-
Notifications
You must be signed in to change notification settings - Fork 330
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Attach read replicas, EC2 subnets, and EC2 security groups to RDS ins…
…tances (#20) * Add RDS DNS endpoint ingestion (#6) * Add RDS DNS endpoint ingestion * Update schema for RDS endpoint fields * Added logging if endpoint is missing * Add flake8 linter to default unit tests. (#8) * Add flake8 lint tests. * add newline * fix flake errors in rds * Attach RDS read replicas to each other (#7) * Attach read replicas * Update schema doc for IS_READ_REPLICA_OF * Fix format strings * Add lastupdated field to rds instance * Add docs on extending with Analysis Jobs (#14) * Add link to analysis job documentation, add link to angrypuppy (just for completeness sake:)) * Tabs to spaces * PR comments * Attach EC2 Security Groups to RDS Instances (#9) * Add EC2 security group relationship to RDS * Update schema illustration * Fix format strings * Add lastupdated field to rds instance * Denote indexed fields with bolded notation in the schema docs * Fix cleanup job to handle orphaned relationships. Fix EC2 sec group query to use indexed field (id). * Attach EC2Subnets to RDSInstances (#10) * Attach DBSubnetGroup to RDSInstance. Attach EC2Subnets to DBSubnetGroups. * Add lastupdated field to rds instance * Add docs on DBSubnetGroups * Clean up orphaned rels between DBSubnetGroups and EC2Subnets * Add arn to db subnet group * MERGE subnets and security groups instead of MATCHing them. Refactor DB Subnet Group ARN out to a function. * ARN fix. Indent fix. Make it more obvious where failures come from by removing extra if-elses. * Increment prerelease version to 0.2.0rc1 (#17) * rc2 (#19)
- Loading branch information
Showing
11 changed files
with
463 additions
and
76 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,7 @@ | ||
test: | ||
test: test_lint test_unit | ||
|
||
test_lint: | ||
flake8 | ||
|
||
test_unit: | ||
pytest tests/unit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
49 changes: 44 additions & 5 deletions
49
cartography/data/jobs/cleanup/aws_import_rds_instances_cleanup.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,47 @@ | ||
{ | ||
"statements": [{ | ||
"query": "MATCH (n:RDSInstance)<-[:RESOURCE]-(:AWSAccount{id: {AWS_ID}}) WHERE n.lastupdated <> {UPDATE_TAG} WITH n LIMIT {LIMIT_SIZE} DETACH DELETE (n) return COUNT(*) as TotalCompleted", | ||
"iterative": true, | ||
"iterationsize": 100 | ||
}], | ||
"statements": [ | ||
{ | ||
"query": "MATCH (sng:DBSubnetGroup)<-[:MEMBER_OF_DB_SUBNET_GROUP]-(:RDSInstance)<-[:RESOURCE]-(:AWSAccount{id: {AWS_ID}}) WHERE sng.lastupdated <> {UPDATE_TAG} WITH sng LIMIT {LIMIT_SIZE} DETACH DELETE (sng) return COUNT(*) as TotalCompleted", | ||
"iterative": true, | ||
"iterationsize": 100, | ||
"__comment__": "Delete DBSubnetGroups that no longer exist and DETACH them from their RDS instances." | ||
}, | ||
{ | ||
"query": "MATCH (:DBSubnetGroup)<-[r:MEMBER_OF_DB_SUBNET_GROUP]-(:RDSInstance)<-[:RESOURCE]-(:AWSAccount{id: {AWS_ID}}) WHERE r.lastupdated <> {UPDATE_TAG} WITH r LIMIT {LIMIT_SIZE} DELETE (r) return COUNT(*) as TotalCompleted", | ||
"iterative": true, | ||
"iterationsize": 100, | ||
"__comment__": "Delete the link between orphaned DB Subnet Groups and their RDS Instances." | ||
}, | ||
{ | ||
"query": "MATCH (:EC2Subnet)<-[r:RESOURCE]-(:DBSubnetGroup)<-[:MEMBER_OF_DB_SUBNET_GROUP]-(:RDSInstance)<-[:RESOURCE]-(:AWSAccount{id: {AWS_ID}}) WHERE r.lastupdated <> {UPDATE_TAG} WITH r LIMIT {LIMIT_SIZE} DELETE (r) return COUNT(*) as TotalCompleted", | ||
"iterative": true, | ||
"iterationsize": 100, | ||
"__comment__": "Delete the link between orphaned DB Subnet Groups and their EC2 Subnets." | ||
}, | ||
{ | ||
"query": "MATCH (n:RDSInstance)<-[:RESOURCE]-(:AWSAccount{id: {AWS_ID}}) WHERE n.lastupdated <> {UPDATE_TAG} WITH n LIMIT {LIMIT_SIZE} DETACH DELETE (n) return COUNT(*) as TotalCompleted", | ||
"iterative": true, | ||
"iterationsize": 100, | ||
"__comment__": "Delete RDS instances that no longer exist and DETACH them from all nodes they were previously connected to." | ||
}, | ||
{ | ||
"query": "MATCH (:RDSInstance)<-[r:RESOURCE]-(:AWSAccount{id: {AWS_ID}}) WHERE r.lastupdated <> {UPDATE_TAG} WITH r LIMIT {LIMIT_SIZE} DELETE (r) return COUNT(*) as TotalCompleted", | ||
"iterative": true, | ||
"iterationsize": 100, | ||
"__comment__": "If an RDS instance still exists but is no longer associated with its old AWS Account, delete the relationship between them." | ||
}, | ||
{ | ||
"query": "MATCH (:EC2SecurityGroup)<-[r:MEMBER_OF_EC2_SECURITY_GROUP]-(:RDSInstance)<-[:RESOURCE]-(:AWSAccount{id: {AWS_ID}}) WHERE r.lastupdated <> {UPDATE_TAG} WITH r LIMIT {LIMIT_SIZE} DELETE (r) return COUNT(*) as TotalCompleted", | ||
"iterative": true, | ||
"iterationsize": 100, | ||
"__comment__": "If an RDS instance still exists and is no longer a part of its old EC2SecurityGroup, delete the relationship between them." | ||
}, | ||
{ | ||
"query": "MATCH (:RDSInstance)<-[r:IS_READ_REPLICA_OF]-(:RDSInstance)<-[:RESOURCE]-(:AWSAccount{id: {AWS_ID}}) WHERE r.lastupdated <> {UPDATE_TAG} WITH r LIMIT {LIMIT_SIZE} DELETE (r) return COUNT(*) as TotalCompleted", | ||
"iterative": true, | ||
"iterationsize": 100, | ||
"__comment__": "If an RDS instance still exists and is no longer a read replica of another RDS instance, delete the relationship between them." | ||
} | ||
], | ||
"name": "cleanup RDSInstance" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Oops, something went wrong.