Using the Cloud Connect AWS service collection
This service collection has code examples posted to the repository.
This service collection has been superseded by the CSPMRegistration service collection and is now deprecated. Developers should move code over to use the new operations available within the updated collection.
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
 | Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria | ||||
| Retrieve a set of Global Settings which are applicable to all provisioned AWS accounts | ||||
| Retrieve a set of AWS Accounts by specifying their IDs | ||||
| Provision AWS Accounts by specifying details about the accounts to provision | ||||
| Delete a set of AWS Accounts by specifying their IDs | ||||
| Update AWS Accounts by specifying the ID of the account and details to update | ||||
| Create or update Global Settings which are applicable to all provisioned AWS accounts | ||||
| Performs an Access Verification check on the specified AWS Account IDs | ||||
| Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
QueryAWSAccounts
Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria
Deprecated operation
This operation has been superseded by the GetCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
PEP8 method name
query_aws_accounts
Endpoint
| Method | Route |
|---|---|
 | /cloud-connect-aws/combined/accounts/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| limit |  | | query | integer | The maximum records to return. [1-5000]. Defaults to 100. |
| offset | | | query | integer | The offset to start retrieving records from. |
| sort | | | query | string | The property to sort by (e.g. alias.desc or state.asc). |
| filter | | | query | string | The filter expression that should be used to limit the results. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_aws_accounts(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.QueryAWSAccounts(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("QueryAWSAccounts",
limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)
GetAWSSettings
Retrieve a set of Global Settings which are applicable to all provisioned AWS accounts
Deprecated operation
This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.
PEP8 method name
get_aws_settings
Endpoint
| Method | Route |
|---|---|
| /cloud-connect-aws/combined/settings/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
No keywords or arguments accepted.
Usage
Service class example (PEP8 syntax)
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_aws_settings()
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetAWSSettings()
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetAWSSettings")
print(response)
GetAWSAccounts
Retrieve a set of AWS Accounts by specifying their IDs
Deprecated operation
This operation has been superseded by the GetCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
PEP8 method name
get_aws_accounts
Endpoint
| Method | Route |
|---|---|
| /cloud-connect-aws/entities/accounts/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | IDs of accounts to retrieve details. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_aws_accounts(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetAWSAccounts(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetAWSAccounts", ids=id_list)
print(response)
ProvisionAWSAccounts
Provision AWS Accounts by specifying details about the accounts to provision
Deprecated operation
This operation has been superseded by the CreateCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
PEP8 method name
provision_aws_accounts
Endpoint
| Method | Route |
|---|---|
 | /cloud-connect-aws/entities/accounts/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |  | body | dictionary | Full BODY payload in JSON format. |
| cloudtrail_bucket_owner_id | |  | body | string | AWS IAM IAD for Cloudtrail bucket owner. (ARN format) |
| cloudtrail_bucket_region | | | body | string | AWS region for Cloudtrail bucket. |
| external_id | | | body | string | Shared external ID to use for AWS cross-account role. |
| iam_role_arn | | | body | string | ARN for the IAM role to use as the cross-account role. |
| id | | | body | string | AWS account ID to provision. |
| mode | | | query | string | Mode for provisioning. Allowed values are manual or cloudformation. Defaults to manual if not defined. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| rate_limit_req | | | body | integer | Rate limit count. |
| rate_limit_time | | | body | integer | Rate limit timestamp. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.provision_aws_accounts(cloudtrail_bucket_owner_id="string",
cloudtrail_bucket_region="string",
external_id="string",
iam_role_arn="string",
id="string",
rate_limit_req=integer,
rate_limit_time=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ProvisionAWSAccounts(cloudtrail_bucket_owner_id="string",
cloudtrail_bucket_region="string",
external_id="string",
iam_role_arn="string",
id="string",
rate_limit_req=integer,
rate_limit_time=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"cloudtrail_bucket_owner_id": "string",
"cloudtrail_bucket_region": "string",
"external_id": "string",
"iam_role_arn": "string",
"id": "string",
"rate_limit_reqs": integer,
"rate_limit_time": integer
}
]
}
response = falcon.command("ProvisionAWSAccounts", mode="string", body=BODY)
print(response)
DeleteAWSAccounts
Delete a set of AWS Accounts by specifying their IDs
Deprecated operation
This operation has been superseded by the DeleteCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
PEP8 method name
delete_aws_accounts
Endpoint
| Method | Route |
|---|---|
 | /cloud-connect-aws/entities/accounts/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | IDs of accounts to remove |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_aws_accounts(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteAWSAccounts(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteAWSAccounts", ids=id_list)
print(response)
UpdateAWSAccounts
Update AWS Accounts by specifying the ID of the account and details to update
Deprecated operation
This operation has been superseded by the PatchCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
PEP8 method name
update_aws_accounts
Endpoint
| Method | Route |
|---|---|
 | /cloud-connect-aws/entities/accounts/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full BODY payload in JSON format. |
| cloudtrail_bucket_owner_id | | | body | string | AWS IAM IAD for Cloudtrail bucket owner. (ARN format) |
| cloudtrail_bucket_region | | | body | string | AWS region for Cloudtrail bucket. |
| external_id | | | body | string | Shared external ID to use for AWS cross-account role. |
| iam_role_arn | | | body | string | ARN for the IAM role to use as the cross-account role. |
| id | | | body | string | AWS account ID to provision. |
| rate_limit_req | | | body | integer | Rate limit count. |
| rate_limit_time | | | body | integer | Rate limit timestamp. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_aws_accounts(cloudtrail_bucket_owner_id="string",
cloudtrail_bucket_region="string",
external_id="string",
iam_role_arn="string",
id="string",
rate_limit_req=integer,
rate_limit_time=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateAWSAccounts(cloudtrail_bucket_owner_id="string",
cloudtrail_bucket_region="string",
external_id="string",
iam_role_arn="string",
id="string",
rate_limit_req=integer,
rate_limit_time=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"cloudtrail_bucket_owner_id": "string",
"cloudtrail_bucket_region": "string",
"external_id": "string",
"iam_role_arn": "string",
"id": "string",
"rate_limit_reqs": integer,
"rate_limit_time": integer
}
]
}
response = falcon.command("UpdateAWSAccounts", body=BODY)
print(response)
CreateOrUpdateAWSSettings
Create or update Global Settings which are applicable to all provisioned AWS accounts
Deprecated operation
This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.
PEP8 method name
create_or_update_aws_settings
Endpoint
| Method | Route |
|---|---|
| /cloud-connect-aws/entities/settings/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full BODY payload in JSON format. |
| cloudtrail_bucket_owner_id | | | body | string | AWS IAM IAD for Cloudtrail bucket owner. (ARN format) |
| static_external_id | | | body | string | New external ID to use for the AWS cross-account role. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_or_update_aws_settings(cloudtrail_bucket_owner_id="string"
static_external_id="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateOrUpdateAWSSettings(cloudtrail_bucket_owner_id="string"
static_external_id="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"cloudtrail_bucket_owner_id": "string",
"static_external_id": "string"
}
]
}
response = falcon.command("CreateOrUpdateAWSSettings", body=BODY)
print(response)
VerifyAWSAccountAccess
Performs an Access Verification check on the specified AWS Account IDs
Deprecated operation
This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.
PEP8 method name
verify_aws_account_access
Endpoint
| Method | Route |
|---|---|
| /cloud-connect-aws/entities/verify-account-access/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | IDs of accounts to verify access on. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.verify_aws_account_access(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.VerifyAWSAccountAccess(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("VerifyAWSAccountAccess", ids=id_list)
print(response)
QueryAWSAccountsForIDs
Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria
PEP8 method name
query_aws_accounts_for_ids
Endpoint
| Method | Route |
|---|---|
| /cloud-connect-aws/queries/accounts/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| limit | | | query | integer | The maximum records to return. [1-5000]. Defaults to 100. |
| offset | | | query | integer | The offset to start retrieving records from. |
| sort | | | query | string | The property to sort by (e.g. alias.desc or state.asc). |
| filter | | | query | string | The filter expression that should be used to limit the results. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_aws_accounts_for_ids(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudConnectAWS
# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.QueryAWSAccountsForIDs(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("QueryAWSAccountsForIDs",
limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)