Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

IaaS Resources API

 

The IaaS Resource API fetches the latest detailed information about a resource such as Security Configuration Audit incidents, tags, and more. You must have the Usage Analytics Users role with the Manage privilege to make a request to IaaS Resource API.

Get the list of resources

API: POST  https://www.myshn.net/shnapi/rest/external/api/v1/iaas/resources
Authorization: Basic Auth
Content-Type: application/json

Request Body:

{
    "filter_params": [
        {
            "field": "Region",
            "values": [
                "Central US",
                "Iowa, USA"
            ]
        },
        {
            "field": "Compliant With Policy",
            "values": [
                "Yes",
                "No"
            ]
        },
        {
            "field": "Account Name",
            "values": [
                "Azure"
            ]
        },
        {
            "field": "Resource Type",
            "values": ["Network Security Group", "Disk"]
        },
        {
            "field": "Category",
            "values": ["Network", "Other"]
        },
        {
            "field": "Provider",
            "values": ["Microsoft Azure"]
        }
    ],
    "page_info": {
        "limit": 100,
        "offset": 0
    },
    "sort_info": {
        "sortColumn": "Name",
        "sortOrder": "ASC"
    }
}

Construction of the Request body:

Filter params:

The filters in params section lets you filter the resources. Each filter param contains two fields:

  1. field -> represents the header of the filter in the Resources page.
  2. values -> represents the values displayed under the filter.

Page Info:

The page info section contains the limit and offset: 

  1. limit -> represents the number of records.
  2. offset -> represents the starting point to return rows from a result set.

Sort Info:

Sort info section contains sortColumn and sortOrder.

  1. sortColumn -> displays the sorted results.
  2. sortOrder -> sorts by ascending(ASC) or descending(DESC).

Response

If you do not have the Usage Analytics User role with the Manage privilege, you will get the following response:

{
    "error": "access_denied",
    "error_description": "Access is denied"
} 

If you have specified an invalid data in the request body, you will get the following response:

 {
  "Errors": [
    "Invalid field name: Region name",
    "Invalid field name: Compliant Status"
  ]
}

If you try to fetch more than 200k resources, you will get the following response:

{
    "Errors": [
        "Fetching 200001 records not permitted, since the max limit is: 200000"
    ]
} 

On successful execution of the request body, you will get the following response:

[
    {
        "resource_id": "29367b4efd5a7b12b82e657f7dc1720a8e24205b4b225b3f911fe01d3bf51141",
        "entity_id": "/subscriptions/1234/resourceGroups/MC_container-security_container-security_centralus/providers/Microsoft.Network/networkSecurityGroups/aks-agentpool-15493165-nsg",
        "compliant_status": "No",
        "resource_name": "aks-agentpool-15493165-nsg",
        "resource_type": "Network Security Group",
        "category": "Network",
        "region": "Central US",
        "account_id": "1234",
        "account_name": "Azure"
    },
    {
        "resource_id": "d26db75e5d17b86f1d54ab7a0fe9d7cf003bc465c4466a2af0d228655305b44f",
        "entity_id": "/subscriptions/1234/resourceGroups/auqarg/providers/Microsoft.Network/networkSecurityGroups/123",
        "compliant_status": "Yes",
        "resource_name": "123",
        "resource_type": "Network Security Group",
        "category": "Network",
        "region": "Central US",
        "account_id": "1234",
        "account_name": "Azure"
    },
    {
        "resource_id": "e979c78504835e36492282d07b8d65e613ff23471cb6f64755e699c5336c9c1f",
        "entity_id": "/subscriptions/1234/resourceGroups/tenantonboarding/providers/Microsoft.Network/networkSecurityGroups/testconfigaudit-nsg",
        "compliant_status": "No",
        "resource_name": "testconfigaudit-nsg",
        "resource_type": "Network Security Group",
        "category": "Network",
        "region": "Central US",
        "account_id": "1234",
        "account_name": "Azure"
    },
    {
        "resource_id": "fe3772b1bc142b43b2b978c64e9099659c3d919c52820d0c23e12124eb373078",
        "entity_id": "/subscriptions/1234/resourceGroups/config_audit/providers/Microsoft.Network/networkSecurityGroups/ARMTemplateNWSGP",
        "compliant_status": "No",
        "resource_name": "ARMTemplateNWSGP",
        "resource_type": "Network Security Group",
        "category": "Network",
        "region": "Central US",
        "account_id": "1234",
        "account_name": "Azure"
    }
] 

Get detailed information about the resources


API: POST   https://www.myshn.net/shnapi/rest/external/api/v1/iaas/resourceInfo                    
Authorization: Basic Auth
Content-Type: application/json

Request Body:

{
    "resource_id": "5f272aca07e999e11c26b00b40265425d150aa8026c84560b4abea814da1781c",
    "resource_name": "elasticbeanstalk-ap-south-1-295207888133",
    "entity_id": "elasticbeanstalk-ap-south-1-295207888133"
}

Construction of the request body:

The request body contains:

  1. resource_id -> id of the resource.
  2. resource_name -> name of the resource.
  3. entity_id -> unique id of the entity.

For populating values to the fields, please refer to the response of the 2nd API.
 

Response

If you do not have the Usage Analytics User role with Manage privilege, you will get the following response:

{
    "error": "access_denied",
    "error_description": "Access is denied"
} 

On successful execution of the request body, you will get the following response:

{
    "message": "Success",
    "content": {
        "resource_violation_collection": {
            "incident_count": 4,
            "policy_details": [
                {
                    "policy_name": "access logging enabled for s3 bucket",
                    "policy_id": "132420",
                    "severity_label": "medium",
                    "severity_id": 1
                },
                {
                    "policy_name": "check lifecycle policy on s3 bucket",
                    "policy_id": "132398",
                    "severity_label": "low",
                    "severity_id": 0
                },
                {
                    "policy_name": "s3 object versioning enabled",
                    "policy_id": "132436",
                    "severity_label": "low",
                    "severity_id": 0
                },
                {
                    "policy_name": "mfa delete enabled on s3 buckets",
                    "policy_id": "132397",
                    "severity_label": "high",
                    "severity_id": 2
                }
            ]
        },
        "resource_metadata": {
            "tags": null,
            "additional_details": {
                "accessConfiguration.blockPublicAcls": false,
                "accessConfiguration.blockPublicPolicy": false,
                "accessConfiguration.ignorePublicAcls": false,
                "accessConfiguration.restrictPublicBuckets": false,
                "accountId": "123",
                "accountName": "MYAWS",
                "bucketGrants[0].granteeId": "b3e9ee61d08ffce2ab79dd0822d6e44eb7c3eccd9cd210104cb5310f16e9701c",
                "bucketGrants[0].granteeType": "id",
                "bucketGrants[0].permission": "FULL_CONTROL",
                "bucketName": "elasticbeanstalk-ap-south-1-123",
                "bucketOwner": null,
                "bucketPolicy": "{\"Version\":\"2008-10-17\",\"Statement\":[{\"Sid\":\"eb-ad78f54a-f239-4c90-adda-49e5f56cb51e\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::295207888133:role/aws-elasticbeanstalk-ec2-role\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::elasticbeanstalk-ap-south-1-295207888133/resources/environments/logs/*\"},{\"Sid\":\"eb-af163bf3-d27b-4712-b795-d1e33e331ca4\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::295207888133:role/aws-elasticbeanstalk-ec2-role\"},\"Action\":[\"s3:ListBucket\",\"s3:ListBucketVersions\",\"s3:GetObject\",\"s3:GetObjectVersion\"],\"Resource\":[\"arn:aws:s3:::elasticbeanstalk-ap-south-1-123\",\"arn:aws:s3:::elasticbeanstalk-ap-south-1-123/resources/environments/*\"]},{\"Sid\":\"eb-58950a8c-feb6-11e2-89e0-0800277d041b\",\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"*\"},\"Action\":\"s3:DeleteBucket\",\"Resource\":\"arn:aws:s3:::elasticbeanstalk-ap-south-1-123\"}]}",
                "dataSource": null,
                "defaultEncryptionEnabled": true,
                "isBucketLoggingEnabled": false,
                "isBucketVersioningEnabled": false,
                "isLifeCycleConfigurationEnabled": false,
                "isMfaDeleteEnabled": false,
                "isPubliclyReadable": false,
                "isPubliclyWritable": false,
                "publiclyAllowedActions": [],
                "publiclyAllowedReadActions": [],
                "region": "ap-south-1",
                "storage": true,
                "templateMetadata": null
            },
            "entity_type_id": 2048
        },
        "item_type": "s3"
    }
} 

Get the count of resources

API: POST  https://www.myshn.net/shnapi/rest/external/api/v1/iaas/resourcesCount
Authorization : Basic Auth
Content-Type: application/json

Request Body: 

{
  "filter_params": [
    {
      "field": "Region",
      "values": [
        "Central US",
        "Iowa, USA"
      ]
    }
  ]
}

Response:


If you do not have the Usage Analytics User role with Manage privilege, you will get the following response:

{
    "error": "access_denied",
    "error_description": "Access is denied"
} 

On successful execution of the request body, you will get the following response:

1708 

You can filter the count of resources by adding filters to the request body. For adding filters, please refer "Construction of the request body" section in 2nd API.

Get detailed information about bulk resources

API: POST https://www.myshn.net/shnapi/rest/external/api/v1/iaas/resourceInfoList
Default Limit: Default limit is 1000 resources
Authorization: Basic Auth
Content-Type: application/json

Request Body:

A list of resource ids are passed as a request body to the API

["d7425fd22d293202960432f02ed0a61003ba222c6b1e6db835b67db035809cc7",
"d710a54abc2cec0242b80b596b5ddfee19db019440cad253a95c207f654aa253"]

Response:

On successful execution, the user will get the below response: 

{
    "message": "Success",
    "content": [
        {
            "tags": [
                {
                    "key": "salted",
                    "value": "true"
                },
                {
                    "key": "Name",
                    "value": "harakaoffline-09e94de8d973b4423"
                },
                {
                    "key": "fabric",
                    "value": "qat"
                },
                {
                    "key": "aws:cloudformation:logical-id",
                    "value": "Instance2"
                },
                {
                    "key": "service.shn-elk-filebeat",
                    "value": "active"
                },
                {
                    "key": "service.ekg",
                    "value": "active"
                },
                {
                    "key": "HostIdentifier",
                    "value": "qat-HarakaOffline-int"
                },
                {
                    "key": "aws:cloudformation:stack-id",
                    "value": "arn:aws:cloudformation:us-west-2:400976400997:stack/qat-HarakaOffline-11OBRPX9BEBIC/e34e6310-c997-11e8-a8da-0aebe7c44e46"
                },
                {
                    "key": "application.group",
                    "value": "dlp-email"
                },
                {
                    "key": "cluster.shnharaka",
                    "value": "offline"
                },
                {
                    "key": "application",
                    "value": "haraka"
                },
                {
                    "key": "Environment",
                    "value": "qat"
                },
                {
                    "key": "service.shnharaka",
                    "value": "active"
                },
                {
                    "key": "UpdateTagRev",
                    "value": "EnvironmentBuilder:d9a92665-742e-4cbb-8c63-381699c8bff6-e39cedaa16c7939b88726984e5fe7c969cfb58a8"
                },
                {
                    "key": "aws:cloudformation:stack-name",
                    "value": "qat-HarakaOffline-11OBRPX9BEBIC"
                },
                {
                    "key": "cluster.shn-elk-filebeat",
                    "value": "shnharaka"
                }
            ],
            "additional_details": {
                "instance.securityGroups[0].groupName": "qat-InstanceSecGrp",
                "userData": "null",
                "instance.iamInstanceProfile.id": "AIPAJLEDEGWCFKKYS4K7A",
                "instance.tags[0].key": "salted",
                "instance.networkInterfaces[0].attachment.attachTime": "1600993823000",
                "instance.publicDnsName": "",
                "instance.networkInterfaces[0].privateIpAddress": "172.18.20.56",
                "instance.networkInterfaces[0].description": "",
                "instance.metadataOptions.httpPutResponseHopLimit": "1",
                "instance.elasticGpuAssociations": "[]",
                "instance.publicIpAddress": "null",
                "instance.hypervisor": "xen",
                "instance.tags[1].key": "Name",
                "instance.networkInterfaces[0].association": "null",
                "instance.capacityReservationSpecification.capacityReservationTarget": "null",
                "instance.tags[12].key": "service.shnharaka",
                "instance.networkInterfaces[0].groups[0].groupId": "sg-0de5922276096af5c",
                "instance.placement.availabilityZone": "us-west-2b",
                "instance.metadataOptions.httpEndpoint": "enabled",
                "instance.clientToken": "qat-H-Insta-1XD6UV4UH1SZX",
                "instance.tags[10].key": "application",
                "instance.networkInterfaces[0].ownerId": "400976400997",
                "instance.tags[13].key": "UpdateTagRev",
                "instance.blockDeviceMappings[1].ebs.status": "attached",
                "accountId": "400976400997",
                "instance.virtualizationType": "hvm",
                "instance.tags[3].key": "aws:cloudformation:logical-id",
                "instance.state.name": "running",
                "instance.networkInterfaces[0].privateIpAddresses[0].privateDnsName": "ip-172-18-20-56.us-west-2.compute.internal",
                "instance.blockDeviceMappings[0].ebs.attachTime": "1600993823000",
                "instance.vpcId": "vpc-0621b33b5ea028668",
                "instance.placement.spreadDomain": "null",
                "instance.placement.hostResourceGroupArn": "null",
                "instanceCreditSpecifications": "null",
                "instance.tags[4].key": "service.shn-elk-filebeat",
                "instance.securityGroups[0].groupId": "sg-0de5922276096af5c",
                "instance.monitoring.state": "disabled",
                "instance.sriovNetSupport": "null",
                "instance.networkInterfaces[0].groups[0].groupName": "qat-InstanceSecGrp",
                "instance.networkInterfaces[0].privateDnsName": "ip-172-18-20-56.us-west-2.compute.internal",
                "instance.elasticInferenceAcceleratorAssociations": "[]",
                "instance.subnetId": "subnet-0384a16296b94c905",
                "instance.placement.tenancy": "default",
                "instance.networkInterfaces[0].subnetId": "subnet-0384a16296b94c905",
                "instance.hibernationOptions.configured": "false",
                "instance.placement.groupName": "",
                "instance.tags[1].value": "harakaoffline-09e94de8d973b4423",
                "instance.networkInterfaces[0].vpcId": "vpc-0621b33b5ea028668",
                "instance.tags[13].value": "EnvironmentBuilder:d9a92665-742e-4cbb-8c63-381699c8bff6-e39cedaa16c7939b88726984e5fe7c969cfb58a8",
                "instance.networkInterfaces[0].privateIpAddresses[0].association": "null",
                "instance.cpuOptions.coreCount": "2",
                "instance.enaSupport": "true",
                "metadataNoTokenCount": "0",
                "instance.platform": "null",
                "instance.tags[14].key": "aws:cloudformation:stack-name",
                "instance.tags[11].key": "Environment",
                "instance.capacityReservationSpecification.capacityReservationPreference": "open",
                "instance.capacityReservationId": "null",
                "instance.instanceLifecycle": "null",
                "instance.networkInterfaces[0].privateIpAddresses[0].primary": "true",
                "instance.spotInstanceRequestId": "null",
                "instance.instanceId": "i-09e94de8d973b4423",
                "instance.tags[7].key": "aws:cloudformation:stack-id",
                "instance.networkInterfaces[0].attachment.attachmentId": "eni-attach-02b080c5fa68b94a6",
                "instance.tags[7].value": "arn:aws:cloudformation:us-west-2:400976400997:stack/qat-HarakaOffline-11OBRPX9BEBIC/e34e6310-c997-11e8-a8da-0aebe7c44e46",
                "instance.tags[8].value": "dlp-email",
                "instance.tags[6].value": "qat-HarakaOffline-int",
                "instance.tags[5].value": "active",
                "instance.tags[4].value": "active",
                "instance.tags[3].value": "Instance2",
                "instance.tags[2].value": "qat",
                "instance.tags[9].value": "offline",
                "instance.networkInterfaces[0].sourceDestCheck": "true",
                "instance.blockDeviceMappings[0].ebs.volumeId": "vol-0a0ae73da0218e4d7",
                "templateMetadata": "null",
                "instance.networkInterfaces[0].attachment.deleteOnTermination": "true",
                "instance.blockDeviceMappings[0].ebs.deleteOnTermination": "true",
                "instance.networkInterfaces[0].status": "in-use",
                "instance.outpostArn": "null",
                "instance.tags[10].value": "haraka",
                "instance.rootDeviceName": "/dev/sda1",
                "instance.blockDeviceMappings[1].deviceName": "/dev/sdf",
                "instance.kernelId": "null",
                "instance.tags[0].value": "true",
                "instance.blockDeviceMappings[0].deviceName": "/dev/sda1",
                "agentMetadata": "null",
                "instance.privateDnsName": "ip-172-18-20-56.us-west-2.compute.internal",
                "instance.tags[14].value": "qat-HarakaOffline-11OBRPX9BEBIC",
                "instance.tags[12].value": "active",
                "instance.networkInterfaces[0].ipv6Addresses": "[]",
                "instance.ramdiskId": "null",
                "instance.licenses": "[]",
                "instance.privateIpAddress": "172.18.20.56",
                "instance.placement.hostId": "null",
                "instance.amiLaunchIndex": "0",
                "instance.sourceDestCheck": "true",
                "instance.networkInterfaces[0].attachment.deviceIndex": "0",
                "instance.tags[6].key": "HostIdentifier",
                "region": "us-west-2",
                "dataSource": "null",
                "instance.iamInstanceProfile.arn": "arn:aws:iam::400976400997:instance-profile/qat-DefaultInstProfile",
                "instance.tags[9].key": "cluster.shnharaka",
                "instance.ebsOptimized": "false",
                "accountName": "faisal-role-for-skyhigh",
                "instance.blockDeviceMappings[1].ebs.deleteOnTermination": "true",
                "instance.metadataOptions.httpTokens": "optional",
                "instance.placement.partitionNumber": "null",
                "instance.instanceType": "c5.xlarge",
                "storage": "false",
                "instance.launchTime": "1600993823000",
                "instance.tags[15].key": "cluster.shn-elk-filebeat",
                "instance.metadataOptions.state": "applied",
                "instance.networkInterfaces[0].networkInterfaceId": "eni-01738bfac128752f4",
                "instance.state.code": "16",
                "instance.tags[8].key": "application.group",
                "instance.placement.affinity": "null",
                "instance.networkInterfaces[0].macAddress": "02:6e:cb:0c:7d:eb",
                "instance.blockDeviceMappings[0].ebs.status": "attached",
                "instance.stateReason": "null",
                "instance.keyName": "shn-ops",
                "instance.networkInterfaces[0].attachment.status": "attached",
                "instance.networkInterfaces[0].interfaceType": "interface",
                "instance.cpuOptions.threadsPerCore": "2",
                "instance.tags[5].key": "service.ekg",
                "instance.blockDeviceMappings[1].ebs.attachTime": "1600993823000",
                "instance.architecture": "x86_64",
                "instance.tags[15].value": "shnharaka",
                "instance.tags[11].value": "qat",
                "instance.tags[2].key": "fabric",
                "instance.blockDeviceMappings[1].ebs.volumeId": "vol-05b1a9b7674ab085c",
                "instance.rootDeviceType": "ebs",
                "instance.stateTransitionReason": "",
                "instance.productCodes": "[]",
                "instance.networkInterfaces[0].privateIpAddresses[0].privateIpAddress": "172.18.20.56",
                "instance.imageId": "ami-09dd49acad85b7c53"
            },
            "entity_type_id": 2003
        },
        {
            "tags": [
                {
                    "key": "UpdateTagRev",
                    "value": "EnvironmentBuilder:d9a92665-742e-4cbb-8c63-381699c8bff6-e39cedaa16c7939b88726984e5fe7c969cfb58a8"
                },
                {
                    "key": "service.ekg",
                    "value": "active"
                },
                {
                    "key": "Environment",
                    "value": "qat"
                },
                {
                    "key": "application",
                    "value": "netacuity-server"
                },
                {
                    "key": "application.group",
                    "value": "tp-pipeline"
                },
                {
                    "key": "aws:cloudformation:stack-name",
                    "value": "qat-FalconNetacuitySrv-114HV17AMK2MP"
                },
                {
                    "key": "aws:cloudformation:logical-id",
                    "value": "Instance5"
                },
                {
                    "key": "fabric",
                    "value": "qat"
                },
                {
                    "key": "salted",
                    "value": "true"
                },
                {
                    "key": "service.shn-elk-metricbeat",
                    "value": "active"
                },
                {
                    "key": "HostIdentifier",
                    "value": "qat-FalconNetacuitySrv-int"
                },
                {
                    "key": "Name",
                    "value": "falconnetacuitysrv-06f06847bd68d63f8"
                },
                {
                    "key": "aws:cloudformation:stack-id",
                    "value": "arn:aws:cloudformation:us-west-2:400976400997:stack/qat-FalconNetacuitySrv-114HV17AMK2MP/3ebc5e50-1028-11ea-a466-06e35a67ba22"
                },
                {
                    "key": "service.netacuity-server",
                    "value": "active"
                },
                {
                    "key": "cluster.shn-elk-metricbeat",
                    "value": "system"
                },
                {
                    "key": "cluster.netacuity-server",
                    "value": "falcon"
                }
            ],
            "additional_details": {
                "instance.securityGroups[0].groupName": "qat-InstanceSecGrp",
                "userData": "null",
                "instance.iamInstanceProfile.id": "AIPAJLEDEGWCFKKYS4K7A",
                "instance.tags[0].key": "UpdateTagRev",
                "instance.networkInterfaces[0].attachment.attachTime": "1598465476000",
                "instance.publicDnsName": "",
                "instance.networkInterfaces[0].privateIpAddress": "172.18.28.111",
                "instance.networkInterfaces[0].description": "",
                "instance.metadataOptions.httpPutResponseHopLimit": "1",
                "instance.elasticGpuAssociations": "[]",
                "instance.publicIpAddress": "null",
                "instance.hypervisor": "xen",
                "instance.tags[1].key": "service.ekg",
                "instance.networkInterfaces[0].association": "null",
                "instance.capacityReservationSpecification.capacityReservationTarget": "null",
                "instance.tags[12].key": "aws:cloudformation:stack-id",
                "instance.networkInterfaces[0].groups[0].groupId": "sg-0de5922276096af5c",
                "instance.placement.availabilityZone": "us-west-2b",
                "instance.metadataOptions.httpEndpoint": "enabled",
                "instance.clientToken": "qat-F-Insta-1E09H6ADUGOG3",
                "instance.tags[10].key": "HostIdentifier",
                "instance.networkInterfaces[0].ownerId": "400976400997",
                "instance.tags[13].key": "service.netacuity-server",
                "instance.blockDeviceMappings[1].ebs.status": "attached",
                "accountId": "400976400997",
                "instance.virtualizationType": "hvm",
                "instance.tags[3].key": "application",
                "instance.state.name": "running",
                "instance.networkInterfaces[0].privateIpAddresses[0].privateDnsName": "ip-172-18-28-111.us-west-2.compute.internal",
                "instance.blockDeviceMappings[0].ebs.attachTime": "1598465476000",
                "instance.vpcId": "vpc-0621b33b5ea028668",
                "instance.placement.spreadDomain": "null",
                "instance.placement.hostResourceGroupArn": "null",
                "instanceCreditSpecifications": "null",
                "instance.tags[4].key": "application.group",
                "instance.securityGroups[0].groupId": "sg-0de5922276096af5c",
                "instance.monitoring.state": "disabled",
                "instance.sriovNetSupport": "null",
                "instance.networkInterfaces[0].groups[0].groupName": "qat-InstanceSecGrp",
                "instance.networkInterfaces[0].privateDnsName": "ip-172-18-28-111.us-west-2.compute.internal",
                "instance.elasticInferenceAcceleratorAssociations": "[]",
                "instance.subnetId": "subnet-09d10c11c9782e924",
                "instance.placement.tenancy": "default",
                "instance.networkInterfaces[0].subnetId": "subnet-09d10c11c9782e924",
                "instance.hibernationOptions.configured": "false",
                "instance.placement.groupName": "",
                "instance.tags[1].value": "active",
                "instance.networkInterfaces[0].vpcId": "vpc-0621b33b5ea028668",
                "instance.tags[13].value": "active",
                "instance.networkInterfaces[0].privateIpAddresses[0].association": "null",
                "instance.cpuOptions.coreCount": "2",
                "instance.enaSupport": "true",
                "metadataNoTokenCount": "0",
                "instance.platform": "null",
                "instance.tags[14].key": "cluster.shn-elk-metricbeat",
                "instance.tags[11].key": "Name",
                "instance.capacityReservationSpecification.capacityReservationPreference": "open",
                "instance.capacityReservationId": "null",
                "instance.instanceLifecycle": "null",
                "instance.networkInterfaces[0].privateIpAddresses[0].primary": "true",
                "instance.spotInstanceRequestId": "null",
                "instance.instanceId": "i-06f06847bd68d63f8",
                "instance.tags[7].key": "fabric",
                "instance.networkInterfaces[0].attachment.attachmentId": "eni-attach-0ca84a5e122d89d9a",
                "instance.tags[7].value": "qat",
                "instance.tags[8].value": "true",
                "instance.tags[6].value": "Instance5",
                "instance.tags[5].value": "qat-FalconNetacuitySrv-114HV17AMK2MP",
                "instance.tags[4].value": "tp-pipeline",
                "instance.tags[3].value": "netacuity-server",
                "instance.tags[2].value": "qat",
                "instance.tags[9].value": "active",
                "instance.networkInterfaces[0].sourceDestCheck": "true",
                "instance.blockDeviceMappings[0].ebs.volumeId": "vol-0daf575e0335df504",
                "templateMetadata": "null",
                "instance.networkInterfaces[0].attachment.deleteOnTermination": "true",
                "instance.blockDeviceMappings[0].ebs.deleteOnTermination": "true",
                "instance.networkInterfaces[0].status": "in-use",
                "instance.outpostArn": "null",
                "instance.tags[10].value": "qat-FalconNetacuitySrv-int",
                "instance.rootDeviceName": "/dev/sda1",
                "instance.blockDeviceMappings[1].deviceName": "/dev/sdf",
                "instance.kernelId": "null",
                "instance.tags[0].value": "EnvironmentBuilder:d9a92665-742e-4cbb-8c63-381699c8bff6-e39cedaa16c7939b88726984e5fe7c969cfb58a8",
                "instance.blockDeviceMappings[0].deviceName": "/dev/sda1",
                "agentMetadata": "null",
                "instance.privateDnsName": "ip-172-18-28-111.us-west-2.compute.internal",
                "instance.tags[14].value": "system",
                "instance.tags[12].value": "arn:aws:cloudformation:us-west-2:400976400997:stack/qat-FalconNetacuitySrv-114HV17AMK2MP/3ebc5e50-1028-11ea-a466-06e35a67ba22",
                "instance.networkInterfaces[0].ipv6Addresses": "[]",
                "instance.ramdiskId": "null",
                "instance.licenses": "[]",
                "instance.privateIpAddress": "172.18.28.111",
                "instance.placement.hostId": "null",
                "instance.amiLaunchIndex": "0",
                "instance.sourceDestCheck": "true",
                "instance.networkInterfaces[0].attachment.deviceIndex": "0",
                "instance.tags[6].key": "aws:cloudformation:logical-id",
                "region": "us-west-2",
                "dataSource": "null",
                "instance.iamInstanceProfile.arn": "arn:aws:iam::400976400997:instance-profile/qat-DefaultInstProfile",
                "instance.tags[9].key": "service.shn-elk-metricbeat",
                "instance.ebsOptimized": "false",
                "accountName": "faisal-role-for-skyhigh",
                "instance.blockDeviceMappings[1].ebs.deleteOnTermination": "true",
                "instance.metadataOptions.httpTokens": "optional",
                "instance.placement.partitionNumber": "null",
                "instance.instanceType": "t2.large",
                "storage": "false",
                "instance.launchTime": "1598465476000",
                "instance.tags[15].key": "cluster.netacuity-server",
                "instance.metadataOptions.state": "applied",
                "instance.networkInterfaces[0].networkInterfaceId": "eni-057fa034041fa90e6",
                "instance.state.code": "16",
                "instance.tags[8].key": "salted",
                "instance.placement.affinity": "null",
                "instance.networkInterfaces[0].macAddress": "02:e0:cd:8b:64:2b",
                "instance.blockDeviceMappings[0].ebs.status": "attached",
                "instance.stateReason": "null",
                "instance.keyName": "shn-ops",
                "instance.networkInterfaces[0].attachment.status": "attached",
                "instance.networkInterfaces[0].interfaceType": "interface",
                "instance.cpuOptions.threadsPerCore": "1",
                "instance.tags[5].key": "aws:cloudformation:stack-name",
                "instance.blockDeviceMappings[1].ebs.attachTime": "1598465476000",
                "instance.architecture": "x86_64",
                "instance.tags[15].value": "falcon",
                "instance.tags[11].value": "falconnetacuitysrv-06f06847bd68d63f8",
                "instance.tags[2].key": "Environment",
                "instance.blockDeviceMappings[1].ebs.volumeId": "vol-0c9c21c6e7aaae6f6",
                "instance.rootDeviceType": "ebs",
                "instance.stateTransitionReason": "",
                "instance.productCodes": "[]",
                "instance.networkInterfaces[0].privateIpAddresses[0].privateIpAddress": "172.18.28.111",
                "instance.imageId": "ami-09dd49acad85b7c53"
            },
            "entity_type_id": 2003
        }
    ]
}           


If you do not have the Usage Analytics User role with Manage privilege, you will get the following response:

{
    "error": "access_denied",
    "error_description": "Access is denied"
} 

NOTE:

  • The response of the bulk resource API does not contain incident metadata.
  • The metadata keys in the response obtained are not sorted. 

 

  • Was this article helpful?