CrowdStrike Falcon CrowdStrike Subreddit

Using the Cloud Connect AWS service collection

Uber class support Service class support Documentation Version Page Updated Samples Available

This service collection has code examples posted to the repository.

DEPRECATED

This service collection has been superseded by the CSPMRegistration service collection and is now deprecated. Developers should move code over to use the new operations available within the updated collection.

Table of Contents

Operation IDDescription
QueryAWSAccounts
PEP 8query_aws_accounts
DEPRECATED
Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria
GetAWSSettings
PEP 8get_aws_settings
DEPRECATED
Retrieve a set of Global Settings which are applicable to all provisioned AWS accounts
GetAWSAccounts
PEP 8get_aws_accounts
DEPRECATED
Retrieve a set of AWS Accounts by specifying their IDs
ProvisionAWSAccounts
PEP 8provision_aws_accounts
DEPRECATED
Provision AWS Accounts by specifying details about the accounts to provision
DeleteAWSAccounts
PEP 8delete_aws_accounts
DEPRECATED
Delete a set of AWS Accounts by specifying their IDs
UpdateAWSAccounts
PEP 8update_aws_accounts
DEPRECATED
Update AWS Accounts by specifying the ID of the account and details to update
CreateOrUpdateAWSSettings
PEP 8create_or_update_aws_settings
DEPRECATED
Create or update Global Settings which are applicable to all provisioned AWS accounts
VerifyAWSAccountAccess
PEP 8verify_aws_account_access
DEPRECATED
Performs an Access Verification check on the specified AWS Account IDs
QueryAWSAccountsForIDs
PEP 8query_aws_accounts_for_ids
Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

QueryAWSAccounts

Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria

Deprecated operation

This operation has been superseded by the GetCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.

PEP8 method name

query_aws_accounts

Endpoint

MethodRoute
GET/cloud-connect-aws/combined/accounts/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
limit
Service Class Support

Uber Class Support
queryintegerThe maximum records to return. [1-5000]. Defaults to 100.
offset
Service Class Support

Uber Class Support
queryintegerThe offset to start retrieving records from.
sort
Service Class Support

Uber Class Support
querystringThe property to sort by (e.g. alias.desc or state.asc).
filter
Service Class Support

Uber Class Support
querystringThe filter expression that should be used to limit the results.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudConnectAWS

# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.query_aws_accounts(limit=integer,
                                     offset=integer,
                                     sort="string",
                                     filter="string"
                                     )
print(response)

Service class example (Operation ID syntax)
from falconpy import CloudConnectAWS

# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.QueryAWSAccounts(limit=integer,
                                   offset=integer,
                                   sort="string",
                                   filter="string"
                                   )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("QueryAWSAccounts",
                          limit=integer,
                          offset=integer,
                          sort="string",
                          filter="string"
                          )
print(response)

GetAWSSettings

Retrieve a set of Global Settings which are applicable to all provisioned AWS accounts

Deprecated operation

This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.

PEP8 method name

get_aws_settings

Endpoint

MethodRoute
GET/cloud-connect-aws/combined/settings/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudConnectAWS

# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_aws_settings()
print(response)

Service class example (Operation ID syntax)
from falconpy import CloudConnectAWS

# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.GetAWSSettings()
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetAWSSettings")
print(response)

GetAWSAccounts

Retrieve a set of AWS Accounts by specifying their IDs

Deprecated operation

This operation has been superseded by the GetCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.

PEP8 method name

get_aws_accounts

Endpoint

MethodRoute
GET/cloud-connect-aws/entities/accounts/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsIDs of accounts to retrieve details.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudConnectAWS

# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_aws_accounts(ids=id_list)
print(response)

Service class example (Operation ID syntax)
from falconpy import CloudConnectAWS

# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAWSAccounts(ids=id_list)
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAWSAccounts", ids=id_list)
print(response)

ProvisionAWSAccounts

Provision AWS Accounts by specifying details about the accounts to provision

Deprecated operation

This operation has been superseded by the CreateCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.

PEP8 method name

provision_aws_accounts

Endpoint

MethodRoute
POST/cloud-connect-aws/entities/accounts/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull BODY payload in JSON format.
cloudtrail_bucket_owner_id
Service Class Support

Uber Class Support
bodystringAWS IAM IAD for Cloudtrail bucket owner. (ARN format)
cloudtrail_bucket_region
Service Class Support

Uber Class Support
bodystringAWS region for Cloudtrail bucket.
external_id
Service Class Support

Uber Class Support
bodystringShared external ID to use for AWS cross-account role.
iam_role_arn
Service Class Support

Uber Class Support
bodystringARN for the IAM role to use as the cross-account role.
id
Service Class Support

Uber Class Support
bodystringAWS account ID to provision.
mode
Service Class Support

Uber Class Support
querystringMode for provisioning. Allowed values are manual or cloudformation. Defaults to manual if not defined.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
rate_limit_req
Service Class Support

Uber Class Support
bodyintegerRate limit count.
rate_limit_time
Service Class Support

Uber Class Support
bodyintegerRate limit timestamp.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudConnectAWS

# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.provision_aws_accounts(cloudtrail_bucket_owner_id="string",
                                         cloudtrail_bucket_region="string",
                                         external_id="string",
                                         iam_role_arn="string",
                                         id="string",
                                         rate_limit_req=integer,
                                         rate_limit_time=integer
                                         )
print(response)

Service class example (Operation ID syntax)
from falconpy import CloudConnectAWS

# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.ProvisionAWSAccounts(cloudtrail_bucket_owner_id="string",
                                       cloudtrail_bucket_region="string",
                                       external_id="string",
                                       iam_role_arn="string",
                                       id="string",
                                       rate_limit_req=integer,
                                       rate_limit_time=integer
                                       )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
            {
                "cloudtrail_bucket_owner_id": "string",
                "cloudtrail_bucket_region": "string",
                "external_id": "string",
                "iam_role_arn": "string",
                "id": "string",
                "rate_limit_reqs": integer,
                "rate_limit_time": integer
            }
        ]
}

response = falcon.command("ProvisionAWSAccounts", mode="string", body=BODY)
print(response)

DeleteAWSAccounts

Delete a set of AWS Accounts by specifying their IDs

Deprecated operation

This operation has been superseded by the DeleteCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.

PEP8 method name

delete_aws_accounts

Endpoint

MethodRoute
DELETE/cloud-connect-aws/entities/accounts/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsIDs of accounts to remove
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudConnectAWS

# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_aws_accounts(ids=id_list)
print(response)

Service class example (Operation ID syntax)
from falconpy import CloudConnectAWS

# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.DeleteAWSAccounts(ids=id_list)
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("DeleteAWSAccounts", ids=id_list)
print(response)

UpdateAWSAccounts

Update AWS Accounts by specifying the ID of the account and details to update

Deprecated operation

This operation has been superseded by the PatchCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.

PEP8 method name

update_aws_accounts

Endpoint

MethodRoute
PATCH/cloud-connect-aws/entities/accounts/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull BODY payload in JSON format.
cloudtrail_bucket_owner_id
Service Class Support

Uber Class Support
bodystringAWS IAM IAD for Cloudtrail bucket owner. (ARN format)
cloudtrail_bucket_region
Service Class Support

Uber Class Support
bodystringAWS region for Cloudtrail bucket.
external_id
Service Class Support

Uber Class Support
bodystringShared external ID to use for AWS cross-account role.
iam_role_arn
Service Class Support

Uber Class Support
bodystringARN for the IAM role to use as the cross-account role.
id
Service Class Support

Uber Class Support
bodystringAWS account ID to provision.
rate_limit_req
Service Class Support

Uber Class Support
bodyintegerRate limit count.
rate_limit_time
Service Class Support

Uber Class Support
bodyintegerRate limit timestamp.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudConnectAWS

# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.update_aws_accounts(cloudtrail_bucket_owner_id="string",
                                      cloudtrail_bucket_region="string",
                                      external_id="string",
                                      iam_role_arn="string",
                                      id="string",
                                      rate_limit_req=integer,
                                      rate_limit_time=integer
                                      )
print(response)

Service class example (Operation ID syntax)
from falconpy import CloudConnectAWS

# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.UpdateAWSAccounts(cloudtrail_bucket_owner_id="string",
                                    cloudtrail_bucket_region="string",
                                    external_id="string",
                                    iam_role_arn="string",
                                    id="string",
                                    rate_limit_req=integer,
                                    rate_limit_time=integer
                                    )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
            {
                "cloudtrail_bucket_owner_id": "string",
                "cloudtrail_bucket_region": "string",
                "external_id": "string",
                "iam_role_arn": "string",
                "id": "string",
                "rate_limit_reqs": integer,
                "rate_limit_time": integer
            }
    ]
}

response = falcon.command("UpdateAWSAccounts", body=BODY)
print(response)

CreateOrUpdateAWSSettings

Create or update Global Settings which are applicable to all provisioned AWS accounts

Deprecated operation

This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.

PEP8 method name

create_or_update_aws_settings

Endpoint

MethodRoute
POST/cloud-connect-aws/entities/settings/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull BODY payload in JSON format.
cloudtrail_bucket_owner_id
Service Class Support

Uber Class Support
bodystringAWS IAM IAD for Cloudtrail bucket owner. (ARN format)
static_external_id
Service Class Support

Uber Class Support
bodystringNew external ID to use for the AWS cross-account role.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudConnectAWS

# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.create_or_update_aws_settings(cloudtrail_bucket_owner_id="string"
                                                static_external_id="string"
                                                )
print(response)

Service class example (Operation ID syntax)
from falconpy import CloudConnectAWS

# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CreateOrUpdateAWSSettings(cloudtrail_bucket_owner_id="string"
                                            static_external_id="string"
                                            )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "cloudtrail_bucket_owner_id": "string",
            "static_external_id": "string"
        }
    ]
}

response = falcon.command("CreateOrUpdateAWSSettings", body=BODY)
print(response)

VerifyAWSAccountAccess

Performs an Access Verification check on the specified AWS Account IDs

Deprecated operation

This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.

PEP8 method name

verify_aws_account_access

Endpoint

MethodRoute
POST/cloud-connect-aws/entities/verify-account-access/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsIDs of accounts to verify access on.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudConnectAWS

# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.verify_aws_account_access(ids=id_list)
print(response)

Service class example (Operation ID syntax)
from falconpy import CloudConnectAWS

# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.VerifyAWSAccountAccess(ids=id_list)
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("VerifyAWSAccountAccess", ids=id_list)
print(response)

QueryAWSAccountsForIDs

Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria

PEP8 method name

query_aws_accounts_for_ids

Endpoint

MethodRoute
GET/cloud-connect-aws/queries/accounts/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
limit
Service Class Support

Uber Class Support
queryintegerThe maximum records to return. [1-5000]. Defaults to 100.
offset
Service Class Support

Uber Class Support
queryintegerThe offset to start retrieving records from.
sort
Service Class Support

Uber Class Support
querystringThe property to sort by (e.g. alias.desc or state.asc).
filter
Service Class Support

Uber Class Support
querystringThe filter expression that should be used to limit the results.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudConnectAWS

# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.query_aws_accounts_for_ids(limit=integer,
                                             offset=integer,
                                             sort="string",
                                             filter="string"
                                             )
print(response)

Service class example (Operation ID syntax)
from falconpy import CloudConnectAWS

# Do not hardcode API credentials!
falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.QueryAWSAccountsForIDs(limit=integer,
                                         offset=integer,
                                         sort="string",
                                         filter="string"
                                         )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("QueryAWSAccountsForIDs",
                          limit=integer,
                          offset=integer,
                          sort="string",
                          filter="string"
                          )
print(response)