Cloud Account Management

Panther API cloud account management operations

Overview

The Panther API supports the following cloud account operations:

Listing your cloud account integrations
Fetching the details of a particular cloud account integration
Creating a new cloud account integration
Updating an existing cloud account integration
Deleting a cloud account integration

You can invoke Panther's API by using your Console's API Playground, or the GraphQL-over-HTTP API. Learn more about these methods on Panther API.

See Cloud Security Scanning to learn more about how to monitor cloud resource configurations with Panther.

Common cloud account operations

Below are some of the most common GraphQL cloud account operations in Panther. These examples demonstrate the documents you have to send using a GraphQL client (or curl) to make a call to Panther's GraphQL API.

Listing cloud accounts

query cloudAccounts {
  cloudAccounts {
    edges {
      node {
        awsAccountId
        awsRegionIgnoreList
        awsScanConfig {
          auditRole
        }
        awsStackName
        createdAt
        createdBy {
          ... on User {
            id
          }
          ... on APIToken {
            id
          }
        }
        id
        isEditable
        isRealtimeScanningEnabled
        label
        lastModifiedAt
        resourceRegexIgnoreList
        resourceTypeIgnoreList
      }
    }
  }
}

Retrieving a cloud account

query cloudAccount {
  cloudAccount(id:"CLOUD_ACCOUNT_ID") {
    awsAccountId
    awsRegionIgnoreList
    awsScanConfig {
      auditRole
    }
    awsStackName
    createdAt
    createdBy {
      ... on User {
        id
      }
      ... on APIToken {
        id
      }
    }
    id
    isEditable
    isRealtimeScanningEnabled
    label
    lastModifiedAt
    resourceRegexIgnoreList
    resourceTypeIgnoreList
  }
}

Creating a cloud account

Panther's Cloud Security Scanning is automatically enabled when you onboard a cloud account using CreateCloudAccount. Note, however, that you'll still need to create an IAM role for Panther in your AWS account.

mutation CreateCloudAccount {
  createCloudAccount(input: {
    awsAccountId: "AWS_ACCOUNT_ID"
    awsScanConfig: {
      auditRole: "AUDIT_ROLE"
    }
    label: "new cloud account source"
  }) {
    cloudAccount {
      id
    }
  }
}

Updating a cloud account

mutation UpdateCloudAccount {
  updateCloudAccount(
    input: {
      awsRegionIgnoreList: [
        "us-west-1"
      ]
      awsScanConfig: {
        auditRole: "ROLE_ARN"
      }
      id:"CLOUD_ACCOUNT_INTEGRATION_ID"
      label: "some updated label"
      resourceRegexIgnoreList: [".*west-1*"]
      resourceTypeIgnoreList: ["AWS.KMS.Key"]
  }) {
    cloudAccount {
      id
    }
  }
}

Deleting a cloud account

mutation DeleteCloudAccount {
  deleteCloudAccount(input: {id: "CLOUD_ACCOUNT_ID"}) {
    id
  }
}

PreviousAlerts & Errors NextData Lake Queries

Last updated 11 months ago