Add Cloud Account (AWS)
POST/cas/v1/aws_account
Onboard a new aws cloud account onto the Prisma Cloud platform.
Prerequisite: Generate the externalId and AWS CFT template by calling either Generate and Download the CFT Template Endpoint or Generate the AWS CFT Template Link Endpoint
Request
Query Parameters
true = Skip account status checks to improve response time
- application/json
Body
required
Cloud Account
- Array [
- ]
- Array [
- ]
AWS Account ID
Possible values: [organization, account]
Cloud Account Type
Applicable only for accountType: organization.
This is the Default Account Group ID for the AWS organization and its member accounts.
Cloud Account Status. Whether or not the account is enabled
features object[]
Features to be enabled and/ or disabled. To get a list of all the supported features, call Fetch Supported Features endpoint
Possible values: [enabled, disabled]
Enable or disable the feature for all the member accounts linked to this organization. You can enable or disable the defaultMemberState only if the feature state is enabled for the organization. Applicable only for Serverless Function Scanning and Agentless Workload Scanning features.
Feature name obtained from Fetch Supported Features endpoint
Possible values: [enabled, disabled]
Feature state. Whether to be enabled or disabled
Account Group Ids for this account
hierarchySelection object[]
Applicable only for accountType: organization.
Include/Exclude a list of AWS Organization Units (OU), AWS accounts, and AWS Organizations to onboard under this organization.
To get the display name of resource, Refer List Children of Parent.
aws: List Children of Parent (AWS)
gcp: List Children of Parent (GCP). Display name is the organization name if nodeType is ORG
Possible values: [ORG, FOLDER, PROJECT, SUBSCRIPTION, MANAGEMENT_GROUP, TENANT, ACCOUNT, OU]
Member account node type. Supported values based on cloud type:
aws: ORG, OU, or ACCOUNT
gcp: ORG, FOLDER, or PROJECT
azure: SUBSCRIPTION, MANAGEMENT_GROUP, or TENANT
To get the list of resource IDs and its details, Refer List Children of Parent.
aws: List Children of Parent (AWS)
Possible values: [ALL, INCLUDE, EXCLUDE]
Organization Member accounts Selection type.
ALL: Include the resource and all its children
INCLUDE: Include the specified resource
EXCLUDE: Exclude the specified resource
Name to be used for the account on the Prisma Cloud platform (must be unique)
AWS Role ARN
Applicable only for the organization accountType.
The default value is false. If it is set to true, you must provide a memberRole name.
Applicable only for the organization accountType.
The default value is true. If it is set to false, the existing Role Name and external ID for the member accounts will be retained.
Applicable only for the organization accountType.
The default value is false. If it is set true, you will get different CFT's for Management and Member accounts.
Applicable only for the organization accountType and when customMemberRoleNameEnabled is set to true.
Specify whether to use tenantExternalId, the default is false
Responses
- 200
- 400
- 404
- 412
successful operation
duplicate_cloud_account_name / duplicate_cloud_account / duplicate_cloud_account_needs_upgrade / cannot_select_zero_account_groups / invalid_account_group_ids / invalid_account_type
invalid_account_id_format
external_id_empty_or_not_generated. To generate CFT and externalId call Generate and Download the AWS CFT Template endpoint or Generate the AWS CFT Template Link Endpoint