AWS APIs Ingested by Prisma Cloud

List of all Amazon Web Services APIs that Prisma Cloud supports to retrieve data about your AWS resources.
The following are AWS APIs that are ingested by Prisma Cloud.
SERVICE
API NAME IN PRISMA CLOUD
API Gateway
  • aws-apigateway-get-rest-apis
  • aws-apigateway-get-stages
  • aws-apigateway-domain-name
  • aws-apigateway-base-path-mapping
  • aws-apigateway-method
  • aws-apigateway-client-certificates
AWS AutoScaling
  • aws-describe-auto-scaling-groups
  • aws-ec2-autoscaling-launch-configuration
AWS AppSync
aws-appsync-graphql-api
AWS Backup
aws-backup-vault-access-policy
AWS Certificate Manager
aws-acm-describe-certificate
Amazon DAX
aws-dax-cluster
Amazon DocumentDB
aws-documentdb-db-cluster-parameter-group
Amazon Elastic Container Service (ECS)
  • aws-ecs-container-instance
  • aws-ecs-describe-task-definition
  • aws-ecs-service
  • aws-ecs-cluster
AWS CloudFormation
aws-cloudformation-describe-stacks
AWS CloudFront
aws-cloudfront-list-distributions
Amazon CloudSearch
aws-cloudsearch-domain
AWS CloudTrail
  • aws-cloudtrail-describe-trails
  • aws-cloudtrail-get-event-selectors
  • aws-cloudtrail-get-trail-status
AWS CloudWatch
  • aws-cloudwatch-describe-alarms
  • aws-cloudwatch-log-group
  • aws-logs-describe-metric-filters
AWS CodeBuild
aws-code-build-project
Amazon Cognito
  • aws-cognito-identity-pool
  • aws-cognito-user-pool
AWS Directory Service
aws-ds-directory
AWS Direct Connect
  • aws-direct-connect-connection
  • aws-directconnect-describe-gateway
  • aws-direct-connect-interface
Amazon EC2
  • aws-describe-account-attributes
  • aws-ec2-classic-instances
  • aws-ec2-describe-instances
  • aws-ec2-describe-images
    *
  • aws-ec2-describe-snapshots
  • aws-ec2-describe-network-interfaces
  • aws-ec2-key-pair
  • aws-ec2-describe-volumes
  • aws-ec2-elastic-address
  • aws-region
Amazon FSx
aws-fsx-file-system
Amazon MQ
aws-mq-broker
Amazon SageMaker
aws-sagemaker-notebook-instance
aws-sagemaker-endpoint
aws-sagemaker-training-job
aws-sagemaker-user-profile
aws-sagemaker-endpoint-config
aws-sagemaker-domain
aws-api-gateway-authorizer
aws-ec2-describe-images
AWS Config
aws-configservice-compliance-details
aws-configservice-config-rules
aws-configservice-describe-configuration-recorders
Delivery Channels
aws-describe-delivery-channels
Amazon DynamoDB
aws-dynamodb-describe-table
AWS Database Migration Service
  • aws-dms-certificate
  • aws-dms-endpoint
  • aws-dms-replication-instance
AWS Elastic Beanstalk
  • aws-elasticbeanstalk-environment
  • aws-elasticbeanstalk-configuration-settings
Amazon Elastic Container Registry (ECR)
  • aws-ecr-image
  • aws-ecr-get-repository-policy
  • aws-ecr-public-repositories
AWS Elastic File System (EFS)
aws-describe-mount-targets
Amazon Elastic Container Service for Kubernetes (EKS)
  • aws-eks-describe-cluster
  • aws-eks-fargate-profile
AWS Athena
aws-athena-workgroup
ElastiCache
  • aws-cache-engine-versions
  • aws-elasticache-cache-clusters
  • aws-elasticache-describe-replication-groups
  • aws-elasticache-reserved-cache-nodes
  • aws-elasticache-subnet-groups
  • aws-elasticache-snapshots
Amazon Elastic Load Balancing
  • aws-elb-describe-load-balancers
  • aws-describe-ssl-policies
  • aws-elbv2-describe-load-balancers
  • aws-elbv2-target-group
  • aws-elbv2-target-health
Amazon ElasticSearch Service
aws-es-describe-elasticsearch-domain
Amazon Elastic MapReduce (EMR)
  • aws-emr-describe-cluster
  • aws-emr-public-access-block
Amazon S3 Glacier
  • aws-glacier-get-vault-access-policy
  • aws-glacier-get-vault-lock
  • aws-glacier-vault
Amazon GuardDuty
aws-guardduty-detector
AWS Glue
  • aws-glue-security-configuration
  • aws-glue-connection
  • aws-glue-datacatalog
AWS Identity and Access Management (IAM)
  • aws-iam-list-access-keys
  • aws-iam-get-account-summary
  • aws-iam-list-server-certificates
  • aws-iam-get-credential-report
  • aws-iam-list-mfa-devices
  • aws-iam-list-virtual-mfa-devices
  • aws-iam-get-account-password-policy
  • aws-iam-get-policy-version
  • aws-iam-list-users
  • aws-iam-list-user-policies
  • aws-iam-list-roles
  • aws-iam-list-groups
  • aws-iam-list-attached-user-policies
  • aws-iam-list-ssh-public-keys
  • aws-iam-saml-provider
  • aws-iam-service-last-accessed-details
AWS Key Management Service (KMS)
aws-kms-get-key-rotation-status
Amazon Kinesis
aws-kinesis-list-streams
aws-kinesis-firehose-delivery-stream
AWS Lambda
  • aws-lambda-list-functions
  • aws-lambda-get-region-summary
AWS Organization
  • aws-organization-account
  • aws-organization-ou
  • aws-organization-root
  • aws-organization-scp
  • aws-organization-tag-policy
AWS Resource Access Manager (RAM)
  • aws-ram-principal
  • aws ram list-resources
  • aws-ram-resource
  • aws-ram-resource-share
Amazon Relational Database Service (RDS)
  • aws-rds-db-cluster-parameter-group
  • aws-rds-describe-db-instances
  • aws-rds-describe-db-snapshots
  • aws-rds-describe-event-subscriptions
  • aws-rds-db-cluster-snapshots
  • aws-rds-db-clusters
  • aws-rds-describe-db-parameter-groups
  • aws-rds-option-group
Amazon RedShift
aws-redshift-describe-clusters
AWS Route53
  • aws-route53-list-hosted-zones
  • aws-route53-domain
AWS Secrets Manager
aws-secretsmanager-describe-secret
AWS Systems Manager
  • aws-ssm-document
  • aws-ssm-inventory-instance-information
  • aws-ssm-parameter
Amazon S3
  • aws-s3control-public-access-block
  • aws-s3api-get-bucket-acl
  • aws-s3-access-point
AWS Shield
  • aws-shield-advanced-status
  • aws-shield-protection-groups
  • aws-shield-protections
AWS Advance Shield
aws-shield-protections
Amazon Simple Email Service (SES)
aws-ses-identities
Amazon QuickSight
  • aws-quicksight-dataset
  • aws-quicksight-datasource
Amazon Simple Notification Service (SNS)
  • aws-sns-get-subscription-attributes
  • aws-sns-get-topic-attributes
  • aws-sns-platform-application
Amazon Simple Queue Service (SQS)
aws-sqs-get-queue-attributes
AWS Transfer Family
aws-transfer-family-access
aws-transfer-family-server
Amazon VPC
  • aws-ec2-describe-security-groups
  • aws-ec2-describe-route-tables
  • aws-ec2-describe-subnets
  • aws-ec2-describe-vpcs
  • aws-ec2-describe-vpc-peering-connections
  • aws-describe-vpc-endpoints
  • aws-ec2-describe-vpn-connections
  • aws-ec2-describe-vpn-gateways
  • aws-ec2-describe-vpn-gateways-summary
  • aws-ec2-vpc-stats
  • aws-ec2-vpn-connections-summary
  • aws-vpc-dhcp-options
  • aws-vpc-nat-gateway
  • aws-ec2-describe-flow-logs
  • aws-ec2-describe-internet-gateways
  • aws-ec2-describe-network-acls
  • aws-ecr-get-repository-policy
  • aws-vpc-managed-prefix-list
  • aws-vpc-transit-gateway
  • aws-vpc-transit-gateway-attachment
AWS Web Application Firewall (WAF)
  • aws-waf-web-acl-resources
  • aws-waf-classic-web-acl-resource
  • aws-waf-classic-global-web-acl-resource
  • aws-waf-v2-global-web-acl-resource
  • aws-waf-v2-web-acl-resource
Amazon WorkSpaces
  • aws-describe-workspace-directories
  • aws-workspaces-describe-workspaces
Amazon MSK
aws-msk-cluster
IAM Access Analyzer
aws-access-analyzer
*
When an AMI is deregistered and the EC2 instances that were launched from them are terminated, the EC2 instances are marked as deleted for the
aws-ec2-describe-images
API and the corresponding alerts are resolved. While deregistering an AMI does not affect the already launched EC2 instances, the running EC2 instances can be a compliance risk because the AMIs may have open alerts triggered against policies.

Recommended For You