in cartography/intel/aws/elasticsearch.py [0:0]
def _link_es_domain_vpc(session, domain_id, domain_data, aws_update_tag):
"""
Link the ES domain to its DNS FQDN endpoint and create associated nodes in the graph
if needed
:param session: Neo4j session object
:param domain_id: ES domain id
:param domain_data: domain data
"""
ingest_subnet = """
MATCH (es:ESDomain{id: {DomainId}})
WITH es
UNWIND {SubnetList} as subnet_id
MATCH (subnet_node:EC2Subnet{id: subnet_id})
MERGE (es)-[r:PART_OF_SUBNET]->(subnet_node)
ON CREATE SET r.firstseen = timestamp()
SET r.lastupdated = {aws_update_tag}
"""
ingest_sec_groups = """
MATCH (es:ESDomain{id: {DomainId}})
WITH es
UNWIND {SecGroupList} as ecsecgroup_id
MATCH (group_node:EC2SecurityGroup{id: ecsecgroup_id})
MERGE (es)-[r:MEMBER_OF_EC2_SECURITY_GROUP]->(group_node)
ON CREATE SET r.firstseen = timestamp()
SET r.lastupdated = {aws_update_tag}
"""
# TODO we really shouldn't be sending full objects to Neo4j
if domain_data.get("VPCOptions"):
vpc_data = domain_data["VPCOptions"]
subnetList = vpc_data.get("SubnetIds", [])
groupList = vpc_data.get("SecurityGroupIds", [])
if len(subnetList) > 0:
session.run(
ingest_subnet,
DomainId=domain_id,
SubnetList=subnetList,
aws_update_tag=aws_update_tag
)
if len(groupList) > 0:
session.run(
ingest_sec_groups,
DomainId=domain_id,
SecGroupList=groupList,
aws_update_tag=aws_update_tag
)