CKV_AWS_88 incorrectly describes violating heuristic

[dragonfleas]

Description

Document

https://github.com/hlxsites/prisma-cloud-docs/blob/main/docs/en/enterprise-edition/policy-reference/aws-policies/public-policies/public-12.adoc

Assertion

Currently the documentation for CKV_AWS_88 is incorrect, as the title labels the issue as

AWS EC2 instances with public IP and associated with security groups have Internet access

There is no heuristic as far as I can tell that is looking for the instances to have associated security groups.

Everywhere else in the original bridgecrew and checkov documentation, it explicitly only mentions an instance "having a public ip associated" and doesn't involve security groups.

If the intention is to detect based off of whether or not an EC2 instance has a public IP address/public resolvable DNS and is reachable from the internet through a security group open to 0.0.0.0/0 then the detection heuristic in the script is incorrect.

Referenced detection code

The heuristic detection code here: https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EC2PublicIP.py

It's explicitly only looking for public IP address assignment arguments, and not whether or not an associated security group has internet access or not.