1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Administrator's Guide
    5. Connect Your Cloud Platform to Prisma Cloud
    6. Onboard Your AWS Account
    7. AWS APIs Ingested by Prisma Cloud

    AWS APIs Ingested by Prisma Cloud

    List of all Amazon Web Services APIs that Prisma Cloud supports to retrieve data about your AWS resources.
    The following are AWS APIs that are ingested by Prisma Cloud.
    SERVICE
    API NAME IN PRISMA CLOUD
    API Gateway
    • aws-apigateway-get-rest-apis
    • aws-apigateway-get-stages
    • aws-apigateway-domain-name
    • aws-apigateway-base-path-mapping
    • aws-apigateway-method
    • aws-apigateway-client-certificates
    AWS ACM Private Certificate Authority
    • aws-acm-pca-certificate-authority
    • aws-app-stream-stack
    • aws-app-stream-fleet
    Amazon AppStream 2.0
    aws-app-stream-usage-report-subscription
    Amazon Batch
    aws-batch-compute-environment
    Amazon Connect
    aws-connect-instance
    Amazon EKS
    aws-eks-node-group
    Amazon EventBridge
    aws-events-rule
    AWS Storage Gateway
    • aws-storage-gateway-fileshare
    • aws-storage-gateway-information
    • aws-storage-gateway-cached-volume
    • aws-storage-gateway-tape
    Amazon Lightsail
    aws-lightsail-instance
    Amazon Lake Formation
    aws-lake-formation-setting
    Amazon Lex
    aws-lexv2-bot
    aws-lex-bot
    AWS AutoScaling
    • aws-describe-auto-scaling-groups
    • aws-ec2-autoscaling-launch-configuration
    AWS AppSync
    aws-appsync-graphql-api
    AWS Backup
    aws-backup-vault-access-policy
    AWS Certificate Manager
    aws-acm-describe-certificate
    Amazon DAX
    aws-dax-cluster
    Amazon DocumentDB
    aws-documentdb-db-cluster-parameter-group
    aws-docdb-db-cluster
    Amazon Elastic Container Service (ECS)
    • aws-ecs-container-instance
    • aws-ecs-describe-task-definition
    • aws-ecs-service
    • aws-ecs-cluster
    AWS CloudFormation
    aws-cloudformation-describe-stacks
    AWS CloudFront
    aws-cloudfront-list-distributions
    Amazon CloudSearch
    aws-cloudsearch-domain
    AWS CloudTrail
    • aws-cloudtrail-describe-trails
    • aws-cloudtrail-get-event-selectors
    • aws-cloudtrail-get-trail-status
    AWS CloudWatch
    • aws-cloudwatch-describe-alarms
    • aws-cloudwatch-log-group
    • aws-logs-describe-metric-filters
    AWS CodeBuild
    aws-code-build-project
    Amazon Cognito
    • aws-cognito-identity-pool
    • aws-cognito-user-pool
    AWS Directory Service
    aws-ds-directory
    AWS Direct Connect
    • aws-direct-connect-connection
    • aws-directconnect-describe-gateway
    • aws-direct-connect-interface
    AWS IAM
    aws-iam-oidc-provider
    Amazon AppRunner
    • aws-apprunner-auto-scaling-configuration
    • aws-apprunner-service
    Amazon EC2
    • aws-describe-account-attributes
    • aws-ec2-classic-instances
    • aws-ec2-describe-instances
    • aws-ec2-describe-images
      *
    • aws-ec2-describe-snapshots
    • aws-ec2-describe-network-interfaces
    • aws-ec2-key-pair
    • aws-ec2-describe-volumes
    • aws-ec2-elastic-address
    • aws-region
    Amazon FSx
    aws-fsx-file-system
    Amazon IoT
    • aws-iot-account-audit-configuration
    • aws-iot-domain-configuration
    Amazon MQ
    aws-mq-broker
    Amazon Neptune
    • aws-neptune-db-cluster-parameter-group
    • aws-neptune-db-instance
    • aws-neptune-db-cluster
    Amazon Pinpoint
    • aws-pinpoint-email-channel
    • aws-pinpoint-sms-channel
    Amazon Route53 Resolver
    • aws-route53-domain
    • aws-route53resolver-query-logging-config
    • aws-route53resolver-query-logging-config-association
    Amazon SageMaker
    aws-sagemaker-notebook-instance
    aws-sagemaker-endpoint
    aws-sagemaker-training-job
    aws-sagemaker-user-profile
    aws-sagemaker-endpoint-config
    aws-sagemaker-domain
    aws-api-gateway-authorizer
    aws-ec2-describe-images
    AWS Config
    aws-configservice-compliance-details
    aws-configservice-config-rules
    aws-configservice-describe-configuration-recorders
    Delivery Channels
    aws-describe-delivery-channels
    Amazon DynamoDB
    aws-dynamodb-describe-table
    AWS Database Migration Service
    • aws-dms-certificate
    • aws-dms-endpoint
    • aws-dms-replication-instance
    AWS Elastic Beanstalk
    • aws-elasticbeanstalk-environment
    • aws-elasticbeanstalk-configuration-settings
    Amazon Elastic Container Registry (ECR)
    • aws-ecr-image
    • aws-ecr-get-repository-policy
    • aws-ecr-public-repositories
    • aws-ecr-registry-scanning-configuration
    AWS Elastic File System (EFS)
    aws-describe-mount-targets
    Amazon Elastic Container Service for Kubernetes (EKS)
    • aws-eks-describe-cluster
    • aws-eks-fargate-profile
    AWS Athena
    aws-athena-workgroup
    ElastiCache
    • aws-cache-engine-versions
    • aws-elasticache-cache-clusters
    • aws-elasticache-describe-replication-groups
    • aws-elasticache-reserved-cache-nodes
    • aws-elasticache-subnet-groups
    • aws-elasticache-snapshots
    Amazon Elastic Load Balancing
    • aws-elb-describe-load-balancers
    • aws-describe-ssl-policies
    • aws-elbv2-describe-load-balancers
    • aws-elbv2-target-group
    • aws-elbv2-target-health
    Amazon ElasticSearch Service
    aws-es-describe-elasticsearch-domain
    Amazon Elastic MapReduce (EMR)
    • aws-emr-describe-cluster
    • aws-emr-public-access-block
    Amazon S3 Glacier
    • aws-glacier-get-vault-access-policy
    • aws-glacier-get-vault-lock
    • aws-glacier-vault
    Amazon GuardDuty
    aws-guardduty-detector
    AWS Glue
    • aws-glue-security-configuration
    • aws-glue-connection
    • aws-glue-datacatalog
    AWS Identity and Access Management (IAM)
    • aws-iam-list-access-keys
    • aws-iam-get-account-summary
    • aws-iam-list-server-certificates
    • aws-iam-get-credential-report
    • aws-iam-list-mfa-devices
    • aws-iam-list-virtual-mfa-devices
    • aws-iam-get-account-password-policy
    • aws-iam-get-policy-version
    • aws-iam-list-users
    • aws-iam-list-user-policies
    • aws-iam-list-roles
    • aws-iam-list-groups
    • aws-iam-list-attached-user-policies
    • aws-iam-list-ssh-public-keys
    • aws-iam-saml-provider
    • aws-iam-service-last-accessed-details
    AWS Key Management Service (KMS)
    aws-kms-get-key-rotation-status
    Amazon Kinesis
    aws-kinesis-list-streams
    aws-kinesis-firehose-delivery-stream
    AWS Lambda
    • aws-lambda-list-functions
    • aws-lambda-get-region-summary
    • aws-lambda-code-signing-config
    AWS MediaStore
    aws-mediastore-container
    Amazon Managed Workflows for Apache Airflow
    aws-mwaa-environment
    AWS Organization
    • aws-organization-account
    • aws-organization-ou
    • aws-organization-root
    • aws-organization-scp
    • aws-organization-tag-policy
    AWS Resource Access Manager (RAM)
    • aws-ram-principal
    • aws ram list-resources
    • aws-ram-resource
    • aws-ram-resource-share
    Amazon Relational Database Service (RDS)
    • aws-rds-db-cluster-parameter-group
    • aws-rds-describe-db-instances
    • aws-rds-describe-db-snapshots
    • aws-rds-describe-event-subscriptions
    • aws-rds-db-cluster-snapshots
    • aws-rds-db-clusters
    • aws-rds-describe-db-parameter-groups
    • aws-rds-option-group
    Amazon RedShift
    aws-redshift-describe-clusters
    AWS Route53
    • aws-route53-list-hosted-zones
    • aws-route53-domain
    AWS Secrets Manager
    aws-secretsmanager-describe-secret
    AWS Systems Manager
    • aws-ssm-association
    • aws-ssm-document
    • aws-ssm-inventory-instance-information
    • aws-ssm-parameter
    Amazon S3
    • aws-s3control-public-access-block
    • aws-s3api-get-bucket-acl
    • aws-s3-access-point
    AWS Shield
    • aws-shield-advanced-status
    • aws-shield-protection-groups
    • aws-shield-protections
    AWS Advance Shield
    aws-shield-protections
    Amazon Simple Email Service (SES)
    aws-ses-identities
    Amazon QuickSight
    • aws-quicksight-account-setting
    • aws-quicksight-dataset
    • aws-quicksight-datasource
    Amazon Simple Notification Service (SNS)
    • aws-sns-get-subscription-attributes
    • aws-sns-get-topic-attributes
    • aws-sns-platform-application
    Amazon Simple Queue Service (SQS)
    aws-sqs-get-queue-attributes
    AWS Transfer Family
    • aws-transfer-family-access
    • aws-transfer-family-server
    Amazon VPC
    • aws-ec2-describe-security-groups
    • aws-ec2-describe-route-tables
    • aws-ec2-describe-subnets
    • aws-ec2-describe-vpcs
    • aws-ec2-describe-vpc-peering-connections
    • aws-describe-vpc-endpoints
    • aws-ec2-client-vpn-endpoint
    • aws-ec2-describe-vpn-connections
    • aws-ec2-describe-vpn-gateways
    • aws-ec2-describe-vpn-gateways-summary
    • aws-ec2-vpc-stats
    • aws-ec2-vpn-connections-summary
    • aws-vpc-dhcp-options
    • aws-vpc-nat-gateway
    • aws-ec2-describe-flow-logs
    • aws-ec2-describe-internet-gateways
    • aws-ec2-describe-network-acls
    • aws-ecr-get-repository-policy
    • aws-vpc-managed-prefix-list
    • aws-vpc-transit-gateway
    • aws-vpc-transit-gateway-attachment
    AWS Web Application Firewall (WAF)
    • aws-waf-web-acl-resources
    • aws-waf-classic-web-acl-resource
    • aws-waf-classic-global-web-acl-resource
    • aws-waf-v2-global-web-acl-resource
    • aws-waf-v2-web-acl-resource
    Amazon WorkSpaces
    • aws-describe-workspace-directories
    • aws-workspaces-describe-workspaces
    Amazon MSK
    aws-msk-cluster
    AWS Data Pipeline
    • datapipeline:DescribePipelines
    • datapipeline:GetPipelineDefinition
    • datapipeline:ListPipelines
    IAM Access Analyzer
    aws-access-analyzer
    AWS CodeArtifact
    • aws-code-artifact-repository
    • aws-code-artifact-domain
    AWS XRAY
    aws-xray-encryption-config
    *
    When an AMI is deregistered and the EC2 instances that were launched from them are terminated, the EC2 instances are marked as deleted for the
    aws-ec2-describe-images
     API and the corresponding alerts are resolved. While deregistering an AMI does not affect the already launched EC2 instances, the running EC2 instances can be a compliance risk because the AMIs may have open alerts triggered against policies.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo