Skip to content

Commit

Permalink
Add tag support for most supported AWS resources (cartography-cncf#655)
Browse files Browse the repository at this point in the history 
* Add tag support for most supported AWS resources

* Remove iam group, role, and user, since they are not supported
  • Loading branch information
@ryan-lane
ryan-lane authored Jul 30, 2021
1 parent 0fe3d0b commit eacdf86
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 2 deletions.
5 changes: 5 additions & 0 deletions cartography/data/indexes.cypher
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,12 @@ CREATE INDEX ON :ECRRepositoryImage(uri);
CREATE INDEX ON :ECRRepositoryImage(tag);
CREATE INDEX ON :ECRScanFinding(id);
CREATE INDEX ON :EKSCluster(id);
CREATE INDEX ON :ElasticacheCluster(id);
CREATE INDEX ON :ElasticacheCluster(arn);
CREATE INDEX ON :ELBListener(id);
CREATE INDEX ON :ELBV2Listener(id);
CREATE INDEX ON :EMRCluster(id);
CREATE INDEX ON :EMRCluster(arn);
CREATE INDEX ON :Endpoint(id);
CREATE INDEX ON :ESDomain(arn);
CREATE INDEX ON :ESDomain(id);
Expand Down Expand Up @@ -102,6 +106,7 @@ CREATE INDEX ON :IpRange(id);
CREATE INDEX ON :IpRule(ruleid);
CREATE INDEX ON :JamfComputerGroup(id);
CREATE INDEX ON :KMSKey(id);
CREATE INDEX ON :KMSKey(arn);
CREATE INDEX ON :KMSAlias(id);
CREATE INDEX ON :KMSGrant(id);
CREATE INDEX ON :LoadBalancer(dnsname);
Expand Down
14 changes: 12 additions & 2 deletions cartography/intel/aws/resourcegroupstaggingapi.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,13 +62,20 @@ def get_short_id_from_lb2_arn(alb_arn: str) -> str:
# cartography uses.
# TODO - we should make EC2 and S3 assets query-able by their full ARN so that we don't need this workaround.
TAG_RESOURCE_TYPE_MAPPINGS: Dict = {
'autoscaling:autoScalingGroup': {'label': 'AutoScalingGroup', 'property': 'arn'},
'dynamodb:table': {'label': 'DynamoDBTable', 'property': 'id'},
'ec2:instance': {'label': 'EC2Instance', 'property': 'id', 'id_func': get_short_id_from_ec2_arn},
'ec2:internet-gateway': {'label': 'AWSInternetGateway', 'property': 'id', 'id_func': get_short_id_from_ec2_arn},
'ec2:key-pair': {'label': 'EC2KeyPair', 'property': 'id'},
'ec2:network-interface': {'label': 'NetworkInterface', 'property': 'id', 'id_func': get_short_id_from_ec2_arn},
'ecr:repository': {'label': 'ECRRepository', 'property': 'id'},
'ec2:security-group': {'label': 'EC2SecurityGroup', 'property': 'id', 'id_func': get_short_id_from_ec2_arn},
'ec2:subnet': {'label': 'EC2Subnet', 'property': 'subnetid', 'id_func': get_short_id_from_ec2_arn},
'ec2:vpc': {'label': 'AWSVpc', 'property': 'id', 'id_func': get_short_id_from_ec2_arn},
'ec2:transit-gateway': {'label': 'AWSTransitGateway', 'property': 'id'},
'ec2:transit-gateway-attachment': {'label': 'AWSTransitGatewayAttachment', 'property': 'id'},
'ec2:vpc': {'label': 'AWSVpc', 'property': 'id', 'id_func': get_short_id_from_ec2_arn},
'eks:cluster': {'label': 'EKSCluster', 'property': 'id'},
'elasticache:cluster': {'label': 'ElasticacheCluster', 'property': 'arn'},
'elasticloadbalancing:loadbalancer': {
'label': 'LoadBalancer', 'property':
'name', 'id_func': get_short_id_from_elb_arn,
Expand All @@ -81,7 +88,10 @@ def get_short_id_from_lb2_arn(alb_arn: str) -> str:
'label': 'LoadBalancerV2',
'property': 'name', 'id_func': get_short_id_from_lb2_arn,
},
'es:domain': {'label': 'ESDomain', 'property': 'id'},
'elasticmapreduce:cluster': {'label': 'EMRCluster', 'property': 'arn'},
'es:domain': {'label': 'ESDomain', 'property': 'arn'},
'kms:key': {'label': 'KMSKey', 'property': 'arn'},
'lambda:function': {'label': 'AWSLambda', 'property': 'id'},
'redshift:cluster': {'label': 'RedshiftCluster', 'property': 'id'},
'rds:db': {'label': 'RDSInstance', 'property': 'id'},
'rds:subgrp': {'label': 'DBSubnetGroup', 'property': 'id'},
Expand Down

0 comments on commit eacdf86

Please sign in to comment.