Below is a list of the available API calls:
This endpoint is used to create a new one-way communication channel setting. This feature can be used in conjunction with a GET request to copy communication settings from one account to others. An example of this function is provided in the examples folder.
IMPORTANT: Some guidelines about using this endpoint:
- Settings are created as long as your inputs are valid. The onus is on you to ensure you don't create settings that are duplicate or too similar in nature.
- You can create either account-level-only OR organisation-level-only settings in each call.
- If creating account-level settings you must provide ONLY the accountId and NOT the organisationId.
- If creating organisation-level settings you must provide ONLY the organisationId and NOT the accountId.
- Only ADMIN users can create organisation-level settings.
- With organisation-level user-based (email & sms) settings, the onus is on you to ensure these users have at least read-only access to all accounts.
POST /settings/communication
data
: an JSON object containing JSONAPI compliant data object with following propertiesattributes
: An attribute object containingaccountId
: String, required if creating an account-level setting (Cloud Conformity accountId)organisationId
: String, required if creating an organisation-level setting (Cloud Conformity organisationId)communicationSettings
: An array of objects, each object containschannel
: String, must be one of the following: email, sms, slack, pager-duty, snsenabled
: Boolean, true for turning on, false for turning off this channel.manual
: Boolean, (only used for SNS channels) true for allowing users to manually send individual checks, false for disabling this option.filter
: Optional object (defines which checks you want to be included) including services, regions, categories, statuses, ruleIds, riskLevel, suppressed, and tags.configuration
: Object containing parameters that are different for each channel. For more details consult the configurations-table
The table below give more information about filter options:
Name | Values |
---|---|
filter.regions |
An array of valid AWS region strings. (e.g. ["us-west-1", "us-west-2"]) For more information about regions, please refer to Cloud Conformity Region Endpoint |
filter.services |
An array of AWS service strings from the following: AutoScaling | CloudConformity | CloudFormation | CloudFront | CloudTrail | CloudWatch | CloudWatchEvents | CloudWatchLogs | Config | DynamoDB | EBS | EC2 | ElastiCache | Elasticsearch | ELB | IAM | KMS | RDS | Redshift | ResourceGroup | Route53 | S3 | SES | SNS | SQS | VPC | WAF | ACM | Inspector | TrustedAdvisor | Shield | EMR | Lambda | Support | Organizations | Kinesis | EFS For more information about services, please refer to Cloud Conformity Services Endpoint |
filter.categories |
An array of category (AWS well-architected framework category) strings from the following: security | cost-optimisation | reliability | performance-efficiency | operational-excellence |
filter.riskLevels |
An array of risk-level strings from the following: LOW| MEDIUM | HIGH | VERY_HIGH | EXTREME |
filter.statuses |
An array of statuses strings from the following: SUCCESS | FAILURE |
filter.tags |
An array of any assigned metadata tags to your AWS resources |
The table below give more information about configuration options:
Channel | Configuration |
---|---|
configuration.key is "users", configuration.value is an array of verified users that have at lease readOnly access to the account |
|
sms | configuration.key is "users", configuration.value is an array of users with verified mobile numbers that have at lease readOnly access to the account |
slack | { "url": "https://hooks.slack.com/services/your-slack-webhook", "channel": "#your-channel" } |
pager-duty | { "serviceName": "yourServiceName", "serviceKey": "yourServiceKey" } |
sns | { "arn": "arn:aws:sns:REGION:ACCOUNT_ID:TOPIC_NAME"} |
Example request for creating an account level pager-duty setting:
curl -X POST \
-H "Content-Type: application/vnd.api+json" \
-H "Authorization: ApiKey S1YnrbQuWagQS0MvbSchNHDO73XHqdAqH52RxEPGAggOYiXTxrwPfmiTNqQkTq3p" \
-d '
{
"data": {
"attributes": {
"accountId": "H19NxM15-",
"communicationSettings": [
{
"enabled": true,
"filter": {
"riskLevels": ["EXTREME"],
"statuses": ["FAILURE"]
},
"configuration": {
"serviceName": "SomeName",
"serviceKey": "apagerdutyservicekey"
},
"channel": "pager-duty"
}
]
}
}
}' \
https://us-west-2-api.cloudconformity.com/v1/settings/communication
Example Response:
[
{
"data": {
"type": "settings",
"id": "H19NxM15-:communication:pager-duty-S1xvk1zGwM",
"attributes": {
"type": "communication",
"manual": "",
"enabled": true,
"filter": {
"riskLevels": [
"EXTREME"
],
"statuses": [
"FAILURE"
]
},
"configuration": {
"serviceName": "SomeName",
"serviceKey": "apagerdutyservicekey"
},
"channel": "pager-duty"
},
"relationships": {
"organisation": {
"data": {
"type": "organisations",
"id": "ryqMcJn4b"
}
},
"account": {
"data": {
"type": "accounts",
"id": "H19NxM15-"
}
}
}
}
}
]
A GET request to this endpoint allows you to get communication settings of the specified account. This feature can be used in conjunction with a POST request to copy communication settings from one account to others. An example of this function is provided in the examples folder.
GET /settings/communication/accountId
accountId
: The Cloud Conformity ID of the accountchannel
: Optional parameter if you want to only get settings for one specific channel: email, sms, slack, pager-duty, or sns.
IMPORTANT: Users with different roles can get different results from this endpoint. The table below describes the relationship between user role and type of data you get get.
Role | Organisation-Level Settings | Account-Level Settings |
---|---|---|
ADMIN | Full settings with configurations | Full settings with configurations |
FULL access to the account | Settings without configurations | Full settings with configurations |
READONLY access to the account | No settings | Settings without configurations |
NO access to the account | No settings | No settings |
Example request for email-only settings:
curl -H "Authorization: ApiKey S1YnrbQuWagQS0MvbSchNHDO73XHqdAqH52RxEPGAggOYiXTxrwPfmiTNqQkTq3p" \
https://us-west-2-api.cloudconformity.com/v1/settings/communication?accountId=H19NxM15-&channel=email
Example Response for an ADMIN user:
(Note: The first object is for an organisation-level setting: setting.relationships.account.data
is NULL)
{
"data": [
{
"type": "settings",
"id": "communication:email-HJgeFWmpVf",
"attributes": {
"type": "communication",
"manual": false,
"enabled": true,
"filter": {
"statuses": [
"FAILURE"
],
"services": [
"Organizations"
],
"suppressed": false
},
"configuration": {
"users": [
"BJlqMqknVb"
]
},
"channel": "email"
},
"relationships": {
"organisation": {
"data": {
"type": "organisations",
"id": "ryqMcJn4b"
}
},
"account": {
"data": null
}
}
},
{
"type": "settings",
"id": "ryqs8LNKW:communication:email-Ske1cKKEvM",
"attributes": {
"type": "communication",
"manual": false,
"enabled": true,
"filter": {
"statuses": [
"FAILURE"
],
"categories": [
"security"
],
"suppressed": false
},
"configuration": {
"users": [
"HyL7K6GrZ"
]
},
"channel": "email"
},
"relationships": {
"organisation": {
"data": {
"type": "organisations",
"id": "ryqMcJn4b"
}
},
"account": {
"data": {
"type": "accounts",
"id": "H19NxM15-"
}
}
}
}
]
}
Example response for a user with FULL access to the acount: (Note: Organisation-level setting's configuration is not shown to this user)
{
"data": [
{
"type": "settings",
"id": "communication:email-HJgeFWmpVf",
"attributes": {
"type": "communication",
"manual": false,
"enabled": true,
"filter": {
"statuses": [
"FAILURE"
],
"services": [
"Organizations"
],
"suppressed": false
},
"channel": "email"
},
"relationships": {
"organisation": {
"data": {
"type": "organisations",
"id": "ryqMcJn4b"
}
},
"account": {
"data": null
}
}
},
{
"type": "settings",
"id": "ryqs8LNKW:communication:email-Ske1cKKEvM",
"attributes": {
"type": "communication",
"manual": false,
"enabled": true,
"filter": {
"statuses": [
"FAILURE"
],
"categories": [
"security"
],
"suppressed": false
},
"configuration": {
"users": [
"HyL7K6GrZ"
]
},
"channel": "email"
},
"relationships": {
"organisation": {
"data": {
"type": "organisations",
"id": "ryqMcJn4b"
}
},
"account": {
"data": {
"type": "accounts",
"id": "H19NxM15-"
}
}
}
}
]
}
A PATCH request to this endpoint allows you to update a specific communication setting.
IMPORTANT: User role defines how they may use this endpoint:
- Only ADMIN users can update organisation-level settings.
- For an account-level setting, both ADMINs and users with FULL access to the account can update it.
PATCH /settings/communication/settingId
data
: an JSON object containing JSONAPI compliant data object with following propertiesattributes
: An attribute object containingaccountId
: String, required if updating an account-level setting (Cloud Conformity accountId)organisationId
: String, required if updating an organisation-level setting (Cloud Conformity organisationId)channel
: String, must match channel in the settingIdenabled
: Boolean, true for turning on, false for turning off this channel.manual
: Boolean, (only used for SNS channels) true for allowing users to manually send individual checks, false for disabling this option.filter
: Optional object (defines which checks you want to be included) including services, regions, categories, statuses, ruleIds, riskLevel, suppressed, and tags.configuration
: Object containing parameters that are different for each channel. For more details consult the configurations-table
The table below give more information about filter options:
Name | Values |
---|---|
filter.regions |
An array of valid AWS region strings. (e.g. ["us-west-1", "us-west-2"]) For more information about regions, please refer to Cloud Conformity Region Endpoint |
filter.services |
An array of AWS service strings from the following: AutoScaling | CloudConformity | CloudFormation | CloudFront | CloudTrail | CloudWatch | CloudWatchEvents | CloudWatchLogs | Config | DynamoDB | EBS | EC2 | ElastiCache | Elasticsearch | ELB | IAM | KMS | RDS | Redshift | ResourceGroup | Route53 | S3 | SES | SNS | SQS | VPC | WAF | ACM | Inspector | TrustedAdvisor | Shield | EMR | Lambda | Support | Organizations | Kinesis | EFS For more information about services, please refer to Cloud Conformity Services Endpoint |
filter.categories |
An array of category (AWS well-architected framework category) strings from the following: security | cost-optimisation | reliability | performance-efficiency | operational-excellence |
filter.riskLevels |
An array of risk-level strings from the following: LOW| MEDIUM | HIGH | VERY_HIGH | EXTREME |
filter.statuses |
An array of statuses strings from the following: SUCCESS | FAILURE |
filter.tags |
An array of any assigned metadata tags to your AWS resources |
The table below give more information about configuration options:
Channel | Configuration |
---|---|
configuration.key is "users", configuration.value is an array of verified users that have at lease readOnly access to the account |
|
sms | configuration.key is "users", configuration.value is an array of users with verified mobile numbers that have at lease readOnly access to the account |
slack | { "url": "https://hooks.slack.com/services/your-slack-webhook", "channel": "#your-channel" } |
pager-duty | { "serviceName": "yourServiceName", "serviceKey": "yourServiceKey" } |
sns | { "arn": "arn:aws:sns:REGION:ACCOUNT_ID:TOPIC_NAME"} |
Example request to update an account level pager-duty setting:
curl -X PATCH \
-H "Content-Type: application/vnd.api+json" \
-H "Authorization: ApiKey S1YnrbQuWagQS0MvbSchNHDO73XHqdAqH52RxEPGAggOYiXTxrwPfmiTNqQkTq3p" \
-d '
{
"data": {
"attributes": {
"accountId": "H19NxM15-",
"enabled": true,
"filter": {
"statuses": ["FAILURE"]
},
"configuration": {
"serviceName": "SomeOtherName",
"serviceKey": "anotherpagerdutyservicekey"
},
"channel": "pager-duty"
}
}
}' \
https://us-west-2-api.cloudconformity.com/v1/settings/communication/H19NxM15-:communication:pager-duty-S1xvk1zGwM
Example Response:
[
{
"data": {
"type": "settings",
"id": "H19NxM15-:communication:pager-duty-S1xvk1zGwM",
"attributes": {
"type": "communication",
"manual": "",
"enabled": true,
"filter": {
"statuses": [
"FAILURE"
]
},
"configuration": {
"serviceName": "SomeOtherName",
"serviceKey": "anotherpagerdutyservicekey"
},
"channel": "pager-duty"
},
"relationships": {
"organisation": {
"data": {
"type": "organisations",
"id": "ryqMcJn4b"
}
},
"account": {
"data": {
"type": "accounts",
"id": "H19NxM15-"
}
}
}
}
}
]