cartography 0.111.0rc1__py3-none-any.whl → 0.113.0__py3-none-any.whl

cartography/_version.py

@@ -28,7 +28,7 @@ version_tuple: VERSION_TUPLE
 commit_id: COMMIT_ID
 __commit_id__: COMMIT_ID
 
-__version__ = version = '0.111.0rc1'
-__version_tuple__ = version_tuple = (0, 111, 0, 'rc1')
+__version__ = version = '0.113.0'
+__version_tuple__ = version_tuple = (0, 113, 0)
 
 __commit_id__ = commit_id = None

cartography/cli.py

@@ -234,6 +234,11 @@ class CLI:
                 "The name of environment variable containing Azure Client Secret for Service Principal Authentication."
             ),
         )
+        parser.add_argument(
+            "--azure-subscription-id",
+            type=str,
+            help="The Azure Subscription ID to sync.",
+        )
         parser.add_argument(
             "--entra-tenant-id",
             type=str,
@@ -394,6 +399,12 @@ class CLI:
                 "The path to kubeconfig file specifying context to access K8s cluster(s)."
             ),
         )
+        parser.add_argument(
+            "--managed-kubernetes",
+            default=None,
+            type=str,
+            help=("Type of managed Kubernetes service (e.g., 'eks'). Optional."),
+        )
         parser.add_argument(
             "--nist-cve-url",
             type=str,
@@ -762,6 +773,42 @@ class CLI:
                 "Required if you are using the SentinelOne intel module. Ignored otherwise."
             ),
         )
+        parser.add_argument(
+            "--keycloak-client-id",
+            type=str,
+            default=None,
+            help=(
+                "The Keycloak client ID to sync. "
+                "Required if you are using the Keycloak intel module. Ignored otherwise."
+            ),
+        )
+        parser.add_argument(
+            "--keycloak-client-secret-env-var",
+            type=str,
+            default="KEYCLOAK_CLIENT_SECRET",
+            help=(
+                "The name of an environment variable containing the Keycloak client secret. "
+                "Required if you are using the Keycloak intel module. Ignored otherwise."
+            ),
+        )
+        parser.add_argument(
+            "--keycloak-url",
+            type=str,
+            help=(
+                "The base URL for the Keycloak instance. "
+                "Required if you are using the Keycloak intel module. Ignored otherwise. "
+            ),
+        )
+        parser.add_argument(
+            "--keycloak-realm",
+            type=str,
+            default="master",
+            help=(
+                "The Keycloak realm used for authentication (note: all available realms will be synced). "
+                "Should be `master` (default value) in most of the cases. "
+                "Required if you are using the Keycloak intel module. Ignored otherwise. "
+            ),
+        )
 
         return parser
 
@@ -1133,6 +1180,16 @@ class CLI:
         else:
             config.sentinelone_api_token = None
 
+        if config.keycloak_client_secret_env_var:
+            logger.debug(
+                f"Reading Client Secret for Keycloak from environment variable {config.keycloak_client_secret_env_var}",
+            )
+            config.keycloak_client_secret = os.environ.get(
+                config.keycloak_client_secret_env_var
+            )
+        else:
+            config.keycloak_client_secret = None
+
         # Run cartography
         try:
             return cartography.sync.run_with_config(self.sync, config)

cartography/config.py

@@ -45,6 +45,8 @@ class Config:
     :param azure_client_id: Client Id for connecting in a Service Principal Authentication approach. Optional.
     :type azure_client_secret: str
     :param azure_client_secret: Client Secret for connecting in a Service Principal Authentication approach. Optional.
+    :type azure_subscription_id: str | None
+    :param azure_subscription_id: The Azure Subscription ID to sync.
     :type entra_tenant_id: str
     :param entra_tenant_id: Tenant Id for connecting in a Service Principal Authentication approach. Optional.
     :type entra_client_id: str
@@ -92,6 +94,8 @@ class Config:
     :param statsd_port: If statsd_enabled is True, send metrics to this port on statsd_host. Optional.
     :type: k8s_kubeconfig: str
     :param k8s_kubeconfig: Path to kubeconfig file for kubernetes cluster(s). Optional
+    :type: managed_kubernetes: str
+    :param managed_kubernetes: Type of managed Kubernetes service (e.g., "eks"). Optional.
     :type: pagerduty_api_key: str
     :param pagerduty_api_key: API authentication key for pagerduty. Optional.
     :type: pagerduty_request_timeout: int
@@ -166,6 +170,14 @@ class Config:
     :param sentinelone_api_token: SentinelOne API token for authentication. Optional.
     :type sentinelone_account_ids: list[str]
     :param sentinelone_account_ids: List of SentinelOne account IDs to sync. Optional.
+    :type keycloak_client_id: str
+    :param keycloak_client_id: Keycloak client ID for API authentication. Optional.
+    :type keycloak_client_secret: str
+    :param keycloak_client_secret: Keycloak client secret for API authentication. Optional.
+    :type keycloak_realm: str
+    :param keycloak_realm: Keycloak realm for authentication (all realms will be synced). Optional.
+    :type keycloak_url: str
+    :param keycloak_url: Keycloak base URL, e.g. https://keycloak.example.com. Optional.
     """
 
     def __init__(
@@ -186,6 +198,7 @@ class Config:
         azure_tenant_id=None,
         azure_client_id=None,
         azure_client_secret=None,
+        azure_subscription_id: str | None = None,
         entra_tenant_id=None,
         entra_client_id=None,
         entra_client_secret=None,
@@ -206,6 +219,7 @@ class Config:
         kandji_tenant_id=None,
         kandji_token=None,
         k8s_kubeconfig=None,
+        managed_kubernetes=None,
         statsd_enabled=False,
         statsd_prefix=None,
         statsd_host=None,
@@ -252,6 +266,10 @@ class Config:
         sentinelone_api_url=None,
         sentinelone_api_token=None,
         sentinelone_account_ids=None,
+        keycloak_client_id=None,
+        keycloak_client_secret=None,
+        keycloak_realm=None,
+        keycloak_url=None,
     ):
         self.neo4j_uri = neo4j_uri
         self.neo4j_user = neo4j_user
@@ -271,6 +289,7 @@ class Config:
         self.azure_tenant_id = azure_tenant_id
         self.azure_client_id = azure_client_id
         self.azure_client_secret = azure_client_secret
+        self.azure_subscription_id = azure_subscription_id
         self.entra_tenant_id = entra_tenant_id
         self.entra_client_id = entra_client_id
         self.entra_client_secret = entra_client_secret
@@ -291,6 +310,7 @@ class Config:
         self.kandji_tenant_id = kandji_tenant_id
         self.kandji_token = kandji_token
         self.k8s_kubeconfig = k8s_kubeconfig
+        self.managed_kubernetes = managed_kubernetes
         self.statsd_enabled = statsd_enabled
         self.statsd_prefix = statsd_prefix
         self.statsd_host = statsd_host
@@ -337,3 +357,7 @@ class Config:
         self.sentinelone_api_url = sentinelone_api_url
         self.sentinelone_api_token = sentinelone_api_token
         self.sentinelone_account_ids = sentinelone_account_ids
+        self.keycloak_client_id = keycloak_client_id
+        self.keycloak_client_secret = keycloak_client_secret
+        self.keycloak_realm = keycloak_realm
+        self.keycloak_url = keycloak_url

cartography/data/indexes.cypher

@@ -29,8 +29,6 @@ CREATE INDEX IF NOT EXISTS FOR (n:AWSIpv4CidrBlock) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSIpv4CidrBlock) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSIpv6CidrBlock) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSIpv6CidrBlock) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSPeeringConnection) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSPeeringConnection) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSPolicy) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSPolicy) ON (n.name);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSPolicy) ON (n.lastupdated);
@@ -102,10 +100,6 @@ CREATE INDEX IF NOT EXISTS FOR (n:ESDomain) ON (n.arn);
 CREATE INDEX IF NOT EXISTS FOR (n:ESDomain) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:ESDomain) ON (n.name);
 CREATE INDEX IF NOT EXISTS FOR (n:ESDomain) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:GCPDNSZone) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:GCPDNSZone) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:GCPRecordSet) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:GCPRecordSet) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:GCPFolder) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:GCPFolder) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:GCPForwardingRule) ON (n.id);

cartography/data/jobs/analysis/keycloak_inheritance.json

@@ -0,0 +1,30 @@
+{
+  "statements": [
+    {
+        "__comment__": "Inherit group memberships from subgroups to parent groups",
+        "query": "MATCH (u:KeycloakUser)-[:MEMBER_OF]->(g:KeycloakGroup)-[:SUBGROUP_OF*1..5]->(pg:KeycloakGroup) MERGE (u)-[r:INHERITED_MEMBER_OF]->(pg) ON CREATE SET r.firstseen = $UPDATE_TAG SET r.lastupdated = $UPDATE_TAG",
+        "iterative": false
+    },
+    {
+        "__comment__": "Assign roles to users based on group memberships",
+        "query": "MATCH (u:KeycloakUser)-[:MEMBER_OF|INHERITED_MEMBER_OR]->(g:KeycloakGroup)-[:GRANTS]->(r:KeycloakRole) MERGE (u)-[r0:ASSUME_ROLE]-(r) ON CREATE SET r0.firstseen = $UPDATE_TAG SET r0.lastupdated = $UPDATE_TAG",
+        "iterative": false
+    },
+    {
+        "__comment__": "Propagate role grants to composite roles",
+        "query": "MATCH (r:KeycloakRole)-[:INCLUDES*1..5]->(c:KeycloakRole)-[:GRANTS]->(s:KeycloakScope) MERGE (r)-[r0:INDIRECT_GRANTS]-(s) ON CREATE SET r0.firstseen = $UPDATE_TAG SET r0.lastupdated = $UPDATE_TAG",
+        "iterative": false
+    },
+    {
+        "__comment__": "Identify legitimate scopes for users based on assumed roles",
+        "query": "MATCH (u:KeycloakUser)-[:ASSUME_ROLE]-(:KeycloakRole)-[:GRANTS|INDIRECT_GRANTS]->(s:KeycloakScope) MERGE (u)-[r:ASSUME_SCOPE]->(s) ON CREATE SET r.firstseen = $UPDATE_TAG SET r.lastupdated = $UPDATE_TAG",
+        "iterative": false
+    },
+    {
+        "__comment__": "Assign assumed scopes to users for orphan scopes (scopes not granted by any role)",
+        "query": "MATCH (s:KeycloakScope)<-[:RESOURCE]-(r:KeycloakRealm) MATCH (u:KeycloakUser)<-[:RESOURCE]-(r) WHERE NOT (s)<-[:GRANTS|INDIRECT_GRANTS]-(:KeycloakRole) MERGE (u)-[r0:ASSUME_SCOPE]->(s) SET r0.firstseen = $UPDATE_TAG SET r0.lastupdated = $UPDATE_TAG",
+        "iterative": false
+    }
+  ],
+  "name": "Keycloak inheritance analysis"
+}

cartography/intel/aws/apigateway.py

@@ -22,6 +22,10 @@ from cartography.models.aws.apigateway.apigatewaycertificate import (
 from cartography.models.aws.apigateway.apigatewaydeployment import (
     APIGatewayDeploymentSchema,
 )
+from cartography.models.aws.apigateway.apigatewayintegration import (
+    APIGatewayIntegrationSchema,
+)
+from cartography.models.aws.apigateway.apigatewaymethod import APIGatewayMethodSchema
 from cartography.models.aws.apigateway.apigatewayresource import (
     APIGatewayResourceSchema,
 )
@@ -84,7 +88,7 @@ def get_rest_api_details(
     boto3_session: boto3.session.Session,
     rest_apis: List[Dict],
     region: str,
-) -> List[Tuple[Any, Any, Any, Any, Any]]:
+) -> List[Tuple[Any, Any, Any, Any, Any, Any, Any]]:
     """
     Iterates over all API Gateway REST APIs.
     """
@@ -94,13 +98,19 @@ def get_rest_api_details(
         stages = get_rest_api_stages(api, client)
         # clientcertificate id is given by the api stage
         certificate = get_rest_api_client_certificate(stages, client)
-        resources = get_rest_api_resources(api, client)
+        resources, methods, integrations = get_rest_api_resources_methods_integrations(
+            api,
+            client,
+        )
         policy = get_rest_api_policy(api, client)
-        apis.append((api["id"], stages, certificate, resources, policy))
+        apis.append(
+            (api["id"], stages, certificate, resources, methods, integrations, policy)
+        )
     return apis
 
 
 @timeit
+@aws_handle_regions
 def get_rest_api_stages(api: Dict, client: botocore.client.BaseClient) -> Any:
     """
     Gets the REST API Stage Resources.
@@ -142,17 +152,44 @@ def get_rest_api_client_certificate(
 
 
 @timeit
-def get_rest_api_resources(api: Dict, client: botocore.client.BaseClient) -> List[Any]:
+@aws_handle_regions
+def get_rest_api_resources_methods_integrations(
+    api: Dict, client: botocore.client.BaseClient
+) -> Tuple[List[Any], List[Dict], List[Dict]]:
     """
     Gets the collection of Resource resources.
     """
     resources: List[Any] = []
+    methods: List[Any] = []
+    integrations: List[Any] = []
+
     paginator = client.get_paginator("get_resources")
     response_iterator = paginator.paginate(restApiId=api["id"])
     for page in response_iterator:
-        resources.extend(page["items"])
+        page_resources = page["items"]
+        resources.extend(page_resources)
+
+        for resource in page_resources:
+            resource_id = resource["id"]
+            resource_methods = resource.get("resourceMethods", {})
+
+            for http_method, method in resource_methods.items():
+                method["resourceId"] = resource_id
+                method["apiId"] = api["id"]
+                method["httpMethod"] = http_method
+                methods.append(method)
+                integration = client.get_integration(
+                    restApiId=api["id"],
+                    resourceId=resource_id,
+                    httpMethod=http_method,
+                )
+                integration["resourceId"] = resource_id
+                integration["apiId"] = api["id"]
+                integration["integrationHttpMethod"] = integration.get("httpMethod")
+                integration["httpMethod"] = http_method
+                integrations.append(integration)
 
-    return resources
+    return resources, methods, integrations
 
 
 @timeit
@@ -248,16 +285,27 @@ def transform_apigateway_certificates(
 
 
 def transform_rest_api_details(
-    stages_certificate_resources: List[Tuple[Any, Any, Any, Any, Any]],
-) -> Tuple[List[Dict], List[Dict], List[Dict]]:
+    stages_certificate_resources: List[Tuple[Any, Any, Any, Any, Any, Any, Any]],
+) -> Tuple[List[Dict], List[Dict], List[Dict], List[Dict], List[Dict]]:
     """
-    Transform Stage, Client Certificate, and Resource data for ingestion
+    Transform Stage, Client Certificate, Resource, Method and Integration data for ingestion
     """
     stages: List[Dict] = []
     certificates: List[Dict] = []
     resources: List[Dict] = []
+    methods: List[Dict] = []
+    integrations: List[Dict] = []
+
+    for (
+        api_id,
+        stage,
+        certificate,
+        resource,
+        method_list,
+        integration_list,
+        _,
+    ) in stages_certificate_resources:
 
-    for api_id, stage, certificate, resource, _ in stages_certificate_resources:
         if len(stage) > 0:
             for s in stage:
                 s["apiId"] = api_id
@@ -279,7 +327,32 @@ def transform_rest_api_details(
                 r["apiId"] = api_id
             resources.extend(resource)
 
-    return stages, certificates, resources
+        if len(method_list) > 0:
+            for method in method_list:
+                method["id"] = (
+                    f"{method['apiId']}/{method['resourceId']}/{method['httpMethod']}"
+                )
+                method["authorizationType"] = method.get("authorizationType")
+                method["authorizerId"] = method.get("authorizerId")
+                method["requestValidatorId"] = method.get("requestValidatorId")
+                method["operationName"] = method.get("operationName")
+                method["apiKeyRequired"] = method.get("apiKeyRequired", False)
+            methods.extend(method_list)
+
+        if len(integration_list) > 0:
+            for integration in integration_list:
+                if not integration.get("id"):
+                    integration["id"] = (
+                        f"{integration['apiId']}/{integration['resourceId']}/{integration['httpMethod']}"
+                    )
+                integration["type"] = integration.get("type")
+                integration["uri"] = integration.get("uri")
+                integration["connectionType"] = integration.get("connectionType")
+                integration["connectionId"] = integration.get("connectionId")
+                integration["credentials"] = integration.get("credentials")
+            integrations.extend(integration_list)
+
+    return stages, certificates, resources, methods, integrations
 
 
 def transform_apigateway_deployments(
@@ -304,15 +377,17 @@ def transform_apigateway_deployments(
 @timeit
 def load_rest_api_details(
     neo4j_session: neo4j.Session,
-    stages_certificate_resources: List[Tuple[Any, Any, Any, Any, Any]],
+    stages_certificate_resources_methods_integrations: List[
+        Tuple[Any, Any, Any, Any, Any, Any, Any]
+    ],
     aws_account_id: str,
     update_tag: int,
 ) -> None:
     """
     Transform and load Stage, Client Certificate, and Resource data
     """
-    stages, certificates, resources = transform_rest_api_details(
-        stages_certificate_resources,
+    stages, certificates, resources, methods, integrations = transform_rest_api_details(
+        stages_certificate_resources_methods_integrations,
     )
 
     load(
@@ -339,6 +414,22 @@ def load_rest_api_details(
         AWS_ID=aws_account_id,
     )
 
+    load(
+        neo4j_session,
+        APIGatewayMethodSchema(),
+        methods,
+        lastupdated=update_tag,
+        AWS_ID=aws_account_id,
+    )
+
+    load(
+        neo4j_session,
+        APIGatewayIntegrationSchema(),
+        integrations,
+        lastupdated=update_tag,
+        AWS_ID=aws_account_id,
+    )
+
 
 @timeit
 def load_apigateway_deployments(
@@ -432,6 +523,18 @@ def cleanup(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
     )
     cleanup_job.run(neo4j_session)
 
+    cleanup_job = GraphJob.from_node_schema(
+        APIGatewayMethodSchema(),
+        common_job_parameters,
+    )
+    cleanup_job.run(neo4j_session)
+
+    cleanup_job = GraphJob.from_node_schema(
+        APIGatewayIntegrationSchema(),
+        common_job_parameters,
+    )
+    cleanup_job.run(neo4j_session)
+
 
 @timeit
 def sync_apigateway_rest_apis(
@@ -442,7 +545,7 @@ def sync_apigateway_rest_apis(
     aws_update_tag: int,
 ) -> None:
     rest_apis = get_apigateway_rest_apis(boto3_session, region)
-    stages_certificate_resources = get_rest_api_details(
+    stages_certificate_resources_methods_integrations = get_rest_api_details(
         boto3_session,
         rest_apis,
         region,
@@ -450,7 +553,15 @@ def sync_apigateway_rest_apis(
 
     # Extract policies and transform the data
     policies = []
-    for api_id, _, _, _, policy in stages_certificate_resources:
+    for (
+        api_id,
+        _,
+        _,
+        _,
+        _,
+        _,
+        policy,
+    ) in stages_certificate_resources_methods_integrations:
         parsed_policy = parse_policy(api_id, policy)
         if parsed_policy is not None:
             policies.append(parsed_policy)
@@ -484,7 +595,7 @@ def sync_apigateway_rest_apis(
     )
     load_rest_api_details(
         neo4j_session,
-        stages_certificate_resources,
+        stages_certificate_resources_methods_integrations,
         current_aws_account_id,
         aws_update_tag,
     )

cartography/intel/aws/apigatewayv2.py

@@ -0,0 +1,116 @@
+import logging
+from typing import Any
+
+import boto3
+import neo4j
+
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.models.aws.apigatewayv2.apigatewayv2 import APIGatewayV2APISchema
+from cartography.util import aws_handle_regions
+from cartography.util import timeit
+
+logger = logging.getLogger(__name__)
+
+
+@timeit
+@aws_handle_regions
+def get_apigatewayv2_apis(
+    boto3_session: boto3.session.Session,
+    region: str,
+) -> list[dict[str, Any]]:
+    client = boto3_session.client("apigatewayv2", region_name=region)
+    paginator = client.get_paginator("get_apis")
+    apis: list[dict[str, Any]] = []
+    for page in paginator.paginate():
+        apis.extend(page.get("Items", []))
+    return apis
+
+
+def transform_apigatewayv2_apis(apis: list[dict[str, Any]]) -> list[dict[str, Any]]:
+    transformed: list[dict[str, Any]] = []
+    for api in apis:
+        transformed.append(
+            {
+                "id": api.get("ApiId"),
+                "name": api.get("Name"),
+                "protocoltype": api.get("ProtocolType"),
+                "routeselectionexpression": api.get("RouteSelectionExpression"),
+                "apikeyselectionexpression": api.get("ApiKeySelectionExpression"),
+                "apiendpoint": api.get("ApiEndpoint"),
+                "version": api.get("Version"),
+                "createddate": api.get("CreatedDate"),
+                "description": api.get("Description"),
+            },
+        )
+    return transformed
+
+
+@timeit
+def load_apigatewayv2_apis(
+    neo4j_session: neo4j.Session,
+    data: list[dict[str, Any]],
+    region: str,
+    current_aws_account_id: str,
+    update_tag: int,
+) -> None:
+    load(
+        neo4j_session,
+        APIGatewayV2APISchema(),
+        data,
+        lastupdated=update_tag,
+        AWS_ID=current_aws_account_id,
+        region=region,
+    )
+
+
+@timeit
+def cleanup(
+    neo4j_session: neo4j.Session, common_job_parameters: dict[str, Any]
+) -> None:
+    GraphJob.from_node_schema(
+        APIGatewayV2APISchema(),
+        common_job_parameters,
+    ).run(neo4j_session)
+
+
+@timeit
+def sync_apigatewayv2_apis(
+    neo4j_session: neo4j.Session,
+    boto3_session: boto3.session.Session,
+    region: str,
+    current_aws_account_id: str,
+    aws_update_tag: int,
+) -> None:
+    apis = get_apigatewayv2_apis(boto3_session, region)
+    transformed = transform_apigatewayv2_apis(apis)
+    load_apigatewayv2_apis(
+        neo4j_session,
+        transformed,
+        region,
+        current_aws_account_id,
+        aws_update_tag,
+    )
+
+
+@timeit
+def sync(
+    neo4j_session: neo4j.Session,
+    boto3_session: boto3.session.Session,
+    regions: list[str],
+    current_aws_account_id: str,
+    update_tag: int,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    for region in regions:
+        logger.info(
+            f"Syncing AWS APIGatewayV2 APIs for region '{region}' in account '{current_aws_account_id}'.",
+        )
+        sync_apigatewayv2_apis(
+            neo4j_session,
+            boto3_session,
+            region,
+            current_aws_account_id,
+            update_tag,
+        )
+    cleanup(neo4j_session, common_job_parameters)

cartography/intel/aws/ec2/instances.py

@@ -163,7 +163,9 @@ def transform_ec2_instances(
                             "MacAddress": network_interface["MacAddress"],
                             "Description": network_interface["Description"],
                             "PrivateDnsName": network_interface.get("PrivateDnsName"),
-                            "PrivateIpAddress": network_interface["PrivateIpAddress"],
+                            "PrivateIpAddress": network_interface.get(
+                                "PrivateIpAddress"
+                            ),
                             "InstanceId": instance_id,
                             "SubnetId": subnet_id,
                             "GroupId": security_group["GroupId"],

cartography/intel/aws/ec2/network_interfaces.py

@@ -91,7 +91,7 @@ def transform_network_interface_data(
                 "InterfaceType": network_interface["InterfaceType"],
                 "MacAddress": network_interface["MacAddress"],
                 "PrivateDnsName": network_interface.get("PrivateDnsName"),
-                "PrivateIpAddress": network_interface["PrivateIpAddress"],
+                "PrivateIpAddress": network_interface.get("PrivateIpAddress"),
                 "PublicIp": network_interface.get("Association", {}).get("PublicIp"),
                 "RequesterId": network_interface.get("RequesterId"),
                 "RequesterManaged": network_interface["RequesterManaged"],