Skip to main content

Add Cloud Account (AWS)

POST 

/cas/v1/aws_account

Onboard a new aws cloud account onto the Prisma Cloud platform.

Prerequisite: Generate the externalId and AWS CFT template by calling either Generate and Download the CFT Template Endpoint or Generate the AWS CFT Template Link Endpoint

Request

Query Parameters

    skipStatusChecks boolean

    true = Skip account status checks to improve response time

Body

required

Cloud Account

    accountId stringrequired

    AWS Account ID

    enabled boolean

    True to enable ingestion of logs to Prisma Cloud. The default value is True. \n NOTE: Ingestion will be stopped if enabled is set to False

    name stringrequired

    Name to be used for the account on the Prisma Cloud platform (must be unique)

    roleArn stringrequired

    AWS Role ARN

    accountType stringrequired

    Possible values: [organization, account]

    Cloud Account Type

    features object[]

    Features to be enabled and/ or disabled. To get a list of all the supported features, call Fetch Supported Features endpoint

  • Array [
  • name string

    Feature name obtained from Fetch Supported Features endpoint

    state string

    Possible values: [enabled, disabled]

    Feature state. Whether to be enabled or disabled

    defaultMemberState string

    Possible values: [enabled, disabled]

    Enable or disable the feature for all the member accounts linked to this organization. You can enable or disable the defaultMemberState only if the feature state is enabled for the organization. Applicable only for Serverless Function Scanning and Agentless Workload Scanning features.

  • ]
  • groupIds string[]

    Account Group Ids for this account

    defaultAccountGroupId string

    Applicable only for accountType: organization.

    This is the Default Account Group ID for the AWS organization and its member accounts.

    hierarchySelection object[]

    Applicable only for accountType: organization.

    Include/Exclude a list of AWS Organization Units (OU), AWS accounts, and AWS Organizations to onboard under this organization.

  • Array [
  • resourceId string

    To get the list of resource IDs and its details, Refer List Children of Parent (AWS)

    displayName string

    To get the display name of resource, Refer List Children of Parent (AWS)

    nodeType string

    Member account node type. Supported values are ORG, OU or ACCOUNT

    selectionType string

    Possible values: [ALL, INCLUDE, EXCLUDE]

    Organization Member accounts Selection type.

    ALL: Include the resource and all its children

    INCLUDE: Include the specified resource

    EXCLUDE: Exclude the specified resource

  • ]
  • customMemberRoleNameEnabled boolean

    Applicable only for the organization accountType.

    The default value is false. If it is set to true, you must provide a memberRole name.

    skipOverrideMemberRoleName boolean

    Applicable only for the organization accountType.

    The default value is true. If it is set to false, the existing Role Name and external ID for the member accounts will be retained.

    unifiedCftDisabled boolean

    Applicable only for the organization accountType.

    The default value is false. If it is set true, you will get different CFT's for Management and Member accounts.

    memberRoleName boolean

    Applicable only for the organization accountType and when customMemberRoleNameEnabled is set to true.

    useTenantExternalId boolean

    Specify whether to use tenantExternalId, the default is false

Responses

successful operation

Loading...