Using the Cloud AWS Registration service collection

Table of Contents

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

cloud_registration_aws_get_accounts

Retrieve existing AWS accounts by account IDs.

PEP8 method name

get_accounts

Endpoint

Method	Route
	/cloud-security-registration-aws/entities/account/v1

Required Scope

Content-Type

• Consumes: application/json
• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	AWS account IDs to filter.
organization_ids			query	string or list of strings	AWS organization IDs to filter.
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import CloudAWSRegistration

# Do not hardcode API credentials!
falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

organization_id_list = 'ORG_ID1,ORG_ID2,ORG_ID3'  # Can also pass a list here: ['ORG_ID1', 'ORG_ID2', 'ORG_ID3']

response = falcon.get_accounts(ids=id_list, organization_ids=organization_id_list)

print(response)

Service class example (Operation ID syntax)

from falconpy import CloudAWSRegistration

# Do not hardcode API credentials!
falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

organization_id_list = 'ORG_ID1,ORG_ID2,ORG_ID3'  # Can also pass a list here: ['ORG_ID1', 'ORG_ID2', 'ORG_ID3']

response = falcon.cloud_registration_aws_get_accounts(ids=id_list, organization_ids=organization_id_list)

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

organization_id_list = 'ORG_ID1,ORG_ID2,ORG_ID3'  # Can also pass a list here: ['ORG_ID1', 'ORG_ID2', 'ORG_ID3']

response = falcon.command("cloud_registration_aws_get_accounts", ids=id_list, organization_ids=organization_id_list)

print(response)

Back to Table of Contents

cloud_registration_aws_create_account

Creates a new account in our system for a customer.

PEP8 method name

create_account

Endpoint

Method	Route
	/cloud-security-registration-aws/entities/account/v1

Required Scope

Content-Type

• Consumes: application/json
• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
account_id			body	string	AWS account ID.
account_type			body	string	AWS account type.
body			body	dictionary	Full body payload in JSON format.
csp_events			body	boolean	Flag indicating if CSP events should be included.
is_master			body	boolean	Flag indicating if this is a master account.
organization_id			body	string	AWS organization ID.
products			body	list_of_dictionaries	List of included products and features.

Usage

Service class example (PEP8 syntax)

from falconpy import CloudAWSRegistration

# Do not hardcode API credentials!
falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

# Can also pass a list here: ['PRODUCT_ID1', 'PRODUCT_ID2', 'PRODUCT_ID3']
products = [
    {
        "features": [
            "string"
        ],
        "product": "string"
    }
]

response = falcon.create_account(account_id="string",
                                 account_type="string",
                                 csp_events=boolean,
                                 is_master=boolean,
                                 organization_id="string",
                                 products=products
                                 )
print(response)

Service class example (Operation ID syntax)

from falconpy import CloudAWSRegistration

# Do not hardcode API credentials!
falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

products = [
    {
        "features": [
            "string"
        ],
        "product": "string"
    }
]

response = falcon.cloud_registration_aws_create_account(account_id="string",
                                                        account_type="string",
                                                        csp_events=boolean,
                                                        is_master=boolean,
                                                        organization_id="string",
                                                        products=products
                                                        )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
  "resources": [
    {
      "account_id": "string",
      "account_type": "string",
      "csp_events": boolean,
      "is_master": boolean,
      "organization_id": "string",
      "products": [
        {
          "features": [
            "string"
          ],
          "product": "string"
        }
      ]
    }
  ]
}

response = falcon.command("cloud_registration_aws_create_account", body=body_payload)

print(response)

Back to Table of Contents

cloud_registration_aws_delete_account

Deletes an existing AWS account or organization in our system.

PEP8 method name

delete_account

Endpoint

Method	Route
	/cloud-security-registration-aws/entities/account/v1

Required Scope

Content-Type

• Consumes: application/json
• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	AWS account IDs to filter.
organization_ids			query	string or list of strings	AWS organization IDs to remove
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import CloudAWSRegistration

# Do not hardcode API credentials!
falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

organization_id_list = 'ORG_ID1,ORG_ID2,ORG_ID3'  # Can also pass a list here: ['ORG_ID1', 'ORG_ID2', 'ORG_ID3']

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_account(organization_ids=organization_id_list, ids=id_list)

print(response)

Service class example (Operation ID syntax)

from falconpy import CloudAWSRegistration

# Do not hardcode API credentials!
falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

organization_id_list = 'ORG_ID1,ORG_ID2,ORG_ID3'  # Can also pass a list here: ['ORG_ID1', 'ORG_ID2', 'ORG_ID3']

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.cloud_registration_aws_delete_account(organization_ids=organization_id_list, ids=id_list)

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

organization_id_list = 'ORG_ID1,ORG_ID2,ORG_ID3'  # Can also pass a list here: ['ORG_ID1', 'ORG_ID2', 'ORG_ID3']

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("cloud_registration_aws_delete_account", organization_ids=organization_id_list, ids=id_list)

print(response)

Back to Table of Contents

cloud_registration_aws_trigger_health_check

Trigger health check scan for AWS accounts.

PEP8 method name

trigger_health_check

Endpoint

Method	Route
	/cloud-security-registration-aws/entities/account-scans/v1

Required Scope

Content-Type

• Consumes: application/json
• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
account_ids			query	string or list of strings	AWS Account IDs.
organization_ids			query	string or list of strings	Organization IDs.
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import CloudAWSRegistration

# Do not hardcode API credentials!
falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

account_id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

organization_id_list = 'ORG_ID1,ORG_ID2,ORG_ID3'  # Can also pass a list here: ['ORG_ID1', 'ORG_ID2', 'ORG_ID3']

response = falcon.trigger_health_check(account_ids=account_id_list,
                                       organization_ids=organization_id_list
                                       )

print(response)

Service class example (Operation ID syntax)

from falconpy import CloudAWSRegistration

# Do not hardcode API credentials!
falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

account_id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

organization_id_list = 'ORG_ID1,ORG_ID2,ORG_ID3'  # Can also pass a list here: ['ORG_ID1', 'ORG_ID2', 'ORG_ID3']

response = falcon.cloud_registration_aws_trigger_health_check(account_ids=account_id_list,
                                                             organization_ids=organization_id_list
                                                             )

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

account_id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

organization_id_list = 'ORG_ID1,ORG_ID2,ORG_ID3'  # Can also pass a list here: ['ORG_ID1', 'ORG_ID2', 'ORG_ID3']

response = falcon.command("cloud_registration_aws_trigger_health_check",
                          account_ids=account_id_list,
                          organization_ids=organization_id_list
                          )

print(response)

Back to Table of Contents

cloud_registration_aws_update_account

Patches a existing account in our system for a customer.

PEP8 method name

update_account

Endpoint

Method	Route
	/cloud-security-registration-aws/entities/account/v1

Required Scope

Content-Type

• Consumes: application/json
• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
account_id			body	string	AWS account ID.
account_type			body	string	AWS account type.
body			body	dictionary	Full body payload in JSON format.
csp_events			body	boolean	Flag indicating if CSP events should be included.
is_master			body	boolean	Flag indicating if this is a master account.
organization_id			body	string	AWS organization ID.
products			body	list_of_dictionaries	List of included products and features.

Usage

Service class example (PEP8 syntax)

from falconpy import CloudAWSRegistration

# Do not hardcode API credentials!
falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )
products = [
    {
        "features": [
            "string"
        ],
        "product": "string"
    }
]

response = falcon.update_account(account_id="string",
                                 account_type="string",
                                 csp_events=boolean,
                                 is_master=boolean,
                                 organization_id="string",
                                 products=products
                                 )
print(response)

Service class example (Operation ID syntax)

from falconpy import CloudAWSRegistration

# Do not hardcode API credentials!
falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

products = [
    {
        "features": [
            "string"
        ],
        "product": "string"
    }
]

response = falcon.cloud_registration_aws_update_account(account_id="string",
                                                        account_type="string",
                                                        csp_events=boolean,
                                                        is_master=boolean,
                                                        organization_id="string",
                                                        products=products
                                                        )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "resources": [
        {
        "account_id": "string",
        "account_type": "string",
        "csp_events": boolean,
        "is_master": boolean,
        "organization_id": "string",
        "products": [
            {
                "features": [
                    "string"
                ],
                "product": "string"
            }
        ]
        }
    ]
}

response = falcon.command("cloud_registration_aws_update_account", body=body_payload)

print(response)

Back to Table of Contents

cloud_registration_aws_validate_accounts

Validates the AWS account registration status, and discover organization child accounts if organization is specified.

PEP8 method name

validate_accounts

Endpoint

Method	Route
	/cloud-security-registration-aws/entities/account/validate/v1

Required Scope

Content-Type

• Consumes: application/json
• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
account_id			query	string	AWS Account ID. organization-id shouldn't be specified if this is specified.
iam_role_arn			query	string	IAM Role ARN.
organization_id			query	string	AWS organization ID to validate master account. account-id shouldn't be specified if this is specified.
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import CloudAWSRegistration

# Do not hardcode API credentials!
falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.validate_accounts(account_id="string",
                                   iam_role_arn="string",
                                   organization_id="string"
                                   )
print(response)

Service class example (Operation ID syntax)

from falconpy import CloudAWSRegistration

# Do not hardcode API credentials!
falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.cloud_registration_aws_validate_accounts(account_id="string",
                                                          iam_role_arn="string",
                                                          organization_id="string"
                                                          )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("cloud_registration_aws_validate_accounts",
                          account_id="string",
                          iam_role_arn="string",
                          organization_id="string"
                          )
print(response)

Back to Table of Contents

cloud_registration_aws_query_accounts

Retrieve existing AWS accounts by account IDs

PEP8 method name

query_accounts

Endpoint

Method	Route
	/cloud-security-registration-aws/queries/account/v1

Required Scope

Content-Type

• Consumes: application/json
• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
organization_ids			query	array (string)	Organization IDs used to filter accounts.
products			query	array (string)	Products registered for an account.
features			query	array (string)	Features registered for an account.
account_status			query	string	Account status to filter results by.
limit			query	integer	The maximum number of items to return. When not specified or 0, 100 is used. When larger than 500, 500 is used.
offset			query	integer	The offset to start retrieving records from.
group_by			query	string	Field to group by.
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import CloudAWSRegistration

# Do not hardcode API credentials!
falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.query_accounts(organization_ids="string",  # or ["string", "string"]
                                 products="string",  # or ["string", "string"]
                                 features="string",  # or ["string", "string"]
                                 account_status="string",
                                 limit=integer,
                                 offset=integer,
                                 group_by="string"
                                 )
print(response)

Service class example (Operation ID syntax)

from falconpy import CloudAWSRegistration

# Do not hardcode API credentials!
falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.cloud_registration_aws_query_accounts(organization_ids="string",  # or ["string", "string"]
                                                        products="string",  # or ["string", "string"]
                                                        features="string",  # or ["string", "string"]
                                                        account_status="string",
                                                        limit=integer,
                                                        offset=integer,
                                                        group_by="string"
                                                        )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("cloud_registration_aws_query_accounts",
                          organization_ids="string",  # or ["string", "string"]
                          products="string",  # or ["string", "string"]
                          features="string",  # or ["string", "string"]
                          account_status="string",
                          limit=integer,
                          offset=integer,
                          group_by="string"
                          )
print(response)

Back to Table of Contents