AWS Exposed VPC endpoints plugin doesn't properly detect private subnets

[faridnsh]

On my environment VPC endpoints are placed in private subnets where transit gateway is used to route to VPCs and "Exposed VPC endpoints" plugin doesn't recognise the subnets as private subnets even though it doesn't have an internet gateway attached.

I believe the issue is in this utility function: https://github.com/aquasecurity/cloudsploit/blob/cab05b5fb7a6c0b4eae1912d02702c5588e35125/helpers/aws/functions.js#L947

It requires every route to have a "GatewayId" for it to a private subnet however, the routes can point to a NatGateway or TransitGateway and still be private.

The code should be something like this instead:

if (routeTable.RouteTableId && routeTable.Routes && !routeTable.Routes.some(route => route.GatewayId && route.GatewayId.startsWith('igw-')) privateRouteTables.push(routeTable.RouteTableId);