find_unused_security_groups not covering all security groups in use

[NikolausBrunner]

Describe the bug
Running find_unused_security_groups.py does not find all security groups used by AWS (e.g. ElastiCache, Firehose, ...)

** proposed fix **
Query for SGs used by ENIs (smaller script, all AWS services covered)

import boto3

if name == "main":
ec2 = boto3.client("ec2")

used_SG = set()

# Find security groups attached to ENIs
response = ec2.describe_network_interfaces()
for eni in response["NetworkInterfaces"]:
        for sg in eni["Groups"]:
            used_SG.add(sg["GroupId"])


response = ec2.describe_security_groups()
total_SG = [sg["GroupId"] for sg in response["SecurityGroups"]]
unused_SG = set(total_SG) - used_SG

print(f"Total Security Groups: {len(total_SG)}")
print(f"Used Security Groups: {len(used_SG)}\n")
print(f"Unused Security Groups: {len(unused_SG)} compiled in the following list:")
print(f"{list(unused_SG)}")

[zcapper]

Was about to open an issue to say the same. Querying ENIs is definitely the most robust approach and will future-proof the script from the additional of other AWS services.