feat(ec2): Ensure EC2 launch templates do not assign public IPs

[MarioRgzLpz]

Context

This check verifies whether Amazon EC2 launch templates are configured to assign public IP addresses to network interfaces upon launch. The check fails if an EC2 launch template is set to assign a public IP address to network interfaces or if any network interface has a public IP address.

Description

Added ec2_launch_template_no_public_ip check with metadata and respective unit tests.

Checklist

• Are there new checks included in this PR? Yes
  • If so, do we need to update permissions for the provider? No
• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[MrCloudSec]

Suggested change

	f"EC2 Launch Template {template.name} in template versions: "
	f"{', '.join(versions_with_public_ip)} is configured to assign a public IP address."
	f"EC2 Launch Template {template.name} is configured to assign a public IP address to network interfaces upon launch in template versions: f"{', '.join(versions_with_public_ip)}."

[MrCloudSec]

Suggested change

	report.status_extended = f"No versions of EC2 Launch Template {template.name} are configured to assign a public IP address."
	report.status_extended = f"EC2 Launch Template {template.name} is not configured to assign a public IP address to network interfaces upon launch."

[MrCloudSec]

Can we also check the second part of the check?
"The control fails if an EC2 launch template is configured to assign a public IP address to network interfaces or if there is at least one network interface that has a public IP address."

[MrCloudSec]

Why a break here? Don't we want to add all the versions with this issue?

[MarioRgzLpz]

That break is only to stop looking in the network interfaces for public IPs, it will still add every version that is using a network interface with a public IP. That is only to optimize because a version can have a ton of network interfaces and it could take so long if not adding that break. My first idea was to add the network interface's id but that would require to iterate over all the network interfaces and that could cause the check to take a lot of time.

[MrCloudSec]

Suggested change

	if network_interface.public_ip_addresses != []:
	if network_interface.public_ip_addresses:

[MrCloudSec]

It is better to create 3 different status extended that using this logic to mix two of them.

[codecov]

Codecov Report

Attention: Patch coverage is 93.93939% with 2 lines in your changes missing coverage. Please review.

Project coverage is 88.97%. Comparing base (2c69441) to head (42f8354).
Report is 1253 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4852      +/-   ##
==========================================
+ Coverage   88.92%   88.97%   +0.05%     
==========================================
  Files         945      958      +13     
  Lines       29026    29372     +346     
==========================================
+ Hits        25810    26134     +324     
- Misses       3216     3238      +22     

Components	Coverage Δ
prowler	88.97% <93.93%> (+0.05%)	⬆️
api	∅ <ø> (∅)