graph LR
CLI_Orchestration_Layer["CLI & Orchestration Layer"]
AWS_Data_Ingestion_Graph_Construction["AWS Data Ingestion & Graph Construction"]
Graph_Core_Persistence["Graph Core & Persistence"]
Policy_Simulation_Authorization_Engine["Policy Simulation & Authorization Engine"]
Graph_Query_Analysis_Interface["Graph Query & Analysis Interface"]
Risk_Analysis_Reporting["Risk Analysis & Reporting"]
Graph_Visualization_Export["Graph Visualization Export"]
CLI_Orchestration_Layer -- "initiates data collection" --> AWS_Data_Ingestion_Graph_Construction
CLI_Orchestration_Layer -- "triggers graph loading/saving" --> Graph_Core_Persistence
CLI_Orchestration_Layer -- "submits queries" --> Graph_Query_Analysis_Interface
CLI_Orchestration_Layer -- "requests risk assessments" --> Risk_Analysis_Reporting
AWS_Data_Ingestion_Graph_Construction -- "stores graph data" --> Graph_Core_Persistence
Graph_Core_Persistence -- "provides graph data" --> Graph_Query_Analysis_Interface
Graph_Core_Persistence -- "provides graph data" --> Risk_Analysis_Reporting
Graph_Query_Analysis_Interface -- "requests policy evaluation" --> Policy_Simulation_Authorization_Engine
Risk_Analysis_Reporting -- "utilizes policy simulation" --> Policy_Simulation_Authorization_Engine
Graph_Query_Analysis_Interface -- "sends query results" --> Graph_Visualization_Export
Risk_Analysis_Reporting -- "sends risk paths" --> Graph_Visualization_Export
click CLI_Orchestration_Layer href "https://github.com/CodeBoarding/GeneratedOnBoardings/blob/main/PMapper/CLI_Orchestration_Layer.md" "Details"
click AWS_Data_Ingestion_Graph_Construction href "https://github.com/CodeBoarding/GeneratedOnBoardings/blob/main/PMapper/AWS_Data_Ingestion_Graph_Construction.md" "Details"
click Graph_Core_Persistence href "https://github.com/CodeBoarding/GeneratedOnBoardings/blob/main/PMapper/Graph_Core_Persistence.md" "Details"
click Policy_Simulation_Authorization_Engine href "https://github.com/CodeBoarding/GeneratedOnBoardings/blob/main/PMapper/Policy_Simulation_Authorization_Engine.md" "Details"
click Graph_Query_Analysis_Interface href "https://github.com/CodeBoarding/GeneratedOnBoardings/blob/main/PMapper/Graph_Query_Analysis_Interface.md" "Details"
click Risk_Analysis_Reporting href "https://github.com/CodeBoarding/GeneratedOnBoardings/blob/main/PMapper/Risk_Analysis_Reporting.md" "Details"
The principalmapper project is structured around a core set of components designed to ingest AWS IAM and resource data, construct a comprehensive graph representation, and enable powerful analysis and visualization capabilities. The CLI & Orchestration Layer serves as the primary entry point, managing user interactions and orchestrating workflows across the system. It initiates data collection via the AWS Data Ingestion & Graph Construction component, which populates the Graph Core & Persistence layer with structured IAM data. This core graph data is then leveraged by the Graph Query & Analysis Interface for interactive querying and by the Risk Analysis & Reporting component for identifying security vulnerabilities. Both analysis components rely on the Policy Simulation & Authorization Engine to evaluate IAM policies and determine access permissions. Finally, the Graph Visualization Export component facilitates the external visualization of the IAM graph and analysis findings, enabling users to gain visual insights into their AWS environment's security posture.
CLI & Orchestration Layer [Expand]
The primary user interface, responsible for parsing command-line arguments, managing the interactive shell, and orchestrating the execution flow across other core components. It acts as the central control point for user-initiated operations.
Related Classes/Methods:
pmapperprincipalmapper.__main__principalmapper.analysis.cliprincipalmapper.graphing.graph_cliprincipalmapper.graphing.orgs_cliprincipalmapper.querying.repl
AWS Data Ingestion & Graph Construction [Expand]
Collects raw AWS IAM and resource configuration data from various AWS services (IAM, EC2, Lambda, Organizations, etc.) and transforms it into a structured graph representation. This component is crucial for building the foundational data model.
Related Classes/Methods:
principalmapper.graphing.gatheringprincipalmapper.graphing.iam_edgesprincipalmapper.graphing.ec2_edgesprincipalmapper.graphing.lambda_edgesprincipalmapper.graphing.cross_account_edgesprincipalmapper.graphing.autoscaling_edgesprincipalmapper.graphing.cloudformation_edgesprincipalmapper.graphing.codebuild_edgesprincipalmapper.graphing.sagemaker_edgesprincipalmapper.graphing.ssm_edgesprincipalmapper.graphing.sts_edgesprincipalmapper.common.org_trees
Graph Core & Persistence [Expand]
Manages the in-memory representation of the IAM graph and handles its persistence (loading from and saving to various storage formats). It provides the fundamental data structures and operations for graph manipulation.
Related Classes/Methods:
principalmapper.common.graphsprincipalmapper.graphing.graph_actionsprincipalmapper.util.storageprincipalmapper.common.nodesprincipalmapper.common.edges
Policy Simulation & Authorization Engine [Expand]
The core logic for simulating AWS IAM policy evaluation. It determines authorization decisions based on principals, actions, resources, and conditions, providing the foundational capability for security analysis.
Related Classes/Methods:
Graph Query & Analysis Interface [Expand]
Provides a structured interface for querying the IAM graph and performing authorization checks. It translates user queries or internal analysis requests into graph traversals and leverages the Policy Simulation Engine for authorization decisions.
Related Classes/Methods:
principalmapper.querying.query_actionsprincipalmapper.querying.query_interfaceprincipalmapper.querying.query_utilsprincipalmapper.querying.presetsprincipalmapper.querying.query_orgs
Risk Analysis & Reporting [Expand]
Identifies common AWS IAM security risks and misconfigurations within the graph. It leverages the graph structure and policy simulation capabilities to detect vulnerabilities and generates structured findings and reports.
Related Classes/Methods:
principalmapper.analysis.find_risksprincipalmapper.analysis.findingprincipalmapper.analysis.report
Converts the internal graph representation or specific query results into external formats (e.g., GraphML) suitable for visualization tools. This component enables users to visually inspect the IAM graph and analysis findings.
Related Classes/Methods: