Add AWS Cloud Account

Onboard a new aws cloud account onto the Prisma Cloud platform.

Prerequisite: Generate the externalId and AWS CFT template by calling either Generate and Download the CFT Template Endpoint or Generate the AWS CFT Template Link Endpoint

Query Parameters

• skipStatusChecks boolean

  true = Skip account status checks to improve response time

application/json

Request Body required

Cloud Account

• accountId string required

  AWS Account ID

• accountType string required

  Possible values: [organization, account]

  Cloud Account Type

• defaultAccountGroupId string

  Applicable only for accountType: organization.

  This is the Default Account Group ID for the AWS organization and its member accounts.

• enabled boolean

  Cloud Account Status. Whether or not the account is enabled

• features object[]

  Features to be enabled and/ or disabled. To get a list of all the supported features, call Fetch Supported Features endpoint

  Array [

  name string

  Feature name obtained from Fetch Supported Features endpoint

  state string

  Possible values: [enabled, disabled]

  Feature state. Whether to be enabled or disabled

  ]
• groupIds string[]

  Account Group Ids for this account

• hierarchySelection object[]

  Applicable only for accountType: organization.

  Include/Exclude a list of AWS Organization Units (OU), AWS accounts, and AWS Organizations to onboard under this organization.

  Array [

  displayName string

  Display name

  nodeType string

  Possible values: [ORG, FOLDER, PROJECT, SUBSCRIPTION, MANAGEMENT_GROUP, TENANT, ACCOUNT, OU]

  Member account Node type. Supported values based on cloud_type are given below.

  • ORG, OU, or ACCOUNT - cloud_type: aws

  • ORG, FOLDER, or PROJECT - cloud_type: gcp

  • SUBSCRIPTION, MANAGEMENT_GROUP, or TENANT - cloud_type: azure

  resourceId string

  Resource ID.

  Note you must escape any double quotes in the resource ID with a backslash

  selectionType string

  Possible values: [ALL, INCLUDE, EXCLUDE]

  Organization Member accounts Selection type

  ]
• name string required

  Name to be used for the account on the Prisma Cloud platform (must be unique)

• roleArn string required

  AWS Role ARN

Responses

• 200
• 400
• 404
• 412
• 500

---

successful operation

duplicate_cloud_account_name / duplicate_cloud_account / duplicate_cloud_account_needs_upgrade / cannot_select_zero_account_groups / invalid_account_group_ids / invalid_account_type

invalid_account_id_format

external_id_empty_or_not_generated. To generate CFT and externalId call Generate and Download the AWS CFT Template endpoint or Generate the AWS CFT Template Link Endpoint

internal_error

Loading...