コンテンツにスキップ

AWS API

The AWS API allows to manage and control AWS account configurations and data source attachments for security scanning.


ListAWS

List AWS accounts registered in the project.

Endpoint

GET: /aws/list-aws/

Parameters

Name Type In Required Description
project_id number query yes Project ID
aws_id number query AWS account ID for filtering
aws_account_id string query 12-digit AWS account ID for filtering

Code sample

curl -XGET \
    --header 'Authorization: Bearer xxx' \
    'https://{your-site}/api/v1/aws/list-aws/?project_id=1001&aws_account_id=123456789012'

Response

Status: 200 OK
{
  "data": {
    "aws": [
      {
        "aws_id": 1001,
        "name": "Production AWS Account",
        "project_id": 1001,
        "aws_account_id": "123456789012",
        "created_at": 1629337534,
        "updated_at": 1629337534
      }
    ]
  }
}

PutAWS

Insert or update AWS account configuration.

Endpoint

POST: /aws/put-aws/

Parameters

Name Type In Required Description
project_id number body yes Project ID
aws.name string body yes AWS account name
aws.project_id number body yes Project ID
aws.aws_account_id string body yes 12-digit AWS account ID

Code sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id":1001, "aws":{"name":"Production AWS Account", "project_id":1001, "aws_account_id":"123456789012"}}' \
    'https://{your-site}/api/v1/aws/put-aws/'

Response

Status: 200 OK
{
  "data": {
    "aws": {
      "aws_id": 1001,
      "name": "Production AWS Account",
      "project_id": 1001,
      "aws_account_id": "123456789012",
      "created_at": 1629337534,
      "updated_at": 1629337534
    }
  }
}

DeleteAWS

Delete AWS account configuration.

Endpoint

POST: /aws/delete-aws/

Parameters

Name Type In Required Description
project_id number body yes Project ID
aws_id number body yes AWS account ID to delete

Code sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id":1001, "aws_id":1001}' \
    'https://{your-site}/api/v1/aws/delete-aws/'

Response

Status: 200 OK
{"data":{}}

ListDataSource

List available data sources for AWS scanning.

Endpoint

GET: /aws/list-datasource/

Parameters

Name Type In Required Description
project_id number query yes Project ID
aws_id number query AWS account ID for filtering
data_source string query Data source name for filtering

Code sample

curl -XGET \
    --header 'Authorization: Bearer xxx' \
    'https://{your-site}/api/v1/aws/list-datasource/?project_id=1001&aws_id=1001'

Response

Status: 200 OK
{
  "data": {
    "data_source": [
      {
        "aws_data_source_id": 1001,
        "data_source": "aws:guard-duty",
        "max_score": 10.0,
        "aws_id": 1001,
        "project_id": 1001,
        "assume_role_arn": "arn:aws:iam::123456789012:role/RiskenRole",
        "external_id": "unique-external-id",
        "status": 1,
        "status_detail": "OK",
        "scan_at": 1629337534,
        "specific_version": "v1.0.0"
      }
    ]
  }
}

AttachDataSource

Attach a data source to AWS account for scanning.

Endpoint

POST: /aws/attach-datasource/

Parameters

Name Type In Required Description
project_id number body yes Project ID
attach_data_source.aws_id number body yes AWS account ID
attach_data_source.aws_data_source_id number body yes AWS data source ID
attach_data_source.project_id number body yes Project ID
attach_data_source.assume_role_arn string body yes IAM role ARN for assume role
attach_data_source.external_id string body yes External ID for assume role
attach_data_source.status number body Status (1: OK, 2: CONFIGURED, 3: IN_PROGRESS, 4: ERROR)
attach_data_source.status_detail string body Status detail message
attach_data_source.scan_at number body Last scan timestamp
attach_data_source.specific_version string body Specific version

Code sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id":1001, "attach_data_source":{"aws_id":1001, "aws_data_source_id":1001, "project_id":1001, "assume_role_arn":"arn:aws:iam::123456789012:role/RiskenRole", "external_id":"unique-external-id", "status":1, "status_detail":"OK"}}' \
    'https://{your-site}/api/v1/aws/attach-datasource/'

Response

Status: 200 OK
{
  "data": {
    "data_source": {
      "aws_id": 1001,
      "aws_data_source_id": 1001,
      "project_id": 1001,
      "assume_role_arn": "arn:aws:iam::123456789012:role/RiskenRole",
      "external_id": "unique-external-id",
      "status": 1,
      "status_detail": "OK",
      "scan_at": 1629337534,
      "created_at": 1629337534,
      "updated_at": 1629337534,
      "specific_version": "v1.0.0"
    }
  }
}

DetachDataSource

Detach a data source from AWS account.

Endpoint

POST: /aws/detach-datasource/

Parameters

Name Type In Required Description
project_id number body yes Project ID
aws_id number body yes AWS account ID
aws_data_source_id number body yes AWS data source ID to detach

Code sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id":1001, "aws_id":1001, "aws_data_source_id":1001}' \
    'https://{your-site}/api/v1/aws/detach-datasource/'

Response

Status: 200 OK
{"data":{}}

InvokeScan

Trigger security scan for AWS data source.

Endpoint

POST: /aws/invoke-scan/

Parameters

Name Type In Required Description
project_id number body yes Project ID
aws_id number body yes AWS account ID
aws_data_source_id number body yes AWS data source ID to scan
scan_only boolean body If true, only scan without storing results

Code sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id":1001, "aws_id":1001, "aws_data_source_id":1001, "scan_only":false}' \
    'https://{your-site}/api/v1/aws/invoke-scan/'

Response

Status: 200 OK

```json {"data":{}}