cartography 0.103.0__py3-none-any.whl → 0.104.0rc1__py3-none-any.whl

cartography/intel/aws/ssm.py

@@ -1,4 +1,6 @@
+import json
 import logging
+import re
 from typing import Any
 from typing import Dict
 from typing import List
@@ -10,6 +12,7 @@ from cartography.client.core.tx import load
 from cartography.graph.job import GraphJob
 from cartography.models.aws.ssm.instance_information import SSMInstanceInformationSchema
 from cartography.models.aws.ssm.instance_patch import SSMInstancePatchSchema
+from cartography.models.aws.ssm.parameters import SSMParameterSchema
 from cartography.util import aws_handle_regions
 from cartography.util import dict_date_to_epoch
 from cartography.util import timeit
@@ -107,6 +110,42 @@ def transform_instance_patches(data_list: List[Dict[str, Any]]) -> List[Dict[str
     return data_list
 
 
+@timeit
+@aws_handle_regions
+def get_ssm_parameters(
+    boto3_session: boto3.session.Session,
+    region: str,
+) -> List[Dict[str, Any]]:
+    client = boto3_session.client("ssm", region_name=region)
+    paginator = client.get_paginator("describe_parameters")
+    ssm_parameters_data: List[Dict[str, Any]] = []
+    for page in paginator.paginate(PaginationConfig={"PageSize": 50}):
+        ssm_parameters_data.extend(page.get("Parameters", []))
+    return ssm_parameters_data
+
+
+def transform_ssm_parameters(
+    raw_parameters_data: List[Dict[str, Any]],
+) -> List[Dict[str, Any]]:
+    transformed_list: List[Dict[str, Any]] = []
+    for param in raw_parameters_data:
+        param["LastModifiedDate"] = dict_date_to_epoch(param, "LastModifiedDate")
+        param["PoliciesJson"] = json.dumps(param.get("Policies", []))
+        # KMSKey uses shorter UUID as their primary id
+        # SSM Parameters, when encrypted, reference KMS keys using their full ARNs in the KeyId field
+        # Adding a param to match on the id property of the target node
+        if param.get("Type") == "SecureString" and param.get("KeyId") is not None:
+            match = re.match(r".*key/(.*)$", param["KeyId"])
+            if match:
+                param["KMSKeyIdShort"] = match.group(1)
+            else:
+                param["KMSKeyIdShort"] = None
+        else:
+            param["KMSKeyIdShort"] = None
+        transformed_list.append(param)
+    return transformed_list
+
+
 @timeit
 def load_instance_information(
     neo4j_session: neo4j.Session,
@@ -143,6 +182,24 @@ def load_instance_patches(
     )
 
 
+@timeit
+def load_ssm_parameters(
+    neo4j_session: neo4j.Session,
+    data: List[Dict[str, Any]],
+    region: str,
+    current_aws_account_id: str,
+    aws_update_tag: int,
+) -> None:
+    load(
+        neo4j_session,
+        SSMParameterSchema(),
+        data,
+        lastupdated=aws_update_tag,
+        Region=region,
+        AWS_ID=current_aws_account_id,
+    )
+
+
 @timeit
 def cleanup_ssm(
     neo4j_session: neo4j.Session,
@@ -156,6 +213,9 @@ def cleanup_ssm(
     GraphJob.from_node_schema(SSMInstancePatchSchema(), common_job_parameters).run(
         neo4j_session,
     )
+    GraphJob.from_node_schema(SSMParameterSchema(), common_job_parameters).run(
+        neo4j_session,
+    )
 
 
 @timeit
@@ -193,4 +253,15 @@ def sync(
             current_aws_account_id,
             update_tag,
         )
+
+        data = get_ssm_parameters(boto3_session, region)
+        data = transform_ssm_parameters(data)
+        load_ssm_parameters(
+            neo4j_session,
+            data,
+            region,
+            current_aws_account_id,
+            update_tag,
+        )
+
     cleanup_ssm(neo4j_session, common_job_parameters)

cartography/intel/openai/adminapikeys.py

@@ -23,7 +23,7 @@ def sync(
     api_session: requests.Session,
     common_job_parameters: Dict[str, Any],
     ORG_ID: str,
-) -> List[Dict]:
+) -> None:
     adminapikeys = get(
         api_session,
         common_job_parameters["BASE_URL"],
@@ -36,7 +36,6 @@ def sync(
         common_job_parameters["UPDATE_TAG"],
     )
     cleanup(neo4j_session, common_job_parameters)
-    return adminapikeys
 
 
 @timeit

cartography/intel/openai/apikeys.py

@@ -77,7 +77,7 @@ def load_apikeys(
     project_id: str,
     update_tag: int,
 ) -> None:
-    logger.info("Loading %d OpenAI Project APIKey into Neo4j.", len(data))
+    logger.info("Loading %d OpenAI APIKey into Neo4j.", len(data))
     load(
         neo4j_session,
         OpenAIApiKeySchema(),

cartography/intel/openai/projects.py

@@ -30,12 +30,15 @@ def sync(
     )
     for project in projects:
         project["users"] = []
+        project["admins"] = []
         for user in get_project_users(
             api_session,
             common_job_parameters["BASE_URL"],
             project["id"],
         ):
             project["users"].append(user["id"])
+            if user["role"] == "owner":
+                project["admins"].append(user["id"])
     load_projects(neo4j_session, projects, ORG_ID, common_job_parameters["UPDATE_TAG"])
     cleanup(neo4j_session, common_job_parameters)
     return projects
@@ -75,7 +78,7 @@ def load_projects(
     ORG_ID: str,
     update_tag: int,
 ) -> None:
-    logger.info("Loading %d OpenAIProjectSchema into Neo4j.", len(data))
+    logger.info("Loading %d OpenAI Projects into Neo4j.", len(data))
     load(
         neo4j_session,
         OpenAIProjectSchema(),

cartography/intel/openai/serviceaccounts.py

@@ -63,7 +63,7 @@ def load_serviceaccounts(
     project_id: str,
     update_tag: int,
 ) -> None:
-    logger.info("Loading %d OpenAI ProjectServiceAccount into Neo4j.", len(data))
+    logger.info("Loading %d OpenAI ServiceAccount into Neo4j.", len(data))
     load(
         neo4j_session,
         OpenAIServiceAccountSchema(),

cartography/intel/openai/users.py

@@ -70,9 +70,6 @@ def load_users(
 def cleanup(
     neo4j_session: neo4j.Session, common_job_parameters: Dict[str, Any]
 ) -> None:
-    GraphJob.from_node_schema(OpenAIOrganizationSchema(), common_job_parameters).run(
-        neo4j_session
-    )
     GraphJob.from_node_schema(OpenAIUserSchema(), common_job_parameters).run(
         neo4j_session
     )

cartography/intel/openai/util.py

@@ -10,7 +10,23 @@ def paginated_get(
     timeout: tuple[int, int],
     after: str | None = None,
 ) -> Generator[dict[str, Any], None, None]:
-    # DOC
+    """Helper function to get paginated data from the OpenAI API.
+
+    This function handles the pagination of the API requests and returns
+    the results as a generator. It will continue to make requests until
+    all pages of data have been retrieved. The results are returned as a
+    list of dictionaries, where each dictionary represents a single
+    entity.
+
+    Args:
+        api_session (requests.Session): The requests session to use for making API calls.
+        url (str): The URL to make the API call to.
+        timeout (tuple[int, int]): The timeout for the API call.
+        after (str | None): The ID of the last item retrieved in the previous request.
+            If None, the first page of results will be retrieved.
+    Returns:
+        Generator[dict[str, Any], None, None]: A generator yielding dictionaries representing the results.
+    """
     params = {"after": after} if after else {}
     req = api_session.get(
         url,

cartography/models/anthropic/apikey.py

@@ -0,0 +1,90 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class AnthropicApiKeyNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    name: PropertyRef = PropertyRef("name")
+    status: PropertyRef = PropertyRef("status")
+    created_at: PropertyRef = PropertyRef("created_at")
+    last_used_at: PropertyRef = PropertyRef("last_used_at")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AnthropicApiKeyToOrganizationRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:AnthropicOrganization)-[:RESOURCE]->(:AnthropicApiKey)
+class AnthropicApiKeyToOrganizationRel(CartographyRelSchema):
+    target_node_label: str = "AnthropicOrganization"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("ORG_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: AnthropicApiKeyToOrganizationRelProperties = (
+        AnthropicApiKeyToOrganizationRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AnthropicApiKeyToUserRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:AnthropicUser)-[:OWNS]->(:AnthropicApiKey)
+class AnthropicApiKeyToUserRel(CartographyRelSchema):
+    target_node_label: str = "AnthropicUser"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("created_by.id")},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "OWNS"
+    properties: AnthropicApiKeyToUserRelProperties = (
+        AnthropicApiKeyToUserRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AnthropicApiKeyToWorkspaceRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:AnthropicWorkspace)-[:CONTAINS]->(:AnthropicApiKey)
+class AnthropicApiKeyToWorkspaceRel(CartographyRelSchema):
+    target_node_label: str = "AnthropicWorkspace"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("workspace_id")},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "CONTAINS"
+    properties: AnthropicApiKeyToWorkspaceRelProperties = (
+        AnthropicApiKeyToWorkspaceRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AnthropicApiKeySchema(CartographyNodeSchema):
+    label: str = "AnthropicApiKey"
+    properties: AnthropicApiKeyNodeProperties = AnthropicApiKeyNodeProperties()
+    sub_resource_relationship: AnthropicApiKeyToOrganizationRel = (
+        AnthropicApiKeyToOrganizationRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [AnthropicApiKeyToUserRel(), AnthropicApiKeyToWorkspaceRel()],
+    )

cartography/models/anthropic/organization.py

@@ -0,0 +1,19 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+
+
+@dataclass(frozen=True)
+class AnthropicOrganizationNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AnthropicOrganizationSchema(CartographyNodeSchema):
+    label: str = "AnthropicOrganization"
+    properties: AnthropicOrganizationNodeProperties = (
+        AnthropicOrganizationNodeProperties()
+    )

cartography/models/anthropic/user.py

@@ -0,0 +1,48 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class AnthropicUserNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    name: PropertyRef = PropertyRef("name")
+    email: PropertyRef = PropertyRef("email", extra_index=True)
+    role: PropertyRef = PropertyRef("role")
+    added_at: PropertyRef = PropertyRef("added_at")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AnthropicUserToOrganizationRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:AnthropicOrganization)-[:RESOURCE]->(:AnthropicUser)
+class AnthropicUserToOrganizationRel(CartographyRelSchema):
+    target_node_label: str = "AnthropicOrganization"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("ORG_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: AnthropicUserToOrganizationRelProperties = (
+        AnthropicUserToOrganizationRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AnthropicUserSchema(CartographyNodeSchema):
+    label: str = "AnthropicUser"
+    properties: AnthropicUserNodeProperties = AnthropicUserNodeProperties()
+    sub_resource_relationship: AnthropicUserToOrganizationRel = (
+        AnthropicUserToOrganizationRel()
+    )

cartography/models/anthropic/workspace.py

@@ -0,0 +1,90 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class AnthropicWorkspaceNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    name: PropertyRef = PropertyRef("name")
+    created_at: PropertyRef = PropertyRef("created_at")
+    archived_at: PropertyRef = PropertyRef("archived_at")
+    display_color: PropertyRef = PropertyRef("display_color")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AnthropicWorkspaceToOrganizationRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:AnthropicOrganization)-[:RESOURCE]->(:AnthropicWorkspace)
+class AnthropicWorkspaceToOrganizationRel(CartographyRelSchema):
+    target_node_label: str = "AnthropicOrganization"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("ORG_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: AnthropicWorkspaceToOrganizationRelProperties = (
+        AnthropicWorkspaceToOrganizationRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AnthropicWorkspaceToUserRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:AnthropicUser)-[:MEMBER_OF]->(:AnthropicWorkspace)
+class AnthropicWorkspaceToUserRel(CartographyRelSchema):
+    target_node_label: str = "AnthropicUser"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("users", one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "MEMBER_OF"
+    properties: AnthropicWorkspaceToUserRelProperties = (
+        AnthropicWorkspaceToUserRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AnthropicWorkspaceToUserAdminRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:AnthropicUser)-[:ADMIN_OF]->(:AnthropicWorkspace)
+class AnthropicWorkspaceToUserAdminRel(CartographyRelSchema):
+    target_node_label: str = "AnthropicUser"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("admins", one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "ADMIN_OF"
+    properties: AnthropicWorkspaceToUserAdminRelProperties = (
+        AnthropicWorkspaceToUserAdminRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AnthropicWorkspaceSchema(CartographyNodeSchema):
+    label: str = "AnthropicWorkspace"
+    properties: AnthropicWorkspaceNodeProperties = AnthropicWorkspaceNodeProperties()
+    sub_resource_relationship: AnthropicWorkspaceToOrganizationRel = (
+        AnthropicWorkspaceToOrganizationRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [AnthropicWorkspaceToUserRel(), AnthropicWorkspaceToUserAdminRel()],
+    )

cartography/models/aws/secretsmanager/secret_version.py

@@ -0,0 +1,116 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class SecretsManagerSecretVersionNodeProperties(CartographyNodeProperties):
+    """
+    Properties for AWS Secrets Manager Secret Version
+    """
+
+    # Align property names with the actual keys in the data
+    id: PropertyRef = PropertyRef("ARN")
+    arn: PropertyRef = PropertyRef("ARN", extra_index=True)
+    secret_id: PropertyRef = PropertyRef("SecretId")
+    version_id: PropertyRef = PropertyRef("VersionId")
+    version_stages: PropertyRef = PropertyRef("VersionStages")
+    created_date: PropertyRef = PropertyRef("CreatedDate")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+    # Make KMS and tags properties without required=False parameter
+    kms_key_id: PropertyRef = PropertyRef("KmsKeyId")
+    tags: PropertyRef = PropertyRef("Tags")
+
+
+@dataclass(frozen=True)
+class SecretsManagerSecretVersionRelProperties(CartographyRelProperties):
+    """
+    Properties for relationships between Secret Version and other nodes
+    """
+
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class SecretsManagerSecretVersionToAWSAccountRel(CartographyRelSchema):
+    """
+    Relationship between Secret Version and AWS Account
+    """
+
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: SecretsManagerSecretVersionRelProperties = (
+        SecretsManagerSecretVersionRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class SecretsManagerSecretVersionToSecretRel(CartographyRelSchema):
+    """
+    Relationship between Secret Version and its parent Secret
+    """
+
+    target_node_label: str = "SecretsManagerSecret"
+    # Use only one matcher for the id field
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("SecretId")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "VERSION_OF"
+    properties: SecretsManagerSecretVersionRelProperties = (
+        SecretsManagerSecretVersionRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class SecretsManagerSecretVersionToKMSKeyRel(CartographyRelSchema):
+    """
+    Relationship between Secret Version and its KMS key
+    Only created when KmsKeyId is present
+    """
+
+    target_node_label: str = "AWSKMSKey"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("KmsKeyId")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ENCRYPTED_BY"
+    properties: SecretsManagerSecretVersionRelProperties = (
+        SecretsManagerSecretVersionRelProperties()
+    )
+    # Only create this relationship if KmsKeyId exists
+    conditional_match_property: str = "KmsKeyId"
+
+
+@dataclass(frozen=True)
+class SecretsManagerSecretVersionSchema(CartographyNodeSchema):
+    """
+    Schema for AWS Secrets Manager Secret Version
+    """
+
+    label: str = "SecretsManagerSecretVersion"
+    properties: SecretsManagerSecretVersionNodeProperties = (
+        SecretsManagerSecretVersionNodeProperties()
+    )
+    sub_resource_relationship: SecretsManagerSecretVersionToAWSAccountRel = (
+        SecretsManagerSecretVersionToAWSAccountRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            SecretsManagerSecretVersionToSecretRel(),
+            SecretsManagerSecretVersionToKMSKeyRel(),
+        ],
+    )

cartography/models/aws/ssm/parameters.py

@@ -0,0 +1,84 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class SSMParameterNodeProperties(CartographyNodeProperties):
+
+    arn: PropertyRef = PropertyRef("ARN", extra_index=True)
+    id: PropertyRef = PropertyRef("ARN")
+    name: PropertyRef = PropertyRef("Name")
+    description: PropertyRef = PropertyRef("Description")
+    type: PropertyRef = PropertyRef("Type")
+    keyid: PropertyRef = PropertyRef("KeyId")
+    kms_key_id_short: PropertyRef = PropertyRef("KMSKeyIdShort")
+    version: PropertyRef = PropertyRef("Version")
+    lastmodifieddate: PropertyRef = PropertyRef("LastModifiedDate")
+    tier: PropertyRef = PropertyRef("Tier")
+    lastmodifieduser: PropertyRef = PropertyRef("LastModifiedUser")
+    datatype: PropertyRef = PropertyRef("DataType")
+    allowedpattern: PropertyRef = PropertyRef("AllowedPattern")
+    policies_json: PropertyRef = PropertyRef("PoliciesJson")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class SSMParameterToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class SSMParameterToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: SSMParameterToAWSAccountRelProperties = (
+        SSMParameterToAWSAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class SSMParameterToKMSKeyRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class SSMParameterToKMSKeyRel(CartographyRelSchema):
+    target_node_label: str = "KMSKey"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {
+            "id": PropertyRef("KMSKeyIdShort"),
+        }
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ENCRYPTED_BY"
+    properties: SSMParameterToKMSKeyRelProperties = SSMParameterToKMSKeyRelProperties()
+
+
+@dataclass(frozen=True)
+class SSMParameterSchema(CartographyNodeSchema):
+
+    label: str = "SSMParameter"
+    properties: SSMParameterNodeProperties = SSMParameterNodeProperties()
+    sub_resource_relationship: SSMParameterToAWSAccountRel = (
+        SSMParameterToAWSAccountRel()
+    )
+
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            SSMParameterToKMSKeyRel(),
+        ],
+    )