in cartography/intel/aws/ec2.py [0:0]
def load_ec2_security_groupinfo(session, data, region, current_aws_account_id, aws_update_tag):
ingest_security_group = """
MERGE (group:EC2SecurityGroup{id: {GroupId}})
ON CREATE SET group.firstseen = timestamp(), group.groupid = {GroupId}
SET group.name = {GroupName}, group.description = {Description}, group.region = {Region},
group.lastupdated = {aws_update_tag}
WITH group
MATCH (aa:AWSAccount{id: {AWS_ACCOUNT_ID}})
MERGE (aa)-[r:RESOURCE]->(group)
ON CREATE SET r.firstseen = timestamp()
SET r.lastupdated = {aws_update_tag}
WITH group
MATCH (vpc:AWSVpc{id: {VpcId}})
MERGE (vpc)-[rg:MEMBER_OF_EC2_SECURITY_GROUP]->(group)
ON CREATE SET rg.firstseen = timestamp()
"""
for group in data["SecurityGroups"]:
group_id = group["GroupId"]
session.run(
ingest_security_group,
GroupId=group_id,
GroupName=group.get("GroupName", ""),
Description=group.get("Description", ""),
VpcId=group.get("VpcId", None),
Region=region,
AWS_ACCOUNT_ID=current_aws_account_id,
aws_update_tag=aws_update_tag
)
load_ec2_security_group_rule(session, group, "IpPermissions", aws_update_tag)
load_ec2_security_group_rule(session, group, "IpPermissionEgress", aws_update_tag)