AWS API

The AWS API allows to manage and control AWS account configurations and data source attachments for security scanning.

---

ListAWS

List AWS accounts registered in the project.

Endpoint

GET: /aws/list-aws/

Parameters

Name	Type	In	Required	Description
project_id	number	query	yes	Project ID
aws_id	number	query		AWS account ID for filtering
aws_account_id	string	query		12-digit AWS account ID for filtering

Code sample

curl -XGET \
    --header 'Authorization: Bearer xxx' \
    'https://{your-site}/api/v1/aws/list-aws/?project_id=1001&aws_account_id=123456789012'

Response

Status: 200 OK

{
  "data": {
    "aws": [
      {
        "aws_id": 1001,
        "name": "Production AWS Account",
        "project_id": 1001,
        "aws_account_id": "123456789012",
        "created_at": 1629337534,
        "updated_at": 1629337534
      }
    ]
  }
}

---

PutAWS

Insert or update AWS account configuration.

Endpoint

POST: /aws/put-aws/

Parameters

Name	Type	In	Required	Description
project_id	number	body	yes	Project ID
aws.name	string	body	yes	AWS account name
aws.project_id	number	body	yes	Project ID
aws.aws_account_id	string	body	yes	12-digit AWS account ID

Code sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id":1001, "aws":{"name":"Production AWS Account", "project_id":1001, "aws_account_id":"123456789012"}}' \
    'https://{your-site}/api/v1/aws/put-aws/'

Response

Status: 200 OK

{
  "data": {
    "aws": {
      "aws_id": 1001,
      "name": "Production AWS Account",
      "project_id": 1001,
      "aws_account_id": "123456789012",
      "created_at": 1629337534,
      "updated_at": 1629337534
    }
  }
}

---

DeleteAWS

Delete AWS account configuration.

Endpoint

POST: /aws/delete-aws/

Parameters

Name	Type	In	Required	Description
project_id	number	body	yes	Project ID
aws_id	number	body	yes	AWS account ID to delete

Code sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id":1001, "aws_id":1001}' \
    'https://{your-site}/api/v1/aws/delete-aws/'

Response

Status: 200 OK

{"data":{}}

---

ListDataSource

List available data sources for AWS scanning.

Endpoint

GET: /aws/list-datasource/

Parameters

Name	Type	In	Required	Description
project_id	number	query	yes	Project ID
aws_id	number	query		AWS account ID for filtering
data_source	string	query		Data source name for filtering

Code sample

curl -XGET \
    --header 'Authorization: Bearer xxx' \
    'https://{your-site}/api/v1/aws/list-datasource/?project_id=1001&aws_id=1001'

Response

Status: 200 OK

{
  "data": {
    "data_source": [
      {
        "aws_data_source_id": 1001,
        "data_source": "aws:guard-duty",
        "max_score": 10.0,
        "aws_id": 1001,
        "project_id": 1001,
        "assume_role_arn": "arn:aws:iam::123456789012:role/RiskenRole",
        "external_id": "unique-external-id",
        "status": 1,
        "status_detail": "OK",
        "scan_at": 1629337534,
        "specific_version": "v1.0.0"
      }
    ]
  }
}

---

AttachDataSource

Attach a data source to AWS account for scanning.

Endpoint

POST: /aws/attach-datasource/

Parameters

Name	Type	In	Required	Description
project_id	number	body	yes	Project ID
attach_data_source.aws_id	number	body	yes	AWS account ID
attach_data_source.aws_data_source_id	number	body	yes	AWS data source ID
attach_data_source.project_id	number	body	yes	Project ID
attach_data_source.assume_role_arn	string	body	yes	IAM role ARN for assume role
attach_data_source.external_id	string	body	yes	External ID for assume role
attach_data_source.status	number	body		Status (1: OK, 2: CONFIGURED, 3: IN_PROGRESS, 4: ERROR)
attach_data_source.status_detail	string	body		Status detail message
attach_data_source.scan_at	number	body		Last scan timestamp
attach_data_source.specific_version	string	body		Specific version

Code sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id":1001, "attach_data_source":{"aws_id":1001, "aws_data_source_id":1001, "project_id":1001, "assume_role_arn":"arn:aws:iam::123456789012:role/RiskenRole", "external_id":"unique-external-id", "status":1, "status_detail":"OK"}}' \
    'https://{your-site}/api/v1/aws/attach-datasource/'

Response

Status: 200 OK

{
  "data": {
    "data_source": {
      "aws_id": 1001,
      "aws_data_source_id": 1001,
      "project_id": 1001,
      "assume_role_arn": "arn:aws:iam::123456789012:role/RiskenRole",
      "external_id": "unique-external-id",
      "status": 1,
      "status_detail": "OK",
      "scan_at": 1629337534,
      "created_at": 1629337534,
      "updated_at": 1629337534,
      "specific_version": "v1.0.0"
    }
  }
}

---

DetachDataSource

Detach a data source from AWS account.

Endpoint

POST: /aws/detach-datasource/

Parameters

Name	Type	In	Required	Description
project_id	number	body	yes	Project ID
aws_id	number	body	yes	AWS account ID
aws_data_source_id	number	body	yes	AWS data source ID to detach

Code sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id":1001, "aws_id":1001, "aws_data_source_id":1001}' \
    'https://{your-site}/api/v1/aws/detach-datasource/'

Response

Status: 200 OK

{"data":{}}

---

InvokeScan

Trigger security scan for AWS data source.

Endpoint

POST: /aws/invoke-scan/

Parameters

Name	Type	In	Required	Description
project_id	number	body	yes	Project ID
aws_id	number	body	yes	AWS account ID
aws_data_source_id	number	body	yes	AWS data source ID to scan
scan_only	boolean	body		If true, only scan without storing results

Code sample

curl -XPOST \
    --header 'Authorization: Bearer xxx' \
    --header 'Content-Type: application/json' \
    --data '{"project_id":1001, "aws_id":1001, "aws_data_source_id":1001, "scan_only":false}' \
    'https://{your-site}/api/v1/aws/invoke-scan/'

Response

Status: 200 OK

```json {"data":{}}