in cartography/intel/aws/iam.py [0:0]
def load_policies(session, policies, current_aws_account_id, aws_update_tag):
ingest_policy = """
MERGE (pnode:AWSPolicy{arn: {ARN}})
ON CREATE SET pnode.policyid = {POLICY_ID}, pnode.firstseen = timestamp(), pnode.createdate = {CREATE_DATE}
SET pnode.name = {POLICY_NAME}, pnode.path = {PATH}, pnode.defaultversionid = {DEFAULT_VERSION_ID},
pnode.updatedate = {POLICY_UPDATE}, pnode.isattachable = {IS_ATTACHABLE},
pnode.attachmentcount = {ATTACHMENT_COUNT},
pnode.lastupdated = {aws_update_tag}
WITH pnode
MATCH (aa:AWSAccount{id: {AWS_ACCOUNT_ID}})
MERGE (aa)-[r:AWS_POLICY]->(pnode)
ON CREATE SET r.firstseen = timestamp()
SET r.lastupdated = {aws_update_tag}
"""
for policy in policies:
session.run(
ingest_policy,
ARN=policy["Arn"],
POLICY_ID=policy["PolicyId"],
POLICY_NAME=policy["PolicyName"],
PATH=policy["Path"],
DEFAULT_VERSION_ID=policy["DefaultVersionId"],
CREATE_DATE=str(policy["CreateDate"]),
POLICY_UPDATE=str(policy["UpdateDate"]),
IS_ATTACHABLE=policy["IsAttachable"],
ATTACHMENT_COUNT=policy["AttachmentCount"],
AWS_ACCOUNT_ID=current_aws_account_id,
aws_update_tag=aws_update_tag
)