def sync_group_policies()

in cartography/intel/aws/iam.py [0:0]

• 16 lines of code
• 4 McCabe index (conditional complexity)

def sync_group_policies(neo4j_session, boto3_session, current_aws_account_id, aws_update_tag, common_job_parameters):
    logger.debug("Syncing IAM group policies for account '%s'.", current_aws_account_id)
    query = "MATCH (group:AWSGroup)<-[:RESOURCE]-(AWSAccount{id: {AWS_ACCOUNT_ID}}) return group.name as name;"
    result = neo4j_session.run(query, AWS_ACCOUNT_ID=current_aws_account_id)
    groups = [r['name'] for r in result]
    groups_policies = {}
    for group_name in groups:
        groups_policies[group_name] = {}
        for policy_name in get_group_policies(boto3_session, group_name)['PolicyNames']:
            groups_policies[group_name][policy_name] = get_group_policy_info(boto3_session, group_name, policy_name)
    load_group_policies(neo4j_session, groups_policies, aws_update_tag)
    run_cleanup_job(
        'aws_import_groups_policy_cleanup.json',
        neo4j_session,
        common_job_parameters
    )