cartography 0.108.0rc1__py3-none-any.whl → 0.109.0__py3-none-any.whl

cartography/models/aws/ecr/repository_image.py

@@ -0,0 +1,95 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class ECRRepositoryImageNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    tag: PropertyRef = PropertyRef("imageTag")
+    uri: PropertyRef = PropertyRef("uri")
+    repo_uri: PropertyRef = PropertyRef("repo_uri")
+    image_size_bytes: PropertyRef = PropertyRef("imageSizeInBytes")
+    image_pushed_at: PropertyRef = PropertyRef("imagePushedAt")
+    image_manifest_media_type: PropertyRef = PropertyRef("imageManifestMediaType")
+    artifact_media_type: PropertyRef = PropertyRef("artifactMediaType")
+    last_recorded_pull_time: PropertyRef = PropertyRef("lastRecordedPullTime")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECRRepositoryImageToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECRRepositoryImageToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: ECRRepositoryImageToAWSAccountRelProperties = (
+        ECRRepositoryImageToAWSAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class ECRRepositoryImageToECRRepositoryRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECRRepositoryImageToECRRepositoryRel(CartographyRelSchema):
+    target_node_label: str = "ECRRepository"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"uri": PropertyRef("repo_uri")}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "REPO_IMAGE"
+    properties: ECRRepositoryImageToECRRepositoryRelProperties = (
+        ECRRepositoryImageToECRRepositoryRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class ECRRepositoryImageToECRImageRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECRRepositoryImageToECRImageRel(CartographyRelSchema):
+    target_node_label: str = "ECRImage"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("imageDigest")}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "IMAGE"
+    properties: ECRRepositoryImageToECRImageRelProperties = (
+        ECRRepositoryImageToECRImageRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class ECRRepositoryImageSchema(CartographyNodeSchema):
+    label: str = "ECRRepositoryImage"
+    properties: ECRRepositoryImageNodeProperties = ECRRepositoryImageNodeProperties()
+    sub_resource_relationship: ECRRepositoryImageToAWSAccountRel = (
+        ECRRepositoryImageToAWSAccountRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            ECRRepositoryImageToECRRepositoryRel(),
+            ECRRepositoryImageToECRImageRel(),
+        ]
+    )

cartography/models/aws/elasticache/cluster.py

@@ -0,0 +1,65 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class ElasticacheClusterNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("ARN")
+    arn: PropertyRef = PropertyRef("ARN", extra_index=True)
+    cache_cluster_id: PropertyRef = PropertyRef("CacheClusterId")
+    cache_node_type: PropertyRef = PropertyRef("CacheNodeType")
+    engine: PropertyRef = PropertyRef("Engine")
+    engine_version: PropertyRef = PropertyRef("EngineVersion")
+    cache_cluster_status: PropertyRef = PropertyRef("CacheClusterStatus")
+    num_cache_nodes: PropertyRef = PropertyRef("NumCacheNodes")
+    preferred_availability_zone: PropertyRef = PropertyRef("PreferredAvailabilityZone")
+    preferred_maintenance_window: PropertyRef = PropertyRef(
+        "PreferredMaintenanceWindow"
+    )
+    cache_cluster_create_time: PropertyRef = PropertyRef("CacheClusterCreateTime")
+    cache_subnet_group_name: PropertyRef = PropertyRef("CacheSubnetGroupName")
+    auto_minor_version_upgrade: PropertyRef = PropertyRef("AutoMinorVersionUpgrade")
+    replication_group_id: PropertyRef = PropertyRef("ReplicationGroupId")
+    snapshot_retention_limit: PropertyRef = PropertyRef("SnapshotRetentionLimit")
+    snapshot_window: PropertyRef = PropertyRef("SnapshotWindow")
+    auth_token_enabled: PropertyRef = PropertyRef("AuthTokenEnabled")
+    transit_encryption_enabled: PropertyRef = PropertyRef("TransitEncryptionEnabled")
+    at_rest_encryption_enabled: PropertyRef = PropertyRef("AtRestEncryptionEnabled")
+    topic_arn: PropertyRef = PropertyRef("TopicArn")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ElasticacheClusterToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ElasticacheClusterToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: ElasticacheClusterToAWSAccountRelProperties = (
+        ElasticacheClusterToAWSAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class ElasticacheClusterSchema(CartographyNodeSchema):
+    label: str = "ElasticacheCluster"
+    properties: ElasticacheClusterNodeProperties = ElasticacheClusterNodeProperties()
+    sub_resource_relationship: ElasticacheClusterToAWSAccountRel = (
+        ElasticacheClusterToAWSAccountRel()
+    )

cartography/models/aws/elasticache/topic.py

@@ -0,0 +1,67 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class ElasticacheTopicNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("TopicArn")
+    arn: PropertyRef = PropertyRef("TopicArn", extra_index=True)
+    status: PropertyRef = PropertyRef("TopicStatus")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ElasticacheTopicToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ElasticacheTopicToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: ElasticacheTopicToAWSAccountRelProperties = (
+        ElasticacheTopicToAWSAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class ElasticacheTopicToElasticacheClusterRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ElasticacheTopicToElasticacheClusterRel(CartographyRelSchema):
+    target_node_label: str = "ElasticacheCluster"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("cluster_arns", one_to_many=True)}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "CACHE_CLUSTER"
+    properties: ElasticacheTopicToElasticacheClusterRelProperties = (
+        ElasticacheTopicToElasticacheClusterRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class ElasticacheTopicSchema(CartographyNodeSchema):
+    label: str = "ElasticacheTopic"
+    properties: ElasticacheTopicNodeProperties = ElasticacheTopicNodeProperties()
+    sub_resource_relationship: ElasticacheTopicToAWSAccountRel = (
+        ElasticacheTopicToAWSAccountRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [ElasticacheTopicToElasticacheClusterRel()]
+    )

cartography/models/aws/eventbridge/rule.py

@@ -0,0 +1,77 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class EventBridgeRuleNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("Arn")
+    arn: PropertyRef = PropertyRef("Arn", extra_index=True)
+    name: PropertyRef = PropertyRef("Name")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    event_pattern: PropertyRef = PropertyRef("EventPattern")
+    state: PropertyRef = PropertyRef("State")
+    description: PropertyRef = PropertyRef("Description")
+    schedule_expression: PropertyRef = PropertyRef("ScheduleExpression")
+    role_arn: PropertyRef = PropertyRef("RoleArn")
+    managed_by: PropertyRef = PropertyRef("ManagedBy")
+    event_bus_name: PropertyRef = PropertyRef("EventBusName")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EventBridgeRuleToAwsAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EventBridgeRuleToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: EventBridgeRuleToAwsAccountRelProperties = (
+        EventBridgeRuleToAwsAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class EventBridgeRuleToAWSRoleRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EventBridgeRuleToAWSRoleRel(CartographyRelSchema):
+    target_node_label: str = "AWSRole"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("RoleArn")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ASSOCIATED_WITH"
+    properties: EventBridgeRuleToAWSRoleRelProperties = (
+        EventBridgeRuleToAWSRoleRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class EventBridgeRuleSchema(CartographyNodeSchema):
+    label: str = "EventBridgeRule"
+    properties: EventBridgeRuleNodeProperties = EventBridgeRuleNodeProperties()
+    sub_resource_relationship: EventBridgeRuleToAWSAccountRel = (
+        EventBridgeRuleToAWSAccountRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            EventBridgeRuleToAWSRoleRel(),
+        ]
+    )

cartography/models/aws/glue/connection.py

@@ -0,0 +1,51 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class GlueConnectionNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("Name")
+    arn: PropertyRef = PropertyRef("Name", extra_index=True)
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    description: PropertyRef = PropertyRef("Description")
+    connection_type: PropertyRef = PropertyRef("ConnectionType")
+    status: PropertyRef = PropertyRef("Status")
+    status_reason: PropertyRef = PropertyRef("StatusReason")
+    authentication_type: PropertyRef = PropertyRef("AuthenticationType")
+    secret_arn: PropertyRef = PropertyRef("SecretArn")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class GlueConnectionToAwsAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class GlueConnectionToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: GlueConnectionToAwsAccountRelProperties = (
+        GlueConnectionToAwsAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class GlueConnectionSchema(CartographyNodeSchema):
+    label: str = "GlueConnection"
+    properties: GlueConnectionNodeProperties = GlueConnectionNodeProperties()
+    sub_resource_relationship: GlueConnectionToAWSAccountRel = (
+        GlueConnectionToAWSAccountRel()
+    )

cartography/models/aws/identitycenter/awspermissionset.py

@@ -6,8 +6,10 @@ from cartography.models.core.nodes import CartographyNodeSchema
 from cartography.models.core.relationships import CartographyRelProperties
 from cartography.models.core.relationships import CartographyRelSchema
 from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_source_node_matcher
 from cartography.models.core.relationships import make_target_node_matcher
 from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import SourceNodeMatcher
 from cartography.models.core.relationships import TargetNodeMatcher
 
 
@@ -77,6 +79,48 @@ class AWSPermissionSetToAWSAccountRel(CartographyRelSchema):
     )
 
 
+@dataclass(frozen=True)
+class RoleAssignmentAllowedByRelProperties(CartographyRelProperties):
+    """
+    Properties for the ALLOWED_BY relationship between AWSRole and AWSSSOUser.
+    """
+
+    # Mandatory fields for MatchLinks
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+    _sub_resource_label: PropertyRef = PropertyRef(
+        "_sub_resource_label", set_in_kwargs=True
+    )
+    _sub_resource_id: PropertyRef = PropertyRef("_sub_resource_id", set_in_kwargs=True)
+
+    # Role assignment specific properties
+    permission_set_arn: PropertyRef = PropertyRef("PermissionSetArn")
+
+
+@dataclass(frozen=True)
+class RoleAssignmentAllowedByMatchLink(CartographyRelSchema):
+    """
+    MatchLink schema for ALLOWED_BY relationships from role assignments.
+    Creates relationships like: (AWSRole)-[:ALLOWED_BY]->(AWSSSOUser)
+    """
+
+    # MatchLink-specific fields for AWSRole as source
+    source_node_label: str = "AWSRole"
+    source_node_matcher: SourceNodeMatcher = make_source_node_matcher(
+        {"arn": PropertyRef("RoleArn")},
+    )
+
+    # Standard CartographyRelSchema fields for AWSSSOUser as target
+    target_node_label: str = "AWSSSOUser"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("UserId")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ALLOWED_BY"
+    properties: RoleAssignmentAllowedByRelProperties = (
+        RoleAssignmentAllowedByRelProperties()
+    )
+
+
 @dataclass(frozen=True)
 class AWSPermissionSetSchema(CartographyNodeSchema):
     label: str = "AWSPermissionSet"

cartography/models/aws/kms/aliases.py

@@ -0,0 +1,86 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class KMSAliasNodeProperties(CartographyNodeProperties):
+    """
+    Properties for AWS KMS Alias
+    """
+
+    id: PropertyRef = PropertyRef("AliasArn")
+    arn: PropertyRef = PropertyRef("AliasArn", extra_index=True)
+    alias_name: PropertyRef = PropertyRef("AliasName", extra_index=True)
+    target_key_id: PropertyRef = PropertyRef("TargetKeyId")
+
+    # Date properties (will be converted to epoch timestamps)
+    creation_date: PropertyRef = PropertyRef("CreationDate")
+    last_updated_date: PropertyRef = PropertyRef("LastUpdatedDate")
+
+    # Standard cartography properties
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KMSAliasRelProperties(CartographyRelProperties):
+    """
+    Properties for relationships between KMS Alias and other nodes
+    """
+
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KMSAliasToAWSAccountRel(CartographyRelSchema):
+    """
+    Relationship between KMS Alias and AWS Account
+    """
+
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: KMSAliasRelProperties = KMSAliasRelProperties()
+
+
+@dataclass(frozen=True)
+class KMSAliasToKMSKeyRel(CartographyRelSchema):
+    """
+    Relationship between KMS Alias and its associated KMS Key
+    """
+
+    target_node_label: str = "KMSKey"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("TargetKeyId")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "KNOWN_AS"
+    properties: KMSAliasRelProperties = KMSAliasRelProperties()
+
+
+@dataclass(frozen=True)
+class KMSAliasSchema(CartographyNodeSchema):
+    """
+    Schema for AWS KMS Alias
+    """
+
+    label: str = "KMSAlias"
+    properties: KMSAliasNodeProperties = KMSAliasNodeProperties()
+    sub_resource_relationship: KMSAliasToAWSAccountRel = KMSAliasToAWSAccountRel()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            KMSAliasToKMSKeyRel(),
+        ],
+    )

cartography/models/aws/kms/grants.py

@@ -0,0 +1,65 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class KMSGrantNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("GrantId")
+    grant_id: PropertyRef = PropertyRef("GrantId", extra_index=True)
+    name: PropertyRef = PropertyRef("Name")
+    grantee_principal: PropertyRef = PropertyRef("GranteePrincipal")
+    creation_date: PropertyRef = PropertyRef("CreationDate")
+    key_id: PropertyRef = PropertyRef("KeyId")
+    issuing_account: PropertyRef = PropertyRef("IssuingAccount")
+    operations: PropertyRef = PropertyRef("Operations")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KMSGrantRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KMSGrantToKMSKeyRel(CartographyRelSchema):
+    target_node_label: str = "KMSKey"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("KeyId")}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "APPLIED_ON"
+    properties: KMSGrantRelProperties = KMSGrantRelProperties()
+
+
+@dataclass(frozen=True)
+class KMSGrantToAWSAccountRel(CartographyRelSchema):
+    """
+    Relationship between KMSGrant and AWS Account
+    """
+
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: KMSGrantRelProperties = KMSGrantRelProperties()
+
+
+@dataclass(frozen=True)
+class KMSGrantSchema(CartographyNodeSchema):
+    label: str = "KMSGrant"
+    properties: KMSGrantNodeProperties = KMSGrantNodeProperties()
+    sub_resource_relationship: KMSGrantToAWSAccountRel = KMSGrantToAWSAccountRel()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [KMSGrantToKMSKeyRel()]
+    )

cartography/models/aws/kms/keys.py

@@ -0,0 +1,88 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class KMSKeyNodeProperties(CartographyNodeProperties):
+    """
+    Properties for AWS KMS Key
+    """
+
+    id: PropertyRef = PropertyRef("KeyId")
+    arn: PropertyRef = PropertyRef("Arn", extra_index=True)
+    key_id: PropertyRef = PropertyRef("KeyId", extra_index=True)
+    description: PropertyRef = PropertyRef("Description")
+
+    # Key configuration properties
+    enabled: PropertyRef = PropertyRef("Enabled")
+    key_state: PropertyRef = PropertyRef("KeyState")
+    key_usage: PropertyRef = PropertyRef("KeyUsage")
+    key_manager: PropertyRef = PropertyRef("KeyManager")
+    origin: PropertyRef = PropertyRef("Origin")
+
+    # Date properties (will be converted to epoch timestamps)
+    creation_date: PropertyRef = PropertyRef("CreationDate")
+    deletion_date: PropertyRef = PropertyRef("DeletionDate")
+    valid_to: PropertyRef = PropertyRef("ValidTo")
+
+    # Key store properties
+    custom_key_store_id: PropertyRef = PropertyRef("CustomKeyStoreId")
+    cloud_hsm_cluster_id: PropertyRef = PropertyRef("CloudHsmClusterId")
+    expiration_model: PropertyRef = PropertyRef("ExpirationModel")
+
+    # Key spec and algorithms
+    customer_master_key_spec: PropertyRef = PropertyRef("CustomerMasterKeySpec")
+    encryption_algorithms: PropertyRef = PropertyRef("EncryptionAlgorithms")
+    signing_algorithms: PropertyRef = PropertyRef("SigningAlgorithms")
+
+    # Policy analysis properties
+    anonymous_access: PropertyRef = PropertyRef("anonymous_access")
+    anonymous_actions: PropertyRef = PropertyRef("anonymous_actions")
+
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KMSKeyRelProperties(CartographyRelProperties):
+    """
+    Properties for relationships between KMSKey and other nodes
+    """
+
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KMSKeyToAWSAccountRel(CartographyRelSchema):
+    """
+    Relationship between KMSKey and AWS Account
+    """
+
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: KMSKeyRelProperties = KMSKeyRelProperties()
+
+
+@dataclass(frozen=True)
+class KMSKeySchema(CartographyNodeSchema):
+    """
+    Schema for AWS KMS Key
+    """
+
+    label: str = "KMSKey"
+    properties: KMSKeyNodeProperties = KMSKeyNodeProperties()
+    sub_resource_relationship: KMSKeyToAWSAccountRel = KMSKeyToAWSAccountRel()
+    other_relationships: OtherRelationships = OtherRelationships([])