },
  {
    "path": "ScoutSuite/providers/oci/resources/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/oci/resources/base.py",
    "content": "\"\"\"This module provides implementations for Resources and CompositeResources for OCI.\"\"\"\n\nimport abc\n\nfrom ScoutSuite.providers.base.resources.base import Resources, CompositeResources\n\n\nclass OracleResources(Resources, metaclass=abc.ABCMeta):\n    \"\"\"This is the base class for Aliyun resources.\"\"\"\n\n    pass\n\n\nclass OracleCompositeResources(OracleResources, CompositeResources, metaclass=abc.ABCMeta):\n    \"\"\"This class represents a collection of composite Resources (resources that include nested resources referred as\n    their children). Classes extending OracleCompositeResources have to define a '_children' attribute which consists of\n    a list of tuples describing the children. The tuples are expected to respect the following format:\n    (<child_class>, <child_name>). 'child_name' is used to indicate the name under which the child resources will be\n    stored in the parent object.\n    \"\"\"\n\n    pass\n"
  },
  {
    "path": "ScoutSuite/providers/oci/resources/identity/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/oci/resources/identity/api_keys.py",
    "content": "from ScoutSuite.providers.oci.facade.base import OracleFacade\nfrom ScoutSuite.providers.oci.resources.base import OracleResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass ApiKeys(OracleResources):\n    def __init__(self, facade: OracleFacade, user):\n        super().__init__(facade)\n        self.user = user\n\n    async def fetch_all(self):\n        for raw_user_api_key in await self.facade.identity.get_user_api_keys(user_id=self.user['identifier']):\n            id, api_key = await self._parse_api_key(raw_user_api_key)\n            self[id] = api_key\n\n    async def _parse_api_key(self, raw_api_key):\n        api_key = {}\n        api_key['id'] = get_non_provider_id(raw_api_key.key_id)\n        api_key['identifier'] = raw_api_key.key_id\n        api_key['fingerprint'] = raw_api_key.fingerprint\n        api_key['state'] = raw_api_key.lifecycle_state\n        return api_key['id'], api_key\n"
  },
  {
    "path": "ScoutSuite/providers/oci/resources/identity/authentication_policy.py",
    "content": "from ScoutSuite.providers.oci.resources.base import OracleResources\nfrom ScoutSuite.providers.oci.facade.base import OracleFacade\n\n\nclass PasswordPolicy(OracleResources):\n    def __init__(self, facade: OracleFacade):\n        super().__init__(facade)\n\n    async def fetch_all(self):\n        raw_authentication_policy = await self.facade.identity.get_authentication_policy()\n        if raw_authentication_policy:\n            password_policy = self._parse_authentication_policy(raw_authentication_policy)\n        else:\n            password_policy = {}\n        self.update(password_policy)\n\n    def _parse_authentication_policy(self, raw_authentication_policy):\n        password_policy_dict = {}\n        password_policy_dict['is_username_containment_allowed'] = \\\n            raw_authentication_policy.password_policy.is_username_containment_allowed\n        password_policy_dict['is_uppercase_characters_required'] = \\\n            raw_authentication_policy.password_policy.is_uppercase_characters_required\n        password_policy_dict['is_lowercase_characters_required'] = \\\n            raw_authentication_policy.password_policy.is_lowercase_characters_required\n        password_policy_dict['is_special_characters_required'] = \\\n            raw_authentication_policy.password_policy.is_special_characters_required\n        password_policy_dict['minimum_password_length'] = \\\n            raw_authentication_policy.password_policy.minimum_password_length\n        password_policy_dict['is_numeric_characters_required'] = \\\n            raw_authentication_policy.password_policy.is_numeric_characters_required\n        return password_policy_dict\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/oci/resources/identity/base.py",
    "content": "from ScoutSuite.providers.oci.resources.base import OracleCompositeResources\nfrom ScoutSuite.providers.oci.resources.identity.users import Users\nfrom ScoutSuite.providers.oci.resources.identity.groups import Groups\nfrom ScoutSuite.providers.oci.resources.identity.policies import Policies\nfrom ScoutSuite.providers.oci.resources.identity.authentication_policy import PasswordPolicy\nfrom ScoutSuite.providers.oci.facade.base import OracleFacade\n\n\nclass Identity(OracleCompositeResources):\n    _children = [\n        (Users, 'users'),\n        (Groups, 'groups'),\n        (Policies, 'policies'),\n        (PasswordPolicy, 'password_policy')\n    ]\n\n    def __init__(self, facade: OracleFacade):\n        super().__init__(facade)\n        self.service = 'identity'\n\n    async def fetch_all(self, **kwargs):\n        await self._fetch_children(resource_parent=self)\n\n        # We do not want the report to count the password policies as resources,\n        # they aren't really resources.\n        self['password_policy_count'] = 0\n\n    async def finalize(self):\n        self._match_users_and_groups()\n        self._set_user_names_to_group_members()\n        return\n\n    def _match_users_and_groups(self):\n        \"\"\"\n        Parses the users and groups to match\n        :return: None\n        \"\"\"\n        for user in self['users']:\n            self['users'][user]['groups'] = []\n            for group in self['groups']:\n                if any(u['user_identifier'] == self['users'][user]['identifier'] for u in self['groups'][group]['users']):\n                    self['users'][user]['groups'].append(self['groups'][group])\n\n    def _set_user_names_to_group_members(self):\n        \"\"\"\n        Parses the users and groups to match user names\n        :return: None\n        \"\"\"\n        for group in self['groups']:\n            for user in self['groups'][group]['users']:\n                user['user_name'] = self['users'][user['user_id']]['name']\n\n\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/oci/resources/identity/groups.py",
    "content": "from ScoutSuite.providers.oci.resources.base import OracleResources\nfrom ScoutSuite.providers.oci.facade.base import OracleFacade\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Groups(OracleResources):\n    def __init__(self, facade: OracleFacade):\n        super().__init__(facade)\n\n    async def fetch_all(self):\n        for raw_group in await self.facade.identity.get_groups():\n            id, group = await self._parse_group(raw_group)\n            self[id] = group\n\n    async def _parse_group(self, raw_group):\n        group_dict = {}\n        group_dict['identifier'] = raw_group.id\n        group_dict['id'] = get_non_provider_id(raw_group.id)\n        group_dict['name'] = raw_group.name\n        group_dict['lifecycle_state'] = raw_group.lifecycle_state\n        group_dict['inactive_status'] = raw_group.inactive_status\n        group_dict['description'] = raw_group.description\n        group_dict['compartment_id'] = raw_group.compartment_id\n        group_dict['time_created'] = raw_group.time_created\n        group_dict['defined_tags'] = list(raw_group.defined_tags)\n        group_dict['freeform_tags'] = list(raw_group.freeform_tags)\n\n        members = await self.facade.identity.get_group_users(group_dict['identifier'])\n        group_dict['users'] = []\n        for member in members:\n            member_dict = {}\n            member_dict['user_identifier'] = member.user_id\n            member_dict['user_id'] = get_non_provider_id(member.user_id)\n            member_dict['membership_id'] = member.id\n            member_dict['group_id'] = member.group_id\n            member_dict['lifecycle_state'] = member.lifecycle_state\n            member_dict['inactive_status'] = member.inactive_status\n            member_dict['compartment_id'] = member.compartment_id\n            member_dict['time_created'] = member.time_created\n            group_dict['users'].append(member_dict)\n\n        return group_dict['id'], group_dict\n\n\n\n"
  },
  {
    "path": "ScoutSuite/providers/oci/resources/identity/policies.py",
    "content": "from ScoutSuite.providers.oci.facade.base import OracleFacade\nfrom ScoutSuite.providers.oci.resources.base import OracleResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Policies(OracleResources):\n    def __init__(self, facade: OracleFacade):\n        super().__init__(facade)\n\n    async def fetch_all(self):\n        for raw_policy in await self.facade.identity.get_policies():\n            id, policy = await self._parse_policy(raw_policy)\n            self[id] = policy\n\n    async def _parse_policy(self, raw_policy):\n        policy = {}\n        policy['id'] = get_non_provider_id(raw_policy.id)\n        policy['identifier'] = raw_policy.id\n        policy['name'] = raw_policy.name\n        policy['description'] = raw_policy.description\n        policy['statements'] = [s.lower() for s in raw_policy.statements]\n        policy['state'] = raw_policy.lifecycle_state\n        return policy['id'], policy\n"
  },
  {
    "path": "ScoutSuite/providers/oci/resources/identity/users.py",
    "content": "from ScoutSuite.providers.oci.resources.base import OracleCompositeResources\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\nfrom .api_keys import ApiKeys\n\n\nclass Users(OracleCompositeResources):\n    _children = [\n        (ApiKeys, 'api_keys')\n    ]\n\n    async def fetch_all(self):\n        for raw_user in await self.facade.identity.get_users():\n            id, user = await self._parse_user(raw_user)\n            self[id] = user\n\n        await self._fetch_children_of_all_resources(\n            resources=self,\n            scopes={user_id: {'user': user}\n                    for user_id, user in self.items()}\n        )\n\n    async def _parse_user(self, raw_user):\n        user = {}\n        user['identifier'] = raw_user.id\n        user['id'] = get_non_provider_id(raw_user.id)\n        user['name'] = raw_user.name\n        user['identifier'] = raw_user.id\n        user['mfa_activated'] = raw_user.is_mfa_activated\n        return user['id'], user\n"
  },
  {
    "path": "ScoutSuite/providers/oci/resources/kms/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/oci/resources/kms/base.py",
    "content": "from ScoutSuite.providers.oci.facade.base import OracleFacade\nfrom ScoutSuite.providers.oci.resources.base import OracleCompositeResources\nfrom ScoutSuite.providers.oci.resources.kms.keyvaults import KeyVaults\n\n\nclass KMS(OracleCompositeResources):\n    _children = [\n        (KeyVaults, 'keyvaults')\n    ]\n\n    def __init__(self, facade: OracleFacade):\n        super().__init__(facade)\n        self.service = 'kms'\n\n    async def fetch_all(self, **kwargs):\n        await self._fetch_children(resource_parent=self)\n"
  },
  {
    "path": "ScoutSuite/providers/oci/resources/kms/keys.py",
    "content": "from ScoutSuite.providers.oci.resources.base import OracleResources\nfrom ScoutSuite.providers.oci.facade.base import OracleFacade\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass Keys(OracleResources):\n    def __init__(self, facade: OracleFacade, keyvault):\n        super().__init__(facade)\n        self.key_vault = keyvault\n\n    async def fetch_all(self):\n\n        for raw_key in await self.facade.kms.get_keys(self.key_vault):\n            id, key = await self._parse_key(raw_key)\n            self[id] = key\n\n    async def _parse_key(self, raw_key):\n        key_dict = {}\n        key_dict['id'] = get_non_provider_id(raw_key.id)\n        key_dict['identifier'] = raw_key.id\n        key_dict['name'] = raw_key.display_name\n        key_dict['vault_id'] = raw_key.vault_id\n        key_dict['lifecycle_state'] = raw_key.lifecycle_state\n        key_dict['compartment_id'] = raw_key.compartment_id\n        key_dict['time_created'] = raw_key.time_created\n        key_dict['defined_tags'] = list(raw_key.defined_tags)\n        key_dict['freeform_tags'] = list(raw_key.freeform_tags)\n        return key_dict['id'], key_dict\n"
  },
  {
    "path": "ScoutSuite/providers/oci/resources/kms/keyvaults.py",
    "content": "from ScoutSuite.providers.oci.facade.base import OracleFacade\nfrom ScoutSuite.providers.oci.resources.base import OracleCompositeResources\nfrom ScoutSuite.providers.oci.resources.kms.keys import Keys\nfrom ScoutSuite.providers.utils import get_non_provider_id\n\n\nclass KeyVaults(OracleCompositeResources):\n\n    _children = [\n        (Keys, 'keys')\n    ]\n\n    def __init__(self, facade: OracleFacade):\n        super().__init__(facade)\n\n    async def fetch_all(self):\n        raw_keyvaults = await self.facade.kms.get_vaults()\n        for raw_keyvault in raw_keyvaults:\n            id, keyvault = self._parse_keyvault(raw_keyvault)\n            self[id] = keyvault\n\n        await self._fetch_children_of_all_resources(\n            resources=self,\n            scopes={keyvault_id: {'keyvault': keyvault}\n                    for keyvault_id, keyvault in self.items()}\n        )\n\n\n    def _parse_keyvault(self, raw_keyvault):\n        keyvault_dict = {}\n        keyvault_dict['id'] = get_non_provider_id(raw_keyvault.id)\n        keyvault_dict['identifier'] = raw_keyvault.id\n        keyvault_dict['name'] = raw_keyvault.display_name\n        keyvault_dict['compartment_id'] = raw_keyvault.compartment_id\n        keyvault_dict['lifecycle_state'] = raw_keyvault.lifecycle_state\n        keyvault_dict['crypto_endpoint'] = raw_keyvault.crypto_endpoint\n        keyvault_dict['time_created'] = raw_keyvault.time_created\n        keyvault_dict['vault_type'] = raw_keyvault.vault_type\n        keyvault_dict['management_endpoint'] = raw_keyvault.management_endpoint\n        keyvault_dict['defined_tags'] = list(raw_keyvault.defined_tags)\n        keyvault_dict['freeform_tags'] = list(raw_keyvault.freeform_tags)\n        return keyvault_dict['id'], keyvault_dict\n"
  },
  {
    "path": "ScoutSuite/providers/oci/resources/objectstorage/__init__.py",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/oci/resources/objectstorage/base.py",
    "content": "from ScoutSuite.providers.oci.facade.base import OracleFacade\nfrom ScoutSuite.providers.oci.resources.base import OracleCompositeResources\nfrom ScoutSuite.providers.oci.resources.objectstorage.buckets import Buckets\n\n\nclass ObjectStorage(OracleCompositeResources):\n    _children = [\n        (Buckets, 'buckets')\n    ]\n\n    def __init__(self, facade: OracleFacade):\n        super().__init__(facade)\n        self.service = 'objectstorage'\n\n    async def fetch_all(self, **kwargs):\n        await self._fetch_children(resource_parent=self)\n"
  },
  {
    "path": "ScoutSuite/providers/oci/resources/objectstorage/buckets.py",
    "content": "from ScoutSuite.providers.oci.resources.base import OracleResources\nfrom ScoutSuite.providers.oci.facade.base import OracleFacade\n\n\nclass Buckets(OracleResources):\n    def __init__(self, facade: OracleFacade):\n        super().__init__(facade)\n\n    async def fetch_all(self):\n\n        namespace = await self.facade.objectstorage.get_namespace()\n\n        for raw_bucket in await self.facade.objectstorage.get_buckets(namespace):\n            id, bucket = await self._parse_bucket(raw_bucket)\n            self[id] = bucket\n\n    async def _parse_bucket(self, raw_bucket):\n        bucket_dict = {}\n\n        bucket_dict['id'] = bucket_dict['name'] = raw_bucket.name\n        bucket_dict['compartment_id'] = raw_bucket.compartment_id\n        bucket_dict['namespace'] = raw_bucket.namespace\n        bucket_dict['created_by'] = raw_bucket.created_by\n        bucket_dict['etag'] = raw_bucket.etag\n        bucket_dict['freeform_tags'] = list(raw_bucket.freeform_tags) if raw_bucket.freeform_tags else []\n        bucket_dict['defined_tags'] = list(raw_bucket.defined_tags) if raw_bucket.defined_tags else []\n\n        raw_bucket_details = await self.facade.objectstorage.get_bucket_details(raw_bucket.namespace,\n                                                                                raw_bucket.name)\n\n        bucket_dict['kms_key_id'] = raw_bucket_details.kms_key_id if raw_bucket_details else None\n        bucket_dict['approximate_count'] = raw_bucket_details.approximate_count if raw_bucket_details else None\n        bucket_dict['time_created'] = raw_bucket_details.time_created if raw_bucket_details else None\n        bucket_dict['public_access_type'] = raw_bucket_details.public_access_type if raw_bucket_details else None\n        bucket_dict['approximate_size'] = raw_bucket_details.approximate_size if raw_bucket_details else None\n        bucket_dict['storage_tier'] = raw_bucket_details.storage_tier if raw_bucket_details else None\n        bucket_dict['metadata'] = list(raw_bucket_details.metadata) if raw_bucket_details else None\n        bucket_dict['object_lifecycle_policy_etag'] = raw_bucket_details.object_lifecycle_policy_etag if \\\n            raw_bucket_details else None\n\n        # objects = await self.facade.objectstorage.get_bucket_objects(bucket_dict['namespace'],\n        #                                                              bucket_dict['name'])\n\n        return bucket_dict['id'], bucket_dict\n\n"
  },
  {
    "path": "ScoutSuite/providers/oci/rules/filters/.keep",
    "content": ""
  },
  {
    "path": "ScoutSuite/providers/oci/rules/findings/identity-password-policy-minimum-length.json",
    "content": "{\n    \"description\": \"Minimum Password Length Too Short\",\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"identity.password_policy.minimum_password_length\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"lessThan\",\n            \"_ARG_0_\"\n        ]\n    ],\n    \"arg_names\": [\n        \"Minimum password length\"\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/oci/rules/findings/identity-password-policy-no-lowercase-required.json",
    "content": "{\n    \"description\": \"Password Policy Lacks Lowercase Requirement\",\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"identity.password_policy.is_lowercase_characters_required\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/oci/rules/findings/identity-password-policy-no-number-required.json",
    "content": "{\n    \"description\": \"Password Policy Lacks Number Requirement\",\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"identity.password_policy.is_numeric_characters_required\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/oci/rules/findings/identity-password-policy-no-symbol-required.json",
    "content": "{\n    \"description\": \"Password Policy Lacks Symbol Requirement\",\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"identity.password_policy.is_special_characters_required\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/oci/rules/findings/identity-password-policy-no-uppercase-required.json",
    "content": "{\n    \"description\": \"Password Policy Lacks Uppercase Requirement\",\n    \"dashboard_name\": \"Password policy\",\n    \"path\": \"identity.password_policy.is_uppercase_characters_required\",\n    \"conditions\": [\n        \"or\",\n        [\n            \"this\",\n            \"false\",\n            \"\"\n        ]\n    ]\n}"
  },
  {
    "path": "ScoutSuite/providers/oci/rules/findings/identity-policy-affects-user.json",
    "content": "{\n    \"description\": \"Policy Affects User\",\n    \"rationale\": \"Policies should apply to services and groups, not directly to users.\",\n    \"dashboard_name\": \"Policies\",\n    \"display_path\": \"identity.policies.id\",\n    \"path\": \"identity.policies.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"identity.policies.id.statements\",\n            \"containString\",\n            \"any-user\"\n        ]\n    ],\n    \"id_suffix\": \"statements\"\n}"
  },
  {
    "path": "ScoutSuite/providers/oci/rules/findings/identity-user-with-multiple-api-keys.json",
    "content": "{\n    \"description\": \"User with Multiple API Keys\",\n    \"rationale\": \"It is recommended for users to only have one access key.\",\n    \"dashboard_name\": \"Users\",\n    \"path\": \"identity.users.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"identity.users.id.api_keys\",\n            \"lengthMoreThan\",\n            \"1\"\n        ]\n    ],\n    \"id_suffix\": \"multiple_api_keys\"\n}"
  },
  {
    "path": "ScoutSuite/providers/oci/rules/findings/kms-no-key-rotation.json",
    "content": "{\n    \"description\": \"KMS Keys Are Not Being Rotated\",\n    \"rationale\": \"Keys should be routinely rotated to prevent usage of compromised keys.\",\n    \"dashboard_name\": \"Keys\",\n    \"display_path\": \"kms.keyvaults.id\",\n    \"path\": \"kms.keyvaults.id.keys.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"kms.keyvaults.id.keys.id.lifecycle_state\",\n            \"equal\",\n            \"ENABLED\"\n        ],\n        [\n            \"kms.keyvaults.id.keys.id.time_created\",\n            \"olderThan\",\n            [\n                \"_ARG_0_\",\n                \"days\"\n            ]\n        ]\n    ],\n    \"id_suffix\": \"time_created\"\n}"
  },
  {
    "path": "ScoutSuite/providers/oci/rules/findings/objectstorage-bucket-lacking-kms-encryption.json",
    "content": "{\n    \"description\": \"Buckets Lacking KMS Encryption\",\n    \"rationale\": \"Buckets should be configured with KMS keys to ensure fine-grained control over data at rest.\",\n    \"dashboard_name\": \"Buckets\",\n    \"path\": \"objectstorage.buckets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"objectstorage.buckets.id.kms_key_id\",\n            \"null\",\n            \"\"\n        ]\n    ],\n    \"id_suffix\": \"kms_key_id\"\n}"
  },
  {
    "path": "ScoutSuite/providers/oci/rules/findings/objectstorage-public-bucket.json",
    "content": "{\n    \"description\": \"Public Buckets\",\n    \"rationale\": \"Buckets should be private unless intended.\",\n    \"dashboard_name\": \"Buckets\",\n    \"path\": \"objectstorage.buckets.id\",\n    \"conditions\": [\n        \"and\",\n        [\n            \"objectstorage.buckets.id.public_access_type\",\n            \"notEqual\",\n            \"NoPublicAccess\"\n        ]\n    ],\n    \"id_suffix\": \"public_access_type\"\n}"
  },
  {
    "path": "ScoutSuite/providers/oci/rules/rulesets/default.json",
    "content": "{\n    \"about\": \"Default ruleset for Oracle Cloud Infrastructure.\",\n    \"rules\": {\n        \"identity-password-policy-minimum-length.json\": [\n            {\n                \"args\": [\n                    \"8\"\n                ],\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"identity-password-policy-no-lowercase-required.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"identity-password-policy-no-number-required.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"identity-password-policy-no-symbol-required.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"identity-password-policy-no-uppercase-required.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ],\n        \"identity-policy-affects-user.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"identity-user-with-multiple-api-keys.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"kms-no-key-rotation.json\": [\n            {\n                \"args\": [\n                    \"90\"\n                ],\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"objectstorage-bucket-lacking-kms-encryption.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"warning\"\n            }\n        ],\n        \"objectstorage-public-bucket.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ]\n    }\n}\n"
  },
  {
    "path": "ScoutSuite/providers/oci/rules/rulesets/filters.json",
    "content": "{\n    \"about\": \"Default set of filters for Scout\",\n    \"rules\": {}\n}\n"
  },
  {
    "path": "ScoutSuite/providers/oci/services.py",
    "content": "from ScoutSuite.providers.oci.authentication_strategy import OracleCredentials\nfrom ScoutSuite.providers.oci.facade.base import OracleFacade\nfrom ScoutSuite.providers.oci.resources.identity.base import Identity\nfrom ScoutSuite.providers.oci.resources.kms.base import KMS\nfrom ScoutSuite.providers.oci.resources.objectstorage.base import ObjectStorage\nfrom ScoutSuite.providers.base.services import BaseServicesConfig\n\n\nclass OracleServicesConfig(BaseServicesConfig):\n    def __init__(self, credentials: OracleCredentials = None, **kwargs):\n        super().__init__(credentials)\n\n        facade = OracleFacade(credentials)\n\n        self.identity = Identity(facade)\n        self.objectstorage = ObjectStorage(facade)\n        self.kms = KMS(facade)\n\n    def _is_provider(self, provider_name):\n        return provider_name == 'oci'\n"
  },
  {
    "path": "ScoutSuite/providers/oci/utils.py",
    "content": "from oci.identity import IdentityClient\n\nfrom ScoutSuite.core.console import print_exception\n\n\ndef oracle_connect_service(service, credentials, region_name=None):\n    try:\n        if service == 'identity':\n            return IdentityClient(credentials.config)\n        else:\n            print_exception('Service %s not supported' % service)\n            return None\n\n    except Exception as e:\n        print_exception(e)\n        return None\n"
  },
  {
    "path": "ScoutSuite/providers/utils.py",
    "content": "import asyncio\nimport inspect\nimport re\nfrom hashlib import sha1\n\nfrom ScoutSuite.core.console import print_info, print_warning\nfrom ScoutSuite.providers.aws.utils import is_throttled as aws_is_throttled\nfrom ScoutSuite.providers.gcp.utils import is_throttled as gcp_is_throttled\n\n\ndef get_non_provider_id(name):\n    \"\"\"\n    Not all resources have an ID and some services allow the use of \".\" in names, which breaks Scout's\n    recursion scheme if name is used as an ID. Use SHA1(name) instead.\n\n    :param name:                    Name of the resource to\n    :return:                        SHA1(name)\n    \"\"\"\n    name_hash = sha1()\n    name_hash.update(name.encode('utf-8'))\n    return f'scoutid-{name_hash.hexdigest()}'\n\n\nasync def run_concurrently(function, backoff_seconds=15):\n    try:\n        async with asyncio.get_event_loop().throttler:\n            return await run_function_concurrently(function)\n    except Exception as e:\n        raise\n        \"\"\"\n        Commented out so this does not trigger errors from is_throttled, which is not fully implemented\n        # Determine whether the exception is due to API throttling\n        if is_throttled(e):\n            source_file = inspect.getsourcefile(function)\n            source_file_line = inspect.getsourcelines(function)[1]\n            print_warning(f'Hitting API rate limiting ({\"/\".join(source_file.split(\"/\")[-2:])} L{source_file_line}), will retry in {backoff_seconds}s')\n            await asyncio.sleep(backoff_seconds)\n            return await run_concurrently(function, backoff_seconds + 15)\n        else:\n            raise\n        \"\"\"\n\n\ndef run_function_concurrently(function):\n    \"\"\"\n    Schedules the execution of function `function` in the default thread pool (referred as 'executor') that has been\n    associated with the global event loop.\n\n    :param function: function to be executed concurrently, in a dedicated thread.\n    :return: an asyncio.Future to be awaited.\n    \"\"\"\n\n    return asyncio.get_event_loop().run_in_executor(executor=None, func=function)\n\n\nasync def get_and_set_concurrently(get_and_set_funcs: [], entities: [], **kwargs):\n    \"\"\"\n    Given a list of get_and_set_* functions (ex: get_and_set_description, get_and_set_attributes,\n    get_and_set_policy, etc.) and a list of entities (ex: stacks, keys, load balancers, vpcs, etc.),\n    get_and_set_concurrently will call each of these functions concurrently on each entity.\n\n    :param get_and_set_funcs: list of functions that takes a region and an entity (they must have the following\n    signature: region: str, entity: {}) and then fetch and set some kind of attributes to this entity.\n    :param entities: list of a same kind of entities\n    :param kwargs: used to pass cloud provider specific parameters (ex: region or vpc for AWS, etc.) to the given\n    functions.\n\n    :return:\n    \"\"\"\n\n    if len(entities) == 0:\n        return\n\n    tasks = {\n        asyncio.ensure_future(\n            get_and_set_func(entity, **kwargs)\n        ) for entity in entities for get_and_set_func in get_and_set_funcs\n    }\n    await asyncio.wait(tasks)\n\n\nasync def map_concurrently(coroutine, entities, **kwargs):\n    \"\"\"\n    Given a list of entities, executes coroutine `coroutine` concurrently on each entity and returns a list of the\n    obtained results ([await coroutine(entity_x), await coroutine(entity_a), ..., await coroutine(entity_z)]).\n\n    :param coroutine: coroutine to be executed concurrently. Takes an entity as parameter and returns a new entity.\n    If the given coroutine does some exception handling, it should ensure to propagate the handled exceptions so\n    `map_concurrently` can handle them as well (in particular ignoring them) to avoid `None` values in the list\n    returned.\n    :param entities: a list of the same type of entity (ex: cluster ids)\n\n    :return: a list of new entities (ex: clusters)\n    \"\"\"\n\n    if len(entities) == 0:\n        return []\n\n    results = []\n\n    tasks = {\n        asyncio.ensure_future(\n            coroutine(entity, **kwargs)\n        ) for entity in entities\n    }\n\n    for task in asyncio.as_completed(tasks):\n        try:\n            result = await task\n        except Exception:\n            pass\n        else:\n            results.append(result)\n\n    return results\n\n\ndef is_throttled(exception):\n    \"\"\"\n    Function that tries to determine if an exception was caused by throttling\n    TODO - this implementation is incomplete\n    \"\"\"\n\n    if hasattr(exception, 'message') and \\\n            ('Google Cloud' in exception.message or\n             '404' in exception.message or\n             'projects/' in exception.message):\n        return False\n    else:\n        return aws_is_throttled(exception) or gcp_is_throttled(exception)\n\n\nsecret_patterns = {\n    \"AWS key\":\n        re.compile(\"(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}\"),\n    \"Adobe Client ID (Oauth Web)\":\n        re.compile(\"(adobe[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32})['\\\"]\"),\n    \"Adobe Client Secret\":\n        re.compile(\"(?i)(p8e-)[a-z0-9]{32}\"),\n    \"Alibaba AccessKey ID\":\n        re.compile(\"(?i)(LTAI)[a-z0-9]{20}\"),\n    \"Alibaba Secret Key\":\n        re.compile(\"(alibaba[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{30})['\\\"]\"),\n    \"Asana Client ID\":\n        re.compile(\"(asana[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([0-9]{16})['\\\"]\"),\n    \"Asana Client Secret\":\n        re.compile(\"(asana[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{32})['\\\"]\"),\n    \"Atlassian API token\":\n        re.compile(\"(atlassian[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{24})['\\\"]\"),\n    \"Beamer API token\":\n        re.compile(\"(beamer[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](b_[a-z0-9=_\\-]{44})['\\\"]\"),\n    \"Bitbucket client ID\":\n        re.compile(\"(bitbucket[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{32})['\\\"]\"),\n    \"Bitbucket client secret\":\n        re.compile(\"(bitbucket[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9_\\-]{64})['\\\"]\"),\n    \"Clojars API token\":\n        re.compile(\"(?i)(CLOJARS_)[a-z0-9]{60}\"),\n    \"Contentful delivery API token\":\n        re.compile(\"(contentful[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9\\-=_]{43})['\\\"]\"),\n    \"Databricks API token\":\n        re.compile(\"dapi[a-h0-9]{32}\"),\n    \"Discord API key\":\n        re.compile(\"(discord[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{64})['\\\"]\"),\n    \"Discord client ID\":\n        re.compile(\"(discord[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([0-9]{18})['\\\"]\"),\n    \"Discord client secret\":\n        re.compile(\"(discord[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9=_\\-]{32})['\\\"]\"),\n    \"Doppler API token\":\n        re.compile(\"(?i)['\\\"](dp\\.pt\\.)[a-z0-9]{43}['\\\"]\"),\n    \"Dropbox API secret/key\":\n        re.compile(\"(dropbox[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{15})['\\\"]\"),\n    \"Dropbox long lived API token\":\n        re.compile(\n            \"(dropbox[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"][a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\\-_=]{43}['\\\"]\"),\n    \"Dropbox short lived API token\":\n        re.compile(\n            \"(dropbox[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](sl\\.[a-z0-9\\-=_]{135})['\\\"]\"),\n    \"Duffel API token\":\n        re.compile(\"(?i)['\\\"]duffel_(test|live)_[a-z0-9_-]{43}['\\\"]\"),\n    \"Dynatrace API token\":\n        re.compile(\"(?i)['\\\"]dt0c01\\.[a-z0-9]{24}\\.[a-z0-9]{64}['\\\"]\"),\n    \"EasyPost API token\":\n        re.compile(\"(?i)['\\\"]EZAK[a-z0-9]{54}['\\\"]\"),\n    \"EasyPost test API token\":\n        re.compile(\"(?i)['\\\"]EZTK[a-z0-9]{54}['\\\"]\"),\n    \"Fastly API token\":\n        re.compile(\"(fastly[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9\\-=_]{32})['\\\"]\"),\n    \"Finicity API token\":\n        re.compile(\"(finicity[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32})['\\\"]\"),\n    \"Finicity client secret\":\n        re.compile(\"(finicity[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{20})['\\\"]\"),\n    \"Flutterwave encrypted key\":\n        re.compile(\"FLWSECK_TEST[a-h0-9]{12}\"),\n    \"Flutterwave public key\":\n        re.compile(\"(?i)FLWPUBK_TEST-[a-h0-9]{32}-X\"),\n    \"Flutterwave secret key\":\n        re.compile(\"(?i)FLWSECK_TEST-[a-h0-9]{32}-X\"),\n    \"Frame.io API token\":\n        re.compile(\"(?i)fio-u-[a-z0-9\\-_=]{64}\"),\n    \"Generic API Key\":\n        re.compile(\n            \"((key|api[^Version]|token|secret|password)[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([0-9a-zA-Z\\-_=]{8,64})['\\\"]\"),\n    \"Generic Password\":\n        re.compile(\"password\"),\n    \"Generic Secret\":\n        re.compile(\"secret\"),\n    \"GitHub App Token\":\n        re.compile(\"(ghu|ghs)_[0-9a-zA-Z]{36}\"),\n    \"GitHub OAuth Access Token\":\n        re.compile(\"gho_[0-9a-zA-Z]{36}\"),\n    \"GitHub Personal Access Token\":\n        re.compile(\"ghp_[0-9a-zA-Z]{36}\"),\n    \"GitHub Refresh Token\":\n        re.compile(\"ghr_[0-9a-zA-Z]{76}\"),\n    \"GitLab Personal Access Token\":\n        re.compile(\"glpat-[0-9a-zA-Z\\-\\_]{20}\"),\n    \"GoCardless API token\":\n        re.compile(\"(?i)['\\\"]live_[a-z0-9\\-_=]{40}['\\\"]\"),\n    \"Google (GCP) Service-account\":\n        re.compile(\"\\\"type\\\": \\\"service_account\\\"\"),\n    \"Grafana API token\":\n        re.compile(\"(?i)['\\\"]eyJrIjoi[a-z0-9\\-_=]{72,92}['\\\"]\"),\n    \"HashiCorp Terraform user/org API token\":\n        re.compile(\"(?i)['\\\"][a-z0-9]{14}\\.atlasv1\\.[a-z0-9\\-_=]{60,70}['\\\"]\"),\n    \"Heroku API Key\":\n        re.compile(\n            \"(heroku[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})['\\\"]\"),\n    \"Intercom API token\":\n        re.compile(\"(intercom[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9=_]{60})['\\\"]\"),\n    \"Intercom client secret/ID\":\n        re.compile(\n            \"(intercom[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\\\"]\"),\n    \"Ionic API token\":\n        re.compile(\"(ionic[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](ion_[a-z0-9]{42})['\\\"]\"),\n    \"Linear API token\":\n        re.compile(\"(?i)lin_api_[a-z0-9]{40}\"),\n    \"Linear client secret/ID\":\n        re.compile(\"(linear[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32})['\\\"]\"),\n    \"LinkedIn Client ID\":\n        re.compile(\"(linkedin[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{14})['\\\"]\"),\n    \"LinkedIn Client secret\":\n        re.compile(\"(linkedin[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z]{16})['\\\"]\"),\n    \"Lob API Key\":\n        re.compile(\"(lob[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]((live|test)_[a-f0-9]{35})['\\\"]\"),\n    \"Lob Publishable API Key\":\n        re.compile(\n            \"(lob[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]((test|live)_pub_[a-f0-9]{31})['\\\"]\"),\n    \"Mailchimp API key\":\n        re.compile(\"(mailchimp[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32}-us20)['\\\"]\"),\n    \"Mailgun private API token\":\n        re.compile(\"(mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](key-[a-f0-9]{32})['\\\"]\"),\n    \"Mailgun public validation key\":\n        re.compile(\"(mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](pubkey-[a-f0-9]{32})['\\\"]\"),\n    \"Mailgun webhook signing key\":\n        re.compile(\n            \"(mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})['\\\"]\"),\n    \"MessageBird API token\":\n        re.compile(\"(messagebird[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{25})['\\\"]\"),\n    \"New Relic ingest browser API token\":\n        re.compile(\"['\\\"](NRJS-[a-f0-9]{19})['\\\"]\"),\n    \"New Relic user API ID\":\n        re.compile(\"(newrelic[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([A-Z0-9]{64})['\\\"]\"),\n    \"New Relic user API Key\":\n        re.compile(\"['\\\"](NRAK-[A-Z0-9]{27})['\\\"]\"),\n    \"PGP private key\":\n        re.compile(\"-----BEGIN PGP PRIVATE KEY BLOCK-----\"),\n    \"PKCS8 private key\":\n        re.compile(\"-----BEGIN PRIVATE KEY-----\"),\n    \"PlanetScale API token\":\n        re.compile(\"(?i)pscale_tkn_[a-z0-9\\-_\\.]{43}\"),\n    \"PlanetScale password\":\n        re.compile(\"(?i)pscale_pw_[a-z0-9\\-_\\.]{43}\"),\n    \"Postman API token\":\n        re.compile(\"(?i)PMAK-[a-f0-9]{24}\\-[a-f0-9]{34}\"),\n    \"Pulumi API token\":\n        re.compile(\"pul-[a-f0-9]{40}\"),\n    \"PyPI upload token\":\n        re.compile(\"pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\\-_]{50,1000}\"),\n    \"RSA private key\":\n        re.compile(\"-----BEGIN RSA PRIVATE KEY-----\"),\n    \"Rubygem API token\":\n        re.compile(\"rubygems_[a-f0-9]{48}\"),\n    \"SSH (DSA) private key\":\n        re.compile(\"-----BEGIN DSA PRIVATE KEY-----\"),\n    \"SSH (EC) private key\":\n        re.compile(\"-----BEGIN EC PRIVATE KEY-----\"),\n    \"SSH private key\":\n        re.compile(\"-----BEGIN OPENSSH PRIVATE KEY-----\"),\n    \"SendGrid API token\":\n        re.compile(\"(?i)SG\\.[a-z0-9_\\-\\.]{66}\"),\n    \"Sendinblue API token\":\n        re.compile(\"(?i)xkeysib-[a-f0-9]{64}\\-[a-z0-9]{16}\"),\n    \"Shippo API token\":\n        re.compile(\"shippo_(live|test)_[a-f0-9]{40}\"),\n    \"Shopify access token\":\n        re.compile(\"shpat_[a-fA-F0-9]{32}\"),\n    \"Shopify custom app access token\":\n        re.compile(\"shpca_[a-fA-F0-9]{32}\"),\n    \"Shopify private app access token\":\n        re.compile(\"shppa_[a-fA-F0-9]{32}\"),\n    \"Shopify shared secret\":\n        re.compile(\"shpss_[a-fA-F0-9]{32}\"),\n    \"Slack token\":\n        re.compile(\"xox[baprs]-([0-9a-zA-Z]{10,48})?\"),\n    \"Stripe\":\n        re.compile(\"(sk|pk)_(test|live)_[0-9a-z]{10,32}\"),\n    \"Twitch API token\":\n        re.compile(\"(twitch[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{30})['\\\"]\"),\n    \"Twitter token\":\n        re.compile(\"(twitter[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{35,44})['\\\"]\"),\n    \"Typeform API token\":\n        re.compile(\"(typeform[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}(tfp_[a-z0-9\\-_\\.=]{59})\"),\n    \"npm access token\":\n        re.compile(\"(?i)['\\\"](npm_[a-z0-9]{36})['\\\"]\")\n}\n\n\ndef is_secret(string):\n    \"\"\"\n    Given a string, tries to identify if it includes a secret.\n    :param string: String to evaluate\n    :return: None if no secret identified, otherwise the type of secret\n    \"\"\"\n    for secret_type, secret_regex in secret_patterns.items():\n        if secret_regex.search(string):\n            return f\"{secret_type}: {string}\"\n    return None\n"
  },
  {
    "path": "ScoutSuite/utils.py",
    "content": "from __future__ import print_function\nfrom ScoutSuite import __version__\n\nformatted_provider_name = {\n    'aliyun': 'Aliyun',\n    'aws': 'AWS',\n    'azure': 'Azure',\n    'gcp': 'GCP',\n    'oci': 'OCI',\n    'kubernetes': 'Kubernetes'\n}\n\nformatted_service_name = {\n    # AWS\n    'acm': 'ACM',\n    'cloudformation': 'CloudFormation',\n    'cloudtrail': 'CloudTrail',\n    'cloudwatch': 'CloudWatch',\n    'cloudfront': 'CloudFront',\n    'credentials': 'Credentials',\n    'codebuild': 'CodeBuild',\n    'cognito': 'Cognito',\n    'config': 'Config',\n    'directconnect': 'Direct Connect',\n    'dynamodb': 'DynamoDB',\n    'ecr': 'ECR',\n    'ecs': 'ECS',\n    'elbv2': 'ELBv2',\n    'eks': 'EKS',\n    'elasticache': 'ElastiCache',\n    'guardduty': 'GuardDuty',\n    'lambda': 'Lambda',\n    'awslambda': 'Lambda',\n    'redshift': 'RedShift',\n    'route53': 'Route53',\n    'secretsmanager': 'Secrets Manager',\n    'docdb': 'DocumentDB',\n    'ssm': 'Systems Manager',\n    # Azure\n    'aad': 'Azure Active Directory',\n    'storageaccounts': 'Storage Accounts',\n    'sqldatabase': 'SQL Database',\n    'securitycenter': 'Security Center',\n    'keyvault': 'Key Vault',\n    'appgateway': 'Application Gateway',\n    'rediscache': 'Redis Cache',\n    'network': 'Network',\n    'appservice': 'App Services',\n    'loadbalancer': 'Load Balancer',\n    'virtualmachines': 'Virtual Machines',\n    'postgresqldatabase': 'PostgresSQL Database',\n    'mysqldatabase': 'MySQL Database',\n    'loggingmonitoring': 'Logging Monitoring',\n    # GCP\n    'cloudstorage': 'Cloud Storage',\n    'cloudmemorystore': 'Cloud Memorystore',\n    'memorystore': 'Cloud Memorystore',\n    'cloudsql': 'Cloud SQL',\n    'dns': 'DNS',\n    'stackdriverlogging': 'Stackdriver Logging',\n    'stackdrivermonitoring': 'Stackdriver Monitoring',\n    'computeengine': 'Compute Engine',\n    'kubernetesengine': 'Kubernetes Engine',\n    'functions': 'Cloud Functions',\n    'bigquery': 'BigQuery',\n    # Aliyun\n    'actiontrail': 'ActionTrail',\n    # OCI\n    'identity': 'Identity',\n    'objectstorage': 'Object Storage',\n}\n\n\ndef manage_dictionary(dictionary, key, init, callback=None):\n    \"\"\"\n    :param dictionary:\n    :param key:\n    :param init:\n    :param callback:\n    :return:\n    \"\"\"\n    if not isinstance(dictionary, dict):\n        raise TypeError()\n\n    if str(key) in dictionary:\n        return dictionary\n\n    dictionary[str(key)] = init\n    manage_dictionary(dictionary, key, init)\n    if callback:\n        callback(dictionary[key])\n    return dictionary\n\n\ndef format_provider_code(provider_code):\n    \"\"\"\n    :param provider_code:\n    :return:\n    \"\"\"\n    return formatted_provider_name[provider_code] if provider_code in formatted_provider_name else provider_code.upper()\n\n\ndef format_service_name(service):\n    \"\"\"\n    :param service:\n    :return:\n    \"\"\"\n    return formatted_service_name[service] if service in formatted_service_name else service.upper()\n\n\ndef get_user_agent():\n    return 'Scout Suite/{} (https://github.com/nccgroup/ScoutSuite)'.format(__version__)\n"
  },
  {
    "path": "dev-requirements.txt",
    "content": "-r requirements.txt\nflake8\ncodecov\ncoveralls\nautopep8\npytest>=5.*\npytest-cov\nmypy\n"
  },
  {
    "path": "docker/.dockerignore",
    "content": "README.md\n"
  },
  {
    "path": "docker/Dockerfile-aws",
    "content": "FROM nccgroup/scoutsuite-base:5.13.0-01\n\nLABEL maintainer=\"Jason Ross <algorythm@gmail.com>\"\n\nARG BUILD_DATE\nARG NAME\nARG DESCRIPTION\nARG VCS_REF\nARG VCS_URL\nARG VENDOR\nARG VERSION\nARG IMAGE_NAME\n\nENV DEBIAN_FRONTEND=${DEBIAN_FRONTEND}\nENV TERM=${TERM}\n\n# Build-time metadata as defined at http://label-schema.org\nLABEL \\\n    org.label-schema.schema-version=\"1.0\" \\\n    org.label-schema.build-date=\"${BUILD_DATE}\" \\\n    org.label-schema.name=\"${NAME}\" \\\n    org.label-schema.description=\"${DESCRIPTION}\" \\\n    org.label-schema.vcs-ref=\"${VCS_REF}\" \\\n    org.label-schema.vcs-url=\"${VCS_URL}\" \\\n    org.label-schema.vendor=\"${VENDOR}\" \\\n    org.label-schema.version=\"${VERSION}\" \\\n    org.label.image-name=\"${IMAGE_NAME}\"\n\n# Copy helper scripts to container\nADD bin /root/bin\n\n# Install AWS CLI\nRUN [\"/bin/bash\", \"-c\", \"/root/bin/container-install-aws2.sh\"]\n\n# Remove scripts\nRUN [\"rm\", \"-rf\", \"/root/bin\"]\n\n# Command\nCMD [\"/bin/bash\"]\n"
  },
  {
    "path": "docker/Dockerfile-azure",
    "content": "FROM nccgroup/scoutsuite-base:5.13.0-01\n\nLABEL maintainer=\"Jason Ross <algorythm@gmail.com>\"\n\nARG BUILD_DATE\nARG NAME\nARG DESCRIPTION\nARG VCS_REF\nARG VCS_URL\nARG VENDOR\nARG VERSION\nARG IMAGE_NAME\n\nENV DEBIAN_FRONTEND=${DEBIAN_FRONTEND}\nENV TERM=${TERM}\n\n# Build-time metadata as defined at http://label-schema.org\nLABEL \\\n    org.label-schema.schema-version=\"1.0\" \\\n    org.label-schema.build-date=\"${BUILD_DATE}\" \\\n    org.label-schema.name=\"${NAME}\" \\\n    org.label-schema.description=\"${DESCRIPTION}\" \\\n    org.label-schema.vcs-ref=\"${VCS_REF}\" \\\n    org.label-schema.vcs-url=\"${VCS_URL}\" \\\n    org.label-schema.vendor=\"${VENDOR}\" \\\n    org.label-schema.version=\"${VERSION}\" \\\n    org.label.image-name=\"${IMAGE_NAME}\"\n\n# Copy helper scripts to container\nADD bin /root/bin\n\n# Install Azure CLI\nRUN [\"/bin/bash\", \"-c\", \"/root/bin/container-install-azure.sh\"]\n\n# Remove scripts\nRUN [\"rm\", \"-rf\", \"/root/bin\"]\n\n# Command\nCMD [\"/bin/bash\"]\n"
  },
  {
    "path": "docker/Dockerfile-base",
    "content": "FROM python:3.12\n\nLABEL maintainer=\"Jason Ross <algorythm@gmail.com>\"\n\nARG BUILD_DATE\nARG NAME\nARG DESCRIPTION\nARG VCS_REF\nARG VCS_URL\nARG VENDOR\nARG VERSION\nARG IMAGE_NAME\n\nENV DEBIAN_FRONTEND=${DEBIAN_FRONTEND}\nENV TERM=${TERM}\n\n# Build-time metadata as defined at http://label-schema.org\nLABEL \\\n    org.label-schema.schema-version=\"1.0\" \\\n    org.label-schema.build-date=\"${BUILD_DATE}\" \\\n    org.label-schema.name=\"${NAME}\" \\\n    org.label-schema.description=\"${DESCRIPTION}\" \\\n    org.label-schema.vcs-ref=\"${VCS_REF}\" \\\n    org.label-schema.vcs-url=\"${VCS_URL}\" \\\n    org.label-schema.vendor=\"${VENDOR}\" \\\n    org.label-schema.version=\"${VERSION}\" \\\n    org.label.image-name=\"${IMAGE_NAME}\"\n\n# Copy helper scripts to container\nADD bin /root/bin\n\n# Install required software\nRUN [\"/bin/bash\", \"-c\", \"/root/bin/container-install-prereqs.sh\"]\n\n# Install ScoutSuite\nRUN [\"/bin/bash\", \"-c\", \"/root/bin/container-install-scoutsuite.sh\"]\n\n# Set a nice message\nRUN [\"/bin/bash\", \"-c\", \"/root/bin/container-set-init.sh\"]\n\n# Remove scripts\nRUN [\"rm\", \"-rf\", \"/root/bin\"]\n\n# Command\nCMD [\"/bin/bash\"]\n"
  },
  {
    "path": "docker/Dockerfile-gcp",
    "content": "FROM nccgroup/scoutsuite-base:5.13.0-01\n\nLABEL maintainer=\"Jason Ross <algorythm@gmail.com>\"\n\nARG BUILD_DATE\nARG NAME\nARG DESCRIPTION\nARG VCS_REF\nARG VCS_URL\nARG VENDOR\nARG VERSION\nARG IMAGE_NAME\n\nENV DEBIAN_FRONTEND=${DEBIAN_FRONTEND}\nENV TERM=${TERM}\n\n# Build-time metadata as defined at http://label-schema.org\nLABEL \\\n    org.label-schema.schema-version=\"1.0\" \\\n    org.label-schema.build-date=\"${BUILD_DATE}\" \\\n    org.label-schema.name=\"${NAME}\" \\\n    org.label-schema.description=\"${DESCRIPTION}\" \\\n    org.label-schema.vcs-ref=\"${VCS_REF}\" \\\n    org.label-schema.vcs-url=\"${VCS_URL}\" \\\n    org.label-schema.vendor=\"${VENDOR}\" \\\n    org.label-schema.version=\"${VERSION}\" \\\n    org.label.image-name=\"${IMAGE_NAME}\"\n\n# Copy helper scripts to container\nADD bin /root/bin\n\n# Install gCloud SDK\nRUN [\"/bin/bash\", \"-c\", \"/root/bin/container-install-gcp.sh\"]\n\n# Remove scripts\nRUN [\"rm\", \"-rf\", \"/root/bin\"]\n\n# Command\nCMD [\"/bin/bash\"]\n"
  },
  {
    "path": "docker/README.md",
    "content": "# Docker Image\n\nSee the [wiki entry](https://github.com/nccgroup/ScoutSuite/wiki/Docker-Image)."
  },
  {
    "path": "docker/bin/container-install-aws2.sh",
    "content": "#!/bin/bash\nexport DEBIAN_FRONTEND=noninteractive\n\n# =====================================\n# install the AWS CLI Tools\n# =====================================\n\nWORKDIR=/root\nTMPDIR=/tmp\nAWSDIR=/root/.aws\n\necho -e \"\\n\\nAWS2 CLI Installation Starting...\\n\\n\"\n\n# =====================================\n# install AWS CLI v2\n# =====================================\ncd ${TMPDIR}\ncurl \"https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m).zip\" -o \"awscliv2.zip\"\nunzip awscliv2.zip\n./aws/install --update\n\n# =====================================\n# clean up install artifacts\n# =====================================\nrm ${TMPDIR}/awscliv2.zip\nrm -rf ${TMPDIR}/aws\n\n# =====================================\n# Setup AWS configuration templates\n# =====================================\n\n# if the aws config directory already exists\n# then we do nothing and leave it alone\nif [ ! -d ${AWSDIR} ]; then\nmkdir ${AWSDIR}\n\n# create the config template\ncat <<'EOF' >${AWSDIR}/config\n[default]\nregion = us-east-1\noutput = json\nEOF\n\n# create the credentials template\ncat <<'EOF' >${AWSDIR}/credentials\n[default]\naws_access_key_id = <access-key>\naws_secret_access_key = <secret key>\nEOF\n\nfi\n\n\necho -e \"\\n\\nAWS2 CLI Installation Complete!\\n\\n\"\n"
  },
  {
    "path": "docker/bin/container-install-azure.sh",
    "content": "#!/bin/bash\nexport DEBIAN_FRONTEND=noninteractive\n\n# =====================================\n# install the Azure CLI Tools\n# =====================================\n\nWORKDIR=/root\nTMPDIR=/tmp\ncd ${TMPDIR}\n\necho -e \"\\n\\nAzure CLI Installation Starting...\\n\\n\"\n\n# blackbox pipe a random URL directly to shell\n# why? because MSFT\n#curl -sL https://aka.ms/InstallAzureCLIDeb | bash\n\n# manual process\n\n# add msft gpg key to apt\ncurl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /etc/apt/trusted.gpg.d/microsoft.asc.gpg\n\n# set the right repo name\nCLI_REPO=$(lsb_release -cs)\n\n# add the msft repo to apt\necho \"deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ ${CLI_REPO} main\" \\\n    > /etc/apt/sources.list.d/azure-cli.list\n\n# install the software\napt-get update && apt-get install -y azure-cli\n\n# Repo Azure is not most up to date client, run az upgrade to get latest copy\naz upgrade -y\n\necho -e \"\\n\\nAzure CLI Installation Complete!\\n\\n\"\n"
  },
  {
    "path": "docker/bin/container-install-gcp.sh",
    "content": "#!/bin/bash\nexport DEBIAN_FRONTEND=noninteractive\n\n# =====================================\n# install gCloud SDK CLI Tools\n# =====================================\n\nWORKDIR=/root\nTMPDIR=/tmp\ncd ${TMPDIR}\n\necho -e \"\\n\\ngCloud SDK Installation Starting...\\n\\n\"\n\n# add the gcp repo to apt\necho \"deb [signed-by=/etc/apt/trusted.gpg.d/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main\" > /etc/apt/sources.list.d/google-cloud-sdk.list\n\n# add the gcp pubkey to apt\ncurl https://packages.cloud.google.com./apt/doc/apt-key.gpg > /etc/apt/trusted.gpg.d/cloud.google.gpg\n\n# install the sdk + kubectl + some extra python-related bits\napt-get update && apt-get install -y google-cloud-sdk google-cloud-sdk-app-engine-python google-cloud-sdk-app-engine-python-extras kubectl\n\n# let folks know the install is done\necho -e \"\\n\\ngCloud SDK Installation Complete!\\n\\n\"\n"
  },
  {
    "path": "docker/bin/container-install-prereqs.sh",
    "content": "#!/bin/bash\nexport DEBIAN_FRONTEND=noninteractive\n\n# =====================================\n# install software packages needed for\n# all the other components to run\n# =====================================\n\nWORKDIR=/root\nTMPDIR=/tmp\ncd ${TMPDIR}\n\necho -e \"\\n\\nSoftware Pre-reqs Installation Starting...\\n\\n\"\n\n# =====================================\n# set up the pre-reqs\n# =====================================\napt-get update > /dev/null 2>&1\napt-get install -qy \\\n  apt-transport-https \\\n  apt-utils \\\n  ca-certificates \\\n  cmake \\\n  curl \\\n  dialog \\\n  gnupg \\\n  groff \\\n  jq \\\n  less \\\n  lsb-release \\\n  nano \\\n  # python3 \\\n  # python3-pip \\\n  tzdata \\\n  unzip \\\n  vim \\\n  # virtualenv \\\n  # virtualenvwrapper \\\n  wget\n\necho -e \"\\n\\nSoftware Pre-reqs Installation Complete!\\n\\n\"\n"
  },
  {
    "path": "docker/bin/container-install-scoutsuite.sh",
    "content": "#!/bin/bash\n\n# =====================================\n# install ScoutSuite into a virtual env\n# =====================================\n\nWORKDIR=/root\nTMPDIR=/tmp\n\n# =====================================\n# install ScoutSuite\n# =====================================\ncd ${WORKDIR}\nvirtualenv -p python3 scoutsuite\nsource ${WORKDIR}/scoutsuite/bin/activate\npip install scoutsuite\n\necho -e \"\\n\\nScoutsuite Installation Complete!\\n\\n\"\n"
  },
  {
    "path": "docker/bin/container-set-init.sh",
    "content": "#!/bin/bash\ncat <<'EOF' >> /root/.bashrc\nexport TERM=linux\ncd ${HOME}\nsource ${HOME}/scoutsuite/bin/activate\necho -e \"Welcome to Scoutsuite!\\nYou are already in the Scoutsuite virtual environment, so just type \\`scout\\` to run it!\\n    (for example: \\`scout -h\\` to see the help documentation).\\n\\nHave fun!\\n\\n\"\nEOF\n"
  },
  {
    "path": "docker/build.sh",
    "content": "#!/bin/bash\n\n# vars are stored in .env and config/base.env files\n# note that the FROM used in the Dockerfile files\n# needs to be updated to match the version in the env\n# files in order for anything other than the base image\n# to build correctly.\n# TODO: fix this so that the FROM is set in the Dockerfile\n# automatically by the env vars\n\nSEP1=\"==============================\"\nSEP2=\"------------------------------\"\n\necho -e \"\\n\\n${SEP1}\"\necho -e \"BEGINNING BUILD...\"\n\ncase $1 in\n\n  \"base\")\n    #####################\n    #### BASE IMAGE  ####\n    #####################\n    echo -e \"\\n${SEP2}\\nbuilding base image...\\n\"\n    source ./config/base.env\n\n    BUILD_CMD=\"docker build \\\n    -f Dockerfile-base \\\n    -t ${IMAGE_NAME} \\\n    --build-arg BUILD_DATE=${BUILD_DATE} \\\n    --build-arg NAME=${NAME} \\\n    --build-arg VCS_REF=${VCS_REF} \\\n    --build-arg VCS_URL=${VCS_URL} \\\n    --build-arg VENDOR=${VENDOR} \\\n    --build-arg VERSION=${VERSION} \\\n    --build-arg IMAGE_NAME=${IMAGE_NAME} \\\n    .\"\n\n    echo -e \"\\n\\nbuilding image using:\\n${BUILD_CMD}\"\n    exec ${BUILD_CMD}\n    echo -e \"\\nbase image build complete!\\n${SEP2}\\n\"\n  ;;\n\n  \"aws\")\n    #####################\n    ####  AWS IMAGE  ####\n    #####################\n\n    echo -e \"\\n${SEP2}\\nbuilding aws image...\\n\"\n    source ./config/base.env\n    source ./config/aws.env\n\n    BUILD_CMD=\"docker build \\\n    -f Dockerfile-aws \\\n    -t ${IMAGE_NAME} \\\n    --build-arg BUILD_DATE=${BUILD_DATE} \\\n    --build-arg NAME=${NAME} \\\n    --build-arg VCS_REF=${VCS_REF} \\\n    --build-arg VCS_URL=${VCS_URL} \\\n    --build-arg VENDOR=${VENDOR} \\\n    --build-arg VERSION=${VERSION} \\\n    --build-arg IMAGE_NAME=${IMAGE_NAME} \\\n    .\"\n\n    echo -e \"\\n\\nbuilding image using:\\n${BUILD_CMD}\"\n    exec ${BUILD_CMD}\n    echo -e \"\\naws image build complete!\\n${SEP2}\\n\"\n  ;;\n\n  \"gcp\")\n    #####################\n    ####  GCP IMAGE  ####\n    #####################\n\n    echo -e \"\\n${SEP2}\\nbuilding gcp image...\\n\"\n    source ./config/base.env\n    source ./config/gcp.env\n\n    BUILD_CMD=\"docker build \\\n    -f Dockerfile-gcp \\\n    -t ${IMAGE_NAME} \\\n    --build-arg BUILD_DATE=${BUILD_DATE} \\\n    --build-arg NAME=${NAME} \\\n    --build-arg VCS_REF=${VCS_REF} \\\n    --build-arg VCS_URL=${VCS_URL} \\\n    --build-arg VENDOR=${VENDOR} \\\n    --build-arg VERSION=${VERSION} \\\n    --build-arg IMAGE_NAME=${IMAGE_NAME} \\\n    .\"\n\n    echo -e \"\\n\\nbuilding image using:\\n${BUILD_CMD}\"\n    exec ${BUILD_CMD}\n    echo -e \"\\ngcp image build complete!\\n${SEP2}\\n\"\n  ;;\n\n  \"azure\")\n    #####################\n    #### AZURE IMAGE ####\n    #####################\n    echo -e \"\\n${SEP2}\\nbuilding azure image...\\n\"\n    source ./config/base.env\n    source ./config/azure.env\n\n    BUILD_CMD=\"docker build \\\n    -f Dockerfile-azure \\\n    -t ${IMAGE_NAME} \\\n    --build-arg BUILD_DATE=${BUILD_DATE} \\\n    --build-arg NAME=${NAME} \\\n    --build-arg VCS_REF=${VCS_REF} \\\n    --build-arg VCS_URL=${VCS_URL} \\\n    --build-arg VENDOR=${VENDOR} \\\n    --build-arg VERSION=${VERSION} \\\n    --build-arg IMAGE_NAME=${IMAGE_NAME} \\\n    .\"\n\n    echo -e \"\\n\\nbuilding image using:\\n${BUILD_CMD}\"\n    exec ${BUILD_CMD}\n  ;;\n\n  \"combined\")\n    #####################\n    ## COMBINED IMAGE  ##\n    #####################\n    echo -e \"\\n${SEP2}\\nbuilding combined image...\\n\"\n    source ./config/base.env\n    source ./config/combined.env\n\n    BUILD_CMD=\"docker build \\\n    -f Dockerfile \\\n    -t ${IMAGE_NAME} \\\n    --build-arg BUILD_DATE=${BUILD_DATE} \\\n    --build-arg NAME=${NAME} \\\n    --build-arg VCS_REF=${VCS_REF} \\\n    --build-arg VCS_URL=${VCS_URL} \\\n    --build-arg VENDOR=${VENDOR} \\\n    --build-arg VERSION=${VERSION} \\\n    --build-arg IMAGE_NAME=${IMAGE_NAME} \\\n    .\"\n\n    echo -e \"\\n\\nbuilding image using:\\n${BUILD_CMD}\"\n    exec ${BUILD_CMD}\n    echo -e \"\\nbase image build complete!\\n${SEP2}\\n\"\n  ;;\n\n  \"all\")\n    $0 base\n    $0 aws\n    $0 gcp\n    $0 azure\n  ;;\n\n  *)\n    echo -e \"\\nBUILD TARGET NOT FOUND!\"\n    echo -e \"\\nUSAGE:\\n  $0 [base | aws | gcp | azure | all ]\"\n    echo -e \"${SEP1}\"\n    exit 1\n    # echo -e \"Using default: all\\n\"\n    # $0 all\n  ;;\n\nesac\n\necho -e \"\\n${SEP1}\\nBUILD COMPLETE!...\\n\""
  },
  {
    "path": "docker/config/aws.env",
    "content": "CLOUD='aws'\nIMAGE_NAME=\"${VENDOR}/${NAME}-${CLOUD}:${VERSION}\"\n\n# These are passed in as env vars to the container at runtime\nDEBIAN_FRONTEND=noninteractive\nTERM=linux"
  },
  {
    "path": "docker/config/azure.env",
    "content": "CLOUD='azure'\nIMAGE_NAME=\"${VENDOR}/${NAME}-${CLOUD}:${VERSION}\"\n\n# These are passed in as env vars to the container at runtime\nDEBIAN_FRONTEND=noninteractive\nTERM=linux"
  },
  {
    "path": "docker/config/base.env",
    "content": "VCS_REF=$(git rev-parse --short HEAD)\nVCS_URL='https://github.com/nccgroup/ScoutSuite'\nVERSION='5.13.0-01'\nBUILD_DATE=$(date -u +\"%Y-%m-%dT%H:%M:%SZ\")\nVENDOR='nccgroup'\nNAME='scoutsuite'\nCLOUD='base'\nDESCRIPTION='A ready-to-go NCC Group ScoutSuite container based on Ubuntu.'\nIMAGE_NAME=\"${VENDOR}/${NAME}-${CLOUD}:${VERSION}\"\n\n# These are passed in as env vars to the container at runtime\nDEBIAN_FRONTEND=noninteractive\nTERM=linux\n"
  },
  {
    "path": "docker/config/combined.env",
    "content": "IMAGE_NAME=\"${VENDOR}/${NAME}:${VERSION}\"\n\n# These are passed in as env vars to the container at runtime\nDEBIAN_FRONTEND=noninteractive\nTERM=linux"
  },
  {
    "path": "docker/config/gcp.env",
    "content": "CLOUD='gcp'\nIMAGE_NAME=\"${VENDOR}/${NAME}-${CLOUD}:${VERSION}\"\n\n# These are passed in as env vars to the container at runtime\nDEBIAN_FRONTEND=noninteractive\nTERM=linux"
  },
  {
    "path": "docker/config/ibm.env",
    "content": "CLOUD='ibm'\nIMAGE_NAME=\"${VENDOR}/${NAME}-${CLOUD}:${VERSION}\"\n\n# These are passed in as env vars to the container at runtime\nIBMCLOUD_COLOR=true\nDEBIAN_FRONTEND=noninteractive\nTERM=linux"
  },
  {
    "path": "docker/tag.sh",
    "content": "#!/bin/bash\nsource .env\n#echo ${VERSION}\ndocker tag nccgroup/scoutsuite-aws:${VERSION} rossja/scoutsuite-aws:${VERSION}\ndocker tag nccgroup/scoutsuite-azure:${VERSION} rossja/scoutsuite-azure:${VERSION}\ndocker tag nccgroup/scoutsuite-gcp:${VERSION} rossja/scoutsuite-gcp:${VERSION}\ndocker tag nccgroup/scoutsuite-base:${VERSION} rossja/scoutsuite-base:${VERSION}\n\ndocker tag rossja/scoutsuite-aws:${VERSION} rossja/scoutsuite-aws:latest\ndocker tag rossja/scoutsuite-azure:${VERSION} rossja/scoutsuite-azure:latest\ndocker tag rossja/scoutsuite-gcp:${VERSION} rossja/scoutsuite-gcp:latest\ndocker tag rossja/scoutsuite-base:${VERSION} rossja/scoutsuite-base:latest\n\ndocker push rossja/scoutsuite-aws:${VERSION}\ndocker push rossja/scoutsuite-azure:${VERSION}\ndocker push rossja/scoutsuite-gcp:${VERSION}\ndocker push rossja/scoutsuite-base:${VERSION}\n\ndocker push rossja/scoutsuite-aws:latest\ndocker push rossja/scoutsuite-azure:latest\ndocker push rossja/scoutsuite-gcp:latest\ndocker push rossja/scoutsuite-base:latest\n"
  },
  {
    "path": "pytest.ini",
    "content": "[pytest]\naddopts = --strict-markers\nmarkers =\n    credential: tests that require external credentials\n    cloudwatch: working against real CloudWatch environments\n    profiles: run tests that use specific profiles\n"
  },
  {
    "path": "requirements.txt",
    "content": "# Core\npython-dateutil<2.8.1,>=2.1\nnetaddr>=0.8.0\nsqlitedict>=1.6.0\ncherrypy>=18.1.0\ncherrypy-cors>=1.6\ncoloredlogs<=10.0\nasyncio-throttle==0.1.1\n\n# AWS Provider\nbotocore>=1.20.21\nboto3>=1.9.210\npolicyuniverse>=1.3.2.0\n\n# GCP Provider\ngrpcio>=1.18.0\n## Cloud Libraries\ngoogle-cloud-container>=2.1.0\ngoogle-cloud-core>=0.29.1\ngoogle-cloud-iam>=0.1.0\ngoogle-cloud-logging>=2.2.0\ngoogle-cloud-monitoring==1.1.0\ngoogle-cloud-resource-manager>=0.28.3\ngoogle-cloud-storage>=1.13.2\ngoogle-cloud-kms==1.3.0\n## API Client Libraries\ngoogle-api-python-client>=2.47.0\noauth2client>=4.1.3\n## Necessary since API Client Libraries are not thread-safe\nhttplib2shim>=0.0.3\n\n#for authentication\nazure-identity==1.5.0\n\n## for resources\n\nazure-mgmt-resource==15.0.0\nazure-mgmt-storage==17.0.0\nazure-mgmt-monitor==2.0.0\nazure-mgmt-sql==1.0.0\nazure-mgmt-security==1.0.0\nazure-mgmt-keyvault==8.0.0\nazure-mgmt-network==17.1.0\nazure-mgmt-redis==12.0.0\nazure-mgmt-web==1.0.0\nazure-mgmt-compute==18.2.0\nazure-mgmt-authorization==3.0.0\nazure-mgmt-rdbms==8.0.0\n\nmsgraph-core==0.2.2\n\n# Aliyun / Alibaba Cloud Provider\naliyun-python-sdk-core>=2.13.4\naliyun-python-sdk-ram>=3.0.1\naliyun-python-sdk-ocs>=0.0.4\naliyun-python-sdk-sts>=3.0.1\naliyun-python-sdk-actiontrail>=2.0.0\naliyun-python-sdk-vpc>=3.0.5\naliyun-python-sdk-ecs>=4.16.10\naliyun-python-sdk-rds>=2.3.9\naliyun-python-sdk-kms>=2.6.0\noss2>=2.8.0\n\n# Oracle Cloud Infrastructure Provider\noci>=2.2.4\n\n# Kubernetes SDK\nkubernetes\n\n# DigitalOcean Cloud Provider\npydo >=0.2.0\n"
  },
  {
    "path": "scout.py",
    "content": "#!/usr/bin/env python3\n\nimport sys\n\nfrom ScoutSuite.__main__ import run_from_cli\n\nif __name__ == \"__main__\":\n    sys.exit(run_from_cli())\n"
  },
  {
    "path": "setup.py",
    "content": "#!/usr/bin/env python\n\n# distutils/setuptools install script for Scout Suite\nimport os\nfrom setuptools import setup, find_packages\n\n# Package info\nNAME = 'ScoutSuite'\nROOT = os.path.dirname(__file__)\nVERSION = __import__(NAME).__version__\n\n# Requirements\nrequirements = []\nwith open(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'requirements.txt')) as f:\n    for r in f.readlines():\n        requirements.append(r.strip())\n\n# Setup\nsetup(\n    name=NAME,\n    version=VERSION,\n    description='Scout Suite, a multi-cloud security auditing tool',\n    long_description_content_type='text/markdown',\n    long_description=open('README.md').read(),\n    author='NCC Group',\n    url='https://github.com/nccgroup/ScoutSuite',\n    entry_points={\n        'console_scripts': [\n            'scout = ScoutSuite.__main__:run_from_cli',\n        ]\n    },\n    packages=find_packages(),\n    package_data={\n        'ScoutSuite.data': [\n            '*.json'\n        ],\n        'ScoutSuite.output': [\n            '*.html',\n            '*.js',\n            '*.css',\n            '*.zip'\n        ],\n        'ScoutSuite.providers': [\n            '*.json'\n        ]\n    },\n    include_package_data=True,\n    install_requires=requirements,\n    license='GNU General Public License v2 (GPLv2)',\n    classifiers=[\n        'Development Status :: 5 - Production/Stable',\n        'Intended Audience :: Developers',\n        'Intended Audience :: Information Technology',\n        'Intended Audience :: System Administrators',\n        'Natural Language :: English',\n        'License :: OSI Approved :: GNU General Public License v2 (GPLv2)',\n        'Programming Language :: Python',\n        'Programming Language :: Python :: 3',\n        'Programming Language :: Python :: 3.9',\n        'Programming Language :: Python :: 3.10',\n        'Programming Language :: Python :: 3.11'\n    ]\n)\n"
  },
  {
    "path": "tests/data/invalid-file.json",
    "content": "{this is not a valid JSON file}\n"
  },
  {
    "path": "tests/data/ip-ranges-1.json",
    "content": "{\"createDate\": \"2015-10-01-19-05-51\",\"prefixes\": [{\"field_a\": \"a1\",\"field_b\": \"b1\",\"ip_prefix\": \"1.2.3.4\"},{\"field_a\": \"a2\",\"field_b\": \"b2\",\"ip_prefix\": \"5.6.7.8\"}]}\n"
  },
  {
    "path": "tests/data/ip-ranges-3.json",
    "content": "{\n    \"source\": \"tests/data/ip-ranges-2.json\",\n    \"local_file\": \"True\",\n    \"conditions\": [ \"and\",\n        [ \"region\", \"match\", [ \"us-.*\" ] ]\n    ]\n}\n"
  },
  {
    "path": "tests/data/policy1.json",
    "content": "{\n  \"Statement\": [\n    {\n      \"Action\": [\n        \"cloudwatch:Describe*\",\n        \"iam:GetUser\",\n        \"iam:List*\",\n        \"s3:GetBucket*\",\n        \"s3:GetObjectAcl\",\n        \"s3:ListAllMyBuckets\",\n        \"sqs:ListQueues\"\n      ],\n      \"Effect\": \"Allow\",\n      \"Resource\": [\n        \"*\"\n      ]\n    },\n    {\n      \"Action\": [\n        \"iam:*\"\n      ],\n      \"Effect\": \"Allow\",\n      \"Resource\": [\n        \"*\"\n      ]\n    },\n    {\n      \"Action\": \"*\",\n      \"Effect\": \"Allow\",\n      \"Resource\": \"*\"\n    }\n\n  ],\n  \"Version\": \"2012-10-17\"\n}\n"
  },
  {
    "path": "tests/data/protocols.json",
    "content": "{\n    \"protocols\": {\n        \"-2\": \"TEST\"\n    }\n}"
  },
  {
    "path": "tests/data/resources/dummy_resources.json",
    "content": "{\n    \"0\": {\n        \"some_dummy_resources\": {\n            \"resource_a\": {\n                \"some_id\": 1,\n                \"region\": \"some_region\",\n                \"some_other_scope\": \"0\"\n            },\n            \"resource_b\": {\n                \"some_id\": 2,\n                \"region\": \"some_region\",\n                \"some_other_scope\": \"0\"\n            }\n        },\n        \"some_dummy_resources_count\": 2,\n        \"other_dummy_resources\": {\n            \"resource_a\": {\n                \"some_id\": 1,\n                \"region\": \"some_region\",\n                \"some_other_scope\": \"0\"\n            },\n            \"resource_b\": {\n                \"some_id\": 2,\n                \"region\": \"some_region\",\n                \"some_other_scope\": \"0\"\n            }\n        },\n        \"other_dummy_resources_count\": 2\n    },\n    \"1\": {\n        \"some_dummy_resources\": {\n            \"resource_a\": {\n                \"some_id\": 1,\n                \"region\": \"some_region\",\n                \"some_other_scope\": \"1\"\n            },\n            \"resource_b\": {\n                \"some_id\": 2,\n                \"region\": \"some_region\",\n                \"some_other_scope\": \"1\"\n            }\n        },\n        \"some_dummy_resources_count\": 2,\n        \"other_dummy_resources\": {\n            \"resource_a\": {\n                \"some_id\": 1,\n                \"region\": \"some_region\",\n                \"some_other_scope\": \"1\"\n            },\n            \"resource_b\": {\n                \"some_id\": 2,\n                \"region\": \"some_region\",\n                \"some_other_scope\": \"1\"\n            }\n        },\n        \"other_dummy_resources_count\": 2\n    }\n}"
  },
  {
    "path": "tests/data/rule-configs/ec2.json",
    "content": "{\n    \"account_id\": \"123456789012\",\n    \"services\": {\n        \"ec2\": {\n            \"instances_count\": 69,\n            \"regions\": {\n                \"ap-northeast-2\": {\n                    \"instances_count\": 0,\n                    \"region\": \"ap-northeast-2\",\n                    \"regional_settings\": {\n                        \"0\": {\n                            \"ebs_default_encryption_key_id\": \"alias/aws/ebs\",\n                            \"ebs_encryption_default\": false\n                        }\n                    },\n                    \"security_groups_count\": 1,\n                    \"snapshots\": {},\n                    \"snapshots_count\": 0,\n                    \"volumes\": {},\n                    \"volumes_count\": 0,\n                    \"vpc_resource_types\": [\n                        \"instances\",\n                        \"security_groups\"\n                    ],\n                    \"vpcs\": {\n                        \"vpc-ap111111\": {\n                            \"instances\": {},\n                            \"name\": null,\n                            \"security_groups\": {\n                                \"sg-ap111111\": {\n                                    \"description\": \"default VPC security group\",\n                                    \"id\": \"sg-ap111111\",\n                                    \"name\": \"default\",\n                                    \"owner_id\": \"123456789012\",\n                                    \"is_default_configuration\": true,\n                                    \"rules\": {\n                                        \"egress\": {\n                                            \"count\": 0,\n                                            \"protocols\": {}\n                                        },\n                                        \"ingress\": {\n                                            \"count\": 1,\n                                            \"protocols\": {\n                                                \"ALL\": {\n                                                    \"ports\": {\n                                                        \"N/A\": {\n                                                            \"security_groups\": [\n                                                                {\n                                                                    \"GroupId\": \"sg-ap111111\",\n                                                                    \"GroupName\": \"default\",\n                                                                    \"UserId\": \"123456789012\"\n                                                                }\n                                                            ]\n                                                        }\n                                                    }\n                                                }\n                                            }\n                                        }\n                                    }\n                                }\n                            }\n                        }\n                    }\n                },\n                \"ap-south-1\": {\n                    \"instances_count\": 0,\n                    \"region\": \"ap-south-1\",\n                    \"regional_settings\": {\n                        \"0\": {\n                            \"ebs_default_encryption_key_id\": \"alias/aws/ebs\",\n                            \"ebs_encryption_default\": false\n                        }\n                    },\n                    \"security_groups_count\": 1,\n                    \"snapshots\": {},\n                    \"snapshots_count\": 0,\n                    \"volumes\": {},\n                    \"volumes_count\": 0,\n                    \"vpc_resource_types\": [\n                        \"instances\",\n                        \"security_groups\"\n                    ],\n                    \"vpcs\": {\n                        \"vpc-ap222222\": {\n                            \"instances\": {},\n                            \"name\": null,\n                            \"security_groups\": {\n                                \"sg-ap222222\": {\n                                    \"description\": \"default VPC security group\",\n                                    \"id\": \"sg-ap222222\",\n                                    \"name\": \"default\",\n                                    \"owner_id\": \"123456789012\",\n                                    \"is_default_configuration\": true,\n                                    \"rules\": {\n                                        \"egress\": {\n                                            \"count\": 0,\n                                            \"protocols\": {}\n                                        },\n                                        \"ingress\": {\n                                            \"count\": 0,\n                                            \"protocols\": {}\n                                        }\n                                    },\n                                    \"used_by\": {\n                                        \"ec2\": {\n                                            \"resource_type\": {\n                                                \"instances\": {\n                                                    \"running\": [\n                                                        \"i-ap222222222222222\"\n                                                    ]\n                                                }\n                                            }\n                                        }\n                                    }\n                                }\n                            }\n                        }\n                    }\n                },\n                \"eu-central-1\": {\n                    \"instances_count\": 0,\n                    \"region\": \"eu-central-1\",\n                    \"regional_settings\": {\n                        \"0\": {\n                            \"ebs_default_encryption_key_id\": \"alias/aws/ebs\",\n                            \"ebs_encryption_default\": false\n                        }\n                    },\n                    \"security_groups_count\": 1,\n                    \"snapshots\": {},\n                    \"snapshots_count\": 0,\n                    \"volumes\": {},\n                    \"volumes_count\": 0,\n                    \"vpc_resource_types\": [\n                        \"instances\",\n                        \"security_groups\"\n                    ],\n                    \"vpcs\": {\n                        \"vp-eu111111\": {\n                            \"instances\": {},\n                            \"name\": null,\n                            \"security_groups\": {\n                                \"sg-eu111111\": {\n                                    \"description\": \"default VPC security group\",\n                                    \"id\": \"sg-eu111111\",\n                                    \"name\": \"default\",\n                                    \"owner_id\": \"123456789012\",\n                                    \"is_default_configuration\": true,\n                                    \"rules\": {\n                                        \"egress\": {\n                                            \"count\": 0,\n                                            \"protocols\": {}\n                                        },\n                                        \"ingress\": {\n                                            \"count\": 0,\n                                            \"protocols\": {}\n                                        }\n                                    }\n                                }\n                            }\n                        }\n                    }\n                },\n                \"eu-west-1\": {\n                    \"instances_count\": 35,\n                    \"region\": \"eu-west-1\",\n                    \"regional_settings\": {\n                        \"0\": {\n                            \"ebs_default_encryption_key_id\": \"arn:aws:kms:us-east-1:123456789012:key/12345678-90ab-cdef-1234-567890abcdef\",\n                            \"ebs_encryption_default\": true\n                        }\n                    },\n                    \"security_groups_count\": 30,\n                    \"vpcs\": {\n                        \"vpc-eu111111\": {\n                            \"instances\": {},\n                            \"name\": null,\n                            \"security_groups\": {\n                                \"sg-eu111111\": {\n                                    \"description\": \"default VPC security group\",\n                                    \"id\": \"sg-eu111111\",\n                                    \"name\": \"default\",\n                                    \"owner_id\": \"123456789012\",\n                                    \"is_default_configuration\": true,\n                                    \"rules\": {\n                                        \"egress\": {\n                                            \"count\": 0,\n                                            \"protocols\": {}\n                                        },\n                                        \"ingress\": {\n                                            \"count\": 0,\n                                            \"protocols\": {}\n                                        }\n                                    }\n                                }\n                            }\n                        },\n                        \"vpc-eu222222\": {\n                            \"name\": \"Test VPC in eu-west-1\",\n                            \"security_groups\": {\n                                \"sg-eu222222\": {\n                                    \"description\": \"Allow access to Record Service ports from other region\",\n                                    \"id\": \"sg-eu222222\",\n                                    \"name\": \"test-sg-222222\",\n                                    \"owner_id\": \"123456789012\",\n                                    \"is_default_configuration\": true,\n                                    \"rules\": {\n                                        \"egress\": {\n                                            \"count\": 1,\n                                            \"protocols\": {\n                                                \"ALL\": {\n                                                    \"ports\": {\n                                                        \"N/A\": {\n                                                            \"cidrs\": [\n                                                                {\n                                                                    \"CIDR\": \"0.0.0.0/0\",\n                                                                    \"CIDRName\": \"All\"\n                                                                }\n                                                            ]\n                                                        }\n                                                    }\n                                                }\n                                            }\n                                        },\n                                        \"ingress\": {\n                                            \"count\": 1,\n                                            \"protocols\": {\n                                                \"TCP\": {\n                                                    \"ports\": {\n                                                        \"10-30\": {\n                                                            \"cidrs\": [\n                                                                {\n                                                                    \"CIDR\": \"10.0.0.0/8\"\n                                                                }\n                                                            ]\n                                                        },\n                                                        \"42\": {\n                                                            \"cidrs\": [\n                                                                {\n                                                                    \"CIDR\": \"54.151.0.0/17\"\n                                                                }\n                                                            ]\n                                                        },\n                                                        \"43\": {\n                                                            \"cidrs\": [\n                                                                {\n                                                                    \"CIDR\": \"13.124.0.0/16\"\n                                                                }\n                                                            ]\n                                                        }\n                                                    }\n                                                }\n                                            }\n                                        }\n                                    },\n                                    \"used_by\": {\n                                        \"ec2\": {\n                                            \"resource_type\": {\n                                                \"instances\": {\n                                                    \"running\": [\n                                                        \"i-eu111111111111111\"\n                                                    ]\n                                                }\n                                            }\n                                        }\n                                    }\n                                }\n                            }\n                        }\n                    }\n                },\n                \"sa-east-1\": {\n                    \"instances_count\": 0,\n                    \"region\": \"sa-east-1\",\n                    \"regional_settings\": {\n                        \"0\": {\n                            \"ebs_default_encryption_key_id\": \"arn:aws:kms:us-east-1:123456789012:key/12345678-90ab-cdef-1234-567890abcdef\",\n                            \"ebs_encryption_default\": true\n                        }\n                    },\n                    \"security_groups_count\": 1,\n                    \"snapshots\": {},\n                    \"snapshots_count\": 0,\n                    \"volumes\": {},\n                    \"volumes_count\": 0,\n                    \"vpc_resource_types\": [\n                        \"instances\",\n                        \"security_groups\"\n                    ],\n                    \"vpcs\": {\n                        \"vpc-sa111111\": {\n                            \"instances\": {},\n                            \"name\": null,\n                            \"security_groups\": {\n                                \"sg-sa111111\": {\n                                    \"description\": \"default VPC security group\",\n                                    \"id\": \"sg-sa111111\",\n                                    \"name\": \"default\",\n                                    \"owner_id\": \"123456789012\",\n                                    \"is_default_configuration\": true,\n                                    \"rules\": {\n                                        \"egress\": {\n                                            \"count\": 0,\n                                            \"protocols\": {}\n                                        },\n                                        \"ingress\": {\n                                            \"count\": 0,\n                                            \"protocols\": {}\n                                        }\n                                    }\n                                },\n                                \"sg-sa222222\": {\n                                    \"description\": \"Test SG in SA\",\n                                    \"id\": \"sg-sa111111\",\n                                    \"name\": \"testsg\",\n                                    \"owner_id\": \"123456789012\",\n                                    \"is_default_configuration\": true,\n                                    \"rules\": {\n                                        \"egress\": {\n                                            \"count\": 0,\n                                            \"protocols\": {}\n                                        },\n                                        \"ingress\": {\n                                            \"count\": 1,\n                                            \"protocols\": {\n                                                \"ALL\": {\n                                                    \"ports\": {\n                                                        \"N/A\": {\n                                                            \"security_groups\": [\n                                                                {\n                                                                    \"GroupId\": \"sg-sa111111\",\n                                                                    \"GroupName\": \"testsg\",\n                                                                    \"UserId\": \"123456789012\"\n                                                                }\n                                                            ]\n                                                        }\n                                                    }\n                                                }\n                                            }\n                                        }\n                                    }\n                                },\n                                \"sg-sa33333333\": {\n                                    \"description\": \"Test SG in SA\",\n                                    \"id\": \"sg-sa33333333\",\n                                    \"name\": \"testsg\",\n                                    \"owner_id\": \"123456789012\",\n                                    \"is_default_configuration\": true,\n                                    \"rules\": {\n                                        \"egress\": {\n                                            \"count\": 0,\n                                            \"protocols\": {}\n                                        },\n                                        \"ingress\": {\n                                            \"count\": 1,\n                                            \"protocols\": {\n                                                \"ALL\": {\n                                                    \"ports\": {\n                                                        \"N/A\": {\n                                                            \"cidrs\": [\n                                                                {\n                                                                    \"CIDR\": \"0.0.0.0/0\"\n                                                                }\n                                                            ]\n                                                        }\n                                                    }\n                                                },\n                                                \"TCP\": {\n                                                    \"ports\": {\n                                                        \"42\": {\n                                                            \"cidrs\": [\n                                                                {\n                                                                    \"CIDR\": \"0.0.0.0/0\"\n                                                                }\n                                                            ]\n                                                        },\n                                                        \"3306\": {\n                                                            \"cidrs\": [\n                                                                {\n                                                                    \"CIDR\": \"0.0.0.0/0\"\n                                                                }\n                                                            ]\n                                                        }\n                                                    }\n                                                }\n                                            }\n                                        }\n                                    }\n                                }\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n}\n"
  },
  {
    "path": "tests/data/rule-configs/iam-password-policy.json",
    "content": "{\n    \"account_id\": \"123456789012\",\n    \"services\": {\n        \"iam\": {\n            \"password_policy\": {\n                \"ExpirePasswords\": false,\n                \"MinimumPasswordLength\": \"1\",\n                \"PasswordReusePrevention\": false,\n                \"RequireLowercaseCharacters\": false,\n                \"RequireNumbers\": false,\n                \"RequireSymbols\": false,\n                \"RequireUppercaseCharacters\": false\n            }\n        }\n    }\n}\n"
  },
  {
    "path": "tests/data/rule-configs/iam-root.json",
    "content": "{\n    \"account_id\": \"123456789012\",\n    \"services\": {\n        \"iam\": {\n            \"credential_reports\": {\n                \"358c37567b1197f146844b0d0a5a901977391659\": {\n                    \"access_key_1_active\": \"true\",\n                    \"access_key_1_last_rotated\": \"2018-09-18T14:58:26+00:00\",\n                    \"access_key_1_last_used_date\": \"2018-10-15T07:33:00+00:00\",\n                    \"access_key_1_last_used_region\": \"us-west-2\",\n                    \"access_key_1_last_used_service\": \"s3\",\n                    \"access_key_2_active\": \"false\",\n                    \"access_key_2_last_rotated\": \"N/A\",\n                    \"access_key_2_last_used_date\": null,\n                    \"access_key_2_last_used_region\": \"N/A\",\n                    \"access_key_2_last_used_service\": \"N/A\",\n                    \"arn\": \"arn:aws:iam::517757661801:user/api3\",\n                    \"cert_1_active\": \"false\",\n                    \"cert_1_last_rotated\": \"N/A\",\n                    \"cert_2_active\": \"false\",\n                    \"cert_2_last_rotated\": \"N/A\",\n                    \"id\": \"api3\",\n                    \"last_used\": \"2018-10-15T07:33:00+00:00\",\n                    \"mfa_active\": \"false\",\n                    \"name\": \"api3\",\n                    \"password_enabled\": \"false\",\n                    \"password_last_changed\": \"N/A\",\n                    \"password_last_used\": null,\n                    \"password_next_rotation\": \"N/A\",\n                    \"user\": \"api3\",\n                    \"user_creation_time\": \"2018-09-18T14:58:26+00:00\"\n                },\n                \"68dcc047c3da5bbbc3f3e9d54000b7357f0e507e\": {\n                    \"access_key_1_active\": \"false\",\n                    \"access_key_1_last_rotated\": \"N/A\",\n                    \"access_key_1_last_used_date\": null,\n                    \"access_key_1_last_used_region\": \"N/A\",\n                    \"access_key_1_last_used_service\": \"N/A\",\n                    \"access_key_2_active\": \"false\",\n                    \"access_key_2_last_rotated\": \"N/A\",\n                    \"access_key_2_last_used_date\": null,\n                    \"access_key_2_last_used_region\": \"N/A\",\n                    \"access_key_2_last_used_service\": \"N/A\",\n                    \"arn\": \"arn:aws:iam::517757661801:root\",\n                    \"cert_1_active\": \"false\",\n                    \"cert_1_last_rotated\": \"N/A\",\n                    \"cert_2_active\": \"false\",\n                    \"cert_2_last_rotated\": \"N/A\",\n                    \"id\": \"<root_account>\",\n                    \"last_used\": \"2019-11-26T01:13:39+00:00\",\n                    \"mfa_active\": \"false\",\n                    \"name\": \"<root_account>\",\n                    \"password_enabled\": \"not_supported\",\n                    \"password_last_changed\": \"not_supported\",\n                    \"password_last_used\": \"2019-11-26T01:13:39+00:00\",\n                    \"password_next_rotation\": \"not_supported\",\n                    \"user\": \"<root_account>\",\n                    \"user_creation_time\": \"2018-04-03T21:50:27+00:00\"\n                }\n            }\n        }\n    }\n}\n"
  },
  {
    "path": "tests/data/rule-results/ec2-default-security-group-in-use.json",
    "content": "[\n    \"ec2.regions.ap-south-1.vpcs.vpc-ap222222.security_groups.sg-ap222222.default_in_use\"\n]\n"
  },
  {
    "path": "tests/data/rule-results/ec2-default-security-group-with-rules.json",
    "content": "[\n    \"ec2.regions.ap-northeast-2.vpcs.vpc-ap111111.security_groups.sg-ap111111.rules.ingress.default_with_rules\"\n]\n"
  },
  {
    "path": "tests/data/rule-results/ec2-ebs-default-encryption-disabled.json",
    "content": "[\n    \"ec2.regions.ap-northeast-2.regional_settings.0.NoDefaultEBSEncryption\",\n    \"ec2.regions.ap-south-1.regional_settings.0.NoDefaultEBSEncryption\",\n    \"ec2.regions.eu-central-1.regional_settings.0.NoDefaultEBSEncryption\"\n]\n"
  },
  {
    "path": "tests/data/rule-results/ec2-security-group-opens-all-ports-to-all.json",
    "content": "[\n    \"ec2.regions.sa-east-1.vpcs.vpc-sa111111.security_groups.sg-sa33333333.rules.ingress.protocols.ALL.ports.N/A.cidrs.0.CIDR\"\n]\n"
  },
  {
    "path": "tests/data/rule-results/ec2-security-group-opens-all-ports-to-self.json",
    "content": "[\n    \"ec2.regions.ap-northeast-2.vpcs.vpc-ap111111.security_groups.sg-ap111111.rules.ingress.protocols.ALL.ports.N/A.security_groups.0\"\n]\n"
  },
  {
    "path": "tests/data/rule-results/ec2-security-group-opens-all-ports.json",
    "content": "[\n    \"ec2.regions.ap-northeast-2.vpcs.vpc-ap111111.security_groups.sg-ap111111.rules.ingress.protocols.ALL.ports.N/A\", \n    \"ec2.regions.sa-east-1.vpcs.vpc-sa111111.security_groups.sg-sa222222.rules.ingress.protocols.ALL.ports.N/A\", \n    \"ec2.regions.sa-east-1.vpcs.vpc-sa111111.security_groups.sg-sa33333333.rules.ingress.protocols.ALL.ports.N/A\"\n]\n"
  },
  {
    "path": "tests/data/rule-results/ec2-security-group-opens-known-port-to-all.json",
    "content": "[\n    \"ec2.regions.sa-east-1.vpcs.vpc-sa111111.security_groups.sg-sa33333333.rules.ingress.protocols.TCP.ports.3306.cidrs.0.CIDR\"\n]\n"
  },
  {
    "path": "tests/data/rule-results/ec2-security-group-opens-port-range.json",
    "content": "[\n    \"ec2.regions.eu-west-1.vpcs.vpc-eu222222.security_groups.sg-eu222222.rules.ingress.protocols.TCP.ports.10-30\"\n]\n"
  },
  {
    "path": "tests/data/rule-results/ec2-security-group-opens-port-to-all.json",
    "content": "[\n    \"ec2.regions.sa-east-1.vpcs.vpc-sa111111.security_groups.sg-sa33333333.rules.ingress.protocols.TCP.ports.42.cidrs.0.CIDR\"\n]\n"
  },
  {
    "path": "tests/data/rule-results/ec2-security-group-whitelists-aws-ip-from-banned-region.json",
    "content": "[\n    \"ec2.regions.eu-west-1.vpcs.vpc-eu222222.security_groups.sg-eu222222.rules.ingress.protocols.TCP.ports.43.cidrs.0.CIDR\"\n]\n"
  },
  {
    "path": "tests/data/rule-results/ec2-security-group-whitelists-aws.json",
    "content": "[\n    \"ec2.regions.eu-west-1.vpcs.vpc-eu222222.security_groups.sg-eu222222.rules.ingress.protocols.TCP.ports.42.cidrs.0.CIDR\",\n    \"ec2.regions.eu-west-1.vpcs.vpc-eu222222.security_groups.sg-eu222222.rules.ingress.protocols.TCP.ports.43.cidrs.0.CIDR\"\n]\n"
  },
  {
    "path": "tests/data/rule-results/iam-password-policy-expiration-threshold.json",
    "content": "[\n    \"iam.password_policy.MaxPasswordAge\"\n]\n"
  },
  {
    "path": "tests/data/rule-results/iam-password-policy-lowercase-required.json",
    "content": "[\n    \"iam.password_policy.RequireLowercaseCharacters\"\n]\n"
  },
  {
    "path": "tests/data/rule-results/iam-password-policy-minimum-length.json",
    "content": "[\n    \"iam.password_policy.MinimumPasswordLength\"\n]\n"
  },
  {
    "path": "tests/data/rule-results/iam-password-policy-no-expiration.json",
    "content": "[\n    \"iam.password_policy.ExpirePasswords\"\n]"
  },
  {
    "path": "tests/data/rule-results/iam-password-policy-no-lowercase-required.json",
    "content": "[\n    \"iam.password_policy.RequireLowercaseCharacters\"\n]\n"
  },
  {
    "path": "tests/data/rule-results/iam-password-policy-no-number-required.json",
    "content": "[\n    \"iam.password_policy.RequireNumbers\"\n]\n"
  },
  {
    "path": "tests/data/rule-results/iam-password-policy-no-symbol-required.json",
    "content": "[\n    \"iam.password_policy.RequireSymbols\"\n]\n"
  },
  {
    "path": "tests/data/rule-results/iam-password-policy-no-uppercase-required.json",
    "content": "[\n    \"iam.password_policy.RequireUppercaseCharacters\"\n]\n"
  },
  {
    "path": "tests/data/rule-results/iam-password-policy-reuse-enabled.json",
    "content": "[\n    \"iam.password_policy.PasswordReusePrevention\"\n]\n"
  },
  {
    "path": "tests/data/ruleset-test.json",
    "content": "{\n    \"rules\": {\n        \"iam-password-policy-reuse-enabled.json\": [\n            {\n                \"enabled\": true,\n                \"level\": \"danger\"\n            }\n        ]\n    },\n    \"about\": \"regression test\"\n}"
  },
  {
    "path": "tests/data/statement1.json",
    "content": "{\n  \"Action\": [\n    \"cloudwatch:Describe*\",\n    \"iam:GetUser\",\n    \"iam:List*\",\n    \"s3:GetBucket*\",\n    \"s3:GetObjectAcl\",\n    \"s3:ListAllMyBuckets\",\n    \"sqs:ListQueues\"\n  ],\n  \"Effect\": \"Allow\",\n  \"Resource\": [\n    \"*\"\n  ]\n}\n"
  },
  {
    "path": "tests/data/test-ruleset.json",
    "content": "{\n    \"rules\": {\n        \"iam-password-policy-no-expiration.json\": [\n            {\n                \"enabled\": true, \n                \"level\": \"danger\"\n            }\n        ]\n    }, \n    \"about\": \"regression test\"\n}\n"
  },
  {
    "path": "tests/results/read_ip_ranges/ip-ranges-1a.json",
    "content": "[{\"ip_prefix\": \"1.2.3.4\", \"field_b\": \"b1\", \"field_a\": \"a1\"}, {\"ip_prefix\": \"5.6.7.8\", \"field_b\": \"b2\", \"field_a\": \"a2\"}]\n"
  },
  {
    "path": "tests/results/read_ip_ranges/ip-ranges-1b.json",
    "content": "[\"1.2.3.4\", \"5.6.7.8\"]"
  },
  {
    "path": "tests/results/read_ip_ranges/ip-ranges-1c.json",
    "content": "[\"1.2.3.4\"]"
  },
  {
    "path": "tests/results/read_ip_ranges/ip-ranges-3.json",
    "content": "[\"52.92.252.0/22\", \"52.92.48.0/22\", \"13.56.0.0/16\", \"13.57.0.0/16\", \"13.58.0.0/15\"]\n"
  },
  {
    "path": "tests/results/read_ip_ranges/ip-ranges-a.json",
    "content": "[{\"region\": \"us-east-1\", \"ip_prefix\": \"23.20.0.0/14\", \"service\": \"AMAZON\"}, {\"region\": \"us-east-1\", \"ip_prefix\": \"23.20.0.0/14\", \"service\": \"EC2\"}]"
  },
  {
    "path": "tests/test_aws_provider.py",
    "content": "import unittest\nfrom unittest import mock\n\nimport pytest\n\nfrom ScoutSuite.providers import get_provider\nfrom ScoutSuite.providers.aws.authentication_strategy import AWSCredentials\nfrom ScoutSuite.providers.base.authentication_strategy import AuthenticationException\nfrom ScoutSuite.providers.base.authentication_strategy_factory import get_authentication_strategy\nfrom ScoutSuite.providers.aws.resources.ec2.instances import EC2Instances\n\nclass Object(object):\n    pass\n\n\n# Test methods for AWS Provider\nclass TestAWSProviderClass(unittest.TestCase):\n    @mock.patch(\"ScoutSuite.providers.aws.authentication_strategy.boto3\")\n    @mock.patch(\"ScoutSuite.providers.aws.authentication_strategy.get_caller_identity\")\n    def test_authenticate(self, mock_get_caller_identity, mock_boto3):\n\n        aws_authentication_strategy = get_authentication_strategy(\"aws\")\n\n        boto3_session = Object()\n        boto3_session._session = Object()\n        mock_boto3.Session.return_value = boto3_session\n\n        test_cases = [\n            # no params\n            {\n                \"profile\": None,\n                \"aws_access_key_id\": None,\n                \"aws_secret_access_key\": None,\n                \"aws_session_token\": None,\n                \"call_dict\": {},\n            },\n            # profile\n            {\n                \"profile\": \"123\",\n                \"aws_access_key_id\": None,\n                \"aws_secret_access_key\": None,\n                \"aws_session_token\": None,\n                \"call_dict\": {\"profile_name\": \"123\"},\n            },\n            # access and secret key\n            {\n                \"profile\": None,\n                \"aws_access_key_id\": \"456\",\n                \"aws_secret_access_key\": \"789\",\n                \"aws_session_token\": None,\n                \"call_dict\": {\n                    \"aws_access_key_id\": \"456\",\n                    \"aws_secret_access_key\": \"789\",\n                },\n            },\n            # access, secret key and token\n            {\n                \"profile\": None,\n                \"aws_access_key_id\": \"456\",\n                \"aws_secret_access_key\": \"789\",\n                \"aws_session_token\": \"101112\",\n                \"call_dict\": {\n                    \"aws_access_key_id\": \"456\",\n                    \"aws_secret_access_key\": \"789\",\n                    \"aws_session_token\": \"101112\",\n                },\n            },\n        ]\n\n        for test_case in test_cases:\n            result = aws_authentication_strategy.authenticate(\n                test_case[\"profile\"],\n                test_case[\"aws_access_key_id\"],\n                test_case[\"aws_secret_access_key\"],\n                test_case[\"aws_session_token\"],\n            )\n            mock_boto3.Session.assert_called_with(**test_case[\"call_dict\"])\n            mock_get_caller_identity.assert_called_with(boto3_session)\n            assert isinstance(result, AWSCredentials)\n            assert result.session == boto3_session\n\n        # exception test\n        mock_boto3.Session.side_effect = Exception(\"an exception\")\n        with pytest.raises(AuthenticationException):\n            result = aws_authentication_strategy.authenticate(None, None, None, None)\n\n    # mock two separate places from which get_aws_account_id is called\n    @mock.patch(\"ScoutSuite.providers.aws.facade.base.get_aws_account_id\")\n    @mock.patch(\"ScoutSuite.providers.aws.facade.base.get_partition_name\")\n    @mock.patch(\"ScoutSuite.providers.aws.provider.get_aws_account_id\")\n    @mock.patch(\"ScoutSuite.providers.aws.provider.get_partition_name\")\n    def test_get_report_name(\n            self,\n            mock_get_partiton_name,\n            mock_get_aws_account_id,\n            mock_facade_aws_account_id,\n            mock_facade_aws_partition_name,\n    ):\n        # no account_id, no profile\n        mock_get_aws_account_id.return_value = None\n        mock_get_partiton_name.return_value = None\n        aws_provider = get_provider(\n            provider=\"aws\", credentials=mock.MagicMock(session=\"123\"),\n        )\n        assert aws_provider.get_report_name() == \"aws\"\n\n        # profile and account_id\n        mock_get_aws_account_id.return_value = \"12345\"\n        aws_provider = get_provider(\n            provider=\"aws\", profile=\"9999\", credentials=mock.MagicMock(session=\"123\"),\n        )\n        assert aws_provider.get_report_name() == \"aws-9999\"\n\n        # account_id\n        aws_provider = get_provider(\n            provider=\"aws\", credentials=mock.MagicMock(session=\"123\"),\n        )\n        assert aws_provider.get_report_name() == \"aws-12345\"\n\n    @pytest.mark.skip(reason=\"pytest does not reproduce actual behavior\")\n    def test_identify_user_data_secrets(self):\n\n        SAMPLE_USER_DATA = \"\"\"\n# Various AWS Access Key exercisers\nAKIASHORT # too short\nAKIA0123456789ABCDEF # just right\nAKIA0123456789ABCDEF0 # too long\nAKIA0123456789abcdef # invalid characters\nFAKIA0123456789ABCDE # wrong prefix\nin middle AKIAFEDCBA9876543210 of line\nline ends with AKIAFFFFFFFFFFFFFFFF\n\n# Various AWS Secret Access Key exercisers\nThisIsTooShort\n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\nThisOneIsJustALittleBitLongerThanItShouldBe\nmiddle=\"0000000000/1111111111/2222222222/3333333\" + \"of line\"\nhats off to TRON: HereIsSomethingThatAppearsAtEndOfLineMCP\n        \"\"\"\n\n        \"\"\"\n        As I write this test, the assertions below fail; somehow, the \"too long\"\n        sequences return their initial substrings, which should not even be\n        possible. This behavior appears with pytest, but not when repeated\n        interactively. This behavior also does not appear with the actual scanner:\n\n        The following is excerpted from actual (pretty-printed) output:\n        [...]\n        \"user_data\": \"#!/bin/bash\\ncat << \\\"EOF\\\" > /root/rsb\\n# Various AWS Access Key exercisers\\nAKIASHORT # too short\\nAKIA0123456789ABCDEF # just right\\nAKIA0123456789ABCDEF0 # too long\\nAKIA0123456789abcdef # invalid characters\\nFAKIA0123456789ABCDE # wrong prefix\\nin middle AKIAFEDCBA9876543210 of line\\nline ends with AKIAFFFFFFFFFFFFFFFF\\n\\n# Various AWS Secret Access Key exercisers\\nThisIsTooShort\\n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\\nThisOneIsJustALittleBitLongerThanItShouldBe\\nmiddle=\\\"0000000000/1111111111/2222222222/3333333\\\" + \\\"of line\\\"\\nhats off to TRON: HereIsSomethingThatAppearsAtEndOfLineMCP\\nEOF\",\n        \"user_data_secrets\": {\n            \"AWS Access Key IDs\": [\n                \"AKIA0123456789ABCDEF\",\n                \"AKIAFEDCBA9876543210\",\n                \"AKIAFFFFFFFFFFFFFFFF\"\n            ],\n            \"AWS Secret Access Keys\": [\n                \"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\",\n                \"0000000000/1111111111/2222222222/3333333\",\n                \"HereIsSomethingThatAppearsAtEndOfLineMCP\"\n            ]\n        }\n        [...]\n        \"\"\"\n\n        results = EC2Instances._identify_user_data_secrets(SAMPLE_USER_DATA)\n        assert results[\"AWS Access Key IDs\"] == [\n            \"AKIA0123456789ABCDEF\",\n            \"AKIAFEDCBA9876543210\",\n            \"AKIAFFFFFFFFFFFFFFFF\"\n        ]\n        assert results[\"AWS Secret Access Keys\"] == [\n            \"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\",\n            \"0000000000/1111111111/2222222222/3333333\",\n            \"HereIsSomethingThatAppearsAtEndOfLineMCP\"\n        ]\n"
  },
  {
    "path": "tests/test_azure_provider.py",
    "content": "import unittest\nfrom unittest import mock\n\nimport pytest\n\nfrom ScoutSuite.providers.azure.authentication_strategy import AzureCredentials\nfrom ScoutSuite.providers.base.authentication_strategy import AuthenticationException\nfrom ScoutSuite.providers.base.authentication_strategy_factory import get_authentication_strategy\n\n\n# Test methods for Azure Provider\nclass TestAzureProviderClass(unittest.TestCase):\n    @mock.patch(\"ScoutSuite.providers.azure.authentication_strategy.UsernamePasswordCredential\")\n    def test_authenticate(self, mock_UsernamePasswordCredential):\n        azure_authentication_strategy = get_authentication_strategy(\"azure\")\n\n        result = azure_authentication_strategy.authenticate(\n            user_account=True,\n            client_id='04b07795-8ddb-461a-bbee-02f9e1bf7b46',\n            tenant_id='some-tenant-id',\n            username='some-username',\n            password='some-password',\n            authority='https://login.microsoftonline.com/'\n        )\n\n        mock_UsernamePasswordCredential.assert_called_with('04b07795-8ddb-461a-bbee-02f9e1bf7b46', 'some-username',\n                                                          'some-password',\n                                                           authority='https://login.microsoftonline.com/',\n                                                           tenant_id='some-tenant-id')\n        assert isinstance(result, AzureCredentials)\n\n        # exception test\n        with pytest.raises(AuthenticationException):\n            result = azure_authentication_strategy.authenticate(None, None, None, None)\n\n    @mock.patch(\"ScoutSuite.providers.azure.authentication_strategy.AzureCliCredential\")\n    def test_authenticate_CLI(self, mock_AzureCliCredential):\n        azure_authentication_strategy = get_authentication_strategy(\"azure\")\n\n        result = azure_authentication_strategy.authenticate(\n            cli=True,\n            client_id='04b07795-8ddb-461a-bbee-02f9e1bf7b46',\n            authority='https://login.microsoftonline.com/'\n        )\n\n        mock_AzureCliCredential.assert_called_with()\n        assert isinstance(result, AzureCredentials)\n\n        # exception test\n        with pytest.raises(AuthenticationException):\n            result = azure_authentication_strategy.authenticate(None, None, None, None)\n"
  },
  {
    "path": "tests/test_core.py",
    "content": "\nimport unittest\nfrom ScoutSuite.core.conditions import pass_condition\nfrom ScoutSuite.core.cli_parser import *\nfrom ScoutSuite.core.console import prompt, prompt_overwrite, prompt_value\n\n#\n# Test methods for ScoutSuite/core\n#\nclass TestScoutCore(unittest.TestCase):\n\n    ########################################\n    # cli_parser.py\n    ########################################\n\n    def test_argument_parser(self):\n        test_arguments = ScoutSuiteArgumentParser()\n        assert (test_arguments.parser._subparsers.title == 'The provider you want to run scout against')\n        assert (test_arguments.subparsers._choices_actions[0].help == 'Run Scout against an Amazon Web Services account')\n        assert (test_arguments.subparsers._choices_actions[1].help == 'Run Scout against a Google Cloud Platform account')\n        assert (test_arguments.subparsers._choices_actions[2].help == 'Run Scout against a Microsoft Azure account')\n        assert (test_arguments.subparsers._choices_actions[3].help == 'Run Scout against an Alibaba Cloud account')\n        assert (test_arguments.subparsers._choices_actions[4].help == 'Run Scout against an Oracle Cloud Infrastructure account')\n\n    ########################################\n    # console.py\n    ########################################\n\n    def test_prompt(self):\n        assert (prompt('test') == 'test')\n        assert (prompt(['test']) == 'test')\n\n    def test_prompt_overwrite(self):\n        assert (prompt_overwrite('', True, None))\n\n    def test_prompt_value(self):\n        assert (prompt_value(question='', max_laps=1, test_input='test', is_question=True, choices=['test']) is None)\n        assert (prompt_value(question='', max_laps=1, test_input='test', is_question=True, choices=['test'], no_confirm=True) == 'test')\n"
  },
  {
    "path": "tests/test_main.py",
    "content": "\nimport unittest\nfrom unittest.mock import MagicMock, patch\n\nfrom ScoutSuite.__main__ import run_from_cli\nfrom ScoutSuite.core.cli_parser import ScoutSuiteArgumentParser\n\n\nclass TestMainClass(unittest.TestCase):\n\n    def setUp(self):\n        self.constructor = {}\n        self.mocked_provider = MagicMock()\n\n        self.mocked_engine = MagicMock()\n        self.mocked_report = MagicMock()\n        self.mocked_browser = MagicMock()\n        self.mocked_ruleset = MagicMock()\n\n        self.mocked_printInfo = MagicMock()\n\n        for import_name, mocked_object in [(\"print_info\", self.mocked_printInfo),\n                                           (\"get_provider\", self.mocked_provider),\n                                           (\"Ruleset\", self.mocked_ruleset),\n                                           (\"ProcessingEngine\", self.mocked_engine),\n                                           (\"ScoutReport\", self.mocked_report),\n                                           (\"webbrowser\", self.mocked_browser)]:\n            constructor_obj = patch(\"ScoutSuite.__main__.%s\" % import_name, return_value=mocked_object).start()\n            self.constructor[mocked_object] = constructor_obj\n\n        self.mocked_report.save = MagicMock(return_value=\"dummyfile\")\n\n    def tearDown(self):\n        patch.stopall()\n\n    async def test_empty(self):\n        args = None\n        code = None\n\n        with patch(\"sys.stderr\", return_value=MagicMock()):\n            with self.assertRaises(SystemExit):\n                args = ScoutSuiteArgumentParser().parse_args(args)\n                code = await run_from_cli(args)\n\n        assert (code is None)\n\n    async def test_aws_provider(self):\n        args = ['aws']\n        self.mocked_provider.provider_code = \"aws\"\n\n        args = ScoutSuiteArgumentParser().parse_args(args)\n        code = await run_from_cli(args)\n\n        success_code = 0\n        assert (code == success_code)\n\n        report_init_args = self.constructor[self.mocked_report].call_args_list[0][0]\n        assert (report_init_args[0] == \"aws\")  # provider\n        assert (report_init_args[1] == \"aws\")  # report_file_name\n        assert (report_init_args[2] == \"scoutsuite-report\")  # report_dir\n\n    async def test_gcp_provider(self):\n        args = [\"gcp\", \"--service-account\", \"fakecredentials\"]\n        self.mocked_provider.provider_code = \"gcp\"\n\n        args = ScoutSuiteArgumentParser().parse_args(args)\n        code = await run_from_cli(args)\n\n        success_code = 0\n        assert (code == success_code)\n\n        report_init_args = self.constructor[self.mocked_report].call_args_list[0][0]\n        assert (report_init_args[0] == \"gcp\")  # provider\n        assert (report_init_args[1] == \"gcp\")  # report_file_name\n        assert (report_init_args[2] == \"scoutsuite-report\")  # report_dir\n\n    async def test_azure_provider(self):\n        args = [\"azure\", \"--cli\"]\n        self.mocked_provider.provider_code = \"azure\"\n\n        args = ScoutSuiteArgumentParser().parse_args(args)\n        code = await run_from_cli(args)\n\n        success_code = 0\n        assert (code == success_code)\n\n        report_init_args = self.constructor[self.mocked_report].call_args_list[0][0]\n        assert (report_init_args[0] == \"azure\")  # provider\n        assert (report_init_args[1] == \"azure\")  # report_file_name\n        assert (report_init_args[2] == \"scoutsuite-report\")  # report_dir\n\n    async def test_unauthenticated(self):\n        args = [\"aws\"]\n        self.mocked_provider.provider_code = \"aws\"\n        self.mocked_provider.authenticate = MagicMock(return_value=False)\n\n        args = ScoutSuiteArgumentParser().parse_args(args)\n        code = await run_from_cli(args)\n\n        unauthenticated_code = 42\n        assert (code == unauthenticated_code)\n\n    async def test_keyboardinterrupted(self):\n        args = [\"aws\"]\n        self.mocked_provider.provider_code = \"aws\"\n\n        def _raise(e):\n            raise e\n\n        self.mocked_provider.fetch = MagicMock(side_effect=_raise(KeyboardInterrupt))\n\n        args = ScoutSuiteArgumentParser().parse_args(args)\n        code = await run_from_cli(args)\n\n        keyboardinterrupted_code = 130\n        assert (code == keyboardinterrupted_code)\n"
  },
  {
    "path": "tests/test_output.py",
    "content": "import unittest\nfrom ScoutSuite.output.html import *\nfrom ScoutSuite.output.utils import *\n\n#\n# Test methods for ScoutSuite/output\n#\nclass TestScoutOutput(unittest.TestCase):\n\n    ########################################\n    # html.py\n    ########################################\n\n    def test_html_report(self):\n        test_html = HTMLReport(report_name='test')\n        assert (test_html.report_name == 'test')\n        assert ('json' in test_html.get_content_from_folder(templates_type='conditionals'))\n        assert ('json' in test_html.get_content_from_file(filename='/json_format.html'))\n\n    def test_get_filename(self):\n        assert ('scoutsuite-report/report.html' in get_filename(\"REPORT\"))\n        assert ('scoutsuite-report/scoutsuite-results/scoutsuite_results.js' in get_filename(\"RESULTS\"))\n        assert ('scoutsuite-results/scoutsuite_results.js' in get_filename(\"RESULTS\", relative_path=True))\n        assert ('scoutsuite-report/scoutsuite-results/scoutsuite_exceptions.js' in get_filename(\"EXCEPTIONS\"))\n        assert ('scoutsuite-results/scoutsuite_exceptions.js' in get_filename(\"EXCEPTIONS\", relative_path=True))\n        assert ('scoutsuite-report/scoutsuite-results/scoutsuite_errors.json' in get_filename(\"ERRORS\"))\n        assert ('scoutsuite-results/scoutsuite_errors.json' in get_filename(\"ERRORS\", relative_path=True))\n"
  },
  {
    "path": "tests/test_resources.py",
    "content": "import unittest\nfrom ScoutSuite.providers.base.resources.base import (\n    Resources, CompositeResources)\nimport asyncio\nimport json\nimport os\n\n\nclass DummyResources(Resources):\n    def __init__(self, facade, region: str, some_other_scope: str,  **kwargs):\n        self.region = region\n        self.some_other_scope = some_other_scope\n\n    async def fetch_all(self):\n        self['resource_a'] = {\n            'some_id': 1, 'region': self.region, 'some_other_scope': self.some_other_scope}\n        self['resource_b'] = {\n            'some_id': 2, 'region': self.region, 'some_other_scope': self.some_other_scope}\n\n\nclass DummyComposite(CompositeResources):\n    _children = [\n        (DummyResources, 'some_dummy_resources'),\n        (DummyResources, 'other_dummy_resources')\n    ]\n\n    def __init__(self):\n        self.facade = None\n\n    async def fetch_all(self):\n        for key in range(2):\n            self[str(key)] = {}\n\n        for key in self:\n            await self._fetch_children(self[key], {\n                'region': 'some_region',\n                'some_other_scope': key\n            })\n\n\nclass TestResources(unittest.TestCase):\n    test_dir = os.path.dirname(os.path.realpath(__file__))\n\n    def test_composite_resource(self):\n        loop = asyncio.new_event_loop()\n        composite = DummyComposite()\n        loop.run_until_complete(composite.fetch_all())\n\n        with open(os.path.join(self.test_dir, 'data/resources/dummy_resources.json')) as f:\n            expected_object = json.load(f)\n\n        expected_json = json.dumps(expected_object)\n        actual_json = json.dumps(composite)\n        print(actual_json)\n        assert (expected_json == actual_json)\n"
  },
  {
    "path": "tests/test_rules_processingengine.py",
    "content": "import json\nimport os\nimport tempfile\nimport unittest\n\nfrom ScoutSuite.core.console import set_logger_configuration, print_error\nfrom ScoutSuite.core.processingengine import ProcessingEngine\nfrom ScoutSuite.core.ruleset import Ruleset\n\n\nclass DummyObject(object):\n    pass\n\n\nclass TestScoutRulesProcessingEngine(unittest.TestCase):\n\n    def setUp(self):\n        set_logger_configuration(is_debug=True)\n        self.rule_counters = {'found': 0, 'tested': 0, 'verified': 0}\n        self.test_dir = os.path.dirname(os.path.realpath(__file__))\n\n    # TODO\n    # Check that one testcase per finding rule exists (should be within default ruleset)\n\n    def test_all_finding_rules(self):\n        ruleset_file_name = os.path.join(self.test_dir, 'data/ruleset-test.json')\n        # FIXME this is only for AWS\n        with open(os.path.join(self.test_dir, '../ScoutSuite/providers/aws/rules/rulesets/default.json'), 'rt') as f:\n            ruleset = json.load(f)\n\n        for rule_file_name in ruleset['rules']:\n            self.rule_counters['found'] += 1\n            rule = ruleset['rules'][rule_file_name][0]\n            rule['enabled'] = True\n            print(rule_file_name)\n            self._test_rule(ruleset_file_name, rule_file_name, rule)\n\n        print('Existing  rules: %d' % self.rule_counters['found'])\n        print('Processed rules: %d' % self.rule_counters['tested'])\n        print('Verified  rules: %d' % self.rule_counters['verified'])\n\n\n    def _test_rule(self, ruleset_file_name, rule_file_name, rule):\n        test_config_file_name = os.path.join(self.test_dir, 'data/rule-configs/%s' % rule_file_name)\n        if not os.path.isfile(test_config_file_name):\n            return\n        self.rule_counters['tested'] += 1\n\n        ruleset = self._generate_ruleset(rule_file_name, rule)\n        pe = ProcessingEngine(ruleset)\n\n        dummy_provider = DummyObject()\n        with open(test_config_file_name, 'rt') as f:\n            test_config_dict = json.load(f)\n            for key in test_config_dict:\n                setattr(dummy_provider, key, test_config_dict[key])\n        service = rule_file_name.split('-')[0]\n        dummy_provider.service_list = [service]\n        pe.run(dummy_provider)\n        findings = dummy_provider.services[service]['findings']\n        findings = findings[list(findings.keys())[0]]['items']\n\n        test_result_file_name = os.path.join(self.test_dir, 'data/rule-results/%s' % rule_file_name)\n        if not os.path.isfile(test_result_file_name):\n            print_error('Expected findings:: ')\n            print_error(json.dumps(findings, indent=4))\n            return\n\n        self.rule_counters['verified'] += 1\n        with open(test_result_file_name, 'rt') as f:\n            items = json.load(f)\n\n        try:\n            assert (set(sorted(findings)) == set(sorted(items)))\n        except Exception:\n            print_error('Expected items:\\n %s' % json.dumps(sorted(items)))\n            print_error('Reported items:\\n %s' % json.dumps(sorted(findings)))\n            assert (False)\n\n    def _generate_ruleset(self, rule_file_name, rule):\n        test_ruleset = {'rules': {}, 'about': 'regression test'}\n        test_ruleset['rules'][rule_file_name] = [rule]\n\n        with tempfile.NamedTemporaryFile('wt', delete=False) as f:\n            f.write(json.dumps(test_ruleset, indent=4))\n\n        return Ruleset(cloud_provider='aws', filename=f.name)\n"
  },
  {
    "path": "tests/test_rules_ruleset.py",
    "content": "import os\n\nfrom unittest import mock\nimport unittest\nfrom ScoutSuite.core.console import set_logger_configuration, print_debug\nfrom ScoutSuite.core.rule import Rule\nfrom ScoutSuite.core.ruleset import Ruleset\n\n\nclass TestScoutRulesRuleset(unittest.TestCase):\n\n    def setUp(self):\n        set_logger_configuration(is_debug=True)\n        self.test_dir = os.path.dirname(os.path.realpath(__file__))\n\n        self.test_ruleset_001 = os.path.join(self.test_dir, 'data/test-ruleset.json')\n        self.test_ruleset_002 = os.path.join(self.test_dir, 'data/test-ruleset-absolute-path.json')\n\n    @mock.patch(\"ScoutSuite.core.ruleset.print_error\")\n    def test_ruleset_class(self, printError):\n        test001 = Ruleset(cloud_provider='aws', filename=self.test_ruleset_001)\n        assert (os.path.isdir(test001.rules_data_path))\n        assert (os.path.isfile(test001.filename))\n        assert (test001.name == \"test-ruleset\")\n        assert (test001.about == \"regression test\")\n\n        test_file_key = 'iam-password-policy-no-expiration.json'\n        assert (test_file_key in test001.rules)\n        assert (type(test001.rules[test_file_key]) == list)\n        assert (type(test001.rules[test_file_key][0] == Rule))\n        assert (hasattr(test001.rules[test_file_key][0], 'path'))\n        for rule in test001.rules:\n            print_debug(test001.rules[rule][0].to_string())\n\n        assert (test_file_key in test001.rule_definitions)\n        assert (test001.rule_definitions[test_file_key].description == \"Password Expiration Disabled\")\n        for rule_def in test001.rule_definitions:\n            print_debug(str(test001.rule_definitions[rule_def]))\n        assert (printError.call_count == 0)\n\n        test002 = Ruleset(cloud_provider='aws', filename=self.test_ruleset_002)\n        for rule in test002.rules:\n            print_debug(test002.rules[rule][0].to_string())\n        assert (printError.call_count == 1) # is this expected ??\n        assert (\"test-ruleset-absolute-path.json does not exist.\" in printError.call_args_list[0][0][0])\n\n        test005 = Ruleset(cloud_provider='aws', filename=self.test_ruleset_001, ruleset_generator=True)\n\n    @mock.patch(\"ScoutSuite.core.ruleset.print_error\")\n    def test_ruleset_file_not_exist(self, printError):\n        test003 = Ruleset(cloud_provider='aws', filename='tests/data/no-such-file.json')\n        assert (test003.rules == [])\n        assert (printError.call_count == 1)\n        assert (\"no-such-file.json does not exist\" in printError.call_args_list[0][0][0])\n\n    @mock.patch(\"ScoutSuite.core.ruleset.print_exception\")\n    def test_ruleset_invalid(self, printException):\n        test004 = Ruleset(cloud_provider='aws', filename='tests/data/invalid-file.json')\n        assert (test004.rules == [])\n        assert (printException.call_count == 1)\n        assert (\"invalid-file.json contains malformed JSON\" in printException.call_args_list[0][0][0])\n\n    def test_path_for_cloud_providers(self):\n        target = Ruleset(cloud_provider='aws', filename=self.test_ruleset_001)\n        assert (os.path.samefile(target.rules_data_path, './ScoutSuite/providers/aws/rules'))\n\n        target = Ruleset(cloud_provider='azure', filename=self.test_ruleset_001)\n        assert (os.path.samefile(target.rules_data_path, './ScoutSuite/providers/azure/rules'))\n\n        target = Ruleset(cloud_provider='gcp', filename=self.test_ruleset_001)\n        assert (os.path.samefile(target.rules_data_path, './ScoutSuite/providers/gcp/rules'))\n\n    def test_path_for_ruletypes(self):\n        rpath = \"./ScoutSuite/providers/aws/rules/\"\n\n        target = Ruleset(cloud_provider='aws', filename='default.json')\n        assert (os.path.samefile(target.filename, rpath + 'rulesets/default.json'))\n        target = Ruleset(cloud_provider='aws', filename='default')\n        assert (os.path.samefile(target.filename, rpath + 'rulesets/default.json'))\n\n        target = Ruleset(cloud_provider='aws', filename='filters.json')\n        assert (os.path.samefile(target.filename, rpath + 'rulesets/filters.json'))\n\n        target = Ruleset(cloud_provider='aws', filename='filters')\n        assert (os.path.samefile(target.filename, rpath + 'rulesets/filters.json'))\n\n    @mock.patch(\"ScoutSuite.core.ruleset.prompt_yes_no\")\n    def test_file_search(self, prompt_yes_no):\n        prompt_yes_no.return_value = False\n\n        target = Ruleset(cloud_provider='aws', filename=None)\n        assert (prompt_yes_no.call_count == 0)\n        assert (os.path.samefile(target.filename, os.path.join(target.rules_data_path, './rulesets/default.json')))\n\n        target = Ruleset(cloud_provider='aws', environment_name=\"notexist\", filename=None)\n        assert (prompt_yes_no.call_count == 0)\n        assert (os.path.samefile(target.filename, os.path.join(target.rules_data_path, './rulesets/default.json')))\n\n        prompt_yes_no.reset_mock()\n        prompt_yes_no.return_value = True\n\n    def test_find_file(self):\n        test101 = Ruleset(cloud_provider='aws').find_file(self.test_ruleset_001)\n        test102 = Ruleset(cloud_provider='aws').find_file('default')\n\n    def test_search_ruleset(self):\n        test201 = Ruleset(cloud_provider='aws').search_ruleset('test', no_prompt=True)\n"
  },
  {
    "path": "tests/test_scoutsuite.py",
    "content": "import subprocess\nimport unittest\nfrom unittest import mock\n\nimport pytest\nfrom ScoutSuite.__main__ import run_from_cli\nfrom ScoutSuite.core.console import set_logger_configuration\n\n\nclass TestScoutSuiteClass(unittest.TestCase):\n\n    @classmethod\n    def setUpClass(cls):\n        set_logger_configuration(is_debug=True)\n        cls.has_run_scout_suite = False\n\n    @pytest.mark.xfail(\"only runs with AWS, cannot be used dynamically\")\n    @staticmethod\n    def call_scout_suite(args):\n        args = ['./scout.py'] + args\n\n        args.append('aws')\n\n        if TestScoutSuiteClass.profile_name:\n            args.append('--profile')\n            args.append(TestScoutSuiteClass.profile_name)\n        # TODO: FIXME this only tests AWS\n\n        args.append('--force')\n        args.append('--debug')\n        args.append('--no-browser')\n        if TestScoutSuiteClass.has_run_scout_suite:\n            args.append('--local')\n        TestScoutSuiteClass.has_run_scout_suite = True\n\n        sys = None\n        with mock.patch.object(sys, 'argv', args):\n            return run_from_cli()\n\n    def test_scout_suite_help(self):\n        \"\"\"Make sure that ScoutSuite does not crash with --help\"\"\"\n        command = './scout.py --help'\n        process = subprocess.Popen(command, shell=True, stdout=None)\n        process.wait()\n        assert process.returncode == 0\n\n    @pytest.mark.xfail\n    def test_scout_suite_default_run(self):\n        \"\"\"Make sure that ScoutSuite's default run does not crash\"\"\"\n        rc = self.call_scout_suite([])\n        assert (rc == 0)\n"
  },
  {
    "path": "tests/test_utils.py",
    "content": "# Import AWS utils\nfrom ScoutSuite.providers.aws.utils import (\n    get_keys,\n    no_camel,\n    get_name,\n    is_throttled,\n    get_aws_account_id,\n    get_partition_name,\n    snake_keys,\n)\nfrom ScoutSuite.utils import *\nimport collections\nimport unittest\nfrom unittest import mock\nimport datetime\n\n#\n# Test methods for ScoutSuite/utils.py\n#\nclass TestScoutUtilsClass(unittest.TestCase):\n    def test_format_service_name(self):\n        assert format_service_name(\"iAm\") == \"IAM\"\n        assert format_service_name(\"cloudformation\") == \"CloudFormation\"\n\n    def test_get_keys(self):\n        test1 = {\"a\": \"b\", \"c\": \"d\"}\n        test2 = {\"a\": \"\", \"e\": \"f\"}\n        get_keys(test1, test2, \"a\")\n        assert test2[\"a\"] == \"b\"\n        assert \"c\" not in test2\n        get_keys(test1, test2, \"c\")\n        assert test2[\"c\"] == \"d\"\n\n    def test_no_camel(self):\n        assert no_camel(\"TestTest\") == \"test_test\"\n\n    def test_is_throttled(self):\n        CustomException = collections.namedtuple(\"CustomException\", \"response\")\n        # test the throttling cases\n        for t in [\"Throttling\", \"RequestLimitExceeded\", \"ThrottlingException\"]:\n            e = CustomException(response={\"Error\": {\"Code\": t}})\n            assert is_throttled(e)\n        # test the non-throttling exception\n        e = CustomException(response={\"Error\": {\"Code\": \"Not Thro_ttling\"}})\n        assert not is_throttled(e)\n        # test the except block\n        e = CustomException(response={\"Error\": \"\"})\n        assert not is_throttled(e)\n\n    def test_get_name(self):\n        src = {\n            \"Tags\": [\n                {\"Key\": \"Not Name\", \"Value\": \"xyz\"},\n                {\"Key\": \"Name\", \"Value\": \"abc\"},\n            ],\n            \"default_attribute\": \"default_value\",\n        }\n        dst = {}\n        default_attribute = \"default_attribute\"\n        assert get_name(src, dst, default_attribute) == \"abc\"\n        assert dst[\"name\"] == \"abc\"\n\n        src = {\n            \"Tags\": [{\"Key\": \"Not Name\", \"Value\": \"xyz\"}],\n            \"default_attribute\": \"default_value\",\n        }\n        dst = {}\n        default_attribute = \"default_attribute\"\n        assert get_name(src, dst, default_attribute) == \"default_value\"\n        assert dst[\"name\"] == \"default_value\"\n\n    def test_get_identity(self):\n        with mock.patch(\n            \"ScoutSuite.providers.aws.utils.get_caller_identity\",\n            return_value={\"Arn\": \"a:b:c:d:e:f:\"},\n        ):\n            assert get_aws_account_id(\"\") == \"e\"\n\n    def test_get_partition_name(self):\n        with mock.patch(\n            \"ScoutSuite.providers.aws.utils.get_caller_identity\",\n            return_value={\"Arn\": \"a:b:c:d:e:f:\"},\n        ):\n            assert get_partition_name(\"\") == \"b\"\n\n    def test_snake_case(self):\n        src = {\n            \"AttributeDefinitions\": [\n                {\"AttributeName\": \"string\", \"AttributeType\": \"S\"},\n            ],\n            \"TableName\": \"string\",\n            \"KeySchema\": [{\"AttributeName\": \"string\", \"KeyType\": \"HASH\"},],\n            \"TableStatus\": \"CREATING\",\n            \"CreationDateTime\": datetime.datetime(2015, 1, 1, 1, 1, 1, 1, None),\n            \"ProvisionedThroughput\": {\n                \"LastIncreaseDateTime\": datetime.datetime(2015, 1, 1, 1, 1, 1, 1, None),\n                \"LastDecreaseDateTime\": datetime.datetime(2015, 1, 1, 1, 1, 1, 1, None),\n                \"NumberOfDecreasesToday\": 123,\n                \"ReadCapacityUnits\": 123,\n                \"WriteCapacityUnits\": 123,\n            },\n            \"TableSizeBytes\": 123,\n            \"AnotherArray\": [\n                \"One\",\n                \"Two\",\n                \"AnotherThing\",\n            ]\n        }\n        dest = {\n            \"attribute_definitions\": [\n                {\"attribute_name\": \"string\", \"attribute_type\": \"S\"},\n            ],\n            \"table_name\": \"string\",\n            \"key_schema\": [{\"attribute_name\": \"string\", \"key_type\": \"HASH\"}],\n            \"table_status\": \"CREATING\",\n            \"creation_date_time\": datetime.datetime(2015, 1, 1, 1, 1, 1, 1, None),\n            \"provisioned_throughput\": {\n                \"last_increase_date_time\": datetime.datetime(\n                    2015, 1, 1, 1, 1, 1, 1, None\n                ),\n                \"last_decrease_date_time\": datetime.datetime(\n                    2015, 1, 1, 1, 1, 1, 1, None\n                ),\n                \"number_of_decreases_today\": 123,\n                \"read_capacity_units\": 123,\n                \"write_capacity_units\": 123,\n            },\n            \"table_size_bytes\": 123,\n            \"another_array\": [\"One\", \"Two\", \"AnotherThing\"]\n        }\n        d = snake_keys(src)\n        self.maxDiff = None\n        self.assertEquals(d, dest)\n"
  },
  {
    "path": "tests/test_utils_conditions.py",
    "content": "# -*- coding: utf-8 -*-\nimport os\nimport unittest\n\n\nfrom ScoutSuite.core.conditions import *\n\nclass TestOpinelConditionClass(unittest.TestCase):\n    \"\"\"\n    Test opinel.condition\n    \"\"\"\n\n    def test___prepare_age_test(self):\n        pass\n\n    def test_pass_condition(self):\n\n        assert pass_condition('a', 'equal', 'a') == True\n        assert pass_condition('a', 'equal', 'b') == False\n        assert pass_condition(1, 'equal', 1) == True\n        assert pass_condition(1, 'equal', 0) == False\n        assert pass_condition(('a', 'b'), 'equal', ('a', 'b')) == True\n        assert pass_condition(('a', 'b'), 'equal', ('b', 'a')) == False\n        assert pass_condition('a', 'notEqual', 'a') == False\n        assert pass_condition('a', 'notEqual', 'b') == True\n        assert pass_condition(1, 'notEqual', 1) == False\n        assert pass_condition(1, 'notEqual', 0) == True\n        assert pass_condition(('a', 'b'), 'notEqual', ('a', 'b')) == False\n        assert pass_condition(('a', 'b'), 'notEqual', ('b', 'a')) == True\n\n        assert pass_condition(1, 'lessThan', 2) == True\n        assert pass_condition(1, 'lessThan', 1) == False\n        assert pass_condition(2, 'lessThan', 1) == False\n        assert pass_condition(1, 'lessOrEqual', 2) == True\n        assert pass_condition(1, 'lessOrEqual', 1) == True\n        assert pass_condition(2, 'lessOrEqual', 1) == False\n        assert pass_condition(1, 'moreThan', 2) == False\n        assert pass_condition(1, 'moreThan', 1) == False\n        assert pass_condition(2, 'moreThan', 1) == True\n        assert pass_condition(1, 'moreOrEqual', 2) == False\n        assert pass_condition(1, 'moreOrEqual', 1) == True\n        assert pass_condition(2, 'moreOrEqual', 1) == True\n\n        assert pass_condition({}, 'empty', '') == True\n        assert pass_condition({'a': 'b'}, 'empty', '') == False\n        assert pass_condition([], 'empty', '') == True\n        assert pass_condition([None], 'empty', '') == True\n        assert pass_condition(['a'], 'empty', '') == False\n        assert pass_condition({}, 'notEmpty', '') == False\n        assert pass_condition({'a': 'b'}, 'notEmpty', '') == True\n        assert pass_condition([], 'notEmpty', '') == False\n        assert pass_condition([None], 'notEmpty', '') == False\n        assert pass_condition(['a'], 'notEmpty', '') == True\n        assert pass_condition(None, 'null', '') == True\n        assert pass_condition('None', 'null', '') == True\n        assert pass_condition(None, 'notNull', '') == False\n        assert pass_condition('None', 'notNull', '') == False\n\n        assert pass_condition(True, 'true', '') == True\n        assert pass_condition('TrUE', 'true', '') == True\n        assert pass_condition(False, 'false', '') == True\n        assert pass_condition('FaLSe', 'notTrue', '') == True\n\n        test_list1 = []\n        test_dict1 = {}\n        test_list2 = [\n         'a']\n        test_dict2 = {'a': 'b'}\n        test_list3 = ['a', 'b']\n        test_dict3 = {'a': 'b','c': 'd'}\n        assert pass_condition(test_list1, 'lengthLessThan', 1) == True\n        assert pass_condition(test_list1, 'lengthMoreThan', 1) == False\n        assert pass_condition(test_list1, 'lengthEqual', 1) == False\n        assert pass_condition(test_list2, 'lengthLessThan', 1) == False\n        assert pass_condition(test_list2, 'lengthMoreThan', 1) == False\n        assert pass_condition(test_list2, 'lengthEqual', 1) == True\n        assert pass_condition(test_list3, 'lengthLessThan', 1) == False\n        assert pass_condition(test_list3, 'lengthMoreThan', 1) == True\n        assert pass_condition(test_list3, 'lengthEqual', 1) == False\n        assert pass_condition(test_dict1, 'lengthLessThan', 1) == True\n        assert pass_condition(test_dict1, 'lengthMoreThan', 1) == False\n        assert pass_condition(test_dict1, 'lengthEqual', 1) == False\n        assert pass_condition(test_dict2, 'lengthLessThan', 1) == False\n        assert pass_condition(test_dict2, 'lengthMoreThan', 1) == False\n        assert pass_condition(test_dict2, 'lengthEqual', 1) == True\n        assert pass_condition(test_dict3, 'lengthLessThan', 1) == False\n        assert pass_condition(test_dict3, 'lengthMoreThan', 1) == True\n        assert pass_condition(test_dict3, 'lengthEqual', 1) == False\n\n        assert pass_condition(test_dict1, 'withKey', 'a') == False\n        assert pass_condition(test_dict2, 'withKey', 'a') == True\n        assert pass_condition(test_dict1, 'withoutKey', 'a') == True\n        assert pass_condition(test_dict2, 'withoutKey', 'a') == False\n\n        assert pass_condition(test_list1, 'containAtLeastOneOf', test_list1) == False\n        assert pass_condition(test_list1, 'containAtLeastOneOf', test_list2) == False\n        assert pass_condition(test_list2, 'containAtLeastOneOf', test_list2) == True\n        assert pass_condition(test_list2, 'containAtLeastOneOf', ['b']) == False\n        assert pass_condition(test_list3, 'containAtLeastOneOf', ['c']) == False\n        assert pass_condition(test_list3, 'containAtLeastOneOf', ['c', 'b']) == True\n        assert pass_condition('', 'containAtLeastOneOf', test_list1) == False\n        assert pass_condition('a', 'containAtLeastOneOf', test_list2) == True\n        assert pass_condition(test_list2, 'containAtLeastOneOf', '') == False\n        assert pass_condition(test_list2, 'containAtLeastOneOf', 'a') == True\n        assert pass_condition(test_list1, 'containAtLeastOneDifferentFrom', test_list1) == False\n        assert pass_condition(test_list1, 'containAtLeastOneDifferentFrom', test_list3) == False\n        assert pass_condition(test_list2, 'containAtLeastOneDifferentFrom', test_list1) == True\n        assert pass_condition(test_list2, 'containAtLeastOneDifferentFrom', test_list2) == False\n        assert pass_condition(test_list2, 'containAtLeastOneDifferentFrom', test_list3) == False\n        assert pass_condition(['c'], 'containAtLeastOneDifferentFrom', test_list3) == True\n        assert pass_condition(test_list3, 'containAtLeastOneDifferentFrom', test_list3) == False\n        assert pass_condition(test_list3, 'containAtLeastOneDifferentFrom', test_list2) == True\n        assert pass_condition(test_list3, 'containAtLeastOneDifferentFrom', test_list1) == True\n        assert pass_condition('', 'containAtLeastOneDifferentFrom', test_list1) == False\n        assert pass_condition('a', 'containAtLeastOneDifferentFrom', test_list3) == False\n        assert pass_condition('d', 'containAtLeastOneDifferentFrom', test_list3) == True\n        assert pass_condition(test_list1, 'containAtLeastOneDifferentFrom', 'a') == False\n        assert pass_condition(test_list2, 'containAtLeastOneDifferentFrom', 'd') == True\n        assert pass_condition(test_list1, 'containNoneOf', test_list1) == True\n        assert pass_condition(test_list2, 'containNoneOf', test_list2) == False\n        assert pass_condition(test_list1, 'containNoneOf', 'a') == True\n        assert pass_condition('a', 'containNoneOf', test_list1) == True\n\n        assert pass_condition('abcdefg', 'match', '.*cde.*') == True\n        assert pass_condition('abcdefg', 'notMatch', '.*cde.*') == False\n        assert pass_condition('abcdefg', 'match', '.*345.*') == False\n        assert pass_condition('abcdefg', 'notMatch', '.*345.*') == True\n        assert pass_condition('abcdefg', 'notMatch', '.*345.*') == True\n        assert pass_condition('abcdefg', 'match', ['.*xyx.*', '.*pqr.*']) == False\n        assert pass_condition('abcdefg', 'match', ['.*xyx.*', '.*345.*', '.*cde.*']) == True\n\n        assert pass_condition('abcdefg', 'matchInList', '.*cde.*') == True\n        assert pass_condition('abcdefg', 'matchInList', '.*edc.*') == False\n        assert pass_condition('abcdefg', 'matchInList', ['.*cde.*', '.*edc.*']) == True\n        assert pass_condition('abcdefg', 'matchInList', ['.*edc.*', '.*cba.*']) == False\n        assert pass_condition(['abcdefg'], 'matchInList', '.*cde.*') == True\n        assert pass_condition(['abcdefg'], 'matchInList', '.*edc.*') == False\n        assert pass_condition(['abcdefg'], 'matchInList', ['.*cde.*', '.*edc.*']) == True\n        assert pass_condition(['abcdefg'], 'matchInList', ['.*edc.*', '.*cba.*']) == False\n        assert pass_condition(test_list1, 'matchInList', '.*cde.*') == False\n        assert pass_condition('abcdefg', 'matchInList', test_list1) == False\n        assert pass_condition(test_list1, 'matchInList', test_list1) == False\n\n        date1 = '2016-04-11 12:20:26.996000+00:00'\n        date2 = '2017-04-11 12:20:26.996000+00:00'\n        date3 = datetime.datetime.now() - datetime.timedelta(days=1)\n        date4 = datetime.datetime.now() - datetime.timedelta(days=100)\n        date5 = datetime.datetime.now() - datetime.timedelta(hours=5)\n        assert pass_condition(date1, 'priorToDate', date2) == True\n        assert pass_condition(date2, 'priorToDate', date1) == False\n        assert pass_condition(date3, 'olderThan', [90, 'days']) == False\n        assert pass_condition(date4, 'olderThan', [90, 'days']) == True\n        assert pass_condition(date5, 'olderThan', [90, 'minutes']) == True\n        assert pass_condition(date5, 'olderThan', [360, 'minutes']) == False\n        assert pass_condition(date5, 'olderThan', [1, 'hours']) == True\n        assert pass_condition(date5, 'olderThan', [6, 'hours']) == False\n        try:\n            assert pass_condition(date5, 'olderThan', [6, 'unittest']) == False\n        except:\n            pass\n\n        try:\n            assert pass_condition(date5, 'olderThan', '90') == False\n        except:\n            pass\n\n        assert pass_condition(date3, 'newerThan', [90, 'days']) == True\n        assert pass_condition(date4, 'newerThan', [90, 'days']) == False\n        assert pass_condition(date4, 'newerThan', ['90', 'days']) == False\n\n        assert pass_condition('192.168.0.1', 'inSubnets', '192.168.0.0/24') == True\n        assert pass_condition('192.168.0.1', 'inSubnets', ['192.168.0.0/24']) == True\n        assert pass_condition('192.168.1.1', 'inSubnets', ['192.168.0.0/24']) == False\n        assert pass_condition('192.168.1.1', 'notInSubnets', ['192.168.0.0/24']) == True\n\n        src_dir = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data')\n        src_file = os.path.join(src_dir, 'policy1.json')\n\n        with open(src_file) as f:\n            testpolicy = json.load(f)\n        assert pass_condition(testpolicy['Statement'][0], 'containAction', 'iam:GetUser') == True\n        assert pass_condition(testpolicy['Statement'][0], 'containAction', 'iam:CreateUser') == False\n        assert pass_condition(testpolicy['Statement'][1], 'containAction', 'iam:CreateUser') == True\n        assert pass_condition(testpolicy['Statement'][2], 'containAction', 'iam:CreateUser') == True\n        assert pass_condition(testpolicy['Statement'][0], 'notContainAction', 'iam:CreateUser') == True\n        assert pass_condition(testpolicy['Statement'][0], 'notContainAction', 'iam:GetUser') == False\n        assert pass_condition(testpolicy['Statement'][0], 'containAtLeastOneAction', '') == False\n        assert pass_condition(testpolicy['Statement'][0], 'containAtLeastOneAction', 'iam:GetUser') == True\n        assert pass_condition(testpolicy['Statement'][0], 'containAtLeastOneAction', ['iam:CreateUser', 'iam:GetUser']) == True\n\n        src_file = os.path.join(src_dir, 'statement1.json')\n        with open(src_file) as f:\n            stringstatement = f.read()\n        assert pass_condition(stringstatement, 'containAction', 'iam:GetUser') == True\n        assert pass_condition(stringstatement, 'containAtLeastOneAction', 'iam:GetUser') == True\n\n        assert pass_condition('123456789012', 'isSameAccount', '123456789012') == True\n        assert pass_condition(['123456789013', '123456789012'], 'isSameAccount', '123456789012') == True\n        assert pass_condition('arn:aws:iam::123456789012:root', 'isSameAccount', '123456789012') == True\n        assert pass_condition('arn:aws:iam::123456789012:user/name', 'isSameAccount', '123456789012') == True\n        assert pass_condition('arn:aws:iam::123456789012:role/name', 'isSameAccount', '123456789012') == True\n        assert pass_condition('123456789012', 'isSameAccount', '123456789013') == False\n        assert pass_condition('arn:aws:iam::123456789012:root', 'isSameAccount', '123456789013') == False\n        assert pass_condition('123456789012', 'isCrossAccount', '123456789013') == True\n        assert pass_condition(['123456789013', '123456789012'], 'isCrossAccount', '123456789013') == True\n        assert pass_condition('arn:aws:iam::123456789012:root', 'isCrossAccount', '123456789013') == True\n        assert pass_condition({'AWS': 'arn:aws:iam::123456789012:root'}, 'isCrossAccount', '123456789013')\n        assert pass_condition(\n            [{'AWS': 'arn:aws:iam::123456789013:root'}, {'AWS': 'arn:aws:iam::123456789012:root'}],\n            'isCrossAccount',\n            '123456789013'\n        )\n\n        assert pass_condition([\"a\", \"b\", \"arn:aws:iam::111111111111:role/*\"], \"containAtLeastOneMatching\", \".*[*].*\")\n        assert pass_condition([\"*\"], \"containAtLeastOneMatching\", \".*[*].*\")\n        assert not pass_condition([\"a\", \"b\"], \"containAtLeastOneMatching\", \".*[*].*\")\n        assert not pass_condition([], \"containAtLeastOneMatching\", \".*[*].*\")\n\n        try:\n            pass_condition('foo', 'bar', 'baz')\n        except:\n            pass\n\n        return\n"
  },
  {
    "path": "tests/test_utils_console.py",
    "content": "# -*- coding: utf-8 -*-\n\nimport unittest\nfrom ScoutSuite.core.console import *\n\nclass TestOpinelUtilsConsoleClass(unittest.TestCase):\n\n    def test_configPrintException(self):\n        set_logger_configuration(False)\n        set_logger_configuration(True)\n\n\n    def test_printDebug(self):\n        print_debug('hello')\n\n\n    def test_printError(self):\n        print_error('hello')\n\n\n    def test_printException(self):\n        set_logger_configuration(True)\n        try:\n            raise Exception('opinelunittest')\n        except Exception as e:\n            print_exception(e)\n        set_logger_configuration(False)\n        try:\n            raise Exception('opinelunittest')\n        except Exception as e:\n            print_exception(e)\n        try:\n            raise Exception('opinelunittest')\n        except Exception as e:\n            print_exception(e, True)\n\n\n    def test_printInfo(msg, newLine=True):\n        print_info('hello')\n\n\n    def test_printGeneric(self):\n        print_generic('hello')\n\n\n    def test_prompt(self):\n        assert prompt('a') == 'a'\n        assert prompt('') == ''\n        test = ['a', 'b']\n        assert prompt(test) == 'a'\n        assert prompt(test) == 'b'\n        assert prompt(test) == ''\n\n\n    def test_prompt_4_value(self):\n        assert prompt_value('prompt_4_value', no_confirm=True, test_input='inputvalue') == 'inputvalue'\n        assert prompt_value('prompt_4_value', no_confirm=True, is_question=True, test_input='inputvalue') == 'inputvalue'\n        assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], no_confirm=True, test_input='b') == 'b'\n        assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], display_choices=False, no_confirm=True, test_input='b') == 'b'\n        assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], display_indices=True, no_confirm=True, test_input='1') == 'b'\n        assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], default='b', no_confirm=True, test_input='') == 'b'\n        assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], no_confirm=True, authorize_list=True, test_input='a,b') == 'a,b'\n        assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], required=True, no_confirm=True, test_input=['', 'b']) == 'b'\n        assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], required=True, no_confirm=True, test_input=['invalid', 'b']) == 'b'\n        assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], no_confirm=True, test_input='a,c') == None\n        assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], no_confirm=True, test_input='a,b', authorize_list = True) == 'a,b'\n        assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], no_confirm=True, test_input='a,e', authorize_list = True) == None\n\n    def test_prompt_4_yes_no(self):\n        assert prompt_yes_no('hello', 'N') == False\n        assert prompt_yes_no('hello', 'no') == False\n        assert prompt_yes_no('hello', 'Y') == True\n        assert prompt_yes_no('hello', 'yes') == True\n        assert prompt_yes_no('hello', ['foo', 'bar', 'no']) == False\n        assert prompt_yes_no('hello', 'Ye') == None\n        assert prompt_yes_no('hello', 'Non') == None"
  },
  {
    "path": "tests/test_utils_fs.py",
    "content": "# -*- coding: utf-8 -*-\n\nimport unittest\nfrom ScoutSuite.core.fs import *\nfrom ScoutSuite.core.console import *\n\nclass TestOpinelFsClass(unittest.TestCase):\n    \"\"\"\n    Test opinel.fs\n    \"\"\"\n\n    def cmp(self, a, b):\n        \"\"\"\n        Implement cmp() for Python3 tests\n        \"\"\"\n        return (a > b) - (a < b)\n\n    def test_CustomJSONEncoder(self):\n        date = datetime.datetime(2017, 6, 12)\n        blob1 = {'foo': 'bar', 'date': date}\n        print('%s' % json.dumps(blob1, cls=CustomJSONEncoder))\n        blob2 = {'foo': 'bar', 'baz': {'foo': 'bar'}}\n        print('%s' % json.dumps(blob2, cls=CustomJSONEncoder))\n\n    def test_load_data(self):\n        test = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data/protocols.json')\n        load_data(test, local_file=True)\n        load_data(test, 'protocols', local_file=True)\n        load_data('protocols.json', 'protocols')\n        load_data('aws/ip-ranges/aws.json', 'prefixes')\n        load_data('tests/data/protocols.json', 'protocols', local_file=True)\n        test = load_data('protocols.json', 'protocols')\n        assert type(test) == dict\n        assert test['1'] == 'ICMP'\n        test = load_data('tests/data/protocols.json', 'protocols', True)\n        assert type(test) == dict\n        assert test['-2'] == 'TEST'\n\n\n    def test_read_ip_ranges(self):\n        read_ip_ranges('aws/ip-ranges/aws.json', local_file=False)\n        read_ip_ranges('tests/data/ip-ranges-1.json', local_file=True)\n        read_ip_ranges('tests/data/ip-ranges-1.json', local_file=True, ip_only=True)\n        successful_read_ip_ranges_runs = True\n        test_cases = [\n            {\n                'filename': 'tests/data/ip-ranges-1.json',\n                'local_file': True,\n                'conditions': [],'ip_only': False,\n                'results': 'tests/results/read_ip_ranges/ip-ranges-1a.json'\n            },\n            {\n                'filename': 'tests/data/ip-ranges-1.json',\n                'local_file': True,\n                'conditions': [],'ip_only': True,\n                'results': 'tests/results/read_ip_ranges/ip-ranges-1b.json'\n            },\n            {\n                'filename': 'tests/data/ip-ranges-1.json',\n                'local_file': True,\n                'conditions': [\n                         [\n                          'field_a', 'equal', 'a1']],\n                'ip_only': True,\n                'results': 'tests/results/read_ip_ranges/ip-ranges-1c.json'\n            },\n            {\n                'filename': 'tests/aws/ip-ranges/aws.json',\n                'local_file': False,\n                'conditions': [\n                    [ 'ip_prefix', 'equal', '23.20.0.0/14' ]\n                ],\n                'ip_only': False,\n                'results': 'tests/results/read_ip_ranges/ip-ranges-a.json'\n            },\n            {\n                \"filename\": 'tests/data/ip-ranges-3.json',\n                \"local_file\": True,\n                'results': None,\n                \"ip_only\": True,\n                \"results\": \"tests/results/read_ip_ranges/ip-ranges-3.json\"\n            },\n            {\n                \"filename\": 'data/ip-ranges-3.json',\n                \"local_file\": True,\n                'results': None,\n                \"ip_only\": True,\n                \"results\": \"results/read_ip_ranges/ip-ranges-3.json\"\n            }\n        ]\n\n        assert successful_read_ip_ranges_runs\n\n    def test_save_blob_as_json(self):\n        date = datetime.datetime.now()\n        save_blob_as_json('tmp1.json', {'foo': 'bar','date': date}, True)\n        save_blob_as_json('tmp1.json', {'foo': 'bar'}, True)\n        save_blob_as_json('/root/tmp1.json', {'foo': 'bar'}, True)\n"
  },
  {
    "path": "tools/README.md",
    "content": "# Tools\n\nThis folder holds a number of useful tools for development and advanced usage of Scout Suite.\n\n## [aws_security_hub_export.py](https://github.com/nccgroup/ScoutSuite/blob/master/tools/aws_security_hub_export.py)\n\nAllows exporting results from at report to AWS Security Hub.\n\nCLI Usage:\n\n```shell\n$ python tools/aws_security_hub_export.py -h\nusage: aws_security_hub_export.py [-h] [-p PROFILE] -f FILE\n\nTool to upload a JSON report to AWS Security Hub\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -p PROFILE, --profile PROFILE\n                        The named profile to use to authenticate to AWS.\n                        Defaults to \"default\".\n  -f FILE, --file FILE  The path of the JSON results file to process, e.g.\n                        \"scoutsuite-report/scoutsuite-\n                        results/scoutsuite_results_aws-<profile>.js\".\n\n$ python tools/aws_security_hub_export.py --profile <profile> --file scoutsuite-report/scoutsuite-results/scoutsuite_results_aws-<profile>.js\n2020-04-19 10:09:06 wrkbx2 scout[7121] INFO Authenticated with profile <profile>\n2020-04-19 10:09:06 wrkbx2 scout[7121] INFO Batch uploading 14 findings\n2020-04-19 10:09:07 wrkbx2 scout[7121] INFO Upload completed, 14 succeeded, 0 failed\n```\n\nProgramatic Usage:\n\n```python\nPython 3.7.3 (default, Dec 20 2019, 18:57:59) \n[GCC 8.3.0] on linux\nType \"help\", \"copyright\", \"credits\" or \"license\" for more information.\n\n>>> from tools.aws_security_hub_export import run\n>>> run('<profile>', 'scoutsuite-report/scoutsuite-results/scoutsuite_results_aws-<profile>.js')\n```\n\n## [format_findings.py](https://github.com/nccgroup/ScoutSuite/blob/master/tools/format_findings.py)\n\nFormats all findings to ensure they follow standard format.\n\nUsage:\n\n```shell\n$ python tools/format_findings.py -h                                                                                 \nusage: format_findings.py [-h] [-f FOLDER]\n\nTool to help properly format findings.\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -f FOLDER, --folder FOLDER\n                        The path of the folder containing the findings. If not\n                        provided will format all folders\n\n$ python tools/format_findings.py   \nFormatting findings in /home/xxxxx/Git/ScoutSuite/ScoutSuite/providers/aliyun/rules/findings\nFound 8/10 findings with no rationale\nFormatting findings in /home/xxxxx/Git/ScoutSuite/ScoutSuite/providers/aws/rules/findings\nFound 66/100 findings with no rationale\nFormatting findings in /home/xxxxx/Git/ScoutSuite/ScoutSuite/providers/azure/rules/findings\nFound 2/40 findings with no rationale\nFormatting findings in /home/xxxxx/Git/ScoutSuite/ScoutSuite/providers/gcp/rules/findings\nFound 10/30 findings with no rationale\nFormatting findings in /home/xxxxx/Git/ScoutSuite/ScoutSuite/providers/oci/rules/findings\nFound 5/10 findings with no rationale\n```\n\nRefer to https://github.com/nccgroup/ScoutSuite/wiki/HowTo:-Create-a-new-rule for related information.\n\n## [gen-tests.py](https://github.com/nccgroup/ScoutSuite/blob/master/tools/gen-tests.py)\n\nTBD \n\n## [process_raw_response.py](https://github.com/nccgroup/ScoutSuite/blob/master/tools/process_raw_response.py)\n\nHelps parse an object returned by the cloud provider's APIs and generate a boilerplate partial.\n\nRefer to https://github.com/nccgroup/ScoutSuite/wiki/Tools & https://github.com/nccgroup/ScoutSuite/wiki/HowTo:-Create-a-custom-partial-for-new-resources for usage information.\n\n## [sort-ruleset.py](https://github.com/nccgroup/ScoutSuite/blob/master/tools/sort-ruleset.py)\n\nSorts and prettyfies a ruleset by file name.\n\n## [update-aws-ips.sh](https://github.com/nccgroup/ScoutSuite/blob/master/tools/update-aws-ips.sh)\n\nUpdates the AWS CIDRs file.\n\n"
  },
  {
    "path": "tools/__init__.py",
    "content": ""
  },
  {
    "path": "tools/aws_security_hub_export.py",
    "content": "#!/usr/bin/env python3\n\nfrom ScoutSuite.providers.aws.utils import get_caller_identity\nfrom ScoutSuite.core.console import set_logger_configuration, print_info, print_exception\nfrom tools.utils import results_file_to_dict\n\nimport datetime\nimport argparse\nimport boto3\n\n\ndef upload_findigs_to_securityhub(session, formatted_findings_list):\n    try:\n        if formatted_findings_list:\n            print_info('Batch uploading {} findings'.format(len(formatted_findings_list)))\n            securityhub = session.client('securityhub')\n            response = securityhub.batch_import_findings(Findings=formatted_findings_list)\n            print_info('Upload completed, {} succeeded, {} failed'.format(response.get('SuccessCount'),\n                                                                          response.get('FailedCount')))\n            return response\n    except Exception as e:\n        print_exception(f'Unable to upload findings to Security Hub: {e}')\n\n\ndef format_finding_to_securityhub_format(aws_account_id,\n                                         region,\n                                         creation_date,\n                                         finding_key,\n                                         finding_value):\n    try:\n\n        if finding_value.get('level') == 'danger':\n            label = 'HIGH'\n        elif finding_value.get('level') == 'warning':\n            label = 'MEDIUM'\n        else:\n            label = 'INFORMATIONAL'\n\n        format_time = datetime.datetime.utcnow().replace(tzinfo=datetime.timezone.utc).isoformat()\n\n        formatted_finding = {\n            'SchemaVersion': '2018-10-08',\n            'Id': finding_key,\n            'ProductArn':\n                'arn:aws:securityhub:' + region + ':' + aws_account_id + ':product/' + aws_account_id + '/default',\n            'GeneratorId': f'scoutsuite-{aws_account_id}',\n            'AwsAccountId': aws_account_id,\n            'Types': ['Software and Configuration Checks/AWS Security Best Practices'],\n            'FirstObservedAt': creation_date,\n            'CreatedAt': format_time,\n            'UpdatedAt': format_time,\n            'Severity': {\n                'Label': label\n            },\n            'Title': finding_value.get('description'),\n            'Description': finding_value.get('rationale') if finding_value.get('rationale') else 'None',\n            'Remediation': {\n                'Recommendation': {\n                    'Text': finding_value.get('remediation', 'None') if finding_value.get('remediation') else 'None'\n                }\n            },\n            'ProductFields': {'Product Name': 'Scout Suite'},\n            'Resources': [  # TODO this lacks affected resources\n                {\n                    'Type': 'AwsAccount',\n                    'Id': 'AWS::::Account:' + creation_date,\n                    'Partition': 'aws',\n                    'Region': region\n                }\n            ],\n            'Compliance': {\n                'Status': 'FAILED'\n            },\n            'RecordState': 'ACTIVE'\n        }\n        return formatted_finding\n    except Exception as e:\n        print_exception(f'Unable to process finding: {e}')\n\n\ndef process_results_file(f,\n                         region):\n    try:\n        formatted_findings_list = []\n        results = results_file_to_dict(f)\n\n        aws_account_id = results[\"account_id\"]\n        creation_date = datetime.datetime.strptime(results[\"last_run\"][\"time\"], '%Y-%m-%d %H:%M:%S%z').isoformat()\n\n        for service in results.get('service_list'):\n            for finding_key, finding_value in results.get('services', {}).get(service).get('findings').items():\n                if finding_value.get('items'):\n                    formatted_finding = format_finding_to_securityhub_format(aws_account_id,\n                                                                             region,\n                                                                             creation_date,\n                                                                             finding_key,\n                                                                             finding_value)\n                    formatted_findings_list.append(formatted_finding)\n\n        return formatted_findings_list\n    except Exception as e:\n        print_exception(f'Unable to process results file: {e}')\n\n\ndef run(profile, file):\n    session = boto3.Session(profile_name=profile)\n    # Test querying for current user\n    get_caller_identity(session)\n    print_info(f'Authenticated with profile {profile}')\n\n    try:\n        with open(file) as f:\n            formatted_findings_list = process_results_file(f,\n                                                           session.region_name)\n    except Exception as e:\n        print_exception(f'Unable to open file {file}: {e}')\n\n    upload_findigs_to_securityhub(session, formatted_findings_list)\n\n\nif __name__ == \"__main__\":\n\n    # Configure the debug level\n    set_logger_configuration()\n\n    parser = argparse.ArgumentParser(description='Tool to upload a JSON report to AWS Security Hub')\n    parser.add_argument('-p', '--profile',\n                        required=False,\n                        default=\"default\",\n                        help=\"The named profile to use to authenticate to AWS. Defaults to \\\"default\\\".\")\n    parser.add_argument('-f', '--file',\n                        required=True,\n                        help=\"The path of the JSON results file to process, e.g. \"\n                             \"\\\"scoutsuite-report/scoutsuite-results/scoutsuite_results_aws-<profile>.js\\\".\")\n    args = parser.parse_args()\n\n    try:\n        run(args.profile, args.file)\n    except Exception as e:\n        print_exception(f'Unable to complete: {e}')\n"
  },
  {
    "path": "tools/format_findings.py",
    "content": "#!/usr/bin/env python3\n\nimport argparse\nimport json\nimport os\nimport sys\nfrom collections import OrderedDict\n\nfrom utils import get_capitalized_title\n\n\ndef get_folder_files(folder_path):\n    files = []\n    for (dirpath, dirnames, filenames) in os.walk(folder_path):\n        files.extend(filenames)\n        break\n    return files\n\n\ndef format_folder(folder_path):\n    print(f'Formatting findings in {folder_path}')\n\n    files = get_folder_files(folder_path)\n    finding_with_no_rationale = 0\n\n    for fn in files:\n\n        loc = f'{folder_path}/{fn}'\n\n        with open(loc, 'r+') as json_file:\n            try:\n                data = json.load(json_file)\n            except Exception as e:\n                print(f'exception {e} for \\\"{fn}\\\"')\n            else:\n                try:\n                    # change legacy field name - TODO remove once there are none left\n                    if 'title' in data:\n                        data['description'] = data['title']\n                        data.pop('title', None)\n                    # remove legacy HTML from rationale - TODO remove once there are none left\n                    if 'rationale' in data.keys() and data.get('rationale'):\n                        data['rationale'] = data['rationale'].replace('<b>Description:</b><br><br>', '')\n                        # check for legacy content - TODO remove once there are none left\n                        if 'References' in data['rationale'] or 'CIS' in data['rationale']:\n                            print('Potentially legacy rationale for {}: {}'.format(fn, data['rationale']))\n                    else:\n                        finding_with_no_rationale += 1\n                    # capitalize titles\n                    data['description'] = get_capitalized_title(data['description'])\n                    # back to start\n                    json_file.seek(0)\n                    # sort keys\n                    sort_order = ['description', 'rationale', 'remediation', 'compliance', 'references',\n                                  'dashboard_name', 'display_path', 'path', 'conditions',\n                                  'key', 'keys', 'arg_names', 'id_suffix', 'class_suffix']\n                    try:\n                        ordered_data = OrderedDict(sorted(data.items(), key=lambda i: sort_order.index(i[0])))\n                    except Exception as e:\n                        print(f'{fn}: {e}')\n                    # save to file\n                    json.dump(ordered_data, json_file, sort_keys=False, indent=4)\n                except Exception as e:\n                    print(f'Failed to process {fn}: {e}')\n\n    print('Found {}/{} findings with no rationale'.format(finding_with_no_rationale, len(files)))\n\n\nif __name__ == \"__main__\":\n\n    parser = argparse.ArgumentParser(description='Tool to help properly format findings.')\n    parser.add_argument('-f', '--folder',\n                        required=False,\n                        help=\"The path of the folder containing the findings. If not provided will format all folders\")\n    args = parser.parse_args()\n\n    if args.folder:\n        if not os.path.isdir(args.folder):\n            print('Error, the path provided is not valid.')\n            sys.exit(1)\n        else:\n            format_folder(args.folder)\n    else:\n        provider_codes = ['aliyun', 'aws', 'azure', 'gcp', 'oci', 'kubernetes']\n\n        for provider_code in provider_codes:\n            current_file_dirname = os.path.dirname(__file__)\n            findings_path = os.path.abspath(\n                os.path.join(current_file_dirname, f\"../ScoutSuite/providers/{provider_code}/rules/findings/\"))\n            format_folder(findings_path)\n"
  },
  {
    "path": "tools/gen-tests.py",
    "content": "#!/usr/bin/env python\n\nimport os\n\nscout_dir = 'ScoutSuite'\ntests_dir = 'testsbase'\n\nfor root, dirnames, filenames in os.walk(scout_dir):\n    for filename in filenames:\n        if filename.startswith('__') or not filename.endswith('.py'):\n            continue\n        filepath = os.path.join(root, filename)\n        tmp = filepath.split('.')[0].split('/')\n        print(str(tmp))\n\n        test = '# Import AWS utils\\nfrom {} import *\\n\\n#\\n# Test methods for {}\\n#\\n\\nclass Test{}Class:\\n\\n'.format('.'.join(tmp), filepath, ''.join(t.title() for t in tmp))\n\n        test_filename = 'test-%s.py' % '-'.join(tmp[1:])\n        print(f'{filepath} --> {test_filename}')\n        test_file = os.path.join(tests_dir, test_filename)\n        if not os.path.isfile(test_file):\n            with open(test_file, 'w+') as f:\n                f.write(test)\n\n"
  },
  {
    "path": "tools/process_raw_response.py",
    "content": "#!/usr/bin/env python3\n\nimport argparse\nimport json\nimport datetime\nimport re\nfrom ast import literal_eval\n\n\nfirst_cap_re = re.compile('(.)([A-Z][a-z]+)')\nall_cap_re = re.compile('([a-z0-9])([A-Z])')\n\nhtml_boilerplate = \\\n\"\"\"<!-- {} {}s -->\n<script id=\"services.{}{}.{}s.partial\" type=\"text/x-handlebars-template\">\n    <div id=\"resource-name\" class=\"list-group-item active\">\n        <h4 class=\"list-group-item-heading\">{{{{name}}}}</h4>\n    </div>\n    <div class=\"list-group-item\">\n        <h4 class=\"list-group-item-heading\">Information</h4>{}\n    </div>\n</script>\n\n<script>\n    Handlebars.registerPartial(\"services.{}{}.{}s\", $(\"#services\\\\\\\\.{}{}\\\\\\\\.{}s\\\\\\\\.partial\").html());\n</script>\n\n<!-- Single {} {} template -->\n<script id=\"single_{}_{}-template\" type=\"text/x-handlebars-template\">\n    {{{{> modal-template template='services.{}{}.{}s'}}}}\n</script>\n<script>\n    var single_{}_{}_template = Handlebars.compile($(\"#single_{}_{}-template\").html());\n</script>\"\"\"\n\n\ndef camel_to_snake(name, upper=False):\n    s1 = first_cap_re.sub(r'\\1_\\2', name)\n    if upper:\n        return all_cap_re.sub(r'\\1_\\2', s1).title()\n    else:\n        return all_cap_re.sub(r'\\1_\\2', s1).lower()\n\n\nif __name__ == \"__main__\":\n\n    parser = argparse.ArgumentParser(description='Tool to help parsing raw responses.')\n    parser.add_argument('-p', '--provider', required=True, help=\"The cloud provider (e.g. \\\"aws\\\")\")\n    parser.add_argument('-s', '--service', required=True, help=\"The response's service (e.g. \\\"iam\\\")\")\n    parser.add_argument('-n', '--name', required=True, help=\"The response object's name (e.g. \\\"user\\\")\")\n    parser.add_argument('-a', '--additional-path', required=False, help=\"Additional path values(e.g. \\\"vpc\\\", \\\"subscriptions\\')\")\n    parser.add_argument('-v', '--value', required=True, help=\"The raw response\")\n    args = parser.parse_args()\n\n    if args.provider not in ['aws', 'azure', 'aliyun', 'gcp', 'oci', 'do', 'kubernetes']:\n        # TODO support more providers\n        print('Provider not implemented')\n        exit()\n\n    if args.provider == 'aws':\n        object_format = 'raw_{}.get(\\'{}\\')'\n        cleaned_value = args.value.replace('<class \\'dict\\'>: ', '')\n        cleaned_value = args.value.replace('\\}', '}')\n        cleaned_value = cleaned_value.replace(\", tzinfo=tzlocal()\", \"\")\n        cleaned_value = cleaned_value.replace(\", tzinfo=tzutc()\", \"\")\n        object_value_dict = eval(cleaned_value)\n    elif args.provider == 'azure':\n        object_format = 'raw_{}.{}'\n        pattern = re.compile(r'<[\\w\\'.:_\\s]*>')\n        cleaned_value = pattern.sub('None', args.value)\n        cleaned_value = cleaned_value.replace(' {}', ' \\'{}\\'')\n        object_value_dict = eval(cleaned_value)\n    elif args.provider == 'aliyun':\n        object_format = 'raw_{}.get(\\'{}\\')'\n        object_value_dict = literal_eval(args.value)\n    elif args.provider == 'gcp':\n        object_format = 'raw_{}.{}'\n        object_value_dict = json.loads(args.value)\n    elif args.provider == 'oci':\n        object_format = 'raw_{}.{}'\n        object_value_dict = json.loads(args.value)\n    elif args.provider == 'do':\n        object_format = 'raw_{}.{}'\n        object_value_dict = json.loads(args.value)\n    elif args.provider == 'kubernetes':\n        object_format = 'raw_{}.{}'\n        object_value_dict = json.loads(args.value)\n\n    parsed_html = ''\n\n    parsed_string = ''\n    parsed_string += f'{args.name}_dict = {{}}\\n'\n\n    for k in object_value_dict.keys():\n        object_format_value = object_format.format(args.name, k)\n        parsed_string += '{}_dict[\\'{}\\'] = {}\\n'.format(args.name, camel_to_snake(k), object_format_value)\n        parsed_html += '\\n        <div class=\"list-group-item-text item-margin\">{}: <span id=\"{}{}.{}s.{{{{@key}}}}.{}\"><samp>{{{{value_or_none {}}}}}</samp></span></div>'.format(\n            camel_to_snake(k, True).replace('_', ' '), args.service,\n            '.{}.{{{{{}}}}}'.format(args.additional_path, args.additional_path[:-1]) if args.additional_path else '',\n            args.name, camel_to_snake(k), camel_to_snake(k))\n\n    parsed_string += f'return {args.name}_dict[\\'id\\'], {args.name}_dict'\n\n    print(parsed_string)\n    print('\\n')\n    print(html_boilerplate.format(\n        args.service, args.name,\n        args.service, f'.{args.additional_path}.id' if args.additional_path else '', args.name,\n        parsed_html,\n        args.service, f'.{args.additional_path}.id' if args.additional_path else '', args.name,\n        args.service, f'\\\\\\\\.{args.additional_path}\\\\\\\\.id' if args.additional_path else '', args.name,\n        args.service, args.name,\n        args.service, args.name,\n        args.service, f'.{args.additional_path}.id' if args.additional_path else '', args.name,\n        args.service, args.name,\n        args.service, args.name\n    ))\n"
  },
  {
    "path": "tools/sort-ruleset.py",
    "content": "#!/usr/bin/env python3\n\nimport argparse\nimport json\nimport os\nimport sys\n\n\ndef get_folder_files(folder_path):\n    files = []\n    for (dirpath, dirnames, filenames) in os.walk(folder_path):\n        files.extend(filenames)\n        break\n    return files\n\n\ndef format_folder(folder_path):\n    print(f'Formatting rulesets in {folder_path}')\n\n    files = get_folder_files(folder_path)\n\n    for fn in files:\n\n        loc = f'{folder_path}/{fn}'\n\n        with open(loc, 'rt') as f:\n            ruleset = json.load(f)\n\n        ruleset = json.dumps(ruleset, indent=4, sort_keys=True)\n\n        with open(loc, 'wt') as f:\n            for line in ruleset.split('\\n'):\n                f.write('%s\\n' % line.rstrip())\n\n\nif __name__ == \"__main__\":\n\n    parser = argparse.ArgumentParser(description='Tool to help properly format rulesets.')\n    parser.add_argument('-f', '--folder',\n                        required=False,\n                        help=\"The path of the folder containing the rulesets. If not provided will format all folders\")\n    args = parser.parse_args()\n\n    if args.folder:\n        if not os.path.isdir(args.folder):\n            print('Error, the path provided is not valid.')\n            sys.exit(1)\n        else:\n            format_folder(args.folder)\n    else:\n        provider_codes = ['aliyun', 'aws', 'azure', 'gcp', 'oci', 'kubernetes']\n\n        for provider_code in provider_codes:\n            current_file_dirname = os.path.dirname(__file__)\n            rulesets_path = os.path.abspath(\n                os.path.join(current_file_dirname, f\"../ScoutSuite/providers/{provider_code}/rules/rulesets/\"))\n            format_folder(rulesets_path)\n"
  },
  {
    "path": "tools/update-aws-ips.sh",
    "content": "#!/bin/sh\n\nDIR=\"$( dirname \"$_\" )\"\ncurl https://ip-ranges.amazonaws.com/ip-ranges.json > \"$DIR/../ScoutSuite/data/aws/ip-ranges/aws.json\"\n"
  },
  {
    "path": "tools/utils.py",
    "content": "import re  # Import the regular expression library\nimport json\n\nEXCLUDED_WORDS = [\n    \"a\", \"an\", \"the\",  # Articles\n    \"and\", \"but\", \"or\", \"by\", \"nor\", \"yet\", \"so\",  # Conjunctions\n    \"about\", \"above\", \"across\", \"after\", \"against\", \"along\", \"among\", \"around\", \"at\", \"before\",  # Prepositions\n    \"behind\", \"between\", \"beyond\", \"but\", \"by\", \"concerning\", \"despite\", \"down\", \"during\",\n    \"except\", \"following\", \"for\", \"from\", \"in\", \"including\", \"into\", \"like\", \"near\", \"of\",\n    \"off\", \"on\", \"out\", \"over\", \"plus\", \"since\", \"through\", \"throughout\", \"to\", \"towards\",\n    \"under\", \"until\", \"up\", \"upon\", \"with\", \"within\", \"without\"\n]\n\nSPECIAL_WORDS = [\n    \"_ARG_0_\", \"_ARG_1_\", \"_ARG_2_\", \"_ARG_3_\", \"_ARG_4_\", \"_ARG_5_\", \"_ARG_6_\", \"_ARG_7_\", \"_ARG_8_\", \"_ARG_9_\"\n]\n\n\ndef is_mixed_case(word):\n    return any(c.islower() for c in word) and any(c.isupper() for c in word)\n\n\ndef get_capitalized_title(initial_title: str) -> str:\n    \"\"\"\n    Take a string and return it in a fashion that follows proper title case guidelines\n\n    Source: http://guidohenkel.com/2018/08/title-case-creation-python-csharp/\n    \"\"\"\n\n    out_string = \"\"\n    fragments = re.split(r'(\\\".*?\\\")|(\\'.*?\\')|(“.*?”)|(‘.*?’)',\n                         initial_title)  # Extract titles in quotation marks from string\n\n    for fragment in fragments:  # Treat and re-assemble all fragments\n        if fragment:  # skip empty matches generated by the OR in regex\n            frag_string = \"\"\n            tokens = fragment.split()  # Break string into individual words\n\n            if tokens:\n\n                for word in tokens:  # Check each word\n\n                    if word not in SPECIAL_WORDS:\n                        punct = word[-1]  # Check for trailing punctuation mark\n                        if punct.isalpha():\n                            punct = \"\"\n                        else:\n                            word = word[:-1]\n                    else:\n                        punct = \"\"\n\n                    if word in SPECIAL_WORDS:\n                        frag_string += word + punct + \" \"  # do nothing\n                    elif word.lower() in EXCLUDED_WORDS:\n                        frag_string += word.lower() + punct + \" \"  # make it lowercase\n                    elif word.isupper() or is_mixed_case(word):\n                        frag_string += word + punct + \" \"  # do nothing\n                    elif word and word[0] == '\"' and word[-1] == '\"':  # Check for quoted words\n                        frag_string += word + punct + \" \"  # do nothing\n                    else:\n                        frag_string += word.capitalize() + punct + \" \"  # capitalize it\n\n                cap = 1\n                if not frag_string[0].isalpha():\n                    cap = 2\n\n                if frag_string[0] == '\"' and frag_string[-2] == '\"':  # Check for quoted words\n                    out_string += frag_string.strip() + \" \"\n                else:\n                    out_string += (frag_string[:cap].upper() + frag_string[cap:]).strip() + \" \"\n\n    return (out_string[:1].upper() + out_string[1:]).strip()  # Capitalize first letter and strip trailing space\n\ndef results_file_to_dict(f):\n    \"\"\"\n    Takes a file pointer to a JS/JSON results file and returns a dict\n\n    :param f: file pointer\n    :return: dict()\n    \"\"\"\n\n    json_payload = f.readlines()\n    json_payload.pop(0)\n    json_payload = ''.join(json_payload)\n    json_file = json.loads(json_payload)\n    return json_file\n"
  }
]