cartography 0.101.0rc1__py3-none-any.whl → 0.101.0rc2__py3-none-any.whl

cartography/_version.py

@@ -17,5 +17,5 @@ __version__: str
 __version_tuple__: VERSION_TUPLE
 version_tuple: VERSION_TUPLE
 
-__version__ = version = '0.101.0rc1'
+__version__ = version = '0.101.0rc2'
 __version_tuple__ = version_tuple = (0, 101, 0)

cartography/data/jobs/scoped_analysis/aws_ec2_iaminstanceprofile.json

@@ -0,0 +1,15 @@
+{
+    "name": "EC2 Instances assume IAM roles",
+    "statements": [
+        {
+            "__comment": "Create STS_ASSUMEROLE_ALLOW relationships from EC2 instances to the IAM roles they can assume via their iaminstanceprofiles",
+            "query":"MATCH (aa:AWSAccount{id: $AWS_ID})-[:RESOURCE]->(i:EC2Instance)-[:INSTANCE_PROFILE]->(p:AWSInstanceProfile)-[:ASSOCIATED_WITH]->(r:AWSRole)\nMERGE (i)-[s:STS_ASSUMEROLE_ALLOW]->(r)\nON CREATE SET s.firstseen = timestamp(), s.lastupdated = $UPDATE_TAG",
+            "iterative": true
+        },
+        {
+            "__comment": "Cleanup",
+            "query":"MATCH (aa:AWSAccount{id: $AWS_ID})-[:RESOURCE]->(:EC2Instance)-[s:STS_ASSUMEROLE_ALLOW]->(:AWSRole)\nWHERE s.lastupdated <> $UPDATE_TAG\nDELETE s",
+            "iterative": true
+        }
+    ]
+}

cartography/graph/querybuilder.py

@@ -109,7 +109,10 @@ def _build_match_clause(matcher: TargetNodeMatcher) -> str:
     return ', '.join(match.safe_substitute(Key=key, PropRef=prop_ref) for key, prop_ref in matcher_asdict.items())
 
 
-def _build_where_clause_for_rel_match(node_var: str, matcher: TargetNodeMatcher) -> str:
+def _build_where_clause_for_rel_match(
+        node_var: str,
+        matcher: TargetNodeMatcher,
+) -> str:
     """
     Same as _build_match_clause, but puts the matching logic in a WHERE clause.
     This is intended specifically to use for joining with relationships where we need a case-insensitive match.
@@ -119,6 +122,8 @@ def _build_where_clause_for_rel_match(node_var: str, matcher: TargetNodeMatcher)
     match = Template("$node_var.$key = $prop_ref")
     case_insensitive_match = Template("toLower($node_var.$key) = toLower($prop_ref)")
     fuzzy_and_ignorecase_match = Template("toLower($node_var.$key) CONTAINS toLower($prop_ref)")
+    # This assumes that item.$prop_ref points to a list available on the data object
+    one_to_many_match = Template("$node_var.$key IN $prop_ref")
 
     matcher_asdict = asdict(matcher)
 
@@ -128,6 +133,9 @@ def _build_where_clause_for_rel_match(node_var: str, matcher: TargetNodeMatcher)
             prop_line = case_insensitive_match.safe_substitute(node_var=node_var, key=key, prop_ref=prop_ref)
         elif prop_ref.fuzzy_and_ignore_case:
             prop_line = fuzzy_and_ignorecase_match.safe_substitute(node_var=node_var, key=key, prop_ref=prop_ref)
+        elif prop_ref.one_to_many:
+            # Allow a single node to be attached to multiple others at once using a list of IDs provided in kwargs
+            prop_line = one_to_many_match.safe_substitute(node_var=node_var, key=key, prop_ref=prop_ref)
         else:
             # Exact match (default; most efficient)
             prop_line = match.safe_substitute(node_var=node_var, key=key, prop_ref=prop_ref)

cartography/intel/aws/__init__.py

@@ -20,6 +20,7 @@ from cartography.util import merge_module_sync_metadata
 from cartography.util import run_analysis_and_ensure_deps
 from cartography.util import run_analysis_job
 from cartography.util import run_cleanup_job
+from cartography.util import run_scoped_analysis_job
 from cartography.util import timeit
 
 
@@ -75,7 +76,7 @@ def _sync_one_account(
     if 'resourcegroupstaggingapi' in aws_requested_syncs:
         RESOURCE_FUNCTIONS['resourcegroupstaggingapi'](**sync_args)
 
-    run_analysis_job(
+    run_scoped_analysis_job(
         'aws_ec2_iaminstanceprofile.json',
         neo4j_session,
         common_job_parameters,
@@ -211,6 +212,9 @@ def _perform_aws_analysis(
         neo4j_session: neo4j.Session,
         common_job_parameters: Dict[str, Any],
 ) -> None:
+    """
+    Performs AWS analysis jobs that span multiple accounts.
+    """
     requested_syncs_as_set = set(requested_syncs)
 
     ec2_asset_exposure_requirements = {

cartography/intel/aws/iam_instance_profiles.py

@@ -0,0 +1,73 @@
+from typing import Any
+
+import boto3
+import neo4j
+
+from cartography.client.core.tx import load
+from cartography.intel.aws.ec2.util import get_botocore_config
+from cartography.models.aws.iam.instanceprofile import InstanceProfileSchema
+from cartography.util import aws_handle_regions
+from cartography.util import timeit
+
+
+@timeit
+@aws_handle_regions
+def get_iam_instance_profiles(boto3_session: boto3.Session) -> list[dict[str, Any]]:
+    client = boto3_session.client('iam', config=get_botocore_config())
+    paginator = client.get_paginator('list_instance_profiles')
+    instance_profiles = []
+    for page in paginator.paginate():
+        instance_profiles.extend(page['InstanceProfiles'])
+    return instance_profiles
+
+
+def transform_instance_profiles(data: list[dict[str, Any]]) -> list[dict[str, Any]]:
+    transformed = []
+    for profile in data:
+        transformed_profile = {
+            'Arn': profile['Arn'],
+            'CreateDate': profile['CreateDate'],
+            'InstanceProfileId': profile['InstanceProfileId'],
+            'InstanceProfileName': profile['InstanceProfileName'],
+            'Path': profile['Path'],
+            'Roles': [role['Arn'] for role in profile.get('Roles', [])],
+        }
+        transformed.append(transformed_profile)
+    return transformed
+
+
+@timeit
+def load_iam_instance_profiles(
+        neo4j_session: neo4j.Session,
+        data: list[dict[str, Any]],
+        current_aws_account_id: str,
+        update_tag: int,
+        common_job_parameters: dict[str, Any],
+) -> None:
+    load(
+        neo4j_session,
+        InstanceProfileSchema(),
+        data,
+        AWS_ID=current_aws_account_id,
+        lastupdated=update_tag,
+    )
+
+
+@timeit
+def sync_iam_instance_profiles(
+        boto3_session: boto3.Session,
+        neo4j_session: neo4j.Session,
+        current_aws_account_id: str,
+        update_tag: int,
+        regions: list[str],
+        common_job_parameters: dict[str, Any],
+) -> None:
+    profiles = get_iam_instance_profiles(boto3_session)
+    profiles = transform_instance_profiles(profiles)
+    load_iam_instance_profiles(
+        neo4j_session,
+        profiles,
+        common_job_parameters['AWS_ID'],
+        common_job_parameters['UPDATE_TAG'],
+        common_job_parameters,
+    )

cartography/intel/aws/resources.py

@@ -1,3 +1,4 @@
+from typing import Callable
 from typing import Dict
 
 from . import apigateway
@@ -43,9 +44,11 @@ from .ec2.tgw import sync_transit_gateways
 from .ec2.volumes import sync_ebs_volumes
 from .ec2.vpc import sync_vpc
 from .ec2.vpc_peerings import sync_vpc_peerings
+from .iam_instance_profiles import sync_iam_instance_profiles
 
-RESOURCE_FUNCTIONS: Dict = {
+RESOURCE_FUNCTIONS: Dict[str, Callable[..., None]] = {
     'iam': iam.sync,
+    'iaminstanceprofiles': sync_iam_instance_profiles,
     's3': s3.sync,
     'dynamodb': dynamodb.sync,
     'ec2:launch_templates': sync_ec2_launch_templates,

cartography/models/aws/ec2/instances.py

@@ -71,6 +71,22 @@ class EC2InstanceToEC2Reservation(CartographyRelSchema):
     properties: EC2InstanceToEC2ReservationRelProperties = EC2InstanceToEC2ReservationRelProperties()
 
 
+@dataclass(frozen=True)
+class EC2InstanceToInstanceProfileRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EC2InstanceToInstanceProfile(CartographyRelSchema):
+    target_node_label: str = 'AWSInstanceProfile'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'arn': PropertyRef('IamInstanceProfile')},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "INSTANCE_PROFILE"
+    properties: EC2InstanceToInstanceProfileRelProperties = EC2InstanceToInstanceProfileRelProperties()
+
+
 @dataclass(frozen=True)
 class EC2InstanceSchema(CartographyNodeSchema):
     label: str = 'EC2Instance'
@@ -79,5 +95,6 @@ class EC2InstanceSchema(CartographyNodeSchema):
     other_relationships: OtherRelationships = OtherRelationships(
         [
             EC2InstanceToEC2Reservation(),
+            EC2InstanceToInstanceProfile(),  # Add the new relationship
         ],
     )

cartography/models/aws/iam/instanceprofile.py

@@ -0,0 +1,67 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class InstanceProfileNodeProperties(CartographyNodeProperties):
+    """
+    Schema describing a InstanceProfile.
+    """
+    arn: PropertyRef = PropertyRef('Arn')
+    createdate: PropertyRef = PropertyRef('CreateDate')
+    id: PropertyRef = PropertyRef('Arn')
+    instance_profile_id: PropertyRef = PropertyRef('InstanceProfileId')
+    instance_profile_name: PropertyRef = PropertyRef('InstanceProfileName')
+    path: PropertyRef = PropertyRef('Path')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class InstanceProfileToAwsAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class InstanceProfileToAWSAccount(CartographyRelSchema):
+    target_node_label: str = 'AWSAccount'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('AWS_ID', set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: InstanceProfileToAwsAccountRelProperties = InstanceProfileToAwsAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class InstanceProfileToAWSRoleRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class InstanceProfileToAWSRole(CartographyRelSchema):
+    target_node_label: str = 'AWSRole'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'arn': PropertyRef('Roles', one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ASSOCIATED_WITH"
+    properties: InstanceProfileToAWSRoleRelProperties = InstanceProfileToAWSRoleRelProperties()
+
+
+@dataclass(frozen=True)
+class InstanceProfileSchema(CartographyNodeSchema):
+    label: str = 'AWSInstanceProfile'
+    properties: InstanceProfileNodeProperties = InstanceProfileNodeProperties()
+    sub_resource_relationship: InstanceProfileToAWSAccount = InstanceProfileToAWSAccount()
+    other_relationships: OtherRelationships = OtherRelationships([
+        InstanceProfileToAWSRole(),
+    ])

cartography/models/core/common.py

@@ -9,12 +9,13 @@ class PropertyRef:
     """
 
     def __init__(
-        self,
-        name: str,
-        set_in_kwargs=False,
-        extra_index=False,
-        ignore_case=False,
-        fuzzy_and_ignore_case=False,
+            self,
+            name: str,
+            set_in_kwargs=False,
+            extra_index=False,
+            ignore_case=False,
+            fuzzy_and_ignore_case=False,
+            one_to_many=False,
     ):
         """
         :param name: The name of the property
@@ -44,19 +45,49 @@ class PropertyRef:
         this property using the `CONTAINS` operator.
         query. Defaults to False. This only has effect as part of a TargetNodeMatcher and is not supported for the
         sub resource relationship.
+        :param one_to_many: Indicates that this property is meant to create one-to-many associations. If set to True,
+        this property ref points to a list stored on the data dict where each item is an ID. Only has effect as
+        part of a TargetNodeMatcher and is not supported for the sub resource relationship. Defaults to False.
+            Example on why you would set this to True:
+            AWS IAM instance profiles can be associated with one or more roles. This is reflected in their API object:
+            when we call describe-iam-instance-profiles, the `Roles` field contains a list of all the roles that the
+            profile is associated with. So, to create AWSInstanceProfile nodes while attaching them to multiple roles,
+            we can create a CartographyRelSchema with
+            ```
+            class InstanceProfileSchema(Schema):
+                target_node_label: str = 'AWSRole'
+                target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+                    'arn': PropertyRef('Roles', one_to_many=True),
+                )
+                ...
+            ```
+            This means that as we create AWSInstanceProfile nodes, we will search for AWSRoles to attach to, and we do
+            this by checking if each role's `arn` field is in the `Roles` list of the data dict.
         """
         self.name = name
         self.set_in_kwargs = set_in_kwargs
         self.extra_index = extra_index
         self.ignore_case = ignore_case
         self.fuzzy_and_ignore_case = fuzzy_and_ignore_case
+        self.one_to_many = one_to_many
+
         if self.fuzzy_and_ignore_case and self.ignore_case:
             raise ValueError(
                 f'Error setting PropertyRef "{self.name}": ignore_case cannot be used together with'
                 'fuzzy_and_ignore_case. Pick one or the other.',
             )
 
+        if self.one_to_many and (self.ignore_case or self.fuzzy_and_ignore_case):
+            raise ValueError(
+                f'Error setting PropertyRef "{self.name}": one_to_many cannot be used together with '
+                '`ignore_case` or `fuzzy_and_ignore_case`.',
+            )
+
     def _parameterize_name(self) -> str:
+        """
+        Prefixes the name of the property ref with a '$' so that we can receive keyword args. See docs on __repr__ for
+        PropertyRef.
+        """
         return f"${self.name}"
 
     def __repr__(self) -> str:

{cartography-0.101.0rc1.dist-info → cartography-0.101.0rc2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cartography
-Version: 0.101.0rc1
+Version: 0.101.0rc2
 Summary: Explore assets and their relationships across your technical infrastructure.
 Maintainer: Cartography Contributors
 License: apache2

{cartography-0.101.0rc1.dist-info → cartography-0.101.0rc2.dist-info}/RECORD

@@ -1,6 +1,6 @@
 cartography/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/__main__.py,sha256=JftXT_nUPkqcEh8uxCCT4n-OyHYqbldEgrDS-4ygy0U,101
-cartography/_version.py,sha256=ORpBOjdY4rMeGh1HRP5Dqaew_G6Wkj15Ps0ozN8YaTs,518
+cartography/_version.py,sha256=IBK6fMF_VPqJpOaJyK9R7AWPwDA7KRC-K8f8sNJSVFk,518
 cartography/cli.py,sha256=-77DOKUQn3N-TDIi55V4RHLb3k36ZGZ64o1XgiT0qmE,33370
 cartography/config.py,sha256=ZcadsKmooAkti9Kv0eDl8Ec1PcZDu3lWobtNaCnwY3k,11872
 cartography/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -18,8 +18,6 @@ cartography/data/permission_relationships.yaml,sha256=RuKGGc_3ZUQ7ag0MssB8k_zaon
 cartography/data/jobs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/data/jobs/analysis/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/data/jobs/analysis/aws_ec2_asset_exposure.json,sha256=wSR_-0TbieAMSFOWpNZohgbDHooa-F6jHm8DxdntLOY,3397
-cartography/data/jobs/analysis/aws_ec2_iaminstance.json,sha256=98wfe8pjwS-iQIjUpM1rxuASdxk7BGl9ooigrwfpmvU,500
-cartography/data/jobs/analysis/aws_ec2_iaminstanceprofile.json,sha256=7M8k0p0SvSYVzCk358FnUQ865IX25TyumtHTXqZS-t8,526
 cartography/data/jobs/analysis/aws_ec2_keypair_analysis.json,sha256=_ZBczunZbx5NHAbfVc4v6vJsbyl1xaePLzj4cyxW-4A,1741
 cartography/data/jobs/analysis/aws_eks_asset_exposure.json,sha256=Z6z4YTNJJqUJl2JqONeAYAvfH_2A9qEBxkFn-aou8D8,561
 cartography/data/jobs/analysis/aws_foreign_accounts.json,sha256=b8Li_KQLwIvNXxWt0F1bVTV1Vg9dxsbr7ZE8LH2-woc,686
@@ -116,6 +114,7 @@ cartography/data/jobs/cleanup/okta_groups_cleanup.json,sha256=cBI3f_okl4pnVH48L1
 cartography/data/jobs/cleanup/okta_import_cleanup.json,sha256=4XQwYpY9vITLhnLpijMVa5PxO0Tm38CcMydnbPdQPm0,3798
 cartography/data/jobs/cleanup/pagerduty_import_cleanup.json,sha256=RJqG_Uw_QEGTer_-s2IuZ3a2kykhUcCdDNZu0S7SEB4,4457
 cartography/data/jobs/scoped_analysis/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+cartography/data/jobs/scoped_analysis/aws_ec2_iaminstanceprofile.json,sha256=hzFlYNozrAiTh96qGlQSwTt3yzlDEUXF3OfxMMZTGgU,808
 cartography/data/jobs/scoped_analysis/semgrep_sca_risk_analysis.json,sha256=eIYxbl5TdgVzN8En2JozWoyKAiIh3Dp8wUMkTDPGZY0,6485
 cartography/driftdetect/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/driftdetect/__main__.py,sha256=Sz24Kxy5x6RC3GQEkuUDXzjOV3SvlHVkZdvPl1GLl5E,125
@@ -134,13 +133,13 @@ cartography/graph/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU
 cartography/graph/cleanupbuilder.py,sha256=zZc7SvRz23sU_VN-RrHoyhug7dRZlqbbLwHbrlPdVik,9411
 cartography/graph/context.py,sha256=RGxGb8EnxowcqjR0nFF86baNhgRHeUF9wjIoFUoG8LU,1230
 cartography/graph/job.py,sha256=RZWsbNhHuJlcSpw4C73ZuovRTp7kGrcm3X9yUH8vT1Q,7488
-cartography/graph/querybuilder.py,sha256=7DtIGPlfeKcIWKw_ReCAX1OeUkhSnIRV_reeVaKL6I4,20416
+cartography/graph/querybuilder.py,sha256=m-BQ70yB8auP3qsa5nlsj6bwela_5A6f0vuFI0YoAXk,20839
 cartography/graph/statement.py,sha256=Dr6wrlmodUwwh8jnMVaHZAuxrkYyTASokQcmn9AnA9E,5311
 cartography/intel/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/intel/analysis.py,sha256=gHtN42NqqLL1G5MOm2Q6rMyg-V5lU_wqbnKp5hbOOao,1499
 cartography/intel/create_indexes.py,sha256=HM2jB2v3NZvGqgVDtNoBQRVpkei_JXcYXqM14w8Rjss,741
 cartography/intel/dns.py,sha256=M-WSiGQoxWZsl0sg-2SDR8OD8e1Rexkt2Tbb2OpeioA,5596
-cartography/intel/aws/__init__.py,sha256=siRhVNypfGxMPNIXHSjfYbLX9qlB6RYyN6aWX64N-t8,11076
+cartography/intel/aws/__init__.py,sha256=g9NPDlIlvOi2oDCq0VY09kxv0TaD1wihFQLdOcJyk18,11212
 cartography/intel/aws/apigateway.py,sha256=w4QdxlwnVegKKsZFfoI36i-FGlIUjzxzaayZyz9oQvM,11654
 cartography/intel/aws/config.py,sha256=wrZbz7bc8vImLmRvTLkPcWnjjPzk3tOG4bB_BFS2lq8,7329
 cartography/intel/aws/dynamodb.py,sha256=LZ6LGNThLi0zC3eLMq2JN3mwiSwZeaH58YQQHvsXMGE,5013
@@ -151,6 +150,7 @@ cartography/intel/aws/elasticache.py,sha256=fCI47aDFmIDyE26GiReKYb6XIZUwrzcvsXBQ
 cartography/intel/aws/elasticsearch.py,sha256=ZL7MkXF_bXRSoXuDSI1dwGckRLG2zDB8LuAD07vSLnE,8374
 cartography/intel/aws/emr.py,sha256=xhWBVZngxJRFjMEDxwq3G6SgytRGLq0v2a_CeDvByR0,3372
 cartography/intel/aws/iam.py,sha256=zRlF9cKcYm44iL63G6bd-_flNOFHVrjsEfW0jZHpUNg,32387
+cartography/intel/aws/iam_instance_profiles.py,sha256=-bjBqhqni6n3SN2eFwy8bUufNAoshjRuxFB5dxD31ow,2255
 cartography/intel/aws/identitycenter.py,sha256=OnyvsSfn6AszB2e9dPAsGmzgne0zq0_7Ta0A6k_l_TE,8956
 cartography/intel/aws/inspector.py,sha256=S22ZgRKEnmnBTJ-u0rodqRPB7_LkSIek47NeBxN4XJw,9336
 cartography/intel/aws/kms.py,sha256=bZUzMxAH_DsAcGTJBs08gg2tLKYu-QWjvMvV9C-6v50,11731
@@ -160,7 +160,7 @@ cartography/intel/aws/permission_relationships.py,sha256=IarV9gt5BaplZ5TPo_mfypt
 cartography/intel/aws/rds.py,sha256=vnlNYmrO2Cc0PNn31CeG2QwYhwjVosbQFE9Ol1vQyLE,25252
 cartography/intel/aws/redshift.py,sha256=KOqiXIllHmtPTeaNGl-cX4srY5pFE6o12j8MQ5-zWpc,6694
 cartography/intel/aws/resourcegroupstaggingapi.py,sha256=I2VrL-oplGj2Jyhbo312V6vnER_FXpJRrc6OBJ-_VmI,10375
-cartography/intel/aws/resources.py,sha256=A8Dc3PtCfDyk5a1ZgAoHthhDPS6aWN_kR0PLwnHdC0Q,3370
+cartography/intel/aws/resources.py,sha256=lg5j0z6Iwj16Gv25yuAb3gHG6x4vOfRNm43FoOVRfqg,3541
 cartography/intel/aws/route53.py,sha256=IYqeQud1HuHnf11A7T-Jeif5DWgjpaaU-Jfr2cLUc_o,14099
 cartography/intel/aws/s3.py,sha256=SVxUMtMSkbdjZv5qOSYIbYb8BQa-QTojbHG85-EFWLA,27034
 cartography/intel/aws/secretsmanager.py,sha256=YogwRPT6qZPVg5HrND71zI-nNn60oxoWaW7eUlhuTS0,3304
@@ -290,7 +290,7 @@ cartography/models/aws/dynamodb/tables.py,sha256=iNTnI0FLdqHs0-EYGqWLGHWEy4mkSED
 cartography/models/aws/ec2/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/models/aws/ec2/auto_scaling_groups.py,sha256=ImIu-i5iU_CJQ25oa2MDnOhOjL4jcpBagPiB95JUvSE,8660
 cartography/models/aws/ec2/images.py,sha256=uGhXS7Xb6sKUdwwkS0O0dWP4sIREjusUaV_unODv9gE,3012
-cartography/models/aws/ec2/instances.py,sha256=cNMHngdGNRhxoyID6AmG2F7CQGC1fYani8DV8lSKvsI,3902
+cartography/models/aws/ec2/instances.py,sha256=H2z-0pMVOmpsYORB9WfS8hHz3n-eY8qoKg5FMeXkpbg,4613
 cartography/models/aws/ec2/keypair.py,sha256=UzKj1-Oyd-xMAJeuELzkGlDNAih1H9KpBwEgCCp54T8,2235
 cartography/models/aws/ec2/keypair_instance.py,sha256=M1Ru8Z_2izW0cADAnQVVHaKsT_4FucNZnjr2DIGncJY,2943
 cartography/models/aws/ec2/launch_configurations.py,sha256=zdfWJEx93HXDXd_IzSEkhvcztkJI7_v_TCE_d8ZNAyI,2764
@@ -310,6 +310,8 @@ cartography/models/aws/ec2/subnet_networkinterface.py,sha256=JHlxfBojBw7LfJS4a5L
 cartography/models/aws/ec2/volumes.py,sha256=WSP7YNZeJE3s4wnY9QrIAbcJN3OathqNgEBX0cVahDg,4470
 cartography/models/aws/eks/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/models/aws/eks/clusters.py,sha256=WeuC1wcjB_twsvgS0EMvU2wENhD-pm4t6N3HZ19x3vk,2293
+cartography/models/aws/iam/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+cartography/models/aws/iam/instanceprofile.py,sha256=tZL3vuWdimrrg4Fbx8JlVfaFWZEnHVMpdoBJrduBiKM,2838
 cartography/models/aws/identitycenter/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/models/aws/identitycenter/awsidentitycenter.py,sha256=lmpo-qqmMN6BMGEkBQyxmb0Nfal0qI1HetqmRmOWkSU,1988
 cartography/models/aws/identitycenter/awspermissionset.py,sha256=30BBY-XG3-rJMihKKTdUVobkdqQYWWGsFD83uTVJqkI,3539
@@ -324,7 +326,7 @@ cartography/models/bigfix/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJW
 cartography/models/bigfix/bigfix_computer.py,sha256=HQQsQPUphfkBsW8jIP0b9InNAb3vtOSWVD_GqSikkm4,3520
 cartography/models/bigfix/bigfix_root.py,sha256=GkyI0Gmnat8Q-3aQWJdCaNzKB89fY0ee4-lRvvPRLns,598
 cartography/models/core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cartography/models/core/common.py,sha256=uAMmUAY7_ENDsq-CvEZ0bQNAwdWOFRCzIQEFz7NOtmI,4316
+cartography/models/core/common.py,sha256=Bk0dCBkO9Udj9v4e8WE9mgBGaZTI170m9QpoiiYoz48,6206
 cartography/models/core/nodes.py,sha256=h5dwBOk_a2uCHZWeQz3pidr7gkqMKf7buIZgl6M1Ox4,3699
 cartography/models/core/relationships.py,sha256=6AwXvk0dq48BxqyxBpHyBXZ3dJNm65t1y4vNg4n25uA,5103
 cartography/models/cve/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -358,9 +360,9 @@ cartography/models/snipeit/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJ
 cartography/models/snipeit/asset.py,sha256=FyRAaeXuZjMy0eUQcSDFcgEAF5lbLMlvqp1Tv9d3Lv4,3238
 cartography/models/snipeit/tenant.py,sha256=p4rFnpNNuF1W5ilGBbexDaETWTwavfb38RcQGoImkQI,679
 cartography/models/snipeit/user.py,sha256=MsB4MiCVNTH6JpESime7cOkB89autZOXQpL6Z0l7L6o,2113
-cartography-0.101.0rc1.dist-info/licenses/LICENSE,sha256=kvLEBRYaQ1RvUni6y7Ti9uHeooqnjPoo6n_-0JO1ETc,11351
-cartography-0.101.0rc1.dist-info/METADATA,sha256=3PbiexiXh8bkS9as6Dqn-auI1yOcDxfc93KOJ8CuIyI,11874
-cartography-0.101.0rc1.dist-info/WHEEL,sha256=CmyFI0kx5cdEMTLiONQRbGQwjIoR1aIYB7eCAQ4KPJ0,91
-cartography-0.101.0rc1.dist-info/entry_points.txt,sha256=GVIAWD0o0_K077qMA_k1oZU4v-M0a8GLKGJR8tZ-qH8,112
-cartography-0.101.0rc1.dist-info/top_level.txt,sha256=BHqsNJQiI6Q72DeypC1IINQJE59SLhU4nllbQjgJi9g,12
-cartography-0.101.0rc1.dist-info/RECORD,,
+cartography-0.101.0rc2.dist-info/licenses/LICENSE,sha256=kvLEBRYaQ1RvUni6y7Ti9uHeooqnjPoo6n_-0JO1ETc,11351
+cartography-0.101.0rc2.dist-info/METADATA,sha256=Hw5knSxZNezo5gXVd5_2dMrhDDP0Vki78Nb48XgQHW0,11874
+cartography-0.101.0rc2.dist-info/WHEEL,sha256=CmyFI0kx5cdEMTLiONQRbGQwjIoR1aIYB7eCAQ4KPJ0,91
+cartography-0.101.0rc2.dist-info/entry_points.txt,sha256=GVIAWD0o0_K077qMA_k1oZU4v-M0a8GLKGJR8tZ-qH8,112
+cartography-0.101.0rc2.dist-info/top_level.txt,sha256=BHqsNJQiI6Q72DeypC1IINQJE59SLhU4nllbQjgJi9g,12
+cartography-0.101.0rc2.dist-info/RECORD,,

cartography/data/jobs/analysis/aws_ec2_iaminstance.json

@@ -1,10 +0,0 @@
-{
-    "name": "EC2 Instances assume IAM roles",
-    "statements": [
-        {
-            "__comment": "Create STS_ASSUMEROLE_ALLOW realtionship from ec2 instance to the associated iaminstance iam role",
-            "query":"MATCH (aa:AWSAccount)-[:RESOURCE]->(i:EC2Instance)\nWITH SPLIT(i.iaminstanceprofile, '/')[-1] AS role_name, aa, i\nMATCH (aa)-[:RESOURCE]->(r:AWSRole)\nWHERE r.arn ENDS WITH role_name\nMERGE (i)-[:STS_ASSUMEROLE_ALLOW]->(r)",
-            "iterative": false
-        }
-    ]
-}

cartography/data/jobs/analysis/aws_ec2_iaminstanceprofile.json

@@ -1,10 +0,0 @@
-{
-    "name": "EC2 Instances assume IAM roles",
-    "statements": [
-        {
-            "__comment": "Create STS_ASSUMEROLE_ALLOW realtionships from EC2 instances to the IAM roles they can assume via their iaminstanceprofiles",
-            "query":"MATCH (aa:AWSAccount)-[:RESOURCE]->(i:EC2Instance)\nWITH SPLIT(i.iaminstanceprofile, '/')[-1] AS role_name, aa, i\nMATCH (aa)-[:RESOURCE]->(r:AWSRole)\nWHERE r.arn ENDS WITH role_name\nMERGE (i)-[:STS_ASSUMEROLE_ALLOW]->(r)",
-            "iterative": false
-        }
-    ]
-}