working neo4j importer

Author: mvanholsteijn

aws_visualizer/__init__.py

@@ -1 +1 @@
-from .graph_region import main
+from aws_visualizer.dot.graph_region import main

aws_visualizer/dot/__init__.py

@@ -0,0 +1 @@
+from aws_visualizer.neo4j.main import main

aws_visualizer/graph_region.py aws_visualizer/dot/graph_region.py

@@ -0,0 +1,48 @@
+import os
+import boto3
+from neomodel import *
+import logging
+from .security_group import SecurityGroup
+
+
+class EC2Instance(StructuredNode):
+    Name = StringProperty()
+    ARN = StringProperty(unique_index=True)
+    OwnerId = StringProperty()
+    InstanceId = StringProperty()
+    SecurityGroups = Relationship('SecurityGroup', 'APPLIED')
+    VpcId = StringProperty()
+
+    @staticmethod
+    def arn(region, owner_id, instance_id):
+        return 'arn::ec2:{}:{}:instance/{}'.format(region, owner_id, instance_id)
+
+def get_instance_name(obj):
+    return next(map(lambda t: t['Value'], list(filter(lambda t: t['Key'] == 'Name', obj['Tags'] if 'Tags' in obj else {}))), obj['InstanceId'])
+
+def get_account_id_and_region():
+    sts = boto3.client('sts')
+    return sts.get_caller_identity()['Account'], sts.meta.region_name
+
+def load():
+    ec2 = boto3.client('ec2')
+    OwnerId, AWSRegion = get_account_id_and_region()
+    paginator = ec2.get_paginator('describe_instances')
+    for page in paginator.paginate():
+        for r in page['Reservations']:
+            for i in filter(lambda i: i['State']['Name'] != "terminated", r['Instances']):
+                InstanceId = i['InstanceId']
+                arn = EC2Instance.arn(AWSRegion, OwnerId, InstanceId)
+                name = get_instance_name(i)
+                instance = EC2Instance.create_or_update({'ARN': arn, 'Name': get_instance_name(i), 'InstanceId': InstanceId, 'OwnerId': OwnerId})[0]
+                sys.stderr.write('INFO: loading ec2 instance {}\n'.format(InstanceId))
+
+                # remove old associations
+                for group in instance.SecurityGroups:
+                    instance.SecurityGroups.disconnect(group)
+
+                for sg in i['SecurityGroups']:
+                    group = SecurityGroup.get_or_create({'ARN': SecurityGroup.arn(ec2.meta.region_name, OwnerId, sg['GroupId'])})[0]
+                    sys.stderr.write('INFO: applying security group {} to ec2 instance {}\n'.format(group.GroupId, InstanceId))
+                    instance.SecurityGroups.connect(group)
+

aws_visualizer/neo4j/__init__.py

@@ -0,0 +1,50 @@
+import os
+import boto3
+from neomodel import *
+import logging
+
+from .security_group import SecurityGroup
+from .ec2_instance import EC2Instance
+from .sts import get_account_id_and_region
+
+class ElasticLoadBalancer(StructuredNode):
+    Name = StringProperty()
+    ARN = StringProperty(unique_index=True)
+    SecurityGroups = Relationship('SecurityGroup', 'APPLIED')
+    Backends = Relationship('EC2Instance', 'BACKEND')
+    VpcId = StringProperty()
+
+    @staticmethod
+    def arn(region, owner_id, name):
+        return 'arn:aws:elasticloadbalancing:{}:{}:loadbalancer/{}'.format(region, owner_id, name)
+
+
+def load():
+    elb = boto3.client('elb')
+    OwnerId, AWSRegion = get_account_id_and_region()
+    paginator = elb.get_paginator('describe_load_balancers')
+    for page in paginator.paginate():
+        for lb in page['LoadBalancerDescriptions']:
+            name = lb['LoadBalancerName']
+            arn = ElasticLoadBalancer.arn(AWSRegion, OwnerId, name)
+            properties = { 'Name': name, 'ARN': arn, 'OwnerId': OwnerId, 'VpcId': lb['VPCId'] if 'VPCId' in lb else None}
+            loadbalancer = ElasticLoadBalancer.create_or_update(properties)[0]
+            sys.stderr.write('INFO: loading classic elb {}\n'.format(name))
+
+            for group in loadbalancer.SecurityGroups:
+                loadbalancer.SecurityGroups.disconnect(group)
+
+            for instance in loadbalancer.Backends:
+                loadbalancer.Backends.disconnect(instance)
+
+            for GroupId in lb['SecurityGroups']:
+                group = SecurityGroup.get_or_create({'ARN': SecurityGroup.arn(AWSRegion, OwnerId, GroupId)})[0]
+                sys.stderr.write('INFO: applying security group {} to elb {}\n'.format(group.GroupId, name))
+                loadbalancer.SecurityGroups.connect(group)
+
+            for InstanceId in map(lambda i: i['InstanceId'], lb['Instances']):
+                arn = EC2Instance.arn(AWSRegion, OwnerId, InstanceId)
+                instance = EC2Instance.get_or_create({'ARN': arn, 'InstanceId': InstanceId, 'OwnerId': OwnerId})[0]
+                sys.stderr.write('INFO: adding instance {} as backed to elb {}\n'.format(InstanceId, name))
+                loadbalancer.Backends.connect(instance)
+

aws_visualizer/neo4j/ec2_instance.py

@@ -0,0 +1,29 @@
+import os
+import boto3
+from neomodel import *
+import logging
+
+from .sts import get_account_id_and_region
+from .security_group import SecurityGroup
+from .elb import ElasticLoadBalancer
+
+
+def load():
+    elb = boto3.client('elbv2')
+    OwnerId, AWSRegion = get_account_id_and_region()
+    paginator = elb.get_paginator('describe_load_balancers')
+    for page in paginator.paginate():
+        for lb in page['LoadBalancers']:
+            name = lb['LoadBalancerName']
+            arn = lb['LoadBalancerArn']
+            properties = { 'Name': name, 'ARN': arn, 'OwnerId': OwnerId, 'VpcId': lb['VpcId']}
+            loadbalancer = ElasticLoadBalancer.create_or_update(properties)[0]
+            sys.stderr.write('INFO: loading elb v2 {}\n'.format(name))
+
+            for group in loadbalancer.SecurityGroups:
+                loadbalancer.SecurityGroups.disconnect(group)
+
+            for GroupId in lb['SecurityGroups']:
+                group = SecurityGroup.get_or_create({'ARN': SecurityGroup.arn(AWSRegion, OwnerId, GroupId)})[0]
+                sys.stderr.write('INFO: applying security group {} to elb v2 {}\n'.format(group.GroupId, name))
+                loadbalancer.SecurityGroups.connect(group)

aws_visualizer/neo4j/elb.py

@@ -0,0 +1,42 @@
+import os
+import boto3
+from neomodel import *
+import logging
+
+from .sts import get_account_id_and_region
+from .security_group import SecurityGroup
+from .elb import ElasticLoadBalancer
+
+
+class Function(StructuredNode):
+    Name = StringProperty()
+    ARN = StringProperty(unique_index=True)
+    SecurityGroups = RelationshipFrom('SecurityGroup', 'APPLIED')
+    OwnerId = StringProperty()
+    VpcId = StringProperty()
+
+    @staticmethod
+    def arn(region, owner_id, name):
+        return 'arn:aws:elasticloadbalancing:{}:{}:loadbalancer/{}'.format(region, owner_id, name)
+
+def load():
+    awslambda = boto3.client('lambda')
+    OwnerId, AWSRegion = get_account_id_and_region()
+    paginator = awslambda.get_paginator('list_functions')
+    for page in paginator.paginate():
+        for f in filter(lambda f: 'VpcConfig' in f and f['VpcConfig']['VpcId'] != '', page['Functions']):
+            name = f['FunctionName']
+            arn = f['FunctionArn']
+            properties = { 'Name': name, 'ARN': arn, 'OwnerId': OwnerId, 'VpcId':  f['VpcConfig']['VpcId']}
+            function = Function.create_or_update(properties)[0]
+            sys.stderr.write('INFO: loading function {}\n'.format(name))
+
+            # remove old associations
+            for group in function.SecurityGroups:
+                function.SecurityGroups.disconnect(group)
+
+            for GroupId in f['VpcConfig']['SecurityGroupIds']:
+                group = SecurityGroup.get_or_create({'ARN': SecurityGroup.arn(AWSRegion, OwnerId, GroupId)})[0]
+                sys.stderr.write('INFO: applying security group {} to function {}\n'.format(group.GroupId, name))
+                function.SecurityGroups.connect(group)
+

aws_visualizer/neo4j/elbv2.py

@@ -0,0 +1,39 @@
+import logging
+import os
+
+from neomodel import db, install_all_labels
+
+import aws_visualizer.neo4j.ec2_instance
+import aws_visualizer.neo4j.elb
+import aws_visualizer.neo4j.elbv2
+import aws_visualizer.neo4j.function
+import aws_visualizer.neo4j.rds
+import aws_visualizer.neo4j.redshift
+import aws_visualizer.neo4j.security_group
+
+
+class AWSNeo4jImporter(object):
+    def __init__(self):
+        self.url = os.getenv('NEO4J_BOLT_URL', 'bolt://neo4j:neo4j@localhost:7687')
+
+    def login(self):
+        db.set_connection(self.url)
+        install_all_labels()
+
+    def load(self):
+        aws_visualizer.neo4j.security_group.load()
+        aws_visualizer.neo4j.ec2_instance.load()
+        aws_visualizer.neo4j.elb.load()
+        aws_visualizer.neo4j.elbv2.load()
+        aws_visualizer.neo4j.rds.load()
+        aws_visualizer.neo4j.redshift.load()
+        aws_visualizer.neo4j.function.load()
+
+def main():
+    logging.basicConfig(level=os.getenv('LOG_LEVEL', 'ERROR'))
+    importer = AWSNeo4jImporter()
+    importer.load()
+
+
+if __name__ == '__main__':
+    main()

aws_visualizer/neo4j/function.py

@@ -0,0 +1,39 @@
+import os
+import boto3
+from neomodel import *
+import logging
+
+
+from .sts import get_account_id_and_region
+from .security_group import SecurityGroup
+
+class DBInstance(StructuredNode):
+    DBName = StringProperty()
+    DBInstanceIdentifier = StringProperty()
+    ARN = StringProperty(unique_index=True)
+    SecurityGroups = RelationshipFrom('SecurityGroup', 'APPLIED')
+    OwnerId = StringProperty()
+    VpcId = StringProperty()
+
+def load():
+    rds = boto3.client('rds')
+    OwnerId, AWSRegion = get_account_id_and_region()
+    paginator = rds.get_paginator('describe_db_instances')
+    for page in paginator.paginate():
+        for db in page['DBInstances']:
+            name = db['DBInstanceIdentifier']
+            DBName = db['DBName']
+            arn = db['DBInstanceArn']
+            properties = { 'DBName': DBName, 'ARN': arn, 'OwnerId': OwnerId,
+                           'VpcId': db['DBSubnetGroup']['VpcId'], 'DBInstanceIdentifier': name}
+            db_instance = DBInstance.create_or_update(properties)[0]
+            sys.stderr.write('INFO: loading rds instance {}\n'.format(name))
+
+            # remove old associations
+            for group in db_instance.SecurityGroups:
+                db_instance.SecurityGroups.disconnect(group)
+
+            for GroupId in map(lambda g: g['VpcSecurityGroupId'], db['VpcSecurityGroups']):
+                group = SecurityGroup.get_or_create({'ARN': SecurityGroup.arn(AWSRegion, OwnerId, GroupId)})[0]
+                sys.stderr.write('INFO: applying security group {} to rds {}\n'.format(group.GroupId, name))
+                db_instance.SecurityGroups.connect(group)

aws_visualizer/neo4j/main.py

@@ -0,0 +1,44 @@
+import os
+import boto3
+from neomodel import *
+import logging
+
+from .sts import get_account_id_and_region
+from .security_group import SecurityGroup
+
+
+class RedshiftCluster(StructuredNode):
+    DBName = StringProperty()
+    ClusterIdentifier = StringProperty()
+    ARN = StringProperty(unique_index=True)
+    SecurityGroups = RelationshipFrom('SecurityGroup', 'APPLIED')
+    OwnerId = StringProperty()
+    VpcId = StringProperty()
+
+    @staticmethod
+    def arn(region, owner_id, cluster_id):
+        return 'arn:aws:redshift:{}:{}:cluster/{}'.format(region, owner_id, cluster_id)
+
+def load():
+    redshift = boto3.client('redshift')
+    OwnerId, AWSRegion = get_account_id_and_region()
+    paginator = redshift.get_paginator('describe_clusters')
+    for page in paginator.paginate():
+        for db in page['Clusters']:
+            name = db['ClusterIdentifier']
+            DBName = db['DBName']
+            arn = RedshiftCluster.arn(AWSRegion, OwnerId, name)
+            properties = { 'DBName': DBName, 'ARN': arn, 'OwnerId': OwnerId,
+                           'VpcId': db['VpcId'], 'ClusterInstanceIdentifier': name}
+            cluster = RedshiftCluster.create_or_update(properties)[0]
+            sys.stderr.write('INFO: loading redshift cluster {}\n'.format(name))
+
+            # remove old associations
+            for group in cluster.SecurityGroups:
+                cluster.SecurityGroups.disconnect(group)
+
+            for GroupId in map(lambda g: g['VpcSecurityGroupId'], db['VpcSecurityGroups']):
+                group = SecurityGroup.get_or_create({'ARN': SecurityGroup.arn(AWSRegion, OwnerId, GroupId)})[0]
+                sys.stderr.write('INFO: applying security group {} to cluster {}\n'.format(group.GroupId, name))
+                cluster.SecurityGroups.connect(group)
+

aws_visualizer/neo4j/rds.py

@@ -0,0 +1,80 @@
+import os
+import boto3
+from neomodel import *
+import logging
+
+
+
+class Permission(StructuredRel):
+    FromPort = IntegerProperty()
+    ToPort = IntegerProperty()
+    IpProtocol = StringProperty()
+
+class CIDR(StructuredNode):
+    CidrIp = StringProperty(unique=True)
+    grants = RelationshipFrom('SecurityGroup', 'GRANTED_BY', model=Permission)
+
+class SecurityGroup(StructuredNode):
+    ARN = StringProperty(unique_index=True)
+    OwnerId = StringProperty()
+    GroupId = StringProperty()
+    GroupName = StringProperty()
+    VpcIp = StringProperty()
+    CidrIpPermissions = RelationshipTo('CIDR', 'GRANTED_TO', model=Permission)
+    SecurityGroupPermissions = RelationshipTo('SecurityGroup', 'GRANTED_TO', model=Permission)
+
+    @staticmethod
+    def arn(region, owner_id, group_id):
+        return 'arn:aws:ec2:{}:{}:security-group/{}'.format(region, owner_id, group_id)
+
+
+def load():
+    log = logging.getLogger()
+    groups = {}
+    ec2 = boto3.client('ec2')
+    paginator = ec2.get_paginator('describe_security_groups')
+    pages = paginator.paginate()
+    for page in pages:
+        for sg in page['SecurityGroups']:
+            arn = SecurityGroup.arn(ec2.meta.region_name, sg['OwnerId'], sg['GroupId'])
+            groups[arn] = sg
+
+    for arn, sg in groups.items():
+        VpcId = sg['VpcId'] if 'VpcId' in sg else None
+        properties = {n: sg[n] for n in filter(lambda n: n in sg, ['GroupName', 'OwnerId', 'GroupId', 'VpcId'])}
+        properties['ARN'] = arn
+
+        security_group = SecurityGroup.create_or_update(properties)[0]
+        sys.stderr.write('storing security group {}\n'.format(security_group.GroupId))
+
+        for p in security_group.CidrIpPermissions:
+            security_group.CidrIpPermissions.disconnect(p)
+        for p in security_group.SecurityGroupPermissions:
+            security_group.SecurityGroupPermissions.disconnect(p)
+
+
+    for arn, sg in groups.items():
+        security_group = SecurityGroup.get_or_create({'ARN': arn})[0]
+        for p in sg['IpPermissions']:
+            permission = {n : p[n] for n in filter(lambda n : n in p, ['IpProtocol', 'FromPort', 'ToPort'])}
+            if VpcId is not None:
+                permission['VpcId'] = VpcId
+
+            for c in p['IpRanges']:
+                CidrIp = CIDR.get_or_create({'CidrIp': c['CidrIp']})[0]
+                security_group.CidrIpPermissions.connect(CidrIp, permission)
+
+            for c in p['Ipv6Ranges']:
+                CidrIp = CIDR.get_or_create({'CidrIp': c['CidrIpv6']})[0]
+                security_group.CidrIpPermissions.connect(CidrIp, permission)
+
+            for g in p['UserIdGroupPairs']:
+                properties = {}
+                properties['ARN'] = SecurityGroup.arn(ec2.meta.region_name, g['UserId'], g['GroupId'])
+                properties['OwnerId'] = g['UserId']
+                properties['GroupId'] = g['GroupId']
+                source_sg = SecurityGroup.get_or_create(properties)[0]
+                sys.stderr.write('grant IP permission {} from {} to {}\n'.format(permission, security_group.GroupId, source_sg.GroupId))
+                security_group.SecurityGroupPermissions.connect(source_sg, permission)
+
+

aws_visualizer/neo4j/redshift.py

@@ -0,0 +1,6 @@
+import boto3
+
+def get_account_id_and_region():
+    sts = boto3.client('sts')
+    return sts.get_caller_identity()['Account'], sts.meta.region_name
+