in cartography/intel/aws/iam.py [0:0]
def load_user_access_keys(session, user_access_keys, aws_update_tag):
# TODO change the node label to reflect that this is a user access key, not an account access key
ingest_account_key = """
MATCH (user:AWSUser{name: {UserName}})
WITH user
MERGE (key:AccountAccessKey{accesskeyid: {AccessKeyId}})
ON CREATE SET key.firstseen = timestamp(), key.createdate = {CreateDate}
SET key.status = {Status}, key.lastupdated = {aws_update_tag}
WITH user,key
MERGE (user)-[r:AWS_ACCESS_KEY]->(key)
ON CREATE SET r.firstseen = timestamp()
SET r.lastupdated = {aws_update_tag}
"""
for username, access_keys in user_access_keys.items():
for key in access_keys["AccessKeyMetadata"]:
if key.get('AccessKeyId'):
session.run(
ingest_account_key,
UserName=username,
AccessKeyId=key['AccessKeyId'],
CreateDate=str(key['CreateDate']),
Status=key['Status'],
aws_update_tag=aws_update_tag
)