performing-cloud-asset-inventory-with-cartography

# Performing Cloud Asset Inventory with Cartography ## Overview Cartography is a CNCF sandbox project (originally created at Lyft) that consolidates infrastructure assets and their relationships into a Neo4j graph database. It queries cloud APIs to discover resources, maps relationships between them, and enables security teams to identify attack paths, generate asset reports, and find areas for security improvement. The graph model reveals hidden connections such as IAM permission chains, network paths, and cross-account trust relationships. ## When to Use - When conducting security assessments that involve performing cloud asset inventory with cartography - When following incident response procedures for related security events - When performing scheduled security testing or auditing activities - When validating security controls through hands-on testing ## Prerequisites - Python 3.8+ - Neo4j 4.x or 5.x database - Cloud provider credentials (AWS, GCP, Azure) - Docker (optional, for Neo4j deployment) - Minimum 4GB RAM for Neo4j, more for large environments ## Installation ```bash # Install Cartography pip install cartography # Verify installation cartography --help ``` ### Deploy Neo4j with Docker ```bash docker run -d \ --name neo4j \ -p 7474:7474 -p 7687:7687 \ -e NEO4J_AUTH=neo4j/changethispassword \ -e NEO4J_PLUGINS='["apoc"]' \ -v neo4j_data:/data \ neo4j:5-community ``` ## Running Cartography ### Basic AWS Sync ```bash # Sync AWS account data ...