cartography icon indicating copy to clipboard operation
cartography copied to clipboard

Published 20 hours ago verified publisher icon lyft

AccountAccessKey no longer existing still being shown in Cartography

Open marco-lancini opened this issue 4 years ago • 4 comments

Description: I realised that AccountAccessKey might not be cleaned up properly at the end of each ingestion, as I've found multiple occurrences where Cartography stores a number of old AccountAccessKey not longer existing.

To Reproduce: One of the queries defined in the cartography-queries repo asks:

What AccountAccessKey have been created (to authenticate to AWSPrincipals)?

Here is a simplified version of that query:

MATCH (a:AWSAccount)-[:RESOURCE]->(p:AWSPrincipal)-[:AWS_ACCESS_KEY]->(k:AccountAccessKey) 
RETURN a.name, p.name, p.arn, k.accesskeyid 
ORDER BY a.name, p.name

At the moment, I can see the same set of AccountAccessKey replicated throughout each AWSPrincipal for a subset of AWSAccounts in my environment.

marco-lancini avatar Oct 12 '20 09:10 marco-lancini

It's possible that this path isn't matching in your environment:

https://github.com/lyft/cartography/blob/4fdc8518f546d8329669f23d1fe928a2158c52d9/cartography/data/jobs/cleanup/aws_import_account_access_key_cleanup.json#L3

A fix would make this match condition less restrictive.

achantavy avatar Oct 12 '20 23:10 achantavy

I wonder if in the query you pasted above we should replace AWSUser with AWSPrincipal. Or maybe even have both conditions. What do you think?

marco-lancini avatar Oct 13 '20 09:10 marco-lancini

I think we should replace with with AWSPrincipal.

achantavy avatar Oct 13 '20 17:10 achantavy

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

stale[bot] avatar Oct 31 '20 03:10 stale[bot]