AWS APIs Ingested by Prisma Cloud

List of all Amazon Web Services APIs that Prisma Cloud supports to retrieve data about your AWS resources.
The following are AWS APIs that are ingested by Prisma Cloud.
SERVICE
API NAME IN PRISMA CLOUD
API Gateway
  • aws-apigateway-get-rest-apis
  • aws-apigateway-get-stages
  • aws-apigateway-domain-name
  • aws-apigateway-base-path-mapping
  • aws-apigateway-method
  • aws-apigateway-client-certificates
AWS ACM Private Certificate Authority
aws-acm-pca-certificate-authority
Amazon Batch
aws-batch-compute-environment
Amazon Connect
aws-connect-instance
Amazon EKS
aws-eks-node-group
Amazon EventBridge
aws-events-rule
AWS Storage Gateway
  • aws-storage-gateway-fileshare
  • aws-storage-gateway-information
  • aws-storage-gateway-cached-volume
  • aws-storage-gateway-tape
Amazon Lightsail
aws-lightsail-instance
Amazon Lake Formation
aws-lake-formation-setting
Amazon Lex
aws-lexv2-bot
aws-lex-bot
AWS AutoScaling
  • aws-describe-auto-scaling-groups
  • aws-ec2-autoscaling-launch-configuration
AWS AppSync
aws-appsync-graphql-api
AWS Backup
aws-backup-vault-access-policy
AWS Certificate Manager
aws-acm-describe-certificate
Amazon DAX
aws-dax-cluster
Amazon DocumentDB
aws-documentdb-db-cluster-parameter-group
aws-docdb-db-cluster
Amazon Elastic Container Service (ECS)
  • aws-ecs-container-instance
  • aws-ecs-describe-task-definition
  • aws-ecs-service
  • aws-ecs-cluster
AWS CloudFormation
aws-cloudformation-describe-stacks
AWS CloudFront
aws-cloudfront-list-distributions
Amazon CloudSearch
aws-cloudsearch-domain
AWS CloudTrail
  • aws-cloudtrail-describe-trails
  • aws-cloudtrail-get-event-selectors
  • aws-cloudtrail-get-trail-status
AWS CloudWatch
  • aws-cloudwatch-describe-alarms
  • aws-cloudwatch-log-group
  • aws-logs-describe-metric-filters
AWS CodeBuild
aws-code-build-project
Amazon Cognito
  • aws-cognito-identity-pool
  • aws-cognito-user-pool
AWS Directory Service
aws-ds-directory
AWS Direct Connect
  • aws-direct-connect-connection
  • aws-directconnect-describe-gateway
  • aws-direct-connect-interface
AWS IAM
aws-iam-oidc-provider
Amazon EC2
  • aws-describe-account-attributes
  • aws-ec2-classic-instances
  • aws-ec2-describe-instances
  • aws-ec2-describe-images
    *
  • aws-ec2-describe-snapshots
  • aws-ec2-describe-network-interfaces
  • aws-ec2-key-pair
  • aws-ec2-describe-volumes
  • aws-ec2-elastic-address
  • aws-region
Amazon FSx
aws-fsx-file-system
Amazon MQ
aws-mq-broker
Amazon Neptune
  • aws-neptune-db-cluster-parameter-group
  • aws-neptune-db-instance
  • aws-neptune-db-cluster
Amazon Pinpoint
  • aws-pinpoint-email-channel
  • aws-pinpoint-sms-channel
Amazon Route53 Resolver
  • aws-route53resolver-query-logging-config
  • aws-route53resolver-query-logging-config-association
Amazon SageMaker
aws-sagemaker-notebook-instance
aws-sagemaker-endpoint
aws-sagemaker-training-job
aws-sagemaker-user-profile
aws-sagemaker-endpoint-config
aws-sagemaker-domain
aws-api-gateway-authorizer
aws-ec2-describe-images
AWS Config
aws-configservice-compliance-details
aws-configservice-config-rules
aws-configservice-describe-configuration-recorders
Delivery Channels
aws-describe-delivery-channels
Amazon DynamoDB
aws-dynamodb-describe-table
AWS Database Migration Service
  • aws-dms-certificate
  • aws-dms-endpoint
  • aws-dms-replication-instance
AWS Elastic Beanstalk
  • aws-elasticbeanstalk-environment
  • aws-elasticbeanstalk-configuration-settings
Amazon Elastic Container Registry (ECR)
  • aws-ecr-image
  • aws-ecr-get-repository-policy
  • aws-ecr-public-repositories
  • aws-ecr-registry-scanning-configuration
AWS Elastic File System (EFS)
aws-describe-mount-targets
Amazon Elastic Container Service for Kubernetes (EKS)
  • aws-eks-describe-cluster
  • aws-eks-fargate-profile
AWS Athena
aws-athena-workgroup
ElastiCache
  • aws-cache-engine-versions
  • aws-elasticache-cache-clusters
  • aws-elasticache-describe-replication-groups
  • aws-elasticache-reserved-cache-nodes
  • aws-elasticache-subnet-groups
  • aws-elasticache-snapshots
Amazon Elastic Load Balancing
  • aws-elb-describe-load-balancers
  • aws-describe-ssl-policies
  • aws-elbv2-describe-load-balancers
  • aws-elbv2-target-group
  • aws-elbv2-target-health
Amazon ElasticSearch Service
aws-es-describe-elasticsearch-domain
Amazon Elastic MapReduce (EMR)
  • aws-emr-describe-cluster
  • aws-emr-public-access-block
Amazon S3 Glacier
  • aws-glacier-get-vault-access-policy
  • aws-glacier-get-vault-lock
  • aws-glacier-vault
Amazon GuardDuty
aws-guardduty-detector
AWS Glue
  • aws-glue-security-configuration
  • aws-glue-connection
  • aws-glue-datacatalog
AWS Identity and Access Management (IAM)
  • aws-iam-list-access-keys
  • aws-iam-get-account-summary
  • aws-iam-list-server-certificates
  • aws-iam-get-credential-report
  • aws-iam-list-mfa-devices
  • aws-iam-list-virtual-mfa-devices
  • aws-iam-get-account-password-policy
  • aws-iam-get-policy-version
  • aws-iam-list-users
  • aws-iam-list-user-policies
  • aws-iam-list-roles
  • aws-iam-list-groups
  • aws-iam-list-attached-user-policies
  • aws-iam-list-ssh-public-keys
  • aws-iam-saml-provider
  • aws-iam-service-last-accessed-details
AWS Key Management Service (KMS)
aws-kms-get-key-rotation-status
Amazon Kinesis
aws-kinesis-list-streams
aws-kinesis-firehose-delivery-stream
AWS Lambda
  • aws-lambda-list-functions
  • aws-lambda-get-region-summary
  • aws-lambda-code-signing-config
AWS MediaStore
aws-mediastore-container
Amazon Managed Workflows for Apache Airflow
aws-mwaa-environment
AWS Organization
  • aws-organization-account
  • aws-organization-ou
  • aws-organization-root
  • aws-organization-scp
  • aws-organization-tag-policy
AWS Resource Access Manager (RAM)
  • aws-ram-principal
  • aws ram list-resources
  • aws-ram-resource
  • aws-ram-resource-share
Amazon Relational Database Service (RDS)
  • aws-rds-db-cluster-parameter-group
  • aws-rds-describe-db-instances
  • aws-rds-describe-db-snapshots
  • aws-rds-describe-event-subscriptions
  • aws-rds-db-cluster-snapshots
  • aws-rds-db-clusters
  • aws-rds-describe-db-parameter-groups
  • aws-rds-option-group
Amazon RedShift
aws-redshift-describe-clusters
AWS Route53
  • aws-route53-list-hosted-zones
  • aws-route53-domain
AWS Secrets Manager
aws-secretsmanager-describe-secret
AWS Systems Manager
  • aws-ssm-association
  • aws-ssm-document
  • aws-ssm-inventory-instance-information
  • aws-ssm-parameter
Amazon S3
  • aws-s3control-public-access-block
  • aws-s3api-get-bucket-acl
  • aws-s3-access-point
AWS Shield
  • aws-shield-advanced-status
  • aws-shield-protection-groups
  • aws-shield-protections
AWS Advance Shield
aws-shield-protections
Amazon Simple Email Service (SES)
aws-ses-identities
Amazon QuickSight
  • aws-quicksight-account-setting
  • aws-quicksight-dataset
  • aws-quicksight-datasource
Amazon Simple Notification Service (SNS)
  • aws-sns-get-subscription-attributes
  • aws-sns-get-topic-attributes
  • aws-sns-platform-application
Amazon Simple Queue Service (SQS)
aws-sqs-get-queue-attributes
AWS Transfer Family
  • aws-transfer-family-access
  • aws-transfer-family-server
Amazon VPC
  • aws-ec2-describe-security-groups
  • aws-ec2-describe-route-tables
  • aws-ec2-describe-subnets
  • aws-ec2-describe-vpcs
  • aws-ec2-describe-vpc-peering-connections
  • aws-describe-vpc-endpoints
  • aws-ec2-client-vpn-endpoint
  • aws-ec2-describe-vpn-connections
  • aws-ec2-describe-vpn-gateways
  • aws-ec2-describe-vpn-gateways-summary
  • aws-ec2-vpc-stats
  • aws-ec2-vpn-connections-summary
  • aws-vpc-dhcp-options
  • aws-vpc-nat-gateway
  • aws-ec2-describe-flow-logs
  • aws-ec2-describe-internet-gateways
  • aws-ec2-describe-network-acls
  • aws-ecr-get-repository-policy
  • aws-vpc-managed-prefix-list
  • aws-vpc-transit-gateway
  • aws-vpc-transit-gateway-attachment
AWS Web Application Firewall (WAF)
  • aws-waf-web-acl-resources
  • aws-waf-classic-web-acl-resource
  • aws-waf-classic-global-web-acl-resource
  • aws-waf-v2-global-web-acl-resource
  • aws-waf-v2-web-acl-resource
Amazon WorkSpaces
  • aws-describe-workspace-directories
  • aws-workspaces-describe-workspaces
Amazon MSK
aws-msk-cluster
AWS Data Pipeline
  • datapipeline:DescribePipelines
  • datapipeline:GetPipelineDefinition
  • datapipeline:ListPipelines
IAM Access Analyzer
aws-access-analyzer
AWS CodeArtifact
  • aws-code-artifact-repository
  • aws-code-artifact-domain
AWS XRAY
aws-xray-encryption-config
*
When an AMI is deregistered and the EC2 instances that were launched from them are terminated, the EC2 instances are marked as deleted for the
aws-ec2-describe-images
API and the corresponding alerts are resolved. While deregistering an AMI does not affect the already launched EC2 instances, the running EC2 instances can be a compliance risk because the AMIs may have open alerts triggered against policies.

Recommended For You