cartography icon indicating copy to clipboard operation
cartography copied to clipboard
verified publisher icon lyft

Add a relationship to AWS nodes that support tagging

Open ryan-lane opened this issue 4 years ago • 2 comments

Description:

We'd like to track down resources in our AWS infrastructure that should be tagged, but aren't. The issue right now is that it's very difficult to query for this in cartography, because not all nodes with a [RESOURCE] relationship are taggable, and even some that are taggable aren't tagged in cartography because we're not pulling in the tags.

It would be ideal to add an analysis job to resourcegroupstaggingapi.py that adds a [SUPPORTS_TAGGING] relationship to each node type we support.

ryan-lane avatar Jul 21 '21 09:07 ryan-lane

In this case, I believe the following query could return untagged resources:

MATCH (:AWSAccount)-[:RESOURCE]-(r)-[:SUPPORTS_TAGGING]
WHERE NOT (r)-[:TAGGED]-(:Tag)
RETURN r

ryan-lane avatar Jul 21 '21 09:07 ryan-lane

I'm now remembering that you need connected nodes for relationships, so the above relationship won't really work.

I know it may be a bit meta, but maybe we could have (Feature) nodes, that describe the feature type as the ID, and have a ()-[:SUPPORTS]-(Feature{id: "tags"}) relationship?

ryan-lane avatar Jul 26 '21 00:07 ryan-lane