cartography 0.104.0rc2__py3-none-any.whl → 0.123.0__py3-none-any.whl

cartography/models/aws/iam/root_principal.py

@@ -0,0 +1,52 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class AWSRootPrincipalNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("arn")
+    arn: PropertyRef = PropertyRef("arn", extra_index=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSRootPrincipalToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSRootPrincipalToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {
+            "id": PropertyRef("AWS_ID", set_in_kwargs=True),
+        }
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: AWSRootPrincipalToAWSAccountRelProperties = (
+        AWSRootPrincipalToAWSAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AWSRootPrincipalSchema(CartographyNodeSchema):
+    """
+    Represents the AWS root principal for an AWS account
+    """
+
+    label: str = "AWSRootPrincipal"
+    properties: AWSRootPrincipalNodeProperties = AWSRootPrincipalNodeProperties()
+    sub_resource_relationship: AWSRootPrincipalToAWSAccountRel = (
+        AWSRootPrincipalToAWSAccountRel()
+    )
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(["AWSPrincipal"])

cartography/models/aws/iam/service_principal.py

@@ -0,0 +1,30 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+
+
+@dataclass(frozen=True)
+class AWSServicePrincipalNodeProperties(CartographyNodeProperties):
+    # Required unique identifier
+    id: PropertyRef = PropertyRef("arn")
+    arn: PropertyRef = PropertyRef("arn", extra_index=True)
+
+    # Automatic fields (set by cartography)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+    # Business fields from AWS IAM service principals
+    type: PropertyRef = PropertyRef("type")
+
+
+@dataclass(frozen=True)
+class AWSServicePrincipalSchema(CartographyNodeSchema):
+    """
+    Represents a global AWS service principal e.g. "ec2.amazonaws.com"
+    """
+
+    label: str = "AWSServicePrincipal"
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(["AWSPrincipal"])
+    properties: AWSServicePrincipalNodeProperties = AWSServicePrincipalNodeProperties()

cartography/models/aws/iam/sts_assumerole_allow.py

@@ -0,0 +1,38 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_source_node_matcher
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import SourceNodeMatcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class STSAssumeRoleAllowRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+    _sub_resource_label: PropertyRef = PropertyRef(
+        "_sub_resource_label", set_in_kwargs=True
+    )
+    _sub_resource_id: PropertyRef = PropertyRef("_sub_resource_id", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class STSAssumeRoleAllowMatchLink(CartographyRelSchema):
+    rel_label: str = "STS_ASSUMEROLE_ALLOW"
+    direction: LinkDirection = LinkDirection.OUTWARD
+    properties: STSAssumeRoleAllowRelProperties = STSAssumeRoleAllowRelProperties()
+
+    # Target node (the role being assumed)
+    target_node_label: str = "AWSRole"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("target_arn")},
+    )
+
+    # Source node (the principal that can assume the role)
+    source_node_label: str = "AWSPrincipal"
+    source_node_matcher: SourceNodeMatcher = make_source_node_matcher(
+        {"arn": PropertyRef("source_arn")},
+    )

cartography/models/aws/iam/user.py

@@ -0,0 +1,59 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class AWSUserNodeProperties(CartographyNodeProperties):
+    # Required unique identifier
+    id: PropertyRef = PropertyRef("arn")
+    arn: PropertyRef = PropertyRef("arn", extra_index=True)
+
+    # Automatic fields (set by cartography)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+    # Business fields from AWS IAM users
+    userid: PropertyRef = PropertyRef("userid")
+    name: PropertyRef = PropertyRef("name")
+    path: PropertyRef = PropertyRef("path")
+    createdate: PropertyRef = PropertyRef("createdate")
+    passwordlastused: PropertyRef = PropertyRef("passwordlastused")
+
+
+@dataclass(frozen=True)
+class AWSUserToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSUserToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {
+            "id": PropertyRef("AWS_ID", set_in_kwargs=True),
+        }
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: AWSUserToAWSAccountRelProperties = AWSUserToAWSAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class AWSUserSchema(CartographyNodeSchema):
+    label: str = "AWSUser"
+    properties: AWSUserNodeProperties = AWSUserNodeProperties()
+    sub_resource_relationship: AWSUserToAWSAccountRel = AWSUserToAWSAccountRel()
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(
+        [
+            "AWSPrincipal",
+            "UserAccount",
+        ]  # UserAccount label is used for ontology mapping
+    )

cartography/models/aws/identitycenter/awsidentitycenter.py

@@ -17,6 +17,7 @@ class IdentityCenterInstanceProperties(CartographyNodeProperties):
     created_date: PropertyRef = PropertyRef("CreatedDate")
     id: PropertyRef = PropertyRef("InstanceArn")
     status: PropertyRef = PropertyRef("Status")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
     lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
 
 

cartography/models/aws/identitycenter/awspermissionset.py

@@ -6,8 +6,10 @@ from cartography.models.core.nodes import CartographyNodeSchema
 from cartography.models.core.relationships import CartographyRelProperties
 from cartography.models.core.relationships import CartographyRelSchema
 from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_source_node_matcher
 from cartography.models.core.relationships import make_target_node_matcher
 from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import SourceNodeMatcher
 from cartography.models.core.relationships import TargetNodeMatcher
 
 
@@ -19,6 +21,7 @@ class PermissionSetProperties(CartographyNodeProperties):
     description: PropertyRef = PropertyRef("Description")
     session_duration: PropertyRef = PropertyRef("SessionDuration")
     instance_arn: PropertyRef = PropertyRef("InstanceArn", set_in_kwargs=True)
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
     lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
 
 
@@ -77,6 +80,73 @@ class AWSPermissionSetToAWSAccountRel(CartographyRelSchema):
     )
 
 
+@dataclass(frozen=True)
+class RoleAssignmentAllowedByRelProperties(CartographyRelProperties):
+    """
+    Properties for the ALLOWED_BY relationship between AWSRole and AWSSSO principals.
+    """
+
+    # Mandatory fields for MatchLinks
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+    _sub_resource_label: PropertyRef = PropertyRef(
+        "_sub_resource_label", set_in_kwargs=True
+    )
+    _sub_resource_id: PropertyRef = PropertyRef("_sub_resource_id", set_in_kwargs=True)
+
+    # Role assignment specific properties
+    permission_set_arn: PropertyRef = PropertyRef("PermissionSetArn")
+
+
+@dataclass(frozen=True)
+class AWSRoleToSSOUserMatchLink(CartographyRelSchema):
+    """
+    MatchLink for (AWSRole)-[:ALLOWED_BY]->(AWSSSOUser).
+
+    See schema documentation for details.
+    """
+
+    # MatchLink-specific fields for AWSRole as source
+    source_node_label: str = "AWSRole"
+    source_node_matcher: SourceNodeMatcher = make_source_node_matcher(
+        {"arn": PropertyRef("RoleArn")},
+    )
+
+    # Standard CartographyRelSchema fields for AWSSSOUser as target
+    target_node_label: str = "AWSSSOUser"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("UserId")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ALLOWED_BY"
+    properties: RoleAssignmentAllowedByRelProperties = (
+        RoleAssignmentAllowedByRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AWSRoleToSSOGroupMatchLink(CartographyRelSchema):
+    """
+    MatchLink for (AWSRole)-[:ALLOWED_BY]->(AWSSSOGroup).
+
+    See schema documentation for details.
+    """
+
+    source_node_label: str = "AWSRole"
+    source_node_matcher: SourceNodeMatcher = make_source_node_matcher(
+        {"arn": PropertyRef("RoleArn")},
+    )
+
+    target_node_label: str = "AWSSSOGroup"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("GroupId")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ALLOWED_BY"
+    properties: RoleAssignmentAllowedByRelProperties = (
+        RoleAssignmentAllowedByRelProperties()
+    )
+
+
 @dataclass(frozen=True)
 class AWSPermissionSetSchema(CartographyNodeSchema):
     label: str = "AWSPermissionSet"

cartography/models/aws/identitycenter/awssogroup.py

@@ -0,0 +1,70 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class AWSSSOGroupProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("GroupId")
+    display_name: PropertyRef = PropertyRef("DisplayName")
+    description: PropertyRef = PropertyRef("Description")
+    identity_store_id: PropertyRef = PropertyRef("IdentityStoreId")
+    external_id: PropertyRef = PropertyRef("ExternalId", extra_index=True)
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSSSOGroupToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSSSOGroupToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: AWSSSOGroupToAWSAccountRelProperties = (
+        AWSSSOGroupToAWSAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AWSSSOGroupToPermissionSetRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSSSOGroupToPermissionSetRel(CartographyRelSchema):
+    target_node_label: str = "AWSPermissionSet"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("AssignedPermissionSets", one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "HAS_PERMISSION_SET"
+    properties: AWSSSOGroupToPermissionSetRelProperties = (
+        AWSSSOGroupToPermissionSetRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AWSSSOGroupSchema(CartographyNodeSchema):
+    label: str = "AWSSSOGroup"
+    properties: AWSSSOGroupProperties = AWSSSOGroupProperties()
+    sub_resource_relationship: AWSSSOGroupToAWSAccountRel = AWSSSOGroupToAWSAccountRel()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            AWSSSOGroupToPermissionSetRel(),
+        ]
+    )

cartography/models/aws/identitycenter/awsssouser.py

@@ -13,29 +13,31 @@ from cartography.models.core.relationships import TargetNodeMatcher
 
 
 @dataclass(frozen=True)
-class SSOUserProperties(CartographyNodeProperties):
-    id: PropertyRef = PropertyRef("UserId", extra_index=True)
+class AWSSSOUserProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("UserId")
     user_name: PropertyRef = PropertyRef("UserName")
     identity_store_id: PropertyRef = PropertyRef("IdentityStoreId")
     external_id: PropertyRef = PropertyRef("ExternalId", extra_index=True)
-    region: PropertyRef = PropertyRef("Region")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
     lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
 
 
 @dataclass(frozen=True)
-class SSOUserToOktaUserRelRelProperties(CartographyRelProperties):
+class AWSSSOUserToOktaUserRelRelProperties(CartographyRelProperties):
     lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
 
 
 @dataclass(frozen=True)
-class SSOUserToOktaUserRel(CartographyRelSchema):
+class AWSSSOUserToOktaUserRel(CartographyRelSchema):
     target_node_label: str = "UserAccount"
     target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
         {"id": PropertyRef("ExternalId")},
     )
     direction: LinkDirection = LinkDirection.INWARD
     rel_label: str = "CAN_ASSUME_IDENTITY"
-    properties: SSOUserToOktaUserRelRelProperties = SSOUserToOktaUserRelRelProperties()
+    properties: AWSSSOUserToOktaUserRelRelProperties = (
+        AWSSSOUserToOktaUserRelRelProperties()
+    )
 
 
 @dataclass(frozen=True)
@@ -57,14 +59,52 @@ class AWSSSOUserToAWSAccountRel(CartographyRelSchema):
     )
 
 
+@dataclass(frozen=True)
+class AWSSSOUserToSSOGroupRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSSSOUserToSSOGroupRel(CartographyRelSchema):
+    target_node_label: str = "AWSSSOGroup"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("MemberOfGroups", one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "MEMBER_OF_SSO_GROUP"
+    properties: AWSSSOUserToSSOGroupRelProperties = AWSSSOUserToSSOGroupRelProperties()
+
+
+@dataclass(frozen=True)
+class AWSSSOUserToPermissionSetRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSSSOUserToPermissionSetRel(CartographyRelSchema):
+    target_node_label: str = "AWSPermissionSet"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("AssignedPermissionSets", one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "HAS_PERMISSION_SET"
+    properties: AWSSSOUserToPermissionSetRelProperties = (
+        AWSSSOUserToPermissionSetRelProperties()
+    )
+
+
 @dataclass(frozen=True)
 class AWSSSOUserSchema(CartographyNodeSchema):
     label: str = "AWSSSOUser"
-    properties: SSOUserProperties = SSOUserProperties()
-    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(["UserAccount"])
+    properties: AWSSSOUserProperties = AWSSSOUserProperties()
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(
+        ["UserAccount"]
+    )  # UserAccount label is used for ontology mapping
     sub_resource_relationship: AWSSSOUserToAWSAccountRel = AWSSSOUserToAWSAccountRel()
     other_relationships: OtherRelationships = OtherRelationships(
         [
-            SSOUserToOktaUserRel(),
+            AWSSSOUserToOktaUserRel(),
+            AWSSSOUserToSSOGroupRel(),
+            AWSSSOUserToPermissionSetRel(),
         ],
     )

cartography/models/aws/inspector/findings.py

@@ -7,8 +7,10 @@ from cartography.models.core.nodes import ExtraNodeLabels
 from cartography.models.core.relationships import CartographyRelProperties
 from cartography.models.core.relationships import CartographyRelSchema
 from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_source_node_matcher
 from cartography.models.core.relationships import make_target_node_matcher
 from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import SourceNodeMatcher
 from cartography.models.core.relationships import TargetNodeMatcher
 
 
@@ -135,6 +137,40 @@ class InspectorFindingToECRImageRel(CartographyRelSchema):
     )
 
 
+@dataclass(frozen=True)
+class InspectorFindingToPackageRelRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+    _sub_resource_label: PropertyRef = PropertyRef(
+        "_sub_resource_label", set_in_kwargs=True
+    )
+    _sub_resource_id: PropertyRef = PropertyRef("_sub_resource_id", set_in_kwargs=True)
+    # The following properties live in vulnerablePackages from AWS API
+    # Adding them here to avoid multiple repetion of packages
+    filepath: PropertyRef = PropertyRef("filePath")
+    fixedinversion: PropertyRef = PropertyRef("fixedInVersion")
+    remediation: PropertyRef = PropertyRef("remediation")
+    sourcelayerhash: PropertyRef = PropertyRef("sourceLayerHash")
+    sourcelambdalayerarn: PropertyRef = PropertyRef("sourceLambdaLayerArn")
+
+
+@dataclass(frozen=True)
+# (:AWSInspectorFinding)-[:HAS]->(:AWSInspectorPackage)
+class InspectorFindingToPackageMatchLink(CartographyRelSchema):
+    target_node_label: str = "AWSInspectorPackage"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("packageid")},
+    )
+    source_node_label: str = "AWSInspectorFinding"
+    source_node_matcher: SourceNodeMatcher = make_source_node_matcher(
+        {"id": PropertyRef("findingarn")},
+    )
+    properties: InspectorFindingToPackageRelRelProperties = (
+        InspectorFindingToPackageRelRelProperties()
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "HAS"
+
+
 @dataclass(frozen=True)
 class AWSInspectorFindingSchema(CartographyNodeSchema):
     label: str = "AWSInspectorFinding"
@@ -146,6 +182,7 @@ class AWSInspectorFindingSchema(CartographyNodeSchema):
     other_relationships: OtherRelationships = OtherRelationships(
         [
             InspectorFindingToEC2InstanceRel(),
+            # TODO: Fix ECRRepository and ECRImage relationships
             InspectorFindingToECRRepositoryRel(),
             InspectorFindingToECRImageRel(),
             InspectorFindingToAWSAccountRelDelegateRel(),

cartography/models/aws/inspector/packages.py

@@ -7,25 +7,18 @@ from cartography.models.core.relationships import CartographyRelProperties
 from cartography.models.core.relationships import CartographyRelSchema
 from cartography.models.core.relationships import LinkDirection
 from cartography.models.core.relationships import make_target_node_matcher
-from cartography.models.core.relationships import OtherRelationships
 from cartography.models.core.relationships import TargetNodeMatcher
 
 
 @dataclass(frozen=True)
 class AWSInspectorPackageNodeProperties(CartographyNodeProperties):
     id: PropertyRef = PropertyRef("id")
-    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
-    awsaccount: PropertyRef = PropertyRef("AWS_ID", set_in_kwargs=True)
-    findingarn: PropertyRef = PropertyRef("findingarn", extra_index=True)
     name: PropertyRef = PropertyRef("name", extra_index=True)
-    arch: PropertyRef = PropertyRef("arch")
     version: PropertyRef = PropertyRef("version", extra_index=True)
     release: PropertyRef = PropertyRef("release", extra_index=True)
+    arch: PropertyRef = PropertyRef("arch")
     epoch: PropertyRef = PropertyRef("epoch")
     manager: PropertyRef = PropertyRef("packageManager")
-    filepath: PropertyRef = PropertyRef("filePath")
-    fixedinversion: PropertyRef = PropertyRef("fixedInVersion")
-    sourcelayerhash: PropertyRef = PropertyRef("sourceLayerHash")
     lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
 
 
@@ -47,24 +40,6 @@ class InspectorPackageToAWSAccountRel(CartographyRelSchema):
     )
 
 
-@dataclass(frozen=True)
-class InspectorPackageToFindingRelRelProperties(CartographyRelProperties):
-    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
-
-
-@dataclass(frozen=True)
-class InspectorPackageToFindingRel(CartographyRelSchema):
-    target_node_label: str = "AWSInspectorFinding"
-    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
-        {"id": PropertyRef("findingarn")},
-    )
-    direction: LinkDirection = LinkDirection.INWARD
-    rel_label: str = "HAS"
-    properties: InspectorPackageToFindingRelRelProperties = (
-        InspectorPackageToFindingRelRelProperties()
-    )
-
-
 @dataclass(frozen=True)
 class AWSInspectorPackageSchema(CartographyNodeSchema):
     label: str = "AWSInspectorPackage"
@@ -72,8 +47,3 @@ class AWSInspectorPackageSchema(CartographyNodeSchema):
     sub_resource_relationship: InspectorPackageToAWSAccountRel = (
         InspectorPackageToAWSAccountRel()
     )
-    other_relationships: OtherRelationships = OtherRelationships(
-        [
-            InspectorPackageToFindingRel(),
-        ],
-    )

cartography/models/aws/kms/aliases.py

@@ -0,0 +1,86 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class KMSAliasNodeProperties(CartographyNodeProperties):
+    """
+    Properties for AWS KMS Alias
+    """
+
+    id: PropertyRef = PropertyRef("AliasArn")
+    arn: PropertyRef = PropertyRef("AliasArn", extra_index=True)
+    alias_name: PropertyRef = PropertyRef("AliasName", extra_index=True)
+    target_key_id: PropertyRef = PropertyRef("TargetKeyId")
+
+    # Date properties (will be converted to epoch timestamps)
+    creation_date: PropertyRef = PropertyRef("CreationDate")
+    last_updated_date: PropertyRef = PropertyRef("LastUpdatedDate")
+
+    # Standard cartography properties
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KMSAliasRelProperties(CartographyRelProperties):
+    """
+    Properties for relationships between KMS Alias and other nodes
+    """
+
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KMSAliasToAWSAccountRel(CartographyRelSchema):
+    """
+    Relationship between KMS Alias and AWS Account
+    """
+
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: KMSAliasRelProperties = KMSAliasRelProperties()
+
+
+@dataclass(frozen=True)
+class KMSAliasToKMSKeyRel(CartographyRelSchema):
+    """
+    Relationship between KMS Alias and its associated KMS Key
+    """
+
+    target_node_label: str = "KMSKey"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("TargetKeyId")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "KNOWN_AS"
+    properties: KMSAliasRelProperties = KMSAliasRelProperties()
+
+
+@dataclass(frozen=True)
+class KMSAliasSchema(CartographyNodeSchema):
+    """
+    Schema for AWS KMS Alias
+    """
+
+    label: str = "KMSAlias"
+    properties: KMSAliasNodeProperties = KMSAliasNodeProperties()
+    sub_resource_relationship: KMSAliasToAWSAccountRel = KMSAliasToAWSAccountRel()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            KMSAliasToKMSKeyRel(),
+        ],
+    )