cartography 0.108.0rc1__py3-none-any.whl → 0.109.0__py3-none-any.whl

cartography/intel/trivy/scanner.py

@@ -1,5 +1,6 @@
 import json
 import logging
+import os
 from typing import Any
 
 import boto3
@@ -127,6 +128,90 @@ def transform_scan_results(
     return findings_list, packages_list, fixes_list
 
 
+def _parse_trivy_data(
+    trivy_data: dict, source: str
+) -> tuple[str | None, list[dict], str]:
+    """
+    Parse Trivy scan data and extract common fields.
+
+    Args:
+        trivy_data: Raw JSON Trivy data
+        source: Source identifier for error messages (file path or S3 URI)
+
+    Returns:
+        Tuple of (artifact_name, results, image_digest)
+    """
+    # Extract artifact name if present (only for file-based)
+    artifact_name = trivy_data.get("ArtifactName")
+
+    if "Results" not in trivy_data:
+        logger.error(
+            f"Scan data did not contain a `Results` key for {source}. This indicates a malformed scan result."
+        )
+        raise ValueError(f"Missing 'Results' key in scan data for {source}")
+
+    results = trivy_data["Results"]
+    if not results:
+        stat_handler.incr("image_scan_no_results_count")
+        logger.info(f"No vulnerabilities found for {source}")
+
+    if "Metadata" not in trivy_data or not trivy_data["Metadata"]:
+        raise ValueError(f"Missing 'Metadata' in scan data for {source}")
+
+    repo_digests = trivy_data["Metadata"].get("RepoDigests", [])
+    if not repo_digests:
+        raise ValueError(f"Missing 'RepoDigests' in scan metadata for {source}")
+
+    repo_digest = repo_digests[0]
+    if "@" not in repo_digest:
+        raise ValueError(f"Invalid repo digest format in {source}: {repo_digest}")
+
+    image_digest = repo_digest.split("@")[1]
+    if not image_digest:
+        raise ValueError(f"Empty image digest for {source}")
+
+    return artifact_name, results, image_digest
+
+
+@timeit
+def sync_single_image(
+    neo4j_session: Session,
+    trivy_data: dict,
+    source: str,
+    update_tag: int,
+) -> None:
+    """
+    Sync a single image's Trivy scan results to Neo4j.
+
+    Args:
+        neo4j_session: Neo4j session for database operations
+        trivy_data: Raw Trivy JSON data
+        source: Source identifier for logging (file path or image URI)
+        update_tag: Update tag for tracking
+    """
+    try:
+        _, results, image_digest = _parse_trivy_data(trivy_data, source)
+
+        # Transform all data in one pass
+        findings_list, packages_list, fixes_list = transform_scan_results(
+            results,
+            image_digest,
+        )
+
+        num_findings = len(findings_list)
+        stat_handler.incr("image_scan_cve_count", num_findings)
+
+        # Load the transformed data
+        load_scan_vulns(neo4j_session, findings_list, update_tag=update_tag)
+        load_scan_packages(neo4j_session, packages_list, update_tag=update_tag)
+        load_scan_fixes(neo4j_session, fixes_list, update_tag=update_tag)
+        stat_handler.incr("images_processed_count")
+
+    except Exception as e:
+        logger.error(f"Failed to process scan results for {source}: {e}")
+        raise
+
+
 @timeit
 def get_json_files_in_s3(
     s3_bucket: str, s3_prefix: str, boto3_session: boto3.Session
@@ -177,6 +262,18 @@ def get_json_files_in_s3(
     return results
 
 
+@timeit
+def get_json_files_in_dir(results_dir: str) -> set[str]:
+    """Return set of JSON file paths under a directory."""
+    results = set()
+    for root, _dirs, files in os.walk(results_dir):
+        for filename in files:
+            if filename.endswith(".json"):
+                results.add(os.path.join(root, filename))
+    logger.info(f"Found {len(results)} json files in {results_dir}")
+    return results
+
+
 @timeit
 def cleanup(neo4j_session: Session, common_job_parameters: dict[str, Any]) -> None:
     """
@@ -245,58 +342,6 @@ def load_scan_fixes(
     )
 
 
-@timeit
-def read_scan_results_from_s3(
-    boto3_session: boto3.Session,
-    s3_bucket: str,
-    s3_object_key: str,
-    image_uri: str,
-) -> tuple[list[dict], str | None]:
-    """
-    Read and parse Trivy scan results from S3.
-
-    Args:
-        boto3_session: boto3 session for S3 operations
-        s3_bucket: S3 bucket containing scan results
-        s3_object_key: S3 object key for the scan results
-        image_uri: ECR image URI (for logging purposes)
-
-    Returns:
-        Tuple of (list of scan result dictionaries from the "Results" key, image digest)
-    """
-    s3_client = boto3_session.client("s3")
-
-    # Read JSON scan results from S3
-    logger.debug(f"Reading scan results from S3: s3://{s3_bucket}/{s3_object_key}")
-    response = s3_client.get_object(Bucket=s3_bucket, Key=s3_object_key)
-    scan_data_json = response["Body"].read().decode("utf-8")
-
-    # Parse JSON data
-    trivy_data = json.loads(scan_data_json)
-
-    # Extract results using the same logic as binary scanning
-    if "Results" in trivy_data and trivy_data["Results"]:
-        results = trivy_data["Results"]
-    else:
-        stat_handler.incr("image_scan_no_results_count")
-        logger.warning(
-            f"S3 scan data did not contain a `Results` key for URI = {image_uri}; continuing."
-        )
-        results = []
-
-    image_digest = None
-    if "Metadata" in trivy_data and trivy_data["Metadata"]:
-        repo_digests = trivy_data["Metadata"].get("RepoDigests", [])
-        if repo_digests:
-            # Sample input: 000000000000.dkr.ecr.us-east-1.amazonaws.com/test-repository@sha256:88016
-            # Sample output: sha256:88016
-            repo_digest = repo_digests[0]
-            if "@" in repo_digest:
-                image_digest = repo_digest.split("@")[1]
-
-    return results, image_digest
-
-
 @timeit
 def sync_single_image_from_s3(
     neo4j_session: Session,
@@ -317,47 +362,25 @@ def sync_single_image_from_s3(
         s3_object_key: S3 object key for this image's scan results
         boto3_session: boto3 session for S3 operations
     """
-    try:
-        # Read and parse scan results from S3
-        results, image_digest = read_scan_results_from_s3(
-            boto3_session,
-            s3_bucket,
-            s3_object_key,
-            image_uri,
-        )
-        if not image_digest:
-            logger.warning(f"No image digest found for {image_uri}; skipping over.")
-            return
+    s3_client = boto3_session.client("s3")
 
-        # Transform all data in one pass using existing function
-        findings_list, packages_list, fixes_list = transform_scan_results(
-            results,
-            image_digest,
-        )
+    logger.debug(f"Reading scan results from S3: s3://{s3_bucket}/{s3_object_key}")
+    response = s3_client.get_object(Bucket=s3_bucket, Key=s3_object_key)
+    scan_data_json = response["Body"].read().decode("utf-8")
 
-        num_findings = len(findings_list)
-        stat_handler.incr("image_scan_cve_count", num_findings)
+    trivy_data = json.loads(scan_data_json)
+    sync_single_image(neo4j_session, trivy_data, image_uri, update_tag)
 
-        # Load the transformed data using existing functions
-        load_scan_vulns(
-            neo4j_session,
-            findings_list,
-            update_tag=update_tag,
-        )
-        load_scan_packages(
-            neo4j_session,
-            packages_list,
-            update_tag=update_tag,
-        )
-        load_scan_fixes(
-            neo4j_session,
-            fixes_list,
-            update_tag=update_tag,
-        )
-        stat_handler.incr("images_processed_count")
 
-    except Exception as e:
-        logger.error(
-            f"Failed to process S3 scan results for {image_uri} from {s3_object_key}: {e}"
-        )
-        raise
+@timeit
+def sync_single_image_from_file(
+    neo4j_session: Session,
+    file_path: str,
+    update_tag: int,
+) -> None:
+    """Read a Trivy JSON file from disk and sync to Neo4j."""
+    logger.debug(f"Reading scan results from file: {file_path}")
+    with open(file_path, encoding="utf-8") as f:
+        trivy_data = json.load(f)
+
+    sync_single_image(neo4j_session, trivy_data, file_path, update_tag)

cartography/models/aws/cloudtrail/management_events.py

@@ -29,12 +29,6 @@ class AssumedRoleRelProperties(CartographyRelProperties):
     times_used: PropertyRef = PropertyRef("times_used")
     first_seen_in_time_window: PropertyRef = PropertyRef("first_seen_in_time_window")
 
-    # Event type tracking properties
-    event_types: PropertyRef = PropertyRef("event_types")
-    assume_role_count: PropertyRef = PropertyRef("assume_role_count")
-    saml_count: PropertyRef = PropertyRef("saml_count")
-    web_identity_count: PropertyRef = PropertyRef("web_identity_count")
-
 
 @dataclass(frozen=True)
 class AssumedRoleMatchLink(CartographyRelSchema):
@@ -62,3 +56,98 @@ class AssumedRoleMatchLink(CartographyRelSchema):
     direction: LinkDirection = LinkDirection.OUTWARD
     rel_label: str = "ASSUMED_ROLE"
     properties: AssumedRoleRelProperties = AssumedRoleRelProperties()
+
+
+@dataclass(frozen=True)
+class AssumedRoleWithSAMLRelProperties(CartographyRelProperties):
+    """
+    Properties for the ASSUMED_ROLE_WITH_SAML relationship representing SAML-based role assumption events.
+    Focuses specifically on SAML federated identity role assumptions.
+    """
+
+    # Mandatory fields for MatchLinks
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+    _sub_resource_label: PropertyRef = PropertyRef(
+        "_sub_resource_label", set_in_kwargs=True
+    )
+    _sub_resource_id: PropertyRef = PropertyRef("_sub_resource_id", set_in_kwargs=True)
+
+    # CloudTrail-specific relationship properties
+    last_used: PropertyRef = PropertyRef("last_used")
+    times_used: PropertyRef = PropertyRef("times_used")
+    first_seen_in_time_window: PropertyRef = PropertyRef("first_seen_in_time_window")
+
+
+@dataclass(frozen=True)
+class AssumedRoleWithSAMLMatchLink(CartographyRelSchema):
+    """
+    MatchLink schema for ASSUMED_ROLE_WITH_SAML relationships from CloudTrail SAML events.
+    Creates relationships like: (AWSRole)-[:ASSUMED_ROLE_WITH_SAML]->(AWSRole)
+
+    This MatchLink handles SAML-based role assumption relationships discovered via CloudTrail
+    AssumeRoleWithSAML events. It creates separate relationships from regular AssumeRole events
+    to preserve visibility into authentication methods used.
+    """
+
+    # MatchLink-specific fields
+    source_node_label: str = "AWSSSOUser"  # Match against AWS SSO User nodes
+    source_node_matcher: SourceNodeMatcher = make_source_node_matcher(
+        {"user_name": PropertyRef("source_principal_arn")},
+    )
+
+    # Standard CartographyRelSchema fields
+    target_node_label: str = "AWSRole"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("destination_principal_arn")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ASSUMED_ROLE_WITH_SAML"
+    properties: AssumedRoleWithSAMLRelProperties = AssumedRoleWithSAMLRelProperties()
+
+
+@dataclass(frozen=True)
+class AssumeRoleWithWebIdentityRelProperties(CartographyRelProperties):
+    """
+    Properties for the ASSUMED_ROLE_WITH_WEB_IDENTITY relationship representing web identity-based role assumption events.
+    Focuses specifically on web identity federation role assumptions (Google, Amazon, Facebook, etc.).
+    """
+
+    # Mandatory fields for MatchLinks
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+    _sub_resource_label: PropertyRef = PropertyRef(
+        "_sub_resource_label", set_in_kwargs=True
+    )
+    _sub_resource_id: PropertyRef = PropertyRef("_sub_resource_id", set_in_kwargs=True)
+
+    # CloudTrail-specific relationship properties
+    last_used: PropertyRef = PropertyRef("last_used")
+    times_used: PropertyRef = PropertyRef("times_used")
+    first_seen_in_time_window: PropertyRef = PropertyRef("first_seen_in_time_window")
+
+
+@dataclass(frozen=True)
+class GitHubRepoAssumeRoleWithWebIdentityMatchLink(CartographyRelSchema):
+    """
+    MatchLink schema for ASSUMED_ROLE_WITH_WEB_IDENTITY relationships from GitHub Actions to AWS roles.
+    Creates relationships like: (GitHubRepository)-[:ASSUMED_ROLE_WITH_WEB_IDENTITY]->(AWSRole)
+
+    This MatchLink provides granular visibility into which specific GitHub repositories are assuming
+    AWS roles via GitHub Actions OIDC, rather than just showing provider-level relationships.
+    """
+
+    # MatchLink-specific fields for GitHub repositories
+    source_node_label: str = "GitHubRepository"
+    source_node_matcher: SourceNodeMatcher = make_source_node_matcher(
+        {"fullname": PropertyRef("source_repo_fullname")},
+    )
+
+    # Standard CartographyRelSchema fields
+    target_node_label: str = "AWSRole"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("destination_principal_arn")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ASSUMED_ROLE_WITH_WEB_IDENTITY"
+    properties: AssumeRoleWithWebIdentityRelProperties = (
+        AssumeRoleWithWebIdentityRelProperties()
+    )

cartography/models/aws/cloudtrail/trail.py

@@ -73,6 +73,26 @@ class CloudTrailTrailToS3BucketRel(CartographyRelSchema):
     )
 
 
+@dataclass(frozen=True)
+class CloudTrailTrailToCloudWatchLogGroupRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class CloudTrailTrailToCloudWatchLogGroupRel(CartographyRelSchema):
+    target_node_label: str = "CloudWatchLogGroup"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {
+            "id": PropertyRef("CloudWatchLogsLogGroupArn"),
+        }
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "SENDS_LOGS_TO_CLOUDWATCH"
+    properties: CloudTrailTrailToCloudWatchLogGroupRelProperties = (
+        CloudTrailTrailToCloudWatchLogGroupRelProperties()
+    )
+
+
 @dataclass(frozen=True)
 class CloudTrailTrailSchema(CartographyNodeSchema):
     label: str = "CloudTrailTrail"
@@ -81,5 +101,6 @@ class CloudTrailTrailSchema(CartographyNodeSchema):
     other_relationships: OtherRelationships = OtherRelationships(
         [
             CloudTrailTrailToS3BucketRel(),
+            CloudTrailTrailToCloudWatchLogGroupRel(),
         ]
     )

cartography/models/aws/cloudwatch/metric_alarm.py

@@ -0,0 +1,53 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class CloudWatchMetricAlarmNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("AlarmArn")
+    arn: PropertyRef = PropertyRef("AlarmArn", extra_index=True)
+    alarm_name: PropertyRef = PropertyRef("AlarmName")
+    alarm_description: PropertyRef = PropertyRef("AlarmDescription")
+    state_value: PropertyRef = PropertyRef("StateValue")
+    state_reason: PropertyRef = PropertyRef("StateReason")
+    actions_enabled: PropertyRef = PropertyRef("ActionsEnabled")
+    comparison_operator: PropertyRef = PropertyRef("ComparisonOperator")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class CloudWatchMetricAlarmToAwsAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class CloudWatchMetricAlarmToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: CloudWatchMetricAlarmToAwsAccountRelProperties = (
+        CloudWatchMetricAlarmToAwsAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class CloudWatchMetricAlarmSchema(CartographyNodeSchema):
+    label: str = "CloudWatchMetricAlarm"
+    properties: CloudWatchMetricAlarmNodeProperties = (
+        CloudWatchMetricAlarmNodeProperties()
+    )
+    sub_resource_relationship: CloudWatchMetricAlarmToAWSAccountRel = (
+        CloudWatchMetricAlarmToAWSAccountRel()
+    )

cartography/models/aws/ec2/subnets.py

@@ -0,0 +1,65 @@
+from dataclasses import dataclass
+
+from cartography.models.aws.ec2.auto_scaling_groups import EC2SubnetToAWSAccountRel
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class EC2SubnetNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("SubnetId")
+    subnetid: PropertyRef = PropertyRef("SubnetId", extra_index=True)
+    subnet_id: PropertyRef = PropertyRef("SubnetId", extra_index=True)
+    subnet_arn: PropertyRef = PropertyRef("SubnetArn")
+    name: PropertyRef = PropertyRef("CidrBlock")
+    cidr_block: PropertyRef = PropertyRef("CidrBlock")
+    available_ip_address_count: PropertyRef = PropertyRef("AvailableIpAddressCount")
+    default_for_az: PropertyRef = PropertyRef("DefaultForAz")
+    map_customer_owned_ip_on_launch: PropertyRef = PropertyRef(
+        "MapCustomerOwnedIpOnLaunch"
+    )
+    state: PropertyRef = PropertyRef("State")
+    assignipv6addressoncreation: PropertyRef = PropertyRef(
+        "AssignIpv6AddressOnCreation"
+    )
+    map_public_ip_on_launch: PropertyRef = PropertyRef("MapPublicIpOnLaunch")
+    availability_zone: PropertyRef = PropertyRef("AvailabilityZone")
+    availability_zone_id: PropertyRef = PropertyRef("AvailabilityZoneId")
+    vpc_id: PropertyRef = PropertyRef("VpcId")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EC2SubnetToVpcRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EC2SubnetToVpcRel(CartographyRelSchema):
+    target_node_label: str = "AWSVpc"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("VpcId")}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "MEMBER_OF_AWS_VPC"
+    properties: EC2SubnetToVpcRelProperties = EC2SubnetToVpcRelProperties()
+
+
+@dataclass(frozen=True)
+class EC2SubnetSchema(CartographyNodeSchema):
+    label: str = "EC2Subnet"
+    properties: EC2SubnetNodeProperties = EC2SubnetNodeProperties()
+    sub_resource_relationship: EC2SubnetToAWSAccountRel = EC2SubnetToAWSAccountRel()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            EC2SubnetToVpcRel(),
+        ]
+    )

cartography/models/aws/ecr/image.py

@@ -0,0 +1,41 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class ECRImageNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("imageDigest")
+    digest: PropertyRef = PropertyRef("imageDigest")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECRImageToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECRImageToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: ECRImageToAWSAccountRelProperties = ECRImageToAWSAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class ECRImageSchema(CartographyNodeSchema):
+    label: str = "ECRImage"
+    properties: ECRImageNodeProperties = ECRImageNodeProperties()
+    sub_resource_relationship: ECRImageToAWSAccountRel = ECRImageToAWSAccountRel()

cartography/models/aws/ecr/repository.py

@@ -0,0 +1,72 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class ECRRepositoryNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("repositoryArn")
+    arn: PropertyRef = PropertyRef("repositoryArn", extra_index=True)
+    name: PropertyRef = PropertyRef("repositoryName", extra_index=True)
+    uri: PropertyRef = PropertyRef("repositoryUri", extra_index=True)
+    created_at: PropertyRef = PropertyRef("createdAt")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECRRepositoryToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECRRepositoryToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: ECRRepositoryToAWSAccountRelProperties = (
+        ECRRepositoryToAWSAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class ECRRepositoryToRepositoryImageRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECRRepositoryToRepositoryImageRel(CartographyRelSchema):
+    target_node_label: str = "ECRRepositoryImage"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("id")}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "REPO_IMAGE"
+    properties: ECRRepositoryToRepositoryImageRelProperties = (
+        ECRRepositoryToRepositoryImageRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class ECRRepositorySchema(CartographyNodeSchema):
+    label: str = "ECRRepository"
+    properties: ECRRepositoryNodeProperties = ECRRepositoryNodeProperties()
+    sub_resource_relationship: ECRRepositoryToAWSAccountRel = (
+        ECRRepositoryToAWSAccountRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            ECRRepositoryToRepositoryImageRel(),
+        ]
+    )