Cloud Connect AWS
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Search for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria | ||||
|
Retrieve a set of Global Settings which are applicable to all provisioned AWS accounts | ||||
|
Retrieve a set of AWS Accounts by specifying their IDs | ||||
|
Provision AWS Accounts by specifying details about the accounts to provision | ||||
|
Delete a set of AWS Accounts by specifying their IDs | ||||
|
Update AWS Accounts by specifying the ID of the account and details to update | ||||
|
Create or update Global Settings which are applicable to all provisioned AWS accounts | ||||
|
Performs an Access Verification check on the specified AWS Account IDs | ||||
|
Search for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria | ||||
Search for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria
query_aws_accounts
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Datatype | Description |
|---|---|---|---|---|---|
| limit |
 |
|
query | integer | The maximum records to return. [1-500]. Defaults to 100. |
| offset |
|
|
query | integer | The offset to start retrieving records from. |
| sort |
|
|
query | string | The property to sort by (e.g. alias.desc or state.asc). |
| filter |
|
|
query | string | The filter expression that should be used to limit the results. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.query_aws_accounts(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.QueryAWSAccounts(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("QueryAWSAccounts",
limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)Retrieve a set of Global Settings which are applicable to all provisioned AWS accounts
get_aws_settings
- Consumes: application/json
- Produces: application/json
No keywords or arguments accepted.
from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.get_aws_settings()
print(response)from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.GetAWSSettings()
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("GetAWSSettings")
print(response)Retrieve a set of AWS Accounts by specifying their IDs
get_aws_accounts
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Datatype | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | IDs of accounts to retrieve details. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_aws_accounts(ids=id_list)
print(response)from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetAWSAccounts(ids=id_list)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetAWSAccounts", ids=id_list)
print(response)Provision AWS Accounts by specifying details about the accounts to provision
provision_aws_accounts
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Datatype | Description |
|---|---|---|---|---|---|
| body |
|
 |
body | string | Full BODY payload in JSON format. |
| cloudtrail_bucket_owner_id |
|
 |
body | string | AWS IAM IAD for Cloudtrail bucket owner. (ARN format) |
| cloudtrail_bucket_region |
|
|
body | string | AWS region for Cloudtrail bucket. |
| external_id |
|
|
body | string | Shared external ID to use for AWS cross-account role. |
| iam_role_arn |
|
|
body | string | ARN for the IAM role to use as the cross-account role. |
| id |
|
|
body | string | AWS account ID to provision. |
| mode |
|
|
query | string | Mode for provisioning. Allowed values are manual or cloudformation. Defaults to manual if not defined. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
| rate_limit_req |
|
|
body | integer | Rate limit count. |
| rate_limit_time |
|
|
body | integer | Rate limit timestamp. |
from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.provision_aws_accounts(mode="string",
cloudtrail_bucket_owner_id="string",
cloudtrail_bucket_region="string",
external_id="string",
iam_role_arn="string",
id="string",
rate_limit_req=integer,
rate_limit_time=integer
)
print(response)from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.ProvisionAWSAccounts(mode="string",
cloudtrail_bucket_owner_id="string",
cloudtrail_bucket_region="string",
external_id="string",
iam_role_arn="string",
id="string",
rate_limit_req=integer,
rate_limit_time=integer
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"resources": [
{
"cloudtrail_bucket_owner_id": "string",
"cloudtrail_bucket_region": "string",
"external_id": "string",
"iam_role_arn": "string",
"id": "string",
"rate_limit_reqs": integer,
"rate_limit_time": integer
}
]
}
response = falcon.command("ProvisionAWSAccounts", mode="string", body=BODY)
print(response)Delete a set of AWS Accounts by specifying their IDs
delete_aws_accounts
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Datatype | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | IDs of accounts to remove |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_aws_accounts(ids=id_list)
print(response)from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteAWSAccounts(ids=id_list)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteAWSAccounts", ids=id_list)
print(response)Update AWS Accounts by specifying the ID of the account and details to update
update_aws_accounts
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Datatype | Description |
|---|---|---|---|---|---|
| body |
|
|
body | string | Full BODY payload in JSON format. |
| cloudtrail_bucket_owner_id |
|
|
body | string | AWS IAM IAD for Cloudtrail bucket owner. (ARN format) |
| cloudtrail_bucket_region |
|
|
body | string | AWS region for Cloudtrail bucket. |
| external_id |
|
|
body | string | Shared external ID to use for AWS cross-account role. |
| iam_role_arn |
|
|
body | string | ARN for the IAM role to use as the cross-account role. |
| id |
|
|
body | string | AWS account ID to provision. |
| rate_limit_req |
|
|
body | integer | Rate limit count. |
| rate_limit_time |
|
|
body | integer | Rate limit timestamp. |
from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.update_aws_accounts(cloudtrail_bucket_owner_id="string",
cloudtrail_bucket_region="string",
external_id="string",
iam_role_arn="string",
id="string",
rate_limit_req=integer,
rate_limit_time=integer
)
print(response)from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.UpdateAWSAccounts(cloudtrail_bucket_owner_id="string",
cloudtrail_bucket_region="string",
external_id="string",
iam_role_arn="string",
id="string",
rate_limit_req=integer,
rate_limit_time=integer
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"resources": [
{
"cloudtrail_bucket_owner_id": "string",
"cloudtrail_bucket_region": "string",
"external_id": "string",
"iam_role_arn": "string",
"id": "string",
"rate_limit_reqs": integer,
"rate_limit_time": integer
}
]
}
response = falcon.command("UpdateAWSAccounts", body=BODY)
print(response)Create or update Global Settings which are applicable to all provisioned AWS accounts
create_or_update_aws_settings
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Datatype | Description |
|---|---|---|---|---|---|
| body |
|
|
body | string | Full BODY payload in JSON format. |
| cloudtrail_bucket_owner_id |
|
|
body | string | AWS IAM IAD for Cloudtrail bucket owner. (ARN format) |
| static_external_id |
|
|
body | string | New external ID to use for the AWS cross-account role. |
from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.create_or_update_aws_settings(cloudtrail_bucket_owner_id="string"
static_external_id="string"
)
print(response)from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.CreateOrUpdateAWSSettings(cloudtrail_bucket_owner_id="string"
static_external_id="string"
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"resources": [
{
"cloudtrail_bucket_owner_id": "string",
"static_external_id": "string"
}
]
}
response = falcon.command("CreateOrUpdateAWSSettings", body=BODY)
print(response)Performs an Access Verification check on the specified AWS Account IDs
verify_aws_account_access
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Datatype | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | IDs of accounts to verify access on. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.verify_aws_account_access(ids=id_list)
print(response)from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.VerifyAWSAccountAccess(ids=id_list)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("VerifyAWSAccountAccess", ids=id_list)
print(response)Search for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria
query_aws_accounts_for_ids
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Datatype | Description |
|---|---|---|---|---|---|
| limit |
|
|
query | integer | The maximum records to return. [1-500]. Defaults to 100. |
| offset |
|
|
query | integer | The offset to start retrieving records from. |
| sort |
|
|
query | string | The property to sort by (e.g. alias.desc or state.asc). |
| filter |
|
|
query | string | The filter expression that should be used to limit the results. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.query_aws_accounts_for_ids(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.QueryAWSAccountsForIDs(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("QueryAWSAccountsForIDs",
limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- ASPM
- Certificate Based Exclusions
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Compliance Assessments
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- DataScanner
- Delivery Settings
- Detects
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
