Based on the outcome and findings of #2 there's potential room for performance improvement. I'm not sure if adding explicit threads or running more egress group checks in parallel would improve execution times, but it's something to audit.

There's currently a lot of .unwrap() calls that would end up killing an execution of the checker - those need to be addressed and handled more appropriately.

Clone is also used quite a bit to handle passing data between async functions - maybe a mutex/Arc is the more appropriate way to handle this but I shouldn't be cloning large objects without some solid justification.

This shouldn't require a ton of resources to run, but there needs to be a better understanding on resource utilization and performance. Specifically...

• Network IO
• CPU utilization
• Any disk IO or space requirements
• Memory utilization

Disk IO and space requirements should be minimal - in the containerized form, it's mostly log output.

Memory is a bit trickier since the parsed egress requirements are all stored in memory along with test results prior to generating output - this could be significant enough to account for.

CPU utilization - not sure what to expect here.

Microsoft support for Mariner is huge and this should leverage that support.

The builder image may have to be customized to run Rust, but the deployable image's base is a pretty insignificant change.

There's no test coverage and that needs to change. Tests are needed for at least the egress data parsing and the FQDN parsing/building logic to make sure that's all solid.

There's some tricky bits here around mocking IMDS responses and calls for region and VM data that's used for building some connection strings.