Cloud Connect Aws - CrowdStrike/falconpy GitHub Wiki
This service collection has code examples posted to the repository.
This service collection has been superseded by the CSPMRegistration service collection and is now deprecated. Developers should move code over to use the new operations available within the updated collection.
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria | ||||
|
Retrieve a set of Global Settings which are applicable to all provisioned AWS accounts | ||||
|
Retrieve a set of AWS Accounts by specifying their IDs | ||||
|
Provision AWS Accounts by specifying details about the accounts to provision | ||||
|
Delete a set of AWS Accounts by specifying their IDs | ||||
|
Update AWS Accounts by specifying the ID of the account and details to update | ||||
|
Create or update Global Settings which are applicable to all provisioned AWS accounts | ||||
|
Performs an Access Verification check on the specified AWS Account IDs | ||||
|
Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria | ||||
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria
This operation has been superseded by the GetCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
query_aws_accounts
| Method | Route |
|---|---|
 |
/cloud-connect-aws/combined/accounts/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| limit |
 |
|
query | integer | The maximum records to return. [1-5000]. Defaults to 100. |
| offset |
|
|
query | integer | The offset to start retrieving records from. |
| sort |
|
|
query | string | The property to sort by (e.g. alias.desc or state.asc). |
| filter |
|
|
query | string | The filter expression that should be used to limit the results. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_aws_accounts(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.QueryAWSAccounts(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("QueryAWSAccounts",
limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)Retrieve a set of Global Settings which are applicable to all provisioned AWS accounts
This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.
get_aws_settings
| Method | Route |
|---|---|
|
/cloud-connect-aws/combined/settings/v1 |
- Consumes: application/json
- Produces: application/json
No keywords or arguments accepted.
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_aws_settings()
print(response)from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetAWSSettings()
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetAWSSettings")
print(response)Retrieve a set of AWS Accounts by specifying their IDs
This operation has been superseded by the GetCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
get_aws_accounts
| Method | Route |
|---|---|
|
/cloud-connect-aws/entities/accounts/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | IDs of accounts to retrieve details. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_aws_accounts(ids=id_list)
print(response)from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetAWSAccounts(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetAWSAccounts", ids=id_list)
print(response)Provision AWS Accounts by specifying details about the accounts to provision
This operation has been superseded by the CreateCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
provision_aws_accounts
| Method | Route |
|---|---|
 |
/cloud-connect-aws/entities/accounts/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
 |
body | dictionary | Full BODY payload in JSON format. |
| cloudtrail_bucket_owner_id |
|
 |
body | string | AWS IAM IAD for Cloudtrail bucket owner. (ARN format) |
| cloudtrail_bucket_region |
|
|
body | string | AWS region for Cloudtrail bucket. |
| external_id |
|
|
body | string | Shared external ID to use for AWS cross-account role. |
| iam_role_arn |
|
|
body | string | ARN for the IAM role to use as the cross-account role. |
| id |
|
|
body | string | AWS account ID to provision. |
| mode |
|
|
query | string | Mode for provisioning. Allowed values are manual or cloudformation. Defaults to manual if not defined. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| rate_limit_req |
|
|
body | integer | Rate limit count. |
| rate_limit_time |
|
|
body | integer | Rate limit timestamp. |
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.provision_aws_accounts(cloudtrail_bucket_owner_id="string",
cloudtrail_bucket_region="string",
external_id="string",
iam_role_arn="string",
id="string",
rate_limit_req=integer,
rate_limit_time=integer
)
print(response)from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ProvisionAWSAccounts(cloudtrail_bucket_owner_id="string",
cloudtrail_bucket_region="string",
external_id="string",
iam_role_arn="string",
id="string",
rate_limit_req=integer,
rate_limit_time=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"cloudtrail_bucket_owner_id": "string",
"cloudtrail_bucket_region": "string",
"external_id": "string",
"iam_role_arn": "string",
"id": "string",
"rate_limit_reqs": integer,
"rate_limit_time": integer
}
]
}
response = falcon.command("ProvisionAWSAccounts", mode="string", body=BODY)
print(response)Delete a set of AWS Accounts by specifying their IDs
This operation has been superseded by the DeleteCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
delete_aws_accounts
| Method | Route |
|---|---|
 |
/cloud-connect-aws/entities/accounts/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | IDs of accounts to remove |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_aws_accounts(ids=id_list)
print(response)from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteAWSAccounts(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteAWSAccounts", ids=id_list)
print(response)Update AWS Accounts by specifying the ID of the account and details to update
This operation has been superseded by the PatchCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
update_aws_accounts
| Method | Route |
|---|---|
 |
/cloud-connect-aws/entities/accounts/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full BODY payload in JSON format. |
| cloudtrail_bucket_owner_id |
|
|
body | string | AWS IAM IAD for Cloudtrail bucket owner. (ARN format) |
| cloudtrail_bucket_region |
|
|
body | string | AWS region for Cloudtrail bucket. |
| external_id |
|
|
body | string | Shared external ID to use for AWS cross-account role. |
| iam_role_arn |
|
|
body | string | ARN for the IAM role to use as the cross-account role. |
| id |
|
|
body | string | AWS account ID to provision. |
| rate_limit_req |
|
|
body | integer | Rate limit count. |
| rate_limit_time |
|
|
body | integer | Rate limit timestamp. |
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_aws_accounts(cloudtrail_bucket_owner_id="string",
cloudtrail_bucket_region="string",
external_id="string",
iam_role_arn="string",
id="string",
rate_limit_req=integer,
rate_limit_time=integer
)
print(response)from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateAWSAccounts(cloudtrail_bucket_owner_id="string",
cloudtrail_bucket_region="string",
external_id="string",
iam_role_arn="string",
id="string",
rate_limit_req=integer,
rate_limit_time=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"cloudtrail_bucket_owner_id": "string",
"cloudtrail_bucket_region": "string",
"external_id": "string",
"iam_role_arn": "string",
"id": "string",
"rate_limit_reqs": integer,
"rate_limit_time": integer
}
]
}
response = falcon.command("UpdateAWSAccounts", body=BODY)
print(response)Create or update Global Settings which are applicable to all provisioned AWS accounts
This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.
create_or_update_aws_settings
| Method | Route |
|---|---|
|
/cloud-connect-aws/entities/settings/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full BODY payload in JSON format. |
| cloudtrail_bucket_owner_id |
|
|
body | string | AWS IAM IAD for Cloudtrail bucket owner. (ARN format) |
| static_external_id |
|
|
body | string | New external ID to use for the AWS cross-account role. |
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_or_update_aws_settings(cloudtrail_bucket_owner_id="string"
static_external_id="string"
)
print(response)from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateOrUpdateAWSSettings(cloudtrail_bucket_owner_id="string"
static_external_id="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"cloudtrail_bucket_owner_id": "string",
"static_external_id": "string"
}
]
}
response = falcon.command("CreateOrUpdateAWSSettings", body=BODY)
print(response)Performs an Access Verification check on the specified AWS Account IDs
This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.
verify_aws_account_access
| Method | Route |
|---|---|
|
/cloud-connect-aws/entities/verify-account-access/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | IDs of accounts to verify access on. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.verify_aws_account_access(ids=id_list)
print(response)from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.VerifyAWSAccountAccess(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("VerifyAWSAccountAccess", ids=id_list)
print(response)Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria
query_aws_accounts_for_ids
| Method | Route |
|---|---|
|
/cloud-connect-aws/queries/accounts/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| limit |
|
|
query | integer | The maximum records to return. [1-5000]. Defaults to 100. |
| offset |
|
|
query | integer | The offset to start retrieving records from. |
| sort |
|
|
query | string | The property to sort by (e.g. alias.desc or state.asc). |
| filter |
|
|
query | string | The filter expression that should be used to limit the results. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_aws_accounts_for_ids(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.QueryAWSAccountsForIDs(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("QueryAWSAccountsForIDs",
limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)