Links

Cloud Account Management

Panther API cloud account management operations

Overview

The Panther API supports the following cloud account operations:
  • Listing your cloud account integrations
  • Fetching the details of a particular cloud account integration
  • Creating a new cloud account integration
  • Updating an existing cloud account integration
  • Deleting a cloud account integration
You can invoke Panther's API by using your Console's API Playground, or the GraphQL-over-HTTP API. Learn more about these methods on Panther API.
See Cloud Security Scanning to learn more about how to monitor cloud resource configurations with Panther.

Common cloud account operations

Below are some of the most common GraphQL cloud account operations in Panther. These examples demonstrate the documents you have to send using a GraphQL client (or curl) to make a call to Panther's GraphQL API.

Listing cloud accounts

query cloudAccounts {
cloudAccounts {
edges {
node {
awsAccountId
awsRegionIgnoreList
awsScanConfig {
auditRole
}
awsStackName
createdAt
createdBy {
... on User {
id
}
... on APIToken {
id
}
}
id
isEditable
isRealtimeScanningEnabled
label
lastModifiedAt
resourceRegexIgnoreList
resourceTypeIgnoreList
}
}
}
}

Retrieving a cloud account

query cloudAccount {
cloudAccount(id:"CLOUD_ACCOUNT_ID") {
awsAccountId
awsRegionIgnoreList
awsScanConfig {
auditRole
}
awsStackName
createdAt
createdBy {
... on User {
id
}
... on APIToken {
id
}
}
id
isEditable
isRealtimeScanningEnabled
label
lastModifiedAt
resourceRegexIgnoreList
resourceTypeIgnoreList
}
}

Creating a cloud account

Panther's Cloud Security Scanning is automatically enabled when you onboard a cloud account using CreateCloudAccount. Note, however, that you'll still need to create an IAM role for Panther in your AWS account.
mutation CreateCloudAccount {
createCloudAccount(input: {
awsAccountId: "AWS_ACCOUNT_ID"
awsScanConfig: {
auditRole: "AUDIT_ROLE"
}
label: "new cloud account source"
}) {
cloudAccount {
id
}
}
}

Updating a cloud account

mutation UpdateCloudAccount {
updateCloudAccount(
input: {
awsRegionIgnoreList: [
"us-west-1"
]
awsScanConfig: {
auditRole: "ROLE_ARN"
}
id:"CLOUD_ACCOUNT_INTEGRATION_ID"
label: "some updated label"
resourceRegexIgnoreList: ["*west-1*"]
resourceTypeIgnoreList: ["AWS.KMS.Key"]
}) {
cloudAccount {
id
}
}
}

Deleting a cloud account

mutation DeleteCloudAccount {
deleteCloudAccount(input: {id: "CLOUD_ACCOUNT_ID"}) {
id
}
}