in cartography/intel/aws/rds.py [0:0]
def load_rds_instances(neo4j_session, data, region, current_aws_account_id, aws_update_tag):
"""
Ingest the RDS instances to neo4j and link them to necessary nodes.
"""
ingest_rds_instance = """
MERGE (rds:RDSInstance{id: {DBInstanceArn}})
ON CREATE SET rds.firstseen = timestamp()
SET rds.db_instance_identifier = {DBInstanceIdentifier},
rds.db_instance_class = {DBInstanceClass},
rds.engine = {Engine},
rds.master_username = {MasterUsername},
rds.db_name = {DBName},
rds.instance_create_time = {InstanceCreateTime},
rds.availability_zone = {AvailabilityZone},
rds.multi_az = {MultiAZ},
rds.engine_version = {EngineVersion},
rds.publicly_accessible = {PubliclyAccessible},
rds.db_cluster_identifier = {DBClusterIdentifier},
rds.storage_encrypted = {StorageEncrypted},
rds.kms_key_id = {KmsKeyId},
rds.dbi_resource_id = {DbiResourceId},
rds.ca_certificate_identifier = {CACertificateIdentifier},
rds.enhanced_monitoring_resource_arn = {EnhancedMonitoringResourceArn},
rds.monitoring_role_arn = {MonitoringRoleArn},
rds.performance_insights_enabled = {PerformanceInsightsEnabled},
rds.performance_insights_kms_key_id = {PerformanceInsightsKMSKeyId},
rds.region = {Region},
rds.deletion_protection = {DeletionProtection},
rds.preferred_backup_window = {PreferredBackupWindow},
rds.latest_restorable_time = {LatestRestorableTime},
rds.preferred_maintenance_window = {PreferredMaintenanceWindow},
rds.backup_retention_period = {BackupRetentionPeriod},
rds.endpoint_address = {EndpointAddress},
rds.endpoint_hostedzoneid = {EndpointHostedZoneId},
rds.endpoint_port = {EndpointPort},
rds.lastupdated = {aws_update_tag}
WITH rds
MATCH (aa:AWSAccount{id: {AWS_ACCOUNT_ID}})
MERGE (aa)-[r:RESOURCE]->(rds)
ON CREATE SET r.firstseen = timestamp()
SET r.lastupdated = {aws_update_tag}
"""
read_replicas = []
for rds in data.get('DBInstances', []):
instance_create_time = str(rds['InstanceCreateTime']) if 'InstanceCreateTime' in rds else None
latest_restorable_time = str(rds['LatestRestorableTime']) if 'LatestRestorableTime' in rds else None
ep = _validate_rds_endpoint(rds)
# Keep track of instances that are read replicas so we can attach them to their source instances later
if rds.get("ReadReplicaSourceDBInstanceIdentifier"):
read_replicas.append(rds)
neo4j_session.run(
ingest_rds_instance,
DBInstanceArn=rds['DBInstanceArn'],
DBInstanceIdentifier=rds['DBInstanceIdentifier'],
DBInstanceClass=rds.get('DBInstanceClass'),
Engine=rds.get('Engine'),
MasterUsername=rds.get('MasterUsername'),
DBName=rds.get('DBName'),
InstanceCreateTime=instance_create_time,
AvailabilityZone=rds.get('AvailabilityZone'),
MultiAZ=rds.get('MultiAZ'),
EngineVersion=rds.get('EngineVersion'),
PubliclyAccessible=rds.get('PubliclyAccessible'),
DBClusterIdentifier=rds.get('DBClusterIdentifier'),
StorageEncrypted=rds.get('StorageEncrypted'),
KmsKeyId=rds.get('KmsKeyId'),
DbiResourceId=rds.get('DbiResourceId'),
CACertificateIdentifier=rds.get('CACertificateIdentifier'),
EnhancedMonitoringResourceArn=rds.get('EnhancedMonitoringResourceArn'),
MonitoringRoleArn=rds.get('MonitoringRoleArn'),
PerformanceInsightsEnabled=rds.get('PerformanceInsightsEnabled'),
PerformanceInsightsKMSKeyId=rds.get('PerformanceInsightsKMSKeyId'),
DeletionProtection=rds.get('DeletionProtection'),
BackupRetentionPeriod=rds.get('BackupRetentionPeriod'),
PreferredBackupWindow=rds.get('PreferredBackupWindow'),
LatestRestorableTime=latest_restorable_time,
PreferredMaintenanceWindow=rds.get('PreferredMaintenanceWindow'),
EndpointAddress=ep.get('Address'),
EndpointHostedZoneId=ep.get('HostedZoneId'),
EndpointPort=ep.get('Port'),
Region=region,
AWS_ACCOUNT_ID=current_aws_account_id,
aws_update_tag=aws_update_tag
)
_attach_ec2_security_groups(neo4j_session, rds, aws_update_tag)
_attach_ec2_subnet_groups(neo4j_session, rds, region, current_aws_account_id, aws_update_tag)
_attach_read_replicas(neo4j_session, read_replicas, aws_update_tag)