in cartography/intel/aws/ec2.py [0:0]
def load_ec2_instances(session, data, region, current_aws_account_id, aws_update_tag):
ingest_reservation = """
MERGE (reservation:EC2Reservation{reservationid: {ReservationId}})
ON CREATE SET reservation.firstseen = timestamp()
SET reservation.ownerid = {OwnerId}, reservation.requesterid = {RequesterId}, reservation.region = {Region},
reservation.lastupdated = {aws_update_tag}
WITH reservation
MATCH (awsAccount:AWSAccount{id: {AWS_ACCOUNT_ID}})
MERGE (awsAccount)-[r:RESOURCE]->(reservation)
ON CREATE SET r.firstseen = timestamp()
SET r.lastupdated = {aws_update_tag}
"""
ingest_instance = """
MERGE (instance:Instance:EC2Instance{instanceid: {InstanceId}})
ON CREATE SET instance.firstseen = timestamp()
SET instance.publicdnsname = {PublicDnsName}, instance.privateipaddress = {PrivateIpAddress},
instance.imageid = {ImageId}, instance.instancetype = {InstanceType}, instance.monitoringstate = {MonitoringState},
instance.state = {State}, instance.launchtime = {LaunchTime}, instance.launchtimeunix = {LaunchTimeUnix},
instance.region = {Region}, instance.lastupdated = {aws_update_tag}
WITH instance
MERGE (subnet:EC2Subnet{subnetid: {SubnetId}})
ON CREATE SET subnet.firstseen = timestamp()
SET subnet.region = {Region}, subnet.lastupdated = {aws_update_tag}
MERGE (instance)-[r:PART_OF_SUBNET]->(subnet)
ON CREATE SET r.firstseen = timestamp()
SET r.lastupdated = {aws_update_tag}
WITH instance
MATCH (rez:EC2Reservation{reservationid: {ReservationId}})
MERGE (instance)-[r:MEMBER_OF_EC2_RESERVATION]->(rez)
ON CREATE SET r.firstseen = timestamp()
SET r.lastupdated = {aws_update_tag}
WITH instance
MATCH (aa:AWSAccount{id: {AWS_ACCOUNT_ID}})
MERGE (aa)-[r:RESOURCE]->(instance)
ON CREATE SET r.firstseen = timestamp()
SET r.lastupdated = {aws_update_tag}
"""
ingest_security_groups = """
MERGE (group:EC2SecurityGroup{id: {GroupId}})
ON CREATE SET group.firstseen = timestamp(), group.groupid = {GroupId}
SET group.name = {GroupName}, group.region = {Region}, group.lastupdated = {aws_update_tag}
WITH group
MATCH (aa:AWSAccount{id: {AWS_ACCOUNT_ID}})
MERGE (aa)-[r:RESOURCE]->(group)
ON CREATE SET r.firstseen = timestamp()
SET r.lastupdated = {aws_update_tag}
WITH group
MATCH (instance:EC2Instance{instanceid: {InstanceId}})
MERGE (instance)-[r:MEMBER_OF_EC2_SECURITY_GROUP]->(group)
ON CREATE SET r.firstseen = timestamp()
SET r.lastupdated = {aws_update_tag}
"""
for reservation in data['Reservations']:
reservation_id = reservation["ReservationId"]
session.run(
ingest_reservation,
ReservationId=reservation_id,
OwnerId=reservation.get("OwnerId", ""),
RequesterId=reservation.get("RequesterId", ""),
AWS_ACCOUNT_ID=current_aws_account_id,
Region=region,
aws_update_tag=aws_update_tag
)
for instance in reservation["Instances"]:
instanceid = instance["InstanceId"]
monitoring_state = instance.get("Monitoring", {}).get("State", "")
instance_state = instance.get("State", {}).get("Name", "")
# NOTE this is a hack because we're using a version of Neo4j that doesn't support temporal data types
launch_time = instance.get("LaunchTime", "")
if launch_time:
launch_time_unix = time.mktime(launch_time.timetuple())
else:
launch_time_unix = ""
session.run(
ingest_instance,
InstanceId=instanceid,
PublicDnsName=instance.get("PublicDnsName", ""),
PublicIpAddress=instance.get("PublicIpAddress", ""),
PrivateIpAddress=instance.get("PrivateIpAddress", ""),
ImageId=instance.get("ImageId", ""),
SubnetId=instance.get("SubnetId", ""),
InstanceType=instance.get("InstanceType", ""),
ReservationId=reservation_id,
MonitoringState=monitoring_state,
LaunchTime=str(launch_time),
LaunchTimeUnix=launch_time_unix,
State=instance_state,
AWS_ACCOUNT_ID=current_aws_account_id,
Region=region,
aws_update_tag=aws_update_tag
)
if instance.get("SecurityGroups"):
for group in instance["SecurityGroups"]:
session.run(
ingest_security_groups,
GroupId=group["GroupId"],
GroupName=group.get("GroupName", ""),
InstanceId=instanceid,
Region=region,
AWS_ACCOUNT_ID=current_aws_account_id,
aws_update_tag=aws_update_tag
)
load_ec2_instance_network_interfaces(session, instance, aws_update_tag)