Why is it so hard to determine what is publicly exposed to the internet in your AWS environment? This is always adapting as a problem to solve and all AWS services are run like small companies, therefore there is no consistency in how to answer this question. It takes R&D into the descriptors and API calls that can get information about the resources that can be exposed by engineers. This will remain an ongoing challenge for security engineers until a better solution is devised. In the meantime Oscar, Brandon, and I wanted to tell people about Smogcloud:
BishopFox/smogcloud
Find exposed AWS cloud assets that you did not know you had. A comprehensive asset inventory is step one to any capable security program. We made smogcloud to enable security engineers, penetration testers, and AWS administrators to monitor the collective changes that create dynamic and ephemeral internet-facing assets on a more frequent basis.
github.com