altimeter

Graph AWS resources in Neptune

https://github.com/tableau/altimeter

Science Score: 13.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
  • DOI references
  • Academic publication links
  • Committers with academic emails
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (7.9%) to scientific vocabulary

Keywords

aws cloud graph infrastructure neptune python
Last synced: 6 months ago · JSON representation

Repository

Graph AWS resources in Neptune

Basic Info
  • Host: GitHub
  • Owner: tableau
  • License: mit
  • Language: Python
  • Default Branch: master
  • Size: 1.66 MB
Statistics
  • Stars: 87
  • Watchers: 12
  • Forks: 26
  • Open Issues: 13
  • Releases: 0
Topics
aws cloud graph infrastructure neptune python
Created over 6 years ago · Last pushed about 2 years ago
Metadata Files
Readme License

README.md

Altimeter

Community Supported GitHub

Python 3.8

Altimeter is a system to graph and scan AWS resources across multiple AWS Organizations and Accounts.

Altimeter generates RDF files which can be loaded into a triplestore such as AWS Neptune for querying.

Quickstart

Installation

pip install altimeter

Configuration

Altimeter's behavior is driven by a toml configuration file. A few sample configuration files are included in the conf/ directory:

  • current_single_account.toml - scans the current account - this is the account for which the environment's currently configured AWS CLI credentials are.
  • current_master_multi_account.toml - scans the current account and attempts to scan all organizational subaccounts - this configuration should be used if you are scanning all accounts in an organization. To do this the currently configured AWS CLI credentials should be pointing to an AWS Organizations master account.

To scan a subset of regions, set the region list parameter regions in the scan section to a list of region names.

Required IAM permissions

The following permissions are required for a scan of all supported resource types:

acm:DescribeCertificate
acm:ListCertificates
cloudtrail:DescribeTrails
dynamodb:DescribeContinuousBackups
dynamodb:DescribeTable
dynamodb:ListTables
ec2:DescribeFlowLogs
ec2:DescribeImages
ec2:DescribeInstances
ec2:DescribeInternetGateways
ec2:DescribeNetworkInterfaces
ec2:DescribeRegions
ec2:DescribeRouteTables
ec2:DescribeSecurityGroups
ec2:DescribeSnapshots
ec2:DescribeSubnets
ec2:DescribeTransitGatways
ec2:DescribeTransitGatwayAttachments
ec2:DescribeVolumes
ec2:DescribeVpcEndpoints
ec2:DescribeVpcEndpointServiceConfigurations
ec2:DescribeVpcPeeringConnections
ec2:DescribeTransitGatewayVpcAttachments
ec2:DescribeVpcs
elasticloadbalancing:DescribeLoadBalancers
elasticloadbalancing:DescribeLoadBalancerAttributes
elasticloadbalancing:DescribeTargetGroups
elasticloadbalancing:DescribeTargetGroupAttributes
elasticloadbalancing:DescribeTargetHealth
eks:ListClusters
events:ListRules
events:ListTargetsByRule
events:DescribeEventBus
guardduty:GetDetector
guardduty:GetMasterAccount
guardduty:ListDetectors
guardduty:ListMembers
iam:GetAccessKeyLastUsed
iam:GetAccountPasswordPolicy
iam:GetGroup
iam:GetGroupPolicy
iam:GetLoginProfile
iam:GetOpenIDConnectProvider
iam:GetPolicyVersion
iam:GetRolePolicy
iam:GetSAMLProvider
iam:GetUserPolicy
iam:ListAccessKeys
iam:ListAttachedGroupPolicies
iam:ListAttachedRolePolicies
iam:ListAttachedUserPolicies
iam:ListGroupPolicies
iam:ListGroups
iam:ListinstanceProfiles
iam:ListMFADevices
iam:ListOpenIDConnectProviders
iam:ListPolicies
iam:ListPolicies
iam:ListRolePolicies
iam:ListRoles
iam:ListSAMLProviders
iam:ListUserPolicies
iam:ListUsers
kms:ListKeys
lambda:ListFunctions
rds:DescribeDBInstances
rds:DescribeDBInstanceAutomatedBackups
rds:ListTagsForResource
rds:DescribeDBSnapshots
route53:ListHostedZones
route53:ListResourceRecordSets
s3:ListBuckets
s3:GetBucketLocation
s3:GetBucketEncryption
s3:GetBucketTagging
sts:GetCallerIdentity
support:DescribeSeverityLevels

Additionally if you are doing multi-account scanning via an MPA master account you will also need:

organizations:DescribeOrganization
organizations:ListAccounts
organizations:ListAccountsForParent
organizations:ListOrganizationalUnitsForParent
organizations:ListRoots

Generating the Graph

Assuming you have configured AWS CLI credentials (see https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html), run:

altimeter <path-to-config>

This will scan all resources in regions specified in the config file.

The full path to the generated RDF file will printed, for example:

Created /tmp/altimeter/20191018/1571425383/graph.rdf

This RDF file can then be loaded into a triplestore such as Neptune or Blazegraph for querying.

For more user documentation see https://tableau.github.io/altimeter/

Owner

  • Name: Tableau
  • Login: tableau
  • Kind: organization
  • Email: github@tableau.com
  • Location: Seattle, WA and around the world

On a mission to help people see and understand data. http://tableau.com

GitHub Events

Total
  • Watch event: 4
  • Fork event: 1
Last Year
  • Watch event: 4
  • Fork event: 1

Committers

Last synced: over 1 year ago

All Time
  • Total Commits: 229
  • Total Committers: 13
  • Avg Commits per committer: 17.615
  • Development Distribution Score (DDS): 0.419
Past Year
  • Commits: 9
  • Committers: 1
  • Avg Commits per committer: 9.0
  • Development Distribution Score (DDS): 0.0
Top Committers
Name Email Commits
Jon Michaelchuck j****k@t****m 133
Jon Michaelchuck 5****k 64
Kathleen Devlin k****v 8
Manel Montilla m****a@g****m 7
Jon Parten j****n@i****m 4
Cemito c****h@g****m 3
Roi Martin j****n@g****m 3
Jon Michaelchuck j****k@s****m 2
Aron Watson a****n@t****m 1
Jon Parten j****n@t****m 1
Zacharias Thompson z****n@t****m 1
James Baker j****r 1
bechbd b****d 1
Committer Domains (Top 20 + Academic)

Issues and Pull Requests

Last synced: 6 months ago

All Time
  • Total issues: 20
  • Total pull requests: 120
  • Average time to close issues: 11 months
  • Average time to close pull requests: 15 days
  • Total issue authors: 9
  • Total pull request authors: 8
  • Average comments per issue: 1.7
  • Average comments per pull request: 0.41
  • Merged pull requests: 84
  • Bot issues: 0
  • Bot pull requests: 27
Past Year
  • Issues: 0
  • Pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Issue authors: 0
  • Pull request authors: 0
  • Average comments per issue: 0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
Top Authors
Issue Authors
  • lllama (7)
  • jbmchuck (6)
  • oleksandr-yatsuk (1)
  • FreeWillaert (1)
  • automaticgiant (1)
  • dmoore247 (1)
  • mlazlo (1)
  • serencha (1)
  • jroimartin (1)
Pull Request Authors
  • jbmchuck (68)
  • dependabot[bot] (30)
  • manelmontilla (9)
  • katdev (4)
  • jroimartin (3)
  • Cemito (3)
  • jparten (1)
  • cobymc (1)
Top Labels
Issue Labels
4.0 (2) bug (1) 6.0.2 (1)
Pull Request Labels
dependencies (30) cla:signed (17) cla:missing (1)

Packages

  • Total packages: 1
  • Total downloads:
    • pypi 1,153 last-month
  • Total docker downloads: 185
  • Total dependent packages: 0
  • Total dependent repositories: 1
  • Total versions: 237
  • Total maintainers: 1
pypi.org: altimeter

Graph AWS resources in Neptune

  • Versions: 237
  • Dependent Packages: 0
  • Dependent Repositories: 1
  • Downloads: 1,153 Last month
  • Docker Downloads: 185
Rankings
Docker downloads count: 2.4%
Downloads: 6.5%
Forks count: 7.8%
Stargazers count: 8.1%
Average: 9.4%
Dependent packages count: 10.1%
Dependent repos count: 21.6%
Maintainers (1)
Last synced: 6 months ago

Dependencies

doc/requirements.in pypi
  • MarkupSafe ==2.0.1
  • jinja2 ==2.11.3
  • sphinx ==3.5.4
  • sphinx-autodoc-typehints ==1.12.0
doc/requirements.txt pypi
  • alabaster ==0.7.12
  • babel ==2.9.1
  • certifi ==2021.10.8
  • charset-normalizer ==2.0.12
  • docutils ==0.16
  • idna ==3.3
  • imagesize ==1.3.0
  • jinja2 ==2.11.3
  • markupsafe ==2.0.1
  • packaging ==21.3
  • pygments ==2.11.2
  • pyparsing ==3.0.7
  • pytz ==2021.3
  • requests ==2.27.1
  • snowballstemmer ==2.2.0
  • sphinx ==3.5.4
  • sphinx-autodoc-typehints ==1.12.0
  • sphinxcontrib-applehelp ==1.0.2
  • sphinxcontrib-devhelp ==1.0.2
  • sphinxcontrib-htmlhelp ==2.0.0
  • sphinxcontrib-jsmath ==1.0.1
  • sphinxcontrib-qthelp ==1.0.3
  • sphinxcontrib-serializinghtml ==1.1.5
  • urllib3 ==1.26.9
requirements.in pypi
  • MarkupSafe ==2.0.1
  • aws-requests-auth ==0.4.3
  • boto3 ==1.21.20
  • gremlinpython ==3.4.12
  • jinja2 ==2.11.3
  • pydantic ==1.8.2
  • rdflib ==6.0.2
  • structlog ==20.2.0
  • toml ==0.10.2
requirements.txt pypi
  • aenum ==2.2.6
  • aws-requests-auth ==0.4.3
  • boto3 ==1.21.20
  • botocore ==1.24.20
  • certifi ==2021.10.8
  • charset-normalizer ==2.0.12
  • gremlinpython ==3.4.12
  • idna ==3.3
  • isodate ==0.6.1
  • jinja2 ==2.11.3
  • jmespath ==0.10.0
  • markupsafe ==2.0.1
  • pydantic ==1.8.2
  • pyparsing ==3.0.7
  • python-dateutil ==2.8.2
  • rdflib ==6.0.2
  • requests ==2.27.1
  • s3transfer ==0.5.2
  • six ==1.16.0
  • structlog ==20.2.0
  • toml ==0.10.2
  • tornado ==5.1.1
  • typing-extensions ==4.1.1
  • urllib3 ==1.26.9
services/qj/requirements.in pypi
  • MarkupSafe ==2.0.1
  • alembic ==1.4.2
  • boto3 ==1.21.20
  • fastapi ==0.70.1
  • psycopg2-binary ==2.9.2
  • sqlalchemy ==1.3.24
  • uvicorn ==0.16.0
services/qj/requirements.txt pypi
  • alembic ==1.4.2
  • anyio ==3.5.0
  • asgiref ==3.5.0
  • boto3 ==1.21.20
  • botocore ==1.24.20
  • click ==8.0.4
  • fastapi ==0.70.1
  • h11 ==0.13.0
  • idna ==3.3
  • jmespath ==0.10.0
  • mako ==1.2.0
  • markupsafe ==2.0.1
  • psycopg2-binary ==2.9.2
  • pydantic ==1.9.0
  • python-dateutil ==2.8.2
  • python-editor ==1.0.4
  • s3transfer ==0.5.2
  • six ==1.16.0
  • sniffio ==1.2.0
  • sqlalchemy ==1.3.24
  • starlette ==0.16.0
  • typing-extensions ==4.1.1
  • urllib3 ==1.26.9
  • uvicorn ==0.16.0
setup.py pypi
  • MarkupSafe ==2.0.1
  • aws-requests-auth ==0.4.3
  • boto3 ==1.21.20
  • gremlinpython ==3.4.12
  • jinja2 ==2.11.3
  • pydantic ==1.8.2
  • rdflib ==6.0.2
  • structlog ==20.2.0
  • toml ==0.10.2
tests/requirements.in pypi
  • MarkupSafe ==2.0.1 test
  • alembic ==1.4.2 test
  • aws-sam-translator ==1.29.0 test
  • colorama ==0.4.1 test
  • coverage ==4.5.4 test
  • docker ==4.4.4 test
  • ecdsa ==0.14.1 test
  • moto ==2.2.19 test
  • pytest ==6.2.5 test
  • pytest-cov ==2.10.1 test
  • sqlalchemy ==1.3.24 test
tests/requirements.txt pypi
  • alembic ==1.4.2 test
  • attrs ==21.4.0 test
  • aws-sam-translator ==1.29.0 test
  • boto3 ==1.21.20 test
  • botocore ==1.24.20 test
  • certifi ==2021.10.8 test
  • cffi ==1.15.0 test
  • charset-normalizer ==2.0.12 test
  • colorama ==0.4.1 test
  • coverage ==4.5.4 test
  • cryptography ==36.0.2 test
  • docker ==4.4.4 test
  • ecdsa ==0.14.1 test
  • idna ==3.3 test
  • iniconfig ==1.1.1 test
  • jinja2 ==3.0.3 test
  • jmespath ==0.10.0 test
  • jsonschema ==3.2.0 test
  • mako ==1.2.0 test
  • markupsafe ==2.0.1 test
  • moto ==2.2.19 test
  • packaging ==21.3 test
  • pluggy ==1.0.0 test
  • py ==1.11.0 test
  • pycparser ==2.21 test
  • pyparsing ==3.0.7 test
  • pyrsistent ==0.18.1 test
  • pytest ==6.2.5 test
  • pytest-cov ==2.10.1 test
  • python-dateutil ==2.8.2 test
  • python-editor ==1.0.4 test
  • pytz ==2021.3 test
  • requests ==2.27.1 test
  • responses ==0.19.0 test
  • s3transfer ==0.5.2 test
  • six ==1.16.0 test
  • sqlalchemy ==1.3.24 test
  • toml ==0.10.2 test
  • urllib3 ==1.26.9 test
  • websocket-client ==1.3.1 test
  • werkzeug ==2.0.3 test
  • xmltodict ==0.12.0 test
.github/workflows/ci.yml actions
  • actions/checkout v1 composite
  • actions/setup-python v1 composite