Add route to igw support + tests

Signed-off-by: Alex Chantavy <alex@subimage.io>

Author: achantavy

cartography/models/aws/ec2/routes.py

@@ -50,9 +50,27 @@ class RouteToAWSAccount(CartographyRelSchema):
     properties: RouteToAwsAccountRelProperties = RouteToAwsAccountRelProperties()
 
 
+@dataclass(frozen=True)
+class RouteToInternetGatewayRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class RouteToInternetGateway(CartographyRelSchema):
+    target_node_label: str = 'AWSInternetGateway'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('gateway_id')},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ROUTES_TO_GATEWAY"
+    properties: RouteToInternetGatewayRelProperties = RouteToInternetGatewayRelProperties()
+
+
 @dataclass(frozen=True)
 class RouteSchema(CartographyNodeSchema):
     label: str = 'EC2Route'
     properties: RouteNodeProperties = RouteNodeProperties()
     sub_resource_relationship: RouteToAWSAccount = RouteToAWSAccount()
-    other_relationships: OtherRelationships = OtherRelationships([])
+    other_relationships: OtherRelationships = OtherRelationships([
+        RouteToInternetGateway(),
+    ])

docs/root/modules/aws/schema.md

@@ -1320,6 +1320,13 @@ Representation of an AWS EC2 [Subnet](https://docs.aws.amazon.com/AWSEC2/latest/
         (EC2RouteTableAssociation)-[ASSOCIATED_WITH_IGW_FOR_INGRESS]->(AWSInternetGateway)
         ```
 
+- EC2Route routes to an AWSInternetGateway. In most cases this tells AWS "to reach the internet, use this IGW".
+
+        ```
+        (EC2Route)-[ROUTES_TO_GATEWAY]->(AWSInternetGateway)
+        ```
+
+
 ### ECRRepository
 
 Representation of an AWS Elastic Container Registry [Repository](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Repository.html).
@@ -3660,3 +3667,9 @@ Representation of an AWS [EC2 Route](https://docs.aws.amazon.com/AWSEC2/latest/A
         ```
         (EC2RouteTable)-[CONTAINS]->(EC2Route)
         ```
+
+- EC2Route routes to an AWSInternetGateway. In most cases this tells AWS "to reach the internet, use this IGW".
+
+        ```
+        (EC2Route)-[ROUTES_TO_GATEWAY]->(AWSInternetGateway)
+        ```

tests/integration/cartography/intel/aws/ec2/test_ec2_route_tables.py

@@ -220,3 +220,17 @@ def test_sync_route_tables(mock_get_vpcs, mock_get_gateways, mock_get_route_tabl
     ) == {
         ("rtbassoc-ddddddddddddddddd", "igw-013cb"),
     }
+
+    # Assert route table to internet gateway relationships
+    assert check_rels(
+        neo4j_session,
+        'EC2Route',
+        'id',
+        'AWSInternetGateway',
+        'id',
+        'ROUTES_TO_GATEWAY',
+        rel_direction_right=True,
+    ) == {
+        ("rtb-aaaaaaaaaaaaaaaaa|0.0.0.0/0", "igw-0387"),
+        ("rtb-bbbbbbbbbbbbbbbbb|0.0.0.0/0", "igw-0387"),
+    }