cartography 0.84.0__tar.gz → 0.85.1__tar.gz

cartography-0.85.1/PKG-INFO

@@ -0,0 +1,55 @@
+Metadata-Version: 2.1
+Name: cartography
+Version: 0.85.1
+Summary: Explore assets and their relationships across your technical infrastructure.
+Home-page: https://www.github.com/lyft/cartography
+Maintainer: Lyft
+Maintainer-email: security@lyft.com
+License: apache2
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Natural Language :: English
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Description-Content-Type: text/markdown
+License-File: LICENSE
+License-File: NOTICE
+Requires-Dist: backoff>=2.1.2
+Requires-Dist: boto3>=1.15.1
+Requires-Dist: botocore>=1.18.1
+Requires-Dist: dnspython>=1.15.0
+Requires-Dist: neo4j<5.0.0,>=4.4.4
+Requires-Dist: policyuniverse>=1.1.0.0
+Requires-Dist: google-api-python-client>=1.7.8
+Requires-Dist: oauth2client>=4.1.3
+Requires-Dist: marshmallow>=3.0.0rc7
+Requires-Dist: oci>=2.71.0
+Requires-Dist: okta<1.0.0
+Requires-Dist: pyyaml>=5.3.1
+Requires-Dist: requests>=2.22.0
+Requires-Dist: statsd
+Requires-Dist: packaging
+Requires-Dist: python-digitalocean>=1.16.0
+Requires-Dist: adal>=1.2.4
+Requires-Dist: azure-cli-core>=2.26.0
+Requires-Dist: azure-mgmt-compute>=5.0.0
+Requires-Dist: azure-mgmt-resource>=10.2.0
+Requires-Dist: azure-mgmt-cosmosdb>=6.0.0
+Requires-Dist: msrestazure>=0.6.4
+Requires-Dist: azure-mgmt-storage>=16.0.0
+Requires-Dist: azure-mgmt-sql<=1.0.0
+Requires-Dist: azure-identity>=1.5.0
+Requires-Dist: kubernetes>=22.6.0
+Requires-Dist: pdpyras>=4.3.0
+Requires-Dist: crowdstrike-falconpy>=0.5.1
+Requires-Dist: python-dateutil
+Requires-Dist: xmltodict
+Requires-Dist: duo-client
+Requires-Dist: importlib-resources; python_version < "3.7"
+
+file: README.md

{cartography-0.84.0 → cartography-0.85.1}/cartography/data/indexes.cypher

@@ -23,10 +23,6 @@ CREATE INDEX IF NOT EXISTS FOR (n:AWSDNSZone) ON (n.zoneid);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSDNSZone) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSGroup) ON (n.arn);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSGroup) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSInspectorFinding) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSInspectorFinding) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSInspectorPackage) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSInspectorPackage) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSInternetGateway) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSInternetGateway) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSIpv4CidrBlock) ON (n.id);
@@ -93,8 +89,6 @@ CREATE INDEX IF NOT EXISTS FOR (n:DOProject) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:EBSSnapshot) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:EBSSnapshot) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:EC2KeyPair) ON (n.keyfingerprint);
-CREATE INDEX IF NOT EXISTS FOR (n:EC2PrivateIp) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:EC2PrivateIp) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:EC2ReservedInstance) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:EC2ReservedInstance) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:ECRImage) ON (n.id);
@@ -125,8 +119,6 @@ CREATE INDEX IF NOT EXISTS FOR (n:ECSContainerDefinition) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:ECSContainerDefinition) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:ECSContainer) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:ECSContainer) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:EKSCluster) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:EKSCluster) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:ElasticacheCluster) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:ElasticacheCluster) ON (n.arn);
 CREATE INDEX IF NOT EXISTS FOR (n:ElasticacheCluster) ON (n.lastupdated);

{cartography-0.84.0 → cartography-0.85.1}/cartography/data/jobs/analysis/aws_s3acl_analysis.json

@@ -1,22 +1,27 @@
 {
   "statements": [
     {
+      "__comment__": "READ -> ListBucket, ListBucketVersions, ListBucketMultipartUploads",
       "query": "MATCH (acl:S3Acl)-[:APPLIES_TO]->(bucket:S3Bucket)<-[:RESOURCE]-(aws:AWSAccount{id: $AWS_ID})\nWHERE acl.uri IN ['http://acs.amazonaws.com/groups/global/AllUsers', 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers'] AND acl.permission = 'READ'\nSET bucket.anonymous_access = true, bucket.anonymous_actions = coalesce(bucket.anonymous_actions, []) + ['s3:ListBucket', 's3:ListBucketVersions', 's3:ListBucketMultipartUploads']",
       "iterative": false
     },
     {
-      "query": "MATCH (acl:S3Acl)-[:APPLIES_TO]->(bucket:S3Bucket)<-[:RESOURCE]-(aws:AWSAccount{id: $AWS_ID})\nWHERE acl.uri IN ['http://acs.amazonaws.com/groups/global/AllUsers', 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers'] AND acl.permission = 'WRITE'\nAND (acl.ownerid = acl.granteeid)\nSET bucket.anonymous_access = true, bucket.anonymous_actions = coalesce(bucket.anonymous_actions, []) + ['s3:DeleteObjectVersion']",
+      "__comment__": "WRITE -> PutObject",
+      "query": "MATCH (acl:S3Acl)-[:APPLIES_TO]->(bucket:S3Bucket)<-[:RESOURCE]-(aws:AWSAccount{id: $AWS_ID})\nWHERE acl.uri IN ['http://acs.amazonaws.com/groups/global/AllUsers', 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers'] AND acl.permission = 'WRITE'\nSET bucket.anonymous_access = true, bucket.anonymous_actions = coalesce(bucket.anonymous_actions, []) + ['s3:PutObject']",
       "iterative": false
     },
     {
-      "query": "MATCH (acl:S3Acl)-[:APPLIES_TO]->(bucket:S3Bucket)<-[:RESOURCE]-(aws:AWSAccount{id: $AWS_ID})\nWHERE acl.uri IN ['http://acs.amazonaws.com/groups/global/AllUsers', 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers'] AND acl.permission = 'READ_ACP'\nSET bucket.anonymous_access = true, bucket.anonymous_actions = coalesce(bucket.anonymous_actions, []) + ['s3:DeleteObjectVersion']",
+      "__comment__": "READ_ACP -> GetBucketAcl",
+      "query": "MATCH (acl:S3Acl)-[:APPLIES_TO]->(bucket:S3Bucket)<-[:RESOURCE]-(aws:AWSAccount{id: $AWS_ID})\nWHERE acl.uri IN ['http://acs.amazonaws.com/groups/global/AllUsers', 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers'] AND acl.permission = 'READ_ACP'\nSET bucket.anonymous_access = true, bucket.anonymous_actions = coalesce(bucket.anonymous_actions, []) + ['s3:GetBucketAcl']",
       "iterative": false
     },
     {
+      "__comment__": "WRITE_ACP -> PutBucketAcl",
       "query": "MATCH (acl:S3Acl)-[:APPLIES_TO]->(bucket:S3Bucket)<-[:RESOURCE]-(aws:AWSAccount{id: $AWS_ID})\nWHERE acl.uri IN ['http://acs.amazonaws.com/groups/global/AllUsers', 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers'] AND acl.permission = 'WRITE_ACP'\nSET bucket.anonymous_access = true, bucket.anonymous_actions = coalesce(bucket.anonymous_actions, []) + ['s3:PutBucketAcl']",
       "iterative": false
     },
     {
+      "__comment__": "FULL_CONTROL -> Pretty much everything",
       "query": "MATCH (acl:S3Acl)-[:APPLIES_TO]->(bucket:S3Bucket)<-[:RESOURCE]-(aws:AWSAccount{id: $AWS_ID})\nWHERE acl.uri IN ['http://acs.amazonaws.com/groups/global/AllUsers', 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers'] AND acl.permission = 'FULL_CONTROL'\nSET bucket.anonymous_access = true, bucket.anonymous_actions = coalesce(bucket.anonymous_actions, []) + ['s3:ListBucket', 's3:ListBucketVersions', 's3:ListBucketMultipartUploads', 's3:PutObject', 's3:DeleteObject', 's3:DeleteObjectVersion', 's3:PutBucketAcl']",
       "iterative": false
     }],

{cartography-0.84.0 → cartography-0.85.1}/cartography/intel/aws/ec2/instances.py

@@ -13,10 +13,10 @@ from cartography.graph.job import GraphJob
 from cartography.intel.aws.ec2.util import get_botocore_config
 from cartography.models.aws.ec2.instances import EC2InstanceSchema
 from cartography.models.aws.ec2.keypairs import EC2KeyPairSchema
-from cartography.models.aws.ec2.networkinterfaces import EC2NetworkInterfaceSchema
+from cartography.models.aws.ec2.networkinterface_instance import EC2NetworkInterfaceInstanceSchema
 from cartography.models.aws.ec2.reservations import EC2ReservationSchema
-from cartography.models.aws.ec2.securitygroups import EC2SecurityGroupSchema
-from cartography.models.aws.ec2.subnets import EC2SubnetSchema
+from cartography.models.aws.ec2.securitygroup_instance import EC2SecurityGroupInstanceSchema
+from cartography.models.aws.ec2.subnet_instance import EC2SubnetInstanceSchema
 from cartography.models.aws.ec2.volumes import EBSVolumeInstanceSchema
 from cartography.util import aws_handle_regions
 from cartography.util import timeit
@@ -183,7 +183,7 @@ def load_ec2_subnets(
 ) -> None:
     load(
         neo4j_session,
-        EC2SubnetSchema(),
+        EC2SubnetInstanceSchema(),
         subnet_list,
         Region=region,
         AWS_ID=current_aws_account_id,
@@ -219,7 +219,7 @@ def load_ec2_security_groups(
 ) -> None:
     load(
         neo4j_session,
-        EC2SecurityGroupSchema(),
+        EC2SecurityGroupInstanceSchema(),
         sg_list,
         Region=region,
         AWS_ID=current_aws_account_id,
@@ -237,7 +237,7 @@ def load_ec2_network_interfaces(
 ) -> None:
     load(
         neo4j_session,
-        EC2NetworkInterfaceSchema(),
+        EC2NetworkInterfaceInstanceSchema(),
         network_interface_list,
         Region=region,
         AWS_ID=current_aws_account_id,

cartography-0.85.1/cartography/intel/aws/ec2/network_interfaces.py

@@ -0,0 +1,255 @@
+import logging
+import re
+from collections import namedtuple
+from typing import Any
+from typing import Dict
+from typing import List
+
+import boto3
+import neo4j
+
+from .util import get_botocore_config
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.models.aws.ec2.networkinterfaces import EC2NetworkInterfaceSchema
+from cartography.models.aws.ec2.privateip_networkinterface import EC2PrivateIpNetworkInterfaceSchema
+from cartography.models.aws.ec2.securitygroup_networkinterface import EC2SecurityGroupNetworkInterfaceSchema
+from cartography.models.aws.ec2.subnet_networkinterface import EC2SubnetNetworkInterfaceSchema
+from cartography.util import aws_handle_regions
+from cartography.util import timeit
+
+logger = logging.getLogger(__name__)
+
+Ec2NetworkData = namedtuple(
+    "Ec2NetworkData", [
+        "network_interface_list",
+        "private_ip_list",
+        "sg_list",
+        "subnet_list",
+    ],
+)
+
+
+@timeit
+@aws_handle_regions
+def get_network_interface_data(boto3_session: boto3.session.Session, region: str) -> List[Dict[str, Any]]:
+    client = boto3_session.client('ec2', region_name=region, config=get_botocore_config())
+    paginator = client.get_paginator('describe_network_interfaces')
+    subnets: List[Dict] = []
+    for page in paginator.paginate():
+        subnets.extend(page['NetworkInterfaces'])
+    return subnets
+
+
+def transform_network_interface_data(data_list: List[Dict[str, Any]], region: str) -> Ec2NetworkData:
+    network_interface_list = []
+    private_ip_list = []
+    sg_list = []
+    subnet_list = []
+
+    for network_interface in data_list:
+        # Parse network interface description for ELB association
+        # https://aws.amazon.com/premiumsupport/knowledge-center/elb-find-load-balancer-IP/
+        elb_v1_id = None
+        elb_v2_id = None
+        elb_match = re.match(r'^ELB (?:net|app)/([^\/]+)\/(.*)', network_interface.get('Description', ''))
+        if elb_match:
+            elb_v1_id = f'{elb_match[1]}-{elb_match[2]}.elb.{region}.amazonaws.com'
+        else:
+            elb_match = re.match(r'^ELB (.*)', network_interface.get('Description', ''))
+            if elb_match:
+                elb_v2_id = elb_match[1]
+        # TODO issue #1024 change this to arn when ready
+        network_interface_id = network_interface['NetworkInterfaceId']
+        network_interface_list.append(
+            {
+                'Id': network_interface_id,
+                'NetworkInterfaceId': network_interface['NetworkInterfaceId'],
+                'Description': network_interface['Description'],
+                'InstanceId': network_interface.get('Attachment', {}).get('InstanceId'),
+                'InterfaceType': network_interface['InterfaceType'],
+                'MacAddress': network_interface['MacAddress'],
+                'PrivateDnsName': network_interface['PrivateDnsName'],
+                'PrivateIpAddress': network_interface['PrivateIpAddress'],
+                'PublicIp': network_interface.get('Association', {}).get('PublicIp'),
+                'RequesterId': network_interface.get('RequesterId'),
+                'RequesterManaged': network_interface['RequesterManaged'],
+                'SourceDestCheck': network_interface['SourceDestCheck'],
+                'Status': network_interface['Status'],
+                'SubnetId': network_interface['SubnetId'],
+                'ElbV1Id': elb_v1_id,
+                'ElbV2Id': elb_v2_id,
+            },
+        )
+        if network_interface.get('PrivateIpAddresses'):
+            for private_ip_address in network_interface['PrivateIpAddresses']:
+                private_ip_list.append(
+                    {
+                        'Id': f"{network_interface['NetworkInterfaceId']}:{private_ip_address['PrivateIpAddress']}",
+                        'NetworkInterfaceId': network_interface['NetworkInterfaceId'],
+                        'IpOwnerId': private_ip_address.get('Association', {}).get('IpOwnerId'),
+                        'Primary': private_ip_address['Primary'],
+                        'PrivateIpAddress': private_ip_address['PrivateIpAddress'],
+                        'PublicIp': private_ip_address.get('Association', {}).get('PublicIp'),
+                    },
+                )
+
+        if network_interface.get("Groups"):
+            for group in network_interface["Groups"]:
+                sg_list.append(
+                    {
+                        'GroupId': group['GroupId'],
+                        'NetworkInterfaceId': network_interface_id,
+                    },
+                )
+
+        subnet_id = network_interface.get('SubnetId')
+        if subnet_id:
+            subnet_list.append(
+                {
+                    'NetworkInterfaceId': network_interface_id,
+                    'SubnetId': subnet_id,
+                    'ElbV1Id': elb_v1_id,
+                    'ElbV2Id': elb_v2_id,
+                },
+            )
+
+    return Ec2NetworkData(
+        network_interface_list=network_interface_list,
+        private_ip_list=private_ip_list,
+        sg_list=sg_list,
+        subnet_list=subnet_list,
+    )
+
+
+@timeit
+def load_network_interfaces(
+        neo4j_session: neo4j.Session,
+        data: List[Dict[str, Any]],
+        region: str,
+        aws_account_id: str,
+        update_tag: int,
+) -> None:
+    logger.info(f"Loading {len(data)} network interfaces in {region}.")
+    load(
+        neo4j_session,
+        EC2NetworkInterfaceSchema(),
+        data,
+        Region=region,
+        AWS_ID=aws_account_id,
+        lastupdated=update_tag,
+    )
+
+
+@timeit
+def load_private_ip_network_interface(
+        neo4j_session: neo4j.Session,
+        data: List[Dict[str, Any]],
+        region: str,
+        aws_account_id: str,
+        update_tag: int,
+) -> None:
+    """
+    Private IPs as known by describe-network-interfaces.
+    """
+    logger.info(f"Loading {len(data)} private IPs in {region}.")
+    load(
+        neo4j_session,
+        EC2PrivateIpNetworkInterfaceSchema(),
+        data,
+        Region=region,
+        AWS_ID=aws_account_id,
+        lastupdated=update_tag,
+    )
+
+
+@timeit
+def load_security_group_network_interface(
+        neo4j_session: neo4j.Session,
+        data: List[Dict[str, Any]],
+        region: str,
+        aws_account_id: str,
+        update_tag: int,
+) -> None:
+    """
+    Security groups as known by describe-network-interfaces.
+    """
+    logger.info(f"Loading {len(data)} security groups in {region}.")
+    load(
+        neo4j_session,
+        EC2SecurityGroupNetworkInterfaceSchema(),
+        data,
+        Region=region,
+        AWS_ID=aws_account_id,
+        lastupdated=update_tag,
+    )
+
+
+@timeit
+def load_subnet_network_interface(
+        neo4j_session: neo4j.Session,
+        data: List[Dict[str, Any]],
+        region: str,
+        aws_account_id: str,
+        update_tag: int,
+) -> None:
+    """
+    Subnets as known by describe-network-interfaces.
+    """
+    logger.info(f"Loading {len(data)} subnets in {region}.")
+    load(
+        neo4j_session,
+        EC2SubnetNetworkInterfaceSchema(),
+        data,
+        Region=region,
+        AWS_ID=aws_account_id,
+        lastupdated=update_tag,
+    )
+
+
+def load_network_data(
+        neo4j_session: neo4j.Session,
+        region: str,
+        current_aws_account_id: str,
+        update_tag: int,
+        network_interface_list: List[Dict[str, Any]],
+        private_ip_list: List[Dict[str, Any]],
+        subnet_list: List[Dict[str, Any]],
+        sg_list: List[Dict[str, Any]],
+) -> None:
+    load_network_interfaces(neo4j_session, network_interface_list, region, current_aws_account_id, update_tag)
+    load_private_ip_network_interface(neo4j_session, private_ip_list, region, current_aws_account_id, update_tag)
+    load_subnet_network_interface(neo4j_session, subnet_list, region, current_aws_account_id, update_tag)
+    load_security_group_network_interface(neo4j_session, sg_list, region, current_aws_account_id, update_tag)
+
+
+@timeit
+def cleanup_network_interfaces(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
+    GraphJob.from_node_schema(EC2NetworkInterfaceSchema(), common_job_parameters).run(neo4j_session)
+    GraphJob.from_node_schema(EC2PrivateIpNetworkInterfaceSchema(), common_job_parameters).run(neo4j_session)
+
+
+@timeit
+def sync_network_interfaces(
+        neo4j_session: neo4j.Session,
+        boto3_session: boto3.session.Session,
+        regions: List[str],
+        current_aws_account_id: str,
+        update_tag: int,
+        common_job_parameters: Dict,
+) -> None:
+    for region in regions:
+        logger.info(f"Syncing EC2 network interfaces for region '{region}' in account '{current_aws_account_id}'.")
+        data = get_network_interface_data(boto3_session, region)
+        ec2_network_data = transform_network_interface_data(data, region)
+        load_network_data(
+            neo4j_session,
+            region,
+            current_aws_account_id,
+            update_tag,
+            ec2_network_data.network_interface_list,
+            ec2_network_data.private_ip_list,
+            ec2_network_data.subnet_list,
+            ec2_network_data.sg_list,
+        )
+    cleanup_network_interfaces(neo4j_session, common_job_parameters)

{cartography-0.84.0 → cartography-0.85.1}/cartography/intel/aws/ec2/security_groups.py

@@ -8,7 +8,7 @@ import neo4j
 
 from .util import get_botocore_config
 from cartography.graph.job import GraphJob
-from cartography.models.aws.ec2.securitygroups import EC2SecurityGroupSchema
+from cartography.models.aws.ec2.securitygroup_instance import EC2SecurityGroupInstanceSchema
 from cartography.util import aws_handle_regions
 from cartography.util import run_cleanup_job
 from cartography.util import timeit
@@ -148,7 +148,7 @@ def cleanup_ec2_security_groupinfo(neo4j_session: neo4j.Session, common_job_para
         neo4j_session,
         common_job_parameters,
     )
-    GraphJob.from_node_schema(EC2SecurityGroupSchema(), common_job_parameters).run(neo4j_session)
+    GraphJob.from_node_schema(EC2SecurityGroupInstanceSchema(), common_job_parameters).run(neo4j_session)
 
 
 @timeit

{cartography-0.84.0 → cartography-0.85.1}/cartography/intel/aws/ec2/subnets.py

@@ -7,7 +7,7 @@ import neo4j
 
 from .util import get_botocore_config
 from cartography.graph.job import GraphJob
-from cartography.models.aws.ec2.subnets import EC2SubnetSchema
+from cartography.models.aws.ec2.subnet_instance import EC2SubnetInstanceSchema
 from cartography.util import aws_handle_regions
 from cartography.util import run_cleanup_job
 from cartography.util import timeit
@@ -78,7 +78,7 @@ def load_subnets(
 @timeit
 def cleanup_subnets(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
     run_cleanup_job('aws_ingest_subnets_cleanup.json', neo4j_session, common_job_parameters)
-    GraphJob.from_node_schema(EC2SubnetSchema(), common_job_parameters).run(neo4j_session)
+    GraphJob.from_node_schema(EC2SubnetInstanceSchema(), common_job_parameters).run(neo4j_session)
 
 
 @timeit

cartography-0.85.1/cartography/intel/aws/eks.py

@@ -0,0 +1,106 @@
+import logging
+from typing import Any
+from typing import Dict
+from typing import List
+
+import boto3
+import neo4j
+
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.models.aws.eks.clusters import EKSClusterSchema
+from cartography.util import aws_handle_regions
+from cartography.util import timeit
+
+logger = logging.getLogger(__name__)
+
+
+@timeit
+@aws_handle_regions
+def get_eks_clusters(boto3_session: boto3.session.Session, region: str) -> List[str]:
+    client = boto3_session.client('eks', region_name=region)
+    clusters: List[str] = []
+    paginator = client.get_paginator('list_clusters')
+    for page in paginator.paginate():
+        clusters.extend(page['clusters'])
+    return clusters
+
+
+@timeit
+def get_eks_describe_cluster(boto3_session: boto3.session.Session, region: str, cluster_name: str) -> Dict:
+    client = boto3_session.client('eks', region_name=region)
+    response = client.describe_cluster(name=cluster_name)
+    return response['cluster']
+
+
+@timeit
+def load_eks_clusters(
+        neo4j_session: neo4j.Session,
+        cluster_data: List[Dict[str, Any]],
+        region: str,
+        current_aws_account_id: str,
+        aws_update_tag: int,
+) -> None:
+    load(
+        neo4j_session,
+        EKSClusterSchema(),
+        cluster_data,
+        Region=region,
+        AWS_ID=current_aws_account_id,
+        lastupdated=aws_update_tag,
+    )
+
+
+def _process_logging(cluster: Dict) -> bool:
+    """
+    Parse cluster.logging.clusterLogging to verify if
+    at least one entry has audit logging set to Enabled.
+    """
+    logging: bool = False
+    cluster_logging: Any = cluster.get('logging', {}).get('clusterLogging')
+    if cluster_logging:
+        logging = any(filter(lambda x: 'audit' in x['types'] and x['enabled'], cluster_logging))  # type: ignore
+    return logging
+
+
+@timeit
+def cleanup(neo4j_session: neo4j.Session, common_job_parameters: Dict[str, Any]) -> None:
+    logger.info("Running EKS cluster cleanup")
+    GraphJob.from_node_schema(EKSClusterSchema(), common_job_parameters).run(neo4j_session)
+
+
+def transform(cluster_data: Dict[str, Any]) -> List[Dict[str, Any]]:
+    transformed_list = []
+    for cluster_name, cluster_dict in cluster_data.items():
+        transformed_dict = cluster_dict.copy()
+        transformed_dict['ClusterLogging'] = _process_logging(transformed_dict)
+        transformed_dict['ClusterEndpointPublic'] = transformed_dict.get('resourcesVpcConfig', {}).get(
+            'endpointPublicAccess',
+        )
+        if 'createdAt' in transformed_dict:
+            transformed_dict['created_at'] = str(transformed_dict['createdAt'])
+        transformed_list.append(transformed_dict)
+    return transformed_list
+
+
+@timeit
+def sync(
+        neo4j_session: neo4j.Session,
+        boto3_session: boto3.session.Session,
+        regions: List[str],
+        current_aws_account_id: str,
+        update_tag: int,
+        common_job_parameters: Dict[str, Any],
+) -> None:
+    for region in regions:
+        logger.info("Syncing EKS for region '%s' in account '%s'.", region, current_aws_account_id)
+
+        clusters: List[str] = get_eks_clusters(boto3_session, region)
+        cluster_data = {}
+        for cluster_name in clusters:
+            cluster_data[cluster_name] = get_eks_describe_cluster(boto3_session, region, cluster_name)
+        transformed_list = transform(cluster_data)
+
+        load_eks_clusters(neo4j_session, transformed_list, region, current_aws_account_id, update_tag)
+
+    cleanup(neo4j_session, common_job_parameters)