# Cloud Account Management ## Overview The Panther API supports the following cloud account operations: * Listing your cloud account integrations * Fetching the details of a particular cloud account integration * Creating a new cloud account integration * Updating an existing cloud account integration * Deleting a cloud account integration You can invoke Panther's API by using your Console's API Playground, or the GraphQL-over-HTTP API. Learn more about these methods on [Panther API](https://docs.panther.com/panther-developer-workflows/api/..#step-1-choose-a-method-for-invoking-the-api). See [Cloud Security Scanning](https://docs.panther.com/cloud-scanning) to learn more about how to monitor cloud resource configurations with Panther. ## Common cloud account operations Below are some of the most common GraphQL cloud account operations in Panther. These examples demonstrate the documents you have to send using a GraphQL client (or `curl`) to make a call to Panther's GraphQL API. #### Listing cloud accounts ```graphql query cloudAccounts { cloudAccounts { edges { node { awsAccountId awsRegionIgnoreList awsScanConfig { auditRole } awsStackName createdAt createdBy { ... on User { id } ... on APIToken { id } } id isEditable isRealtimeScanningEnabled label lastModifiedAt resourceRegexIgnoreList resourceTypeIgnoreList } } } } ``` #### Retrieving a cloud account ```graphql query cloudAccount { cloudAccount(id:"CLOUD_ACCOUNT_ID") { awsAccountId awsRegionIgnoreList awsScanConfig { auditRole } awsStackName createdAt createdBy { ... on User { id } ... on APIToken { id } } id isEditable isRealtimeScanningEnabled label lastModifiedAt resourceRegexIgnoreList resourceTypeIgnoreList } } ``` #### Creating a cloud account Panther's [Cloud Security Scanning](https://docs.panther.com/cloud-scanning) is automatically enabled when you onboard a cloud account using `CreateCloudAccount`. Note, however, that you'll still need to [create an IAM role for Panther in your AWS account](https://docs.panther.com/cloud-scanning#creating-an-iam-role-manually-or-with-other-automation). ```graphql mutation CreateCloudAccount { createCloudAccount(input: { awsAccountId: "AWS_ACCOUNT_ID" awsScanConfig: { auditRole: "AUDIT_ROLE" } label: "new cloud account source" }) { cloudAccount { id } } } ``` #### Updating a cloud account ```graphql mutation UpdateCloudAccount { updateCloudAccount( input: { awsRegionIgnoreList: [ "us-west-1" ] awsScanConfig: { auditRole: "ROLE_ARN" } id:"CLOUD_ACCOUNT_INTEGRATION_ID" label: "some updated label" resourceRegexIgnoreList: [".*west-1*"] resourceTypeIgnoreList: ["AWS.KMS.Key"] }) { cloudAccount { id } } } ``` #### Deleting a cloud account ```graphql mutation DeleteCloudAccount { deleteCloudAccount(input: {id: "CLOUD_ACCOUNT_ID"}) { id } } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.panther.com/panther-developer-workflows/api/graphql/cloud-account.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.