cartography 0.108.0rc1__py3-none-any.whl → 0.109.0rc1__py3-none-any.whl

cartography/intel/gcp/compute.py

@@ -14,6 +14,9 @@ import neo4j
 from googleapiclient.discovery import HttpError
 from googleapiclient.discovery import Resource
 
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.models.gcp.compute.vpc import GCPVpcSchema
 from cartography.util import run_cleanup_job
 from cartography.util import timeit
 
@@ -600,48 +603,17 @@ def load_gcp_instances(
 @timeit
 def load_gcp_vpcs(
     neo4j_session: neo4j.Session,
-    vpcs: List[Dict],
+    vpcs: list[dict[str, Any]],
     gcp_update_tag: int,
+    project_id: str,
 ) -> None:
-    """
-    Ingest VPCs to Neo4j
-    :param neo4j_session: The Neo4j session object
-    :param vpcs: List of VPCs to ingest
-    :param gcp_update_tag: The timestamp value to set our new Neo4j nodes with
-    :return: Nothing
-    """
-    query = """
-    MERGE(p:GCPProject{id:$ProjectId})
-    ON CREATE SET p.firstseen = timestamp()
-    SET p.lastupdated = $gcp_update_tag
-
-    MERGE(vpc:GCPVpc{id:$PartialUri})
-    ON CREATE SET vpc.firstseen = timestamp(),
-    vpc.partial_uri = $PartialUri
-    SET vpc.self_link = $SelfLink,
-    vpc.name = $VpcName,
-    vpc.project_id = $ProjectId,
-    vpc.auto_create_subnetworks = $AutoCreateSubnetworks,
-    vpc.routing_config_routing_mode = $RoutingMode,
-    vpc.description = $Description,
-    vpc.lastupdated = $gcp_update_tag
-
-    MERGE (p)-[r:RESOURCE]->(vpc)
-    ON CREATE SET r.firstseen = timestamp()
-    SET r.lastupdated = $gcp_update_tag
-    """
-    for vpc in vpcs:
-        neo4j_session.run(
-            query,
-            ProjectId=vpc["project_id"],
-            PartialUri=vpc["partial_uri"],
-            SelfLink=vpc["self_link"],
-            VpcName=vpc["name"],
-            AutoCreateSubnetworks=vpc["auto_create_subnetworks"],
-            RoutingMode=vpc["routing_config_routing_mode"],
-            Description=vpc["description"],
-            gcp_update_tag=gcp_update_tag,
-        )
+    load(
+        neo4j_session,
+        GCPVpcSchema(),
+        vpcs,
+        PROJECT_ID=project_id,
+        LASTUPDATED=gcp_update_tag,
+    )
 
 
 @timeit
@@ -1159,6 +1131,12 @@ def cleanup_gcp_vpcs(neo4j_session: neo4j.Session, common_job_parameters: Dict)
     :param common_job_parameters: dict of other job parameters to pass to Neo4j
     :return: Nothing
     """
+    GraphJob.from_node_schema(
+        GCPVpcSchema(),
+        common_job_parameters,
+    ).run(neo4j_session)
+
+    # TODO: remove this once we refactor GCP instances and add the instance to vpc rel as an object
     run_cleanup_job(
         "gcp_compute_vpc_cleanup.json",
         neo4j_session,
@@ -1267,8 +1245,7 @@ def sync_gcp_vpcs(
     """
     vpc_res = get_gcp_vpcs(project_id, compute)
     vpcs = transform_gcp_vpcs(vpc_res)
-    load_gcp_vpcs(neo4j_session, vpcs, gcp_update_tag)
-    # TODO scope the cleanup to the current project - https://github.com/cartography-cncf/cartography/issues/381
+    load_gcp_vpcs(neo4j_session, vpcs, gcp_update_tag, project_id)
     cleanup_gcp_vpcs(neo4j_session, common_job_parameters)
 
 

cartography/models/aws/cloudtrail/management_events.py

@@ -29,12 +29,6 @@ class AssumedRoleRelProperties(CartographyRelProperties):
     times_used: PropertyRef = PropertyRef("times_used")
     first_seen_in_time_window: PropertyRef = PropertyRef("first_seen_in_time_window")
 
-    # Event type tracking properties
-    event_types: PropertyRef = PropertyRef("event_types")
-    assume_role_count: PropertyRef = PropertyRef("assume_role_count")
-    saml_count: PropertyRef = PropertyRef("saml_count")
-    web_identity_count: PropertyRef = PropertyRef("web_identity_count")
-
 
 @dataclass(frozen=True)
 class AssumedRoleMatchLink(CartographyRelSchema):
@@ -62,3 +56,98 @@ class AssumedRoleMatchLink(CartographyRelSchema):
     direction: LinkDirection = LinkDirection.OUTWARD
     rel_label: str = "ASSUMED_ROLE"
     properties: AssumedRoleRelProperties = AssumedRoleRelProperties()
+
+
+@dataclass(frozen=True)
+class AssumedRoleWithSAMLRelProperties(CartographyRelProperties):
+    """
+    Properties for the ASSUMED_ROLE_WITH_SAML relationship representing SAML-based role assumption events.
+    Focuses specifically on SAML federated identity role assumptions.
+    """
+
+    # Mandatory fields for MatchLinks
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+    _sub_resource_label: PropertyRef = PropertyRef(
+        "_sub_resource_label", set_in_kwargs=True
+    )
+    _sub_resource_id: PropertyRef = PropertyRef("_sub_resource_id", set_in_kwargs=True)
+
+    # CloudTrail-specific relationship properties
+    last_used: PropertyRef = PropertyRef("last_used")
+    times_used: PropertyRef = PropertyRef("times_used")
+    first_seen_in_time_window: PropertyRef = PropertyRef("first_seen_in_time_window")
+
+
+@dataclass(frozen=True)
+class AssumedRoleWithSAMLMatchLink(CartographyRelSchema):
+    """
+    MatchLink schema for ASSUMED_ROLE_WITH_SAML relationships from CloudTrail SAML events.
+    Creates relationships like: (AWSRole)-[:ASSUMED_ROLE_WITH_SAML]->(AWSRole)
+
+    This MatchLink handles SAML-based role assumption relationships discovered via CloudTrail
+    AssumeRoleWithSAML events. It creates separate relationships from regular AssumeRole events
+    to preserve visibility into authentication methods used.
+    """
+
+    # MatchLink-specific fields
+    source_node_label: str = "AWSSSOUser"  # Match against AWS SSO User nodes
+    source_node_matcher: SourceNodeMatcher = make_source_node_matcher(
+        {"user_name": PropertyRef("source_principal_arn")},
+    )
+
+    # Standard CartographyRelSchema fields
+    target_node_label: str = "AWSRole"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("destination_principal_arn")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ASSUMED_ROLE_WITH_SAML"
+    properties: AssumedRoleWithSAMLRelProperties = AssumedRoleWithSAMLRelProperties()
+
+
+@dataclass(frozen=True)
+class AssumeRoleWithWebIdentityRelProperties(CartographyRelProperties):
+    """
+    Properties for the ASSUMED_ROLE_WITH_WEB_IDENTITY relationship representing web identity-based role assumption events.
+    Focuses specifically on web identity federation role assumptions (Google, Amazon, Facebook, etc.).
+    """
+
+    # Mandatory fields for MatchLinks
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+    _sub_resource_label: PropertyRef = PropertyRef(
+        "_sub_resource_label", set_in_kwargs=True
+    )
+    _sub_resource_id: PropertyRef = PropertyRef("_sub_resource_id", set_in_kwargs=True)
+
+    # CloudTrail-specific relationship properties
+    last_used: PropertyRef = PropertyRef("last_used")
+    times_used: PropertyRef = PropertyRef("times_used")
+    first_seen_in_time_window: PropertyRef = PropertyRef("first_seen_in_time_window")
+
+
+@dataclass(frozen=True)
+class GitHubRepoAssumeRoleWithWebIdentityMatchLink(CartographyRelSchema):
+    """
+    MatchLink schema for ASSUMED_ROLE_WITH_WEB_IDENTITY relationships from GitHub Actions to AWS roles.
+    Creates relationships like: (GitHubRepository)-[:ASSUMED_ROLE_WITH_WEB_IDENTITY]->(AWSRole)
+
+    This MatchLink provides granular visibility into which specific GitHub repositories are assuming
+    AWS roles via GitHub Actions OIDC, rather than just showing provider-level relationships.
+    """
+
+    # MatchLink-specific fields for GitHub repositories
+    source_node_label: str = "GitHubRepository"
+    source_node_matcher: SourceNodeMatcher = make_source_node_matcher(
+        {"fullname": PropertyRef("source_repo_fullname")},
+    )
+
+    # Standard CartographyRelSchema fields
+    target_node_label: str = "AWSRole"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("destination_principal_arn")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ASSUMED_ROLE_WITH_WEB_IDENTITY"
+    properties: AssumeRoleWithWebIdentityRelProperties = (
+        AssumeRoleWithWebIdentityRelProperties()
+    )

cartography/models/aws/cloudtrail/trail.py

@@ -73,6 +73,26 @@ class CloudTrailTrailToS3BucketRel(CartographyRelSchema):
     )
 
 
+@dataclass(frozen=True)
+class CloudTrailTrailToCloudWatchLogGroupRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class CloudTrailTrailToCloudWatchLogGroupRel(CartographyRelSchema):
+    target_node_label: str = "CloudWatchLogGroup"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {
+            "id": PropertyRef("CloudWatchLogsLogGroupArn"),
+        }
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "SENDS_LOGS_TO_CLOUDWATCH"
+    properties: CloudTrailTrailToCloudWatchLogGroupRelProperties = (
+        CloudTrailTrailToCloudWatchLogGroupRelProperties()
+    )
+
+
 @dataclass(frozen=True)
 class CloudTrailTrailSchema(CartographyNodeSchema):
     label: str = "CloudTrailTrail"
@@ -81,5 +101,6 @@ class CloudTrailTrailSchema(CartographyNodeSchema):
     other_relationships: OtherRelationships = OtherRelationships(
         [
             CloudTrailTrailToS3BucketRel(),
+            CloudTrailTrailToCloudWatchLogGroupRel(),
         ]
     )

cartography/models/aws/cloudwatch/metric_alarm.py

@@ -0,0 +1,53 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class CloudWatchMetricAlarmNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("AlarmArn")
+    arn: PropertyRef = PropertyRef("AlarmArn", extra_index=True)
+    alarm_name: PropertyRef = PropertyRef("AlarmName")
+    alarm_description: PropertyRef = PropertyRef("AlarmDescription")
+    state_value: PropertyRef = PropertyRef("StateValue")
+    state_reason: PropertyRef = PropertyRef("StateReason")
+    actions_enabled: PropertyRef = PropertyRef("ActionsEnabled")
+    comparison_operator: PropertyRef = PropertyRef("ComparisonOperator")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class CloudWatchMetricAlarmToAwsAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class CloudWatchMetricAlarmToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: CloudWatchMetricAlarmToAwsAccountRelProperties = (
+        CloudWatchMetricAlarmToAwsAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class CloudWatchMetricAlarmSchema(CartographyNodeSchema):
+    label: str = "CloudWatchMetricAlarm"
+    properties: CloudWatchMetricAlarmNodeProperties = (
+        CloudWatchMetricAlarmNodeProperties()
+    )
+    sub_resource_relationship: CloudWatchMetricAlarmToAWSAccountRel = (
+        CloudWatchMetricAlarmToAWSAccountRel()
+    )

cartography/models/aws/ec2/subnets.py

@@ -0,0 +1,65 @@
+from dataclasses import dataclass
+
+from cartography.models.aws.ec2.auto_scaling_groups import EC2SubnetToAWSAccountRel
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class EC2SubnetNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("SubnetId")
+    subnetid: PropertyRef = PropertyRef("SubnetId", extra_index=True)
+    subnet_id: PropertyRef = PropertyRef("SubnetId", extra_index=True)
+    subnet_arn: PropertyRef = PropertyRef("SubnetArn")
+    name: PropertyRef = PropertyRef("CidrBlock")
+    cidr_block: PropertyRef = PropertyRef("CidrBlock")
+    available_ip_address_count: PropertyRef = PropertyRef("AvailableIpAddressCount")
+    default_for_az: PropertyRef = PropertyRef("DefaultForAz")
+    map_customer_owned_ip_on_launch: PropertyRef = PropertyRef(
+        "MapCustomerOwnedIpOnLaunch"
+    )
+    state: PropertyRef = PropertyRef("State")
+    assignipv6addressoncreation: PropertyRef = PropertyRef(
+        "AssignIpv6AddressOnCreation"
+    )
+    map_public_ip_on_launch: PropertyRef = PropertyRef("MapPublicIpOnLaunch")
+    availability_zone: PropertyRef = PropertyRef("AvailabilityZone")
+    availability_zone_id: PropertyRef = PropertyRef("AvailabilityZoneId")
+    vpc_id: PropertyRef = PropertyRef("VpcId")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EC2SubnetToVpcRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EC2SubnetToVpcRel(CartographyRelSchema):
+    target_node_label: str = "AWSVpc"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("VpcId")}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "MEMBER_OF_AWS_VPC"
+    properties: EC2SubnetToVpcRelProperties = EC2SubnetToVpcRelProperties()
+
+
+@dataclass(frozen=True)
+class EC2SubnetSchema(CartographyNodeSchema):
+    label: str = "EC2Subnet"
+    properties: EC2SubnetNodeProperties = EC2SubnetNodeProperties()
+    sub_resource_relationship: EC2SubnetToAWSAccountRel = EC2SubnetToAWSAccountRel()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            EC2SubnetToVpcRel(),
+        ]
+    )

cartography/models/aws/ecr/image.py

@@ -0,0 +1,41 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class ECRImageNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("imageDigest")
+    digest: PropertyRef = PropertyRef("imageDigest")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECRImageToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECRImageToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: ECRImageToAWSAccountRelProperties = ECRImageToAWSAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class ECRImageSchema(CartographyNodeSchema):
+    label: str = "ECRImage"
+    properties: ECRImageNodeProperties = ECRImageNodeProperties()
+    sub_resource_relationship: ECRImageToAWSAccountRel = ECRImageToAWSAccountRel()

cartography/models/aws/ecr/repository.py

@@ -0,0 +1,72 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class ECRRepositoryNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("repositoryArn")
+    arn: PropertyRef = PropertyRef("repositoryArn", extra_index=True)
+    name: PropertyRef = PropertyRef("repositoryName", extra_index=True)
+    uri: PropertyRef = PropertyRef("repositoryUri", extra_index=True)
+    created_at: PropertyRef = PropertyRef("createdAt")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECRRepositoryToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECRRepositoryToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: ECRRepositoryToAWSAccountRelProperties = (
+        ECRRepositoryToAWSAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class ECRRepositoryToRepositoryImageRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECRRepositoryToRepositoryImageRel(CartographyRelSchema):
+    target_node_label: str = "ECRRepositoryImage"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("id")}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "REPO_IMAGE"
+    properties: ECRRepositoryToRepositoryImageRelProperties = (
+        ECRRepositoryToRepositoryImageRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class ECRRepositorySchema(CartographyNodeSchema):
+    label: str = "ECRRepository"
+    properties: ECRRepositoryNodeProperties = ECRRepositoryNodeProperties()
+    sub_resource_relationship: ECRRepositoryToAWSAccountRel = (
+        ECRRepositoryToAWSAccountRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            ECRRepositoryToRepositoryImageRel(),
+        ]
+    )

cartography/models/aws/ecr/repository_image.py

@@ -0,0 +1,95 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class ECRRepositoryImageNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    tag: PropertyRef = PropertyRef("imageTag")
+    uri: PropertyRef = PropertyRef("uri")
+    repo_uri: PropertyRef = PropertyRef("repo_uri")
+    image_size_bytes: PropertyRef = PropertyRef("imageSizeInBytes")
+    image_pushed_at: PropertyRef = PropertyRef("imagePushedAt")
+    image_manifest_media_type: PropertyRef = PropertyRef("imageManifestMediaType")
+    artifact_media_type: PropertyRef = PropertyRef("artifactMediaType")
+    last_recorded_pull_time: PropertyRef = PropertyRef("lastRecordedPullTime")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECRRepositoryImageToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECRRepositoryImageToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: ECRRepositoryImageToAWSAccountRelProperties = (
+        ECRRepositoryImageToAWSAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class ECRRepositoryImageToECRRepositoryRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECRRepositoryImageToECRRepositoryRel(CartographyRelSchema):
+    target_node_label: str = "ECRRepository"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"uri": PropertyRef("repo_uri")}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "REPO_IMAGE"
+    properties: ECRRepositoryImageToECRRepositoryRelProperties = (
+        ECRRepositoryImageToECRRepositoryRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class ECRRepositoryImageToECRImageRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECRRepositoryImageToECRImageRel(CartographyRelSchema):
+    target_node_label: str = "ECRImage"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("imageDigest")}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "IMAGE"
+    properties: ECRRepositoryImageToECRImageRelProperties = (
+        ECRRepositoryImageToECRImageRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class ECRRepositoryImageSchema(CartographyNodeSchema):
+    label: str = "ECRRepositoryImage"
+    properties: ECRRepositoryImageNodeProperties = ECRRepositoryImageNodeProperties()
+    sub_resource_relationship: ECRRepositoryImageToAWSAccountRel = (
+        ECRRepositoryImageToAWSAccountRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            ECRRepositoryImageToECRRepositoryRel(),
+            ECRRepositoryImageToECRImageRel(),
+        ]
+    )

cartography/models/aws/elasticache/cluster.py

@@ -0,0 +1,65 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class ElasticacheClusterNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("ARN")
+    arn: PropertyRef = PropertyRef("ARN", extra_index=True)
+    cache_cluster_id: PropertyRef = PropertyRef("CacheClusterId")
+    cache_node_type: PropertyRef = PropertyRef("CacheNodeType")
+    engine: PropertyRef = PropertyRef("Engine")
+    engine_version: PropertyRef = PropertyRef("EngineVersion")
+    cache_cluster_status: PropertyRef = PropertyRef("CacheClusterStatus")
+    num_cache_nodes: PropertyRef = PropertyRef("NumCacheNodes")
+    preferred_availability_zone: PropertyRef = PropertyRef("PreferredAvailabilityZone")
+    preferred_maintenance_window: PropertyRef = PropertyRef(
+        "PreferredMaintenanceWindow"
+    )
+    cache_cluster_create_time: PropertyRef = PropertyRef("CacheClusterCreateTime")
+    cache_subnet_group_name: PropertyRef = PropertyRef("CacheSubnetGroupName")
+    auto_minor_version_upgrade: PropertyRef = PropertyRef("AutoMinorVersionUpgrade")
+    replication_group_id: PropertyRef = PropertyRef("ReplicationGroupId")
+    snapshot_retention_limit: PropertyRef = PropertyRef("SnapshotRetentionLimit")
+    snapshot_window: PropertyRef = PropertyRef("SnapshotWindow")
+    auth_token_enabled: PropertyRef = PropertyRef("AuthTokenEnabled")
+    transit_encryption_enabled: PropertyRef = PropertyRef("TransitEncryptionEnabled")
+    at_rest_encryption_enabled: PropertyRef = PropertyRef("AtRestEncryptionEnabled")
+    topic_arn: PropertyRef = PropertyRef("TopicArn")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ElasticacheClusterToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ElasticacheClusterToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: ElasticacheClusterToAWSAccountRelProperties = (
+        ElasticacheClusterToAWSAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class ElasticacheClusterSchema(CartographyNodeSchema):
+    label: str = "ElasticacheCluster"
+    properties: ElasticacheClusterNodeProperties = ElasticacheClusterNodeProperties()
+    sub_resource_relationship: ElasticacheClusterToAWSAccountRel = (
+        ElasticacheClusterToAWSAccountRel()
+    )