# Cloud Account Management

## Overview

The Panther API supports the following cloud account operations:

* Listing your cloud account integrations
* Fetching the details of a particular cloud account integration
* Creating a new cloud account integration
* Updating an existing cloud account integration
* Deleting a cloud account integration

You can invoke Panther's API by using your Console's API Playground, or the GraphQL-over-HTTP API. Learn more about these methods on [Panther API](https://docs.panther.com/~/changes/15ann7vKLltCCAGHtdQr/panther-developer-workflows/api/..#step-1-choose-a-method-for-invoking-the-api).

See [Cloud Security Scanning](https://docs.panther.com/~/changes/15ann7vKLltCCAGHtdQr/cloud-scanning) to learn more about how to monitor cloud resource configurations with Panther.

## Common cloud account operations

Below are some of the most common GraphQL cloud account operations in Panther. These examples demonstrate the documents you have to send using a GraphQL client (or `curl`) to make a call to Panther's GraphQL API.&#x20;

#### Listing cloud accounts

```graphql
query cloudAccounts {
  cloudAccounts {
    edges {
      node {
        awsAccountId
        awsRegionIgnoreList
        awsScanConfig {
          auditRole
        }
        awsStackName
        createdAt
        createdBy {
          ... on User {
            id
          }
          ... on APIToken {
            id
          }
        }
        id
        isEditable
        isRealtimeScanningEnabled
        label
        lastModifiedAt
        resourceRegexIgnoreList
        resourceTypeIgnoreList
      }
    }
  }
}

```

#### Retrieving a cloud account

```graphql
query cloudAccount {
  cloudAccount(id:"CLOUD_ACCOUNT_ID") {
    awsAccountId
    awsRegionIgnoreList
    awsScanConfig {
      auditRole
    }
    awsStackName
    createdAt
    createdBy {
      ... on User {
        id
      }
      ... on APIToken {
        id
      }
    }
    id
    isEditable
    isRealtimeScanningEnabled
    label
    lastModifiedAt
    resourceRegexIgnoreList
    resourceTypeIgnoreList
  }
}

```

#### Creating a cloud account

Panther's [Cloud Security Scanning](https://docs.panther.com/~/changes/15ann7vKLltCCAGHtdQr/cloud-scanning) is automatically enabled when you onboard a cloud account using `CreateCloudAccount`. Note, however, that you'll still need to [create an IAM role for Panther in your AWS account](https://docs.panther.com/~/changes/15ann7vKLltCCAGHtdQr/cloud-scanning#creating-an-iam-role-manually-or-with-other-automation).

```graphql
mutation CreateCloudAccount {
  createCloudAccount(input: {
    awsAccountId: "AWS_ACCOUNT_ID"
    awsScanConfig: {
      auditRole: "AUDIT_ROLE"
    }
    label: "new cloud account source"
  }) {
    cloudAccount {
      id
    }
  }
}

```

#### Updating a cloud account

```graphql
mutation UpdateCloudAccount {
  updateCloudAccount(
    input: {
      awsRegionIgnoreList: [
        "us-west-1"
      ]
      awsScanConfig: {
        auditRole: "ROLE_ARN"
      }
      id:"CLOUD_ACCOUNT_INTEGRATION_ID"
      label: "some updated label"
      resourceRegexIgnoreList: ["*west-1*"]
      resourceTypeIgnoreList: ["AWS.KMS.Key"]
  }) {
    cloudAccount {
      id
    }
  }
}

```

#### Deleting a cloud account

```graphql
mutation DeleteCloudAccount {
  deleteCloudAccount(input: {id: "CLOUD_ACCOUNT_ID"}) {
    id
  }
}

```