AWS APIs Ingested by Prisma Cloud

List of all Amazon Web Services APIs that Prisma Cloud supports to retrieve data about your AWS resources.
The following are AWS APIs that are ingested by Prisma Cloud.
SERVICE
API NAME IN PRISMA CLOUD
API Gateway
  • aws-apigateway-get-rest-apis
  • aws-apigateway-get-stages
  • aws-apigateway-domain-name
  • aws-apigateway-base-path-mapping
  • aws-apigateway-method
  • aws-apigateway-client-certificates
AWS AutoScaling
  • aws-describe-auto-scaling-groups
  • aws-ec2-autoscaling-launch-configuration
AWS Backup
aws-backup-vault-access-policy
AWS Certificate Manager
aws-acm-describe-certificate
Amazon Elastic Container Service (ECS)
  • aws-ecs-container-instance
  • aws-ecs-describe-task-definition
  • aws-ecs-service
  • aws-ecs-cluster
AWS CloudFormation
aws-cloudformation-describe-stacks
AWS CloudFront
aws-cloudfront-list-distributions
Amazon CloudSearch
aws-cloudsearch-domain
AWS CloudTrail
  • aws-cloudtrail-describe-trails
  • aws-cloudtrail-get-event-selectors
  • aws-cloudtrail-get-trail-status
AWS CloudWatch
  • aws-cloudwatch-describe-alarms
  • aws-cloudwatch-log-group
  • aws-logs-describe-metric-filters
AWS CodeBuild
aws-code-build-project
Amazon Cognito
  • aws-cognito-identity-pool
  • aws-cognito-user-pool
AWS Directory Service
aws-ds-directory
AWS Direct Connect
  • aws-direct-connect-connection
  • aws-directconnect-describe-gateway
  • aws-direct-connect-interface
Amazon EC2
  • aws-describe-account-attributes
  • aws-ec2-classic-instances
  • aws-ec2-describe-instances
  • aws-ec2-describe-images
    *
  • aws-ec2-describe-snapshots
  • aws-ec2-describe-network-interfaces
  • aws-ec2-key-pair
  • aws-ec2-describe-volumes
  • aws-ec2-elastic-address
  • aws-region
Amazon MQ
aws-mq-broker
Amazon SageMaker
aws-sagemaker-notebook-instance
aws-sagemaker-endpoint
aws-sagemaker-training-job
aws-sagemaker-user-profile
aws-sagemaker-endpoint-config
aws-sagemaker-domain
aws-api-gateway-authorizer
aws-ec2-describe-images
AWS Config
aws-configservice-compliance-details
aws-configservice-config-rules
aws-configservice-describe-configuration-recorders
Delivery Channels
aws-describe-delivery-channels
Amazon DynamoDB
aws-dynamodb-describe-table
AWS Database Migration Service
  • aws-dms-certificate
  • aws-dms-endpoint
  • aws-dms-replication-instance
AWS Elastic Beanstalk
  • aws-elasticbeanstalk-environment
  • aws-elasticbeanstalk-configuration-settings
Amazon Elastic Container Registry (ECR)
  • aws-ecr-image
  • aws-ecr-get-repository-policy
AWS Elastic File System (EFS)
aws-describe-mount-targets
Amazon Elastic Container Service for Kubernetes (EKS)
  • aws-eks-describe-cluster
  • aws-eks-fargate-profile
ElastiCache
  • aws-cache-engine-versions
  • aws-elasticache-cache-clusters
  • aws-elasticache-describe-replication-groups
  • aws-elasticache-reserved-cache-nodes
  • aws-elasticache-subnet-groups
  • aws-elasticache-snapshots
Amazon Elastic Load Balancing
  • aws-elb-describe-load-balancers
  • aws-describe-ssl-policies
  • aws-elbv2-describe-load-balancers
  • aws-elbv2-target-group
  • aws-elbv2-target-health
Amazon ElasticSearch Service
aws-es-describe-elasticsearch-domain
Amazon Elastic MapReduce (EMR)
  • aws-emr-describe-cluster
  • aws-emr-public-access-block
Amazon S3 Glacier
  • aws-glacier-get-vault-access-policy
  • aws-glacier-get-vault-lock
  • aws-glacier-vault
Amazon GuardDuty
aws-guardduty-detector
AWS Glue
  • aws-glue-security-configuration
  • aws-glue-connection
AWS Identity and Access Management (IAM)
  • aws-iam-list-access-keys
  • aws-iam-get-account-summary
  • aws-iam-list-server-certificates
  • aws-iam-get-credential-report
  • aws-iam-list-mfa-devices
  • aws-iam-list-virtual-mfa-devices
  • aws-iam-get-account-password-policy
  • aws-iam-get-policy-version
  • aws-iam-list-users
  • aws-iam-list-user-policies
  • aws-iam-list-roles
  • aws-iam-list-groups
  • aws-iam-list-attached-user-policies
  • aws-iam-list-ssh-public-keys
  • aws-iam-saml-provider
  • aws-iam-service-last-accessed-details
AWS Key Management Service (KMS)
aws-kms-get-key-rotation-status
Amazon Kinesis
aws-kinesis-list-streams
aws-kinesis-firehose-delivery-stream
AWS Lambda
  • aws-lambda-list-functions
  • aws-lambda-get-region-summary
AWS Organization
  • aws-organization-account
  • aws-organization-ou
  • aws-organization-root
  • aws-organization-scp
  • aws-organization-tag-policy
AWS Resource Access Manager (RAM)
  • aws-ram-principal
  • aws ram list-resources
  • aws-ram-resource
  • aws-ram-resource-share
Amazon Relational Database Service (RDS)
  • aws-rds-describe-db-instances
  • aws-rds-describe-db-snapshots
  • aws-rds-describe-event-subscriptions
  • aws-rds-db-cluster-snapshots
  • aws-rds-db-clusters
Amazon RedShift
aws-redshift-describe-clusters
AWS Route53
  • aws-route53-list-hosted-zones
  • aws-route53-domain
Amazon RDS
aws-rds-describe-db-parameter-groups
AWS Secrets Manager
aws-secretsmanager-describe-secret
AWS Systems Manager
  • aws-ssm-document
  • aws-ssm-inventory-instance-information
  • aws-ssm-parameter
Amazon S3
  • aws-s3control-public-access-block
  • aws-s3api-get-bucket-acl
  • aws-s3-access-point
AWS Shield
aws-shield-advanced-status
Amazon Simple Notification Service (SNS)
  • aws-sns-get-subscription-attributes
  • aws-sns-get-topic-attributes
  • aws-sns-platform-application
Amazon Simple Queue Service (SQS)
aws-sqs-get-queue-attributes
AWS Transfer Family
aws-transfer-family-access
aws-transfer-family-server
Amazon VPC
  • aws-ec2-describe-security-groups
  • aws-ec2-describe-route-tables
  • aws-ec2-describe-subnets
  • aws-ec2-describe-vpcs
  • aws-ec2-describe-vpc-peering-connections
  • aws-describe-vpc-endpoints
  • aws-ec2-describe-vpn-connections
  • aws-ec2-describe-vpn-gateways
  • aws-ec2-describe-vpn-gateways-summary
  • aws-ec2-vpc-stats
  • aws-ec2-vpn-connections-summary
  • aws-vpc-dhcp-options
  • aws-vpc-nat-gateway
  • aws-ec2-describe-flow-logs
  • aws-ec2-describe-internet-gateways
  • aws-ec2-describe-network-acls
  • aws-ecr-get-repository-policy
  • aws-vpc-managed-prefix-list
  • aws-vpc-transit-gateway
  • aws-vpc-transit-gateway-attachment
AWS Web Application Firewall (WAF)
  • aws-waf-web-acl-resources
  • aws-waf-classic-web-acl-resource
  • aws-waf-classic-global-web-acl-resource
  • aws-waf-v2-global-web-acl-resource
  • aws-waf-v2-web-acl-resource
Amazon WorkSpaces
  • aws-describe-workspace-directories
  • aws-workspaces-describe-workspaces
IAM Access Analyzer
aws-access-analyzer
*
When an AMI is deregistered and the EC2 instances that were launched from them are terminated, the EC2 instances are marked as deleted for the
aws-ec2-describe-images
API and the corresponding alerts are resolved. While deregistering an AMI does not affect the already launched EC2 instances, the running EC2 instances can be a compliance risk because the AMIs may have open alerts triggered against policies.

Recommended For You