Skip to main content

Cloud Accounts (OCI and Alibaba)

To monitor the resources on your OCI or Alibaba cloud infrastructure, you must first add your OCI or Alibaba accounts to Prisma Cloud. When you add your cloud account to Prisma Cloud, the API integration between your cloud infrastructure provider and Prisma Cloud is established and you can begin monitoring the resources and identify potential security risks.

The Cloud Account (OCI and Alibaba) APIs enable you to add and manage OCI or Alibaba accounts on Prisma Cloud. For common operations related to cloud accounts, see Cloud Accounts (All).

📄️ Add Cloud Account (OCI and Alibaba)

Onboard a new cloud account onto the Prisma Cloud platform. The request body parameters differ depending on the cloud type of the account you want to add. ### Request Body to Add an Alibaba Account The table below lists the request body parameters to add an Alibaba account. Parameter | Type | Description | Default Value or Required -----------| ---- | ----------- | ------------- accountId | string | AWS account ID | Required groupIds | array of strings | List of account group IDs for this account | Required name | string | Name to be used for the account on the Prisma Cloud platform (must be unique) | Required roleArn | string | Unique identifier for an Alibaba RAM role resource | Required enabled | boolean | Whether or not the account is enabled | Default is **false** deploymentType | string | Deployment type. <br/> Valid values: **ali-int**, **ali-cn**, **ali-fn** <br/> **ali-int:** Alibaba International <br/> **ali-cn:** Alibaba China. Allows you to monitor all the resources in the Alibaba China region, but does not monitor resources in the Alibaba Finance region. <br/> **ali-fn:** Alibaba Finance. Applicable only for the Alibaba China region. Allows you to monitor resources located only in the Alibaba Finance regions.| Optional #### Request Body Example ```json { "accountId": "", "groupIds": [], "name": "", "enabled": true, "ramArn": "" } ``` ### Requirements and Request Body to Add an OCI Account To add an Oracle Cloud Infrastructure (OCI) account, you must: 1. Use [Generate Zipped Terraform Script (OCI)](/prisma-cloud/api/cspm/generateterraformscript) in the console | Required #### Request Body Example ```json { "accountType":"tenant", "defaultAccountGroupId":"", "enabled":true, "name":"", "groupName":"", "homeRegion":"", "policyName":"", "accountId":"", "userName":"", "userOcid":"" } ```

📄️ Update Cloud Account (OCI and Alibaba)

Update information related to a cloud account. The request body parameters differ depending on the cloud type of the account you want to add. ### Request Body to Update an Alibaba Account The table below lists the request body parameters. Parameter | Type | Description | Required? -----------| ---- | ----------- | ------------- accountId |string | AWS account ID | Required groupIds | array of strings | List of account group IDs for this account | Required name | string | Name to be used for the account on the Prisma Cloud platform (must be unique) | Required roleArn | string | Unique identifier for an Alibaba RAM role resource | Required enabled | boolean | Whether or not the account is enabled | Required deploymentType | string | Deployment type. <br/> Valid values: **ali-int**, **ali-cn**, **ali-fn** <br/> **ali-int:** Alibaba International <br/> **ali-cn:** Alibaba China. Allows you to monitor all the resources in the Alibaba China region, but does not monitor resources in the Alibaba Finance region. <br/> **ali-fn:** Alibaba Finance. Applicable only for the Alibaba China region. Allows you to monitor resources located only in the Alibaba Finance regions.| Optional #### Request Body Example ```json { "accountId": "", "groupIds": [], "name": "", "enabled": true, "ramArn": "" } ``` ### Request Body to Update an OCI Account The table below lists the request body parameters to add an OCI account. Parameter | Type | Description | Required? -----------| ---- | ----------- | ------------- accountType | string | OCI Account type. Current valid value is **tenant**. | Required defaultAccountGroupId | string | Account group ID for this account. Used for alert rules. | Required enabled | boolean | Whether or not to enable the account | Required name | string | Name of the OCI tenant you want Prisma Cloud to monitor | Required groupName | string | OCI identity group name that you define. Can be an existing group | Required homeRegion | string | OCI tenancy home region | Required policyName | string | OCI identity policy name that you define. Can be an existing policy that has the right policy statements. | Required accountId | string | OCID of your OCI tenancy | Required userName | string | OCI identity user name that you define. Can be an existing user that has the right privileges. | Required userOcid | string | User OCID from your OCI Tenant Console after you apply the zip file from [Generate Zipped Terraform Script (OCI)](/prisma-cloud/api/cspm/generateterraformscript) in the console | Required #### Request Body Example ```json { "accountType":"tenant", "defaultAccountGroupId":"", "enabled":true, "name":"", "groupName":"", "homeRegion":"", "policyName":"", "accountId":"", "userName":"", "userOcid":"" } ```