.2 Network Interface (ENI) 建模CREATE (eni1:NetworkInterface { id: "eni-12345abc", name: "nat-gateway-eni-1a", type: "nat_gateway", private_ip: "10.0.1.100", private_dns: "ip-10-0-1-100.ec2.internal", subnet_id: "subnet-abc12345", vpc_id: "vpc-12345678", az: "cn-north-1a", security_groups: ["sg-nat12345"], source_dest_check: false, tag: { attached_resource: "nat-gateway", environment: "production" }, status: "in-use", created_at: datetime(), updated_at: datetime()});CREATE (eni2:NetworkInterface { id: "eni-67890def", name: "web-server-eni", type: "instance", private_ip: "10.0.1.50", private_dns: "ip-10-0-1-50.ec2.internal", subnet_id: "subnet-abc12345", vpc_id: "vpc-12345678", az: "cn-north-1a", security_groups: ["sg-web12345"], source_dest_check: true, tag: { attached_resource: "ec2_instance", environment: "production" }, status: "in-use", created_at: datetime(), updated_at: datetime()});// 8.3 NAT Gateway 建模CREATE (nat1:NatGateway { id: "nat-12345abc", name: "production-nat-1a", arn: "arn:aws:ec2:cn-north-1:123456789012:natgateway/nat-12345abc", public_ip: "54.123.45.67", private_ip: "10.0.1.100", associated_vpc: "vpc-12345678", associated_subnet: "subnet-abc12345", network_interface_id: "eni-12345abc", eip_allocation_id: "eipalloc-12345abc", tag: { environment: "production", purpose: "private_subnet_internet_access", tier: "networking" }, status: "available", created_at: datetime(), updated_at: datetime()});// 8.4 Security Group 建模CREATE (sg_web:SecurityGroup { id: "sg-web12345", name: "production-web-sg", description: "Security group for web servers", associated_vpc_id: "vpc-12345678", tag: { environment: "production", tier: "web", application: "frontend" }, status: "active", created_at: datetime(), updated_at: datetime()});CREATE (sg_app:SecurityGroup { id: "sg-app67890", name: "production-app-sg", description: "Security group for application servers", associated_vpc_id: "vpc-12345678", tag: { environment: "production", tier: "application", application: "backend" }, status: "active", created_at: datetime(), updated_at: datetime()});CREATE (sg_db:SecurityGroup { id: "sg-db11111", name: "production-db-sg", description: "Security group for database servers", associated_vpc_id: "vpc-12345678", tag: { environment: "production", tier: "database", application: "mysql" }, status: "active", created_at: datetime(), updated_at: datetime()});// 8.5 Security Rules 建模（独立节点）// Web Security Group RulesCREATE (rule1:SecurityRule { id: "rule-web-

14:51 · Aug 7, 2025 · Thu

.2 Network Interface (ENI) 建模
CREATE (eni1:NetworkInterface {
id: "eni-12345abc",
name: "nat-gateway-eni-1a",
type: "nat_gateway",
private_ip: "10.0.1.100",
private_dns: "ip-10-0-1-100.ec2.internal",
subnet_id: "subnet-abc12345",
vpc_id: "vpc-12345678",
az: "cn-north-1a",
security_groups: ["sg-nat12345"],
source_dest_check: false,
tag: {
attached_resource: "nat-gateway",
environment: "production"
},
status: "in-use",
created_at: datetime(),
updated_at: datetime()
});

CREATE (eni2:NetworkInterface {
id: "eni-67890def",
name: "web-server-eni",
type: "instance",
private_ip: "10.0.1.50",
private_dns: "ip-10-0-1-50.ec2.internal",
subnet_id: "subnet-abc12345",
vpc_id: "vpc-12345678",
az: "cn-north-1a",
security_groups: ["sg-web12345"],
source_dest_check: true,
tag: {
attached_resource: "ec2_instance",
environment: "production"
},
status: "in-use",
created_at: datetime(),
updated_at: datetime()
});

// 8.3 NAT Gateway 建模
CREATE (nat1:NatGateway {
id: "nat-12345abc",
name: "production-nat-1a",
arn: "arn:aws:ec2:cn-north-1:123456789012:natgateway/nat-12345abc",
public_ip: "54.123.45.67",
private_ip: "10.0.1.100",
associated_vpc: "vpc-12345678",
associated_subnet: "subnet-abc12345",
network_interface_id: "eni-12345abc",
eip_allocation_id: "eipalloc-12345abc",
tag: {
environment: "production",
purpose: "private_subnet_internet_access",
tier: "networking"
},
status: "available",
created_at: datetime(),
updated_at: datetime()
});

// 8.4 Security Group 建模
CREATE (sg_web:SecurityGroup {
id: "sg-web12345",
name: "production-web-sg",
description: "Security group for web servers",
associated_vpc_id: "vpc-12345678",
tag: {
environment: "production",
tier: "web",
application: "frontend"
},
status: "active",
created_at: datetime(),
updated_at: datetime()
});

CREATE (sg_app:SecurityGroup {
id: "sg-app67890",
name: "production-app-sg",
description: "Security group for application servers",
associated_vpc_id: "vpc-12345678",
tag: {
environment: "production",
tier: "application",
application: "backend"
},
status: "active",
created_at: datetime(),
updated_at: datetime()
});

CREATE (sg_db:SecurityGroup {
id: "sg-db11111",
name: "production-db-sg",
description: "Security group for database servers",
associated_vpc_id: "vpc-12345678",
tag: {
environment: "production",
tier: "database",
application: "mysql"
},
status: "active",
created_at: datetime(),
updated_at: datetime()
});

// 8.5 Security Rules 建模（独立节点）
// Web Security Group Rules
CREATE (rule1:SecurityRule {
id: "rule-web-http-in",
direction: "inbound",
protocol: "tcp",
port_range: "80",
source_type: "cidr",
source: "0.0.0.0/0",
description: "HTTP from anywhere",
rule_action: "allow",
status: "active",
created_at: datetime(),
updated_at: datetime()
});

CREATE (rule2:SecurityRule {
id: "rule-web-https-in",
direction: "inbound",
protocol: "tcp",
port_range: "443",
source_type: "cidr",
source: "0.0.0.0/0",
description: "HTTPS from anywhere",
rule_action: "allow",
status: "active",
created_at: datetime(),
updated_at: datetime()
});

CREATE (rule3:SecurityRule {
id: "rule-web-all-out",
direction: "outbound",
protocol: "all",
port_range: "all",
source_type: "cidr",
source: "0.0.0.0/0",
description: "All outbound traffic",
rule_action: "allow",
status: "active",
created_at: datetime(),
updated_at: datetime()
});

// App Security Group Rules
CREATE (rule4:SecurityRule {
id: "rule-app-from-web",
direction: "inbound",
protocol: "tcp",
port_range: "8080",
source_type: "security_group",
source: "sg-web12345",
description: