Why is it so hard to determine what is publicly exposed to the internet in your AWS environment? This is always adapting as a problem to solve and all AWS services are run like small companies, therefore there is no consistency in how to answer this question. It takes R&D into the descriptors and API calls that can get information about the resources that can be exposed by engineers. This will remain an ongoing challenge for security engineers until a better solution is devised. In the meantime Oscar, Brandon, and I wanted to tell people about Smogcloud:
π«οΈ