Public Cloud Account Management API
Overview
VMware Carbon Black Cloud Workload for Public Cloud provides the ability to secure AWS workloads while simplifying the overhead of AWS account management. Core capabilities include:
- Single and multiple AWS account management.
- Auto-generated CI-CD agent installation packages.
- Enhanced visibility into inventory of protected and unprotected workloads.
Prior to the Carbon Black Cloud Workload for Public Cloud, Amazon EC2 instances were treated as Endpoints. We recommend updating the Carbon Black sensor to the latest sensor version prior to enabling the Carbon Black Cloud Workload for Public Cloud. These sensors can also be upgraded after the Carbon Black Cloud Workload for Public Cloud is enabled.
Requirements
- Carbon Black Cloud Workload - You must have purchased one of the Carbon Black Cloud Workload packages.
- Minimum sensor versions: Version: 3.8 (Windows) & 2.13 (Linux). Check they’re the correct sensor version.
Resources
AWS Account Management
Infosec and AWS administrators can easily manage their AWS accounts and regions. They can:
- Add a single account.
- Leverage bulk import of accounts to facilitate quick onboarding of existing AWS accounts.
- Search and export onboarded AWS accounts and regions into an easy-to-consume format.
Authentication
Determine whether you use Carbon Black Cloud or VMware Cloud Services Platform to manage identity and authorization, or see the Carbon Black Cloud API Access Guide for complete instructions.Carbon Black Cloud Managed Identity and Authentication
Customize your access to the Carbon Black Cloud APIs with Role-Based Access Control; All APIs and Services authenticate via API Keys. To access the data in Carbon Black Cloud via API, you must set up a key with the correct permissions for the calls you want to make and pass it in the HTTP Headers.
Environment
Available on majority of environments; Use the Carbon Black Cloud Console URL, as described here.
API Route
Replace the {cbc-hostname} and {org_key} with the URL of your Environment and the org_key for your specific Org.
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/onboard/_bulk
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/cloud_providers/{cloud_provider}/accounts/{account_id}
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/import
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/account_actions
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/validate_role
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/cloud_providers/{cloud_provider}/accounts/{account_id}/regions/{region}/provision_template
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/cloud_providers/{cloud_provider}/accounts/{account_id}/regions/{region}/ssm_document
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/cloud_providers/{cloud_provider}/accounts/{account_id}/regions
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/_delete
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/_search
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/_search/download
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/_facet
- {cbc-hostname}/public-cloud/account-management/v1/cloud_providers/{cloud_provider}
- {cbc-hostname}/public-cloud/account-management/v1/accounts/import/template
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/external_id
Access Level
Before you create your API Key, you need to create a "Custom" Access Level including each category:
- Public Cloud > Manage public cloud accounts > public.cloud.accounts, allow permission to
CREATE, READ, UPDATE, DELETE, EXECUTE
API Key
When creating your API Key, use the Access Level Type of "Custom" and select the Access Level you created. Details on constructing and passing the API Key in your requests are available here.
Cloud Services Platform Managed Identity and Authentication
Customize your access to the Carbon Black Cloud APIs with OAuth Access Control; API access is controlled using OAuth apps or User API Tokens. This is currently limited to the UK Point of Presence and AWS GovCloud (US).
Environment
Available on
Prod UK and AWS GovCloud (US). Full list of environments is available here; Use the Carbon Black Cloud Console URL from Cloud Services Platform, as described here.
API Route
Replace the {cbc-hostname} and {org_key} with the URL of your Environment and the org_key for your specific Org.
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/onboard/_bulk
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/cloud_providers/{cloud_provider}/accounts/{account_id}
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/import
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/account_actions
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/validate_role
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/cloud_providers/{cloud_provider}/accounts/{account_id}/regions/{region}/provision_template
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/cloud_providers/{cloud_provider}/accounts/{account_id}/regions/{region}/ssm_document
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/cloud_providers/{cloud_provider}/accounts/{account_id}/regions
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/_delete
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/_search
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/_search/download
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/_facet
- {cbc-hostname}/public-cloud/account-management/v1/cloud_providers/{cloud_provider}
- {cbc-hostname}/public-cloud/account-management/v1/accounts/import/template
- {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/external_id
Access Level
Before you create your OAuth App, you need to create a custom Role with the following permissions under IDENTITY & ACCESS MANAGEMENT > Roles > VMware Carbon Black Cloud:
- _API.Public.Cloud:Public.cloud.accounts:CREATE, allow permission to
CREATE, READ, UPDATE, DELETE, EXECUTE
API Authentication
The Cloud Services Platform supports several authentication options, Access Token, API Token, and for backward compatibility, X-Auth-Token. To learn about the differences or how to use the authentication methods see the Authentication Guide.
API Calls
Onboard New Cloud Account
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public.cloud.accounts |
CREATE |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.cloud.accounts:CREATE |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts
Request Body - application/json
{
"cloud_provider_account_id": "<string>",
"cloud_provider": "<string>",
"name": "<string>",
"owner_name": "<string>",
"owner_email": "<string>",
"environment": "<string>",
"credential": <object>,
"regions": ["<string>"],
"created_by": "<string>",
"updated_by": "<string>",
"event_stream_status": "<string>",
"ssm_document_status": "<string>",
"parent_id": "<string>",
"aws_account_joined_method": "<string>",
"new_accounts_discovered": <boolean>,
"aws_account_type": "<string>",
"is_onboarded": <boolean>,
"account_discovery_status": "<string>"
}Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
cloud_provider_account_id REQUIRED
|
Account id of the cloud provider | String | N/A |
cloud_provider REQUIRED
|
Public cloud provider (e.g. AWS) | String | N/A |
name REQUIRED
|
Name for the account | String | N/A |
owner_name REQUIRED
|
Owner name | String | N/A |
owner_email REQUIRED
|
Owner email | String | N/A |
environment REQUIRED
|
Environment | String | DEV, STAGING, TEST, PROD |
credential REQUIRED
|
Credential of account to access customer environment | Object | Credential |
regions REQUIRED
|
List of region ids for account | Array | Possible regions can be retrieved with Get Details of a Cloud Provider |
created_by |
Created By | String | N/A |
updated_by |
Updated By | String | N/A |
event_stream_status |
Event stream setup status | String | ENABLED, DISABLED, PARTIALLY_ENABLED |
ssm_document_status |
SSM document status status | String | ENABLED, DISABLED, PARTIALLY_ENABLED |
parent_id |
Parent id of the cloud provider account. Parent could be AWS Organization/GCP Folder/Azure Management Group. | String | N/A |
aws_account_joined_method |
AWS account joined method | String | INVITED, CREATED |
new_accounts_discovered |
Flag to identify if new accounts have been added under the parent. | Boolean | N/A |
aws_account_type |
AWS account type | String | MANAGEMENT, MEMBER, INDEPENDENT |
is_onboarded |
Flag to identify if the account has been onboarded | Boolean | N/A |
account_discovery_status |
Account discovery status | String | NOT_STARTED, IN_PROGRESS, SUCCESS, FAIL, TIMED_OUT |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Account successfully created. | application/json | View example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | |
| 401 | Unauthorized | N/A | |
| 403 | Forbidden | N/A | |
| 409 | Already Exists | N/A | |
| 422 | Unprocessable Entity | N/A | |
| 500 | Internal Server Error | N/A | |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/public-cloud/account-management/v1/orgs/ABCD1234/accountsX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"cloud_provider_account_id": "1234567890",
"cloud_provider": "AWS",
"name": "AWS Account 1",
"owner_name": "Test",
"owner_email": "test@testorg.com",
"environment": "DEV",
"credential": {
"role_arn": "arn:aws:iam::1234567890:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot"
},
"regions": [
"us-east-1",
"us-east-2"
]
}{
"account_discovery_status": null,
"aws_account_joined_method": null,
"aws_account_type": "INDEPENDENT",
"cloud_provider": "AWS",
"cloud_provider_account_id": "1234567890",
"created_by": "ABCD123456",
"credential": {
"application_id": null,
"external_id": "afd5813b-e3c6-471a-b30e-3a8577f89111",
"identity_pool_id": null,
"identity_provider_id": null,
"identity_provider_project_no": null,
"last_verified_time": null,
"role_arn": "arn:aws:iam::1234567890:user/test@testorg.com",
"secret": null,
"secret_expiry": null,
"secret_id": null,
"service_account_email": null,
"tenant_id": null,
"verification_code": null,
"verification_message": null,
"verification_status": "IN_PROGRESS"
},
"environment": "DEV",
"event_stream_status": null,
"is_onboarded": true,
"last_updated_time": "2023-08-28T12:08:37.591934Z",
"name": "AWS Account 2",
"new_accounts_discovered": false,
"owner_email": "test@testorg.com",
"owner_name": "Test",
"parent_account_id": null,
"parent_id": null,
"regions": [
"us-east-1"
],
"ssm_document_status": null,
"updated_by": "ABCD123456"
}Onboard Multiple Accounts
Account ids to be marked as onboarded - the API will accept either list of account_ids to onboard the specified list of account ids or parent_account_id to onboard all the child accounts under the management account.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public-cloud.account |
UPDATE |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.cloud.accounts:UPDATE |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/onboard/_bulk
Request Body - application/json
{
"account_ids": [
{
"cloud_provider_account_id": "<string>",
"cloud_provider": "<string>"
}
],
"parent_account_id": {
"cloud_provider_account_id": "<string>",
"cloud_provider": "<string>"
}
}Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
account_ids |
List of account ids to be onboarded | Array | |
parent_account_id |
Management account to onboard all children | Account Id | N/A |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successful onboarded operation status | application/json | Example Response Below |
| 400 | Invalid Request | application/json | |
| 401 | Not Authenticated | application/json | |
| 403 | Forbidden | application/json | |
| 404 | OrgKey not found in service | application/json | |
| 500 | Internal Server Error | application/json | |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/public-cloud/account-management/v1/orgs/ABCD1234/accounts/onboard/_bulkX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"parent_account_id": {
"cloud_provider_account_id": "1234567890",
"cloud_provider": "AWS"
}
}{
"error_code": null,
"failed": null,
"follow_up_api": null,
"message": "Successful",
"success": true
}Get Cloud Account by Id
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public.cloud.accounts |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.cloud.accounts:READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
GET {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/cloud_providers/{cloud_provider}/accounts/{account_id}
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Account successfully retrieved. | application/json | View example response below |
| 401 | Unauthorized | N/A | |
| 403 | Forbidden | N/A | |
| 404 | Account Not Found | N/A | |
| 500 | Internal Server Error | N/A | |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/public-cloud/account-management/v1/orgs/ABCD1234/cloud_providers/AWS/accounts/1234567890X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"{
"account_discovery_status": null,
"aws_account_joined_method": null,
"aws_account_type": "INDEPENDENT",
"cloud_provider": "AWS",
"cloud_provider_account_id": "1234567890",
"created_by": "ABCD123456",
"credential": {
"application_id": null,
"external_id": "afd5813b-e3c6-471a-b30e-3a8577f89111",
"identity_pool_id": null,
"identity_provider_id": null,
"identity_provider_project_no": null,
"last_verified_time": null,
"role_arn": "arn:aws:iam::1234567890:user/test@testorg.com",
"secret": null,
"secret_expiry": null,
"secret_id": null,
"service_account_email": null,
"tenant_id": null,
"verification_code": null,
"verification_message": null,
"verification_status": "IN_PROGRESS"
},
"environment": "DEV",
"event_stream_status": null,
"is_onboarded": true,
"last_updated_time": "2023-08-28T12:08:37.591934Z",
"name": "AWS Account 2",
"new_accounts_discovered": false,
"owner_email": "test@testorg.com",
"owner_name": "Test",
"parent_account_id": null,
"parent_id": null,
"regions": [
"us-east-1"
],
"ssm_document_status": null,
"updated_by": "ABCD123456"
}Get Regions for a Cloud Account
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public.cloud.accounts |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.cloud.accounts:READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
GET {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/cloud_providers/{cloud_provider}/accounts/{account_id}/regions
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Information successfully retrieved. | application/json | View example response below |
| 400 | Cloud Provider is not valid. | N/A | |
| 401 | Unauthorized | N/A | |
| 403 | Forbidden | N/A | |
| 404 | Account Not Found | N/A | |
| 500 | Internal Server Error | N/A | |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/account-management/v1/orgs/ABCD1234/cloud_providers/AWS/accounts/1234567890/regionsX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"[
{
"id": "us-east-1",
"name": "US East (N. Virginia)",
"event_channel": {
"template_version": "1.0.0",
"connected": false,
"last_connected_time": "2022-07-25T17:09:12.325Z",
"create_time": "2022-07-25T17:09:12.325Z",
"update_time": "2022-07-25T17:09:12.325Z"
},
"inventory_sync": {
"status": "NOT_STARTED",
"message": "some message",
"code": "",
"synced_by": "5024999",
"last_sync_time": "2022-07-25T17:09:12.325Z"
},
"create_time": "2022-07-25T17:09:12.325Z",
"created_by": "5024999"
}
]Update Cloud Account
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public.cloud.accounts |
UPDATE |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.cloud.accounts:UPDATE |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
PUT {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/cloud_providers/{cloud_provider}/accounts/{account_id}
Request Body - application/json
{
"cloud_provider_account_id": "<string>",
"cloud_provider": "<string>",
"name": "<string>",
"owner_name": "<string>",
"owner_email": "<string>",
"environment": "<string>",
"credential": <object>,
"regions": ["<string>"],
"created_by": "<string>",
"updated_by": "<string>",
"event_stream_status": "<string>",
"ssm_document_status": "<string>",
"parent_id": "<string>",
"aws_account_joined_method": "<string>",
"new_accounts_discovered": <boolean>,
"aws_account_type": "<string>",
"is_onboarded": <boolean>,
"account_discovery_status": "<string>"
}Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
cloud_provider_account_id REQUIRED
|
Account id of the cloud provider | String | N/A |
cloud_provider REQUIRED
|
Public cloud provider (e.g. AWS) | String | N/A |
name REQUIRED
|
Name for the account | String | N/A |
owner_name REQUIRED
|
Owner name | String | N/A |
owner_email REQUIRED
|
Owner email | String | N/A |
environment REQUIRED
|
Environment | String | DEV, STAGING, TEST, PROD |
credential REQUIRED
|
Credential of account to access customer environment | Object | Credential |
regions REQUIRED
|
List of region ids for account | Array | Possible regions can be retrieved with Get Details of a Cloud Provider |
created_by |
Created By | String | N/A |
updated_by |
Updated By | String | N/A |
event_stream_status |
Event stream setup status | String | ENABLED, DISABLED, PARTIALLY_ENABLED |
ssm_document_status |
SSM document status status | String | ENABLED, DISABLED, PARTIALLY_ENABLED |
parent_id |
Parent id of the cloud provider account. Parent could be AWS Organization/GCP Folder/Azure Management Group. | String | N/A |
aws_account_joined_method |
AWS account joined method | String | INVITED, CREATED |
new_accounts_discovered |
Flag to identify if new accounts have been added under the parent. | Boolean | N/A |
aws_account_type |
AWS account type | String | MANAGEMENT, MEMBER, INDEPENDENT |
is_onboarded |
Flag to identify if the account has been onboarded | Boolean | N/A |
account_discovery_status |
Account discovery status | String | NOT_STARTED, IN_PROGRESS, SUCCESS, FAIL, TIMED_OUT |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Account successfully updated. | application/json | View example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | |
| 401 | Unauthorized | N/A | |
| 403 | Forbidden | N/A | |
| 404 | Account Not Found | N/A | |
| 500 | Internal Server Error | N/A | |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
PUT https://defense.conferdeploy.net/public-cloud/account-management/v1/orgs/ABCD1234/cloud_providers/AWS/accounts/1234567890X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"cloud_provider_account_id": "1234567890",
"cloud_provider": "AWS",
"name": "AWS Account 1",
"owner_name": "Test",
"owner_email": "test@testorg.com",
"environment": "DEV",
"credential": {
"role_arn": "arn:aws:iam::1234567890:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot"
},
"regions": [
"us-east-1",
"us-east-2"
]
}{
"account_discovery_status": null,
"aws_account_joined_method": null,
"aws_account_type": "INDEPENDENT",
"cloud_provider": "AWS",
"cloud_provider_account_id": "1234567890",
"created_by": "ABCD123456",
"credential": {
"application_id": null,
"external_id": "afd5813b-e3c6-471a-b30e-3a8577f89111",
"identity_pool_id": null,
"identity_provider_id": null,
"identity_provider_project_no": null,
"last_verified_time": null,
"role_arn": "arn:aws:iam::1234567890:user/test@testorg.com",
"secret": null,
"secret_expiry": null,
"secret_id": null,
"service_account_email": null,
"tenant_id": null,
"verification_code": null,
"verification_message": null,
"verification_status": "IN_PROGRESS"
},
"environment": "DEV",
"event_stream_status": null,
"is_onboarded": true,
"last_updated_time": "2023-08-28T12:08:37.591934Z",
"name": "AWS Account 2",
"new_accounts_discovered": false,
"owner_email": "test@testorg.com",
"owner_name": "Test",
"parent_account_id": null,
"parent_id": null,
"regions": [
"us-east-1"
],
"ssm_document_status": null,
"updated_by": "ABCD123456"
}Delete Cloud Account
Delete onboarded account from Carbon Black Cloud.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public.cloud.accounts |
DELETE |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.cloud.accounts:DELETE |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
DELETE {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/cloud_providers/{cloud_provider}/accounts/{account_id}
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 204 | Account successfully deleted. | N/A | No content |
| 401 | Unauthorized | N/A | |
| 403 | Forbidden | N/A | |
| 404 | Account Not Found | N/A | |
| 500 | Internal Server Error | N/A | |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
DELETE https://defense.conferdeploy.net/public-cloud/account-management/v1/orgs/ABCD1234/cloud_providers/AWS/accounts/1234567890X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"No contentBulk Delete Cloud Accounts
Bulk delete multiple onboarded accounts from Carbon Black Cloud.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public.cloud.accounts |
DELETE |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.cloud.accounts:DELETE |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/_delete
Request Body - application/json
[
{
"cloud_provider_account_id": "<string>",
"cloud_provider": "<string>"
}
]Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
account_ids REQUIRED
|
Account id of the cloud provider | Array | Account Id |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Accounts successfully deleted. | application/json | View example response below |
| 200 | Data is correct, but some accounts were not deleted successfully. | application/json | |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | |
| 401 | Unauthorized | N/A | |
| 403 | Forbidden | N/A | |
| 500 | Internal Server Error | N/A | |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/public-cloud/account-management/v1/orgs/ABCD1234/accounts/_deleteX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"[
{
"cloud_provider_account_id": "1234567890",
"cloud_provider": "AWS"
},
{
"cloud_provider_account_id": "1234567891",
"cloud_provider": "AWS"
}
]{
"error_code": null,
"failed": null,
"follow_up_api": null,
"message": "Successful",
"success": true
}Validate Account Roles
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public.cloud.accounts |
EXECUTE |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.cloud.accounts:EXECUTE |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/validate_role
Request Body - application/json
[
{
"cloud_provider_account_id": "<string>",
"cloud_provider": "<string>",
"saved_credentials": <boolean>,
"role_arn": "<string>",
"external_id": "<string>"
}
]Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
accounts REQUIRED
|
List of accounts with credentials details | Array | Account Validate Role |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Role validated. | application/json | View example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | |
| 401 | Unauthorized | N/A | |
| 403 | Forbidden | N/A | |
| 500 | Internal Server Error | N/A | |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/public-cloud/account-management/v1/orgs/ABCD1234/accounts/validate_roleX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"[
{
"cloud_provider_account_id": "1234567890",
"cloud_provider": "AWS",
"saved_credentials": false,
"role_arn": "SomeValidArn",
"external_id": "SomeValidExternalId"
}
][
{
"cloud_provider_account_id": "1234567890",
"cloud_provider": "AWS",
"validation_status": true,
"validation_code": "OK",
"validation_message": ""
}
]Perform Action on Multiple Accounts
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public.cloud.accounts |
EXECUTE |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.cloud.accounts:EXECUTE |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/account_actions
Request Body - application/json
{
"accounts": [
{
"cloud_provider_account_id": "<string>",
"cloud_provider": "<string>",
"regions": [ "<string>" ]
}
],
"action_type": "<string>"
}Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
accounts REQUIRED
|
Accounts with a list of regions | Array | Account Action |
action_type REQUIRED
|
Action to be performed | String | SYNC_INVENTORY |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Action successfully performed. | application/json | View example response below |
| 202 | Action accepted. | application/json | |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | |
| 401 | Unauthorized | N/A | |
| 403 | Forbidden | N/A | |
| 500 | Internal Server Error | N/A | |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/public-cloud/account-management/v1/orgs/ABCD1234/account_actionsX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"accounts": [
{
"cloud_provider_account_id": "1234567890",
"cloud_provider": "AWS"
}
],
"action_type": "SYNC_INVENTORY"
}[
{
"count": 1,
"result": [
{
"cloud_provider_account_id": "1234567890",
"cloud_provider": "AWS",
"regions": null,
"action_status": false,
"action_message": "Role validation failed"
}
]
}
]Facet Cloud Account
Get facet on attributes of Environment, Cloud Provider, Account Type and Status of Cloud accounts for given search criteria
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public.cloud.accounts |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.cloud.accounts:READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/_facet
Request Body - application/json
{
"query": "<string>",
"criteria": {
"name": ["<string>"],
"cloud_provider": ["<string>"],
"cloud_provider_account_id": ["<string>"],
"credential.verification_status": ["<string>"],
"parent_account_id": ["<string>"],
"is_onboarded": <boolean>,
"environment": ["<string>"],
"aws_account_type": ["<string>"],
},
"terms": {
"rows": 20,
"fields": ["<string>"]
}
}Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
criteria |
Criteria is an object that represents values that must be in the results. | Object | name, cloud_provider, cloud_provider_account_id, credential.verification_status, parent_account_id, is_onboarded, environment, aws_account_type |
query |
Query in lucene syntax and/or including value searches. | String | N/A |
terms |
The fields to facet and how many of the top entries to return. | Object | cloud_provider, environment, account_type, credential.verification_status |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | List of Accounts facets with counts | application/json | Example Response Below |
| 400 | Invalid Request | application/json | |
| 401 | Not Authenticated | application/json | |
| 403 | Forbidden | application/json | |
| 404 | OrgKey not found in service | application/json | |
| 500 | Internal Server Error | application/json | |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/public-cloud/account-management/v1/orgs/ABCD1234/accounts/_facetX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "string",
"criteria": {
"name": [
"AWS Account 1",
"AWS Account 2"
],
"cloud_provider": [
"AWS"
],
"cloud_provider_account_id": [
"1234567890",
"1234567891"
],
"credential.verification_status": [
"IN_PROGRESS",
"SUCCESS"
],
"parent_account_id": [
"123456789012"
],
"is_onboarded": true,
"environment": [
"DEV",
"PROD"
],
"aws_account_type": [
"MANAGEMENT"
]
},
"terms": {
"rows": 20,
"fields": [
"CLOUD_PROVIDER"
]
}
}{
"terms": [
{
"field": "CLOUD_PROVIDER",
"values": [
{
"id": "AWS",
"name": "AWS",
"total": 1
}
]
}
]
}Search Cloud Accounts
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public.cloud.accounts |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.cloud.accounts:READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/_search
Request Body - application/json
{
"start": <integer>,
"rows": <integer>,
"query": "<string>",
"criteria": {
"name": [ "<string>" ],
"cloud_provider": [ "<string>" ],
"cloud_provider_account_id": [ "<string>" ],
"credential.verification_status": [ "<string>" ],
"environment": [ "<string>" ],
"parent_account_id": ["<string>"],
"is_onboarded": <boolean>
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
criteria |
Criteria is an object that represents values that must be in the results. | Object | name, cloud_provider, cloud_provider_account_id, credential.verification_status, parent_account_id, is_onboarded, environment, aws_account_type, parent_account_id, is_onboarded |
query |
Query in lucene syntax and/or including value searches. | String | N/A |
rows REQUIRED
|
Maximum number of rows to return | Integer | Max: 10k |
start REQUIRED
|
What row to begin returning results from | Integer | |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. |
Array | order supports asc or desc
Supported Fields: credential.last_verified_time, name, cloud_provider, cloud_provider_account_id, owner_email, last_updated_time, environment |
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successful Search Request. | application/json | View example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | |
| 401 | Unauthorized | N/A | |
| 403 | Forbidden | N/A | |
| 500 | Internal Server Error | N/A | |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/public-cloud/account-management/v1/orgs/ABCD1234/accounts/_searchX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"start": 0,
"rows": 0,
"criteria": {
"name": [
"AWS Account 1"
],
"cloud_provider": [
"AWS"
],
"cloud_provider_account_id": [
"1234567890",
"1234567891"
],
"credential.verification_status": [
"IN_PROGRESS",
"SUCCESS",
"FAIL"
],
"environment": [
"DEV",
"PROD"
]
},
"sort": [
{
"field": "credential.last_verified_time",
"order": "ASC"
}
]
}{
"num_found": 1,
"results": [
{
"account_discovery_status": null,
"aws_account_joined_method": null,
"aws_account_type": "INDEPENDENT",
"cloud_provider": "AWS",
"cloud_provider_account_id": "1234567890",
"created_by": "ABCD123456",
"credential": {
"application_id": null,
"external_id": "QWERTY",
"identity_pool_id": null,
"identity_provider_id": null,
"identity_provider_project_no": null,
"last_verified_time": "2023-08-28T10:50:06.839226Z",
"role_arn": "arn:aws:iam::1234567890:user/test@email.com",
"secret": null,
"secret_expiry": null,
"secret_id": null,
"service_account_email": null,
"tenant_id": null,
"verification_code": "CREDENTIAL_ERROR",
"verification_message": "User:arn:aws:sts::",
"verification_status": "FAIL"
},
"environment": "DEV",
"event_stream_status": "ENABLED",
"is_onboarded": true,
"last_updated_time": "2022-07-26T12:07:42.111648Z",
"name": "AWS Account 2",
"new_accounts_discovered": false,
"owner_email": "test@email.com",
"owner_name": "Test",
"parent_account_id": null,
"parent_id": null,
"ssm_document_status": "DISABLED",
"updated_by": "ACBD12432"
}
]
}Export Cloud Accounts
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public.cloud.accounts |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.cloud.accounts:READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/_search/download
Request Body - application/json
Refer to Search Cloud Accounts Request
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successful Search Request. | text/csv | View example response below |
| 400 | The JSON body was malformed, or some part of the JSON body included an invalid value | N/A | |
| 401 | Unauthorized | N/A | |
| 403 | Forbidden | N/A | |
| 500 | Internal Server Error | N/A | |
Examples
Request
Request Headers
Request Body
Response Body
POST https://defense.conferdeploy.net/public-cloud/account-management/v1/orgs/ABCD1234/accounts/_search/downloadX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"start": 0,
"rows": 0,
"criteria": {
"name": [
"AWS Account 1"
],
"cloud_provider": [
"AWS"
],
"cloud_provider_account_id": [
"1234567890",
"1234567891"
],
"credential.verification_status": [
"IN_PROGRESS",
"SUCCESS",
"FAIL"
],
"environment": [
"DEV",
"PROD"
],
"parent_account_id": [
"123456789012"
],
"is_onboarded": true,
},
"sort": [
{
"field": "credential.last_verified_time",
"order": "ASC"
}
]
}orgKey,accountId,accountProvider,region,accountName,accountOwnerName,accountOwnerEmail,environment,credentialRoleArn,credentialExternalId,credentialApplicationId,credentialTenantId,credentialSecretId,credentialsecretExpiry,credentialIdentityProviderProjectNo,credentialServiceAccountEmail,credentialIdentityPoolId,credentialIdentityProviderId,credentialVerificationStatus,credentialVerificationCode,credentialVerificationMessage,credentialLastVerifiedTime,createTime,createdBy,updateTime,updatedBy,regionEventChannelTemplateVersion,regionEventChannelConnected,regionEventChannelLastConnectedTime,regionEventChannelCreatedTime,regionEventChannelUpdatedTime,regionInventorySyncStatus,regionInventorySyncMessage,regionInventorySyncCode,regionInventoryLastSyncTime,regionInventoryFullSyncBy,regionCreatedTime,regionCreatedBy\r\nABCD123456,1234567890,AWS,us-east-1,AWS Account 2,Test,test@testorg.com,DEV,arn:aws:iam::1234567890:user/test@testorg.com,afd5813b-e3c6-471a-b30e-3a8577f89111,,,,,,,,,FAIL,CREDENTIAL_ERROR,"User: arn:aws:sts::605728677638:assumed-role/mcs-psc-dev-cwp-pc-aws-collector-us-east-1-pod/694be2a6-mcs-psc-dev-cwp-pc-aws-collector-us-east-1-pod is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::1234567890:user/test@testorg.com (Service: Sts, Status Code: 403, Request ID: a9787f7e-9016-4d74-8147-e2cd1637765c, Extended Request ID: null)",2023-08-28T12:08:37.990409Z,2023-08-28T12:08:37.591934Z,ABCD123456,2023-08-28T12:08:37.591934Z,ABCD123456,,false,,,,NOT_STARTED,,,,,2023-08-28T12:08:37.624666Z,ABCD123456Import Cloud Accounts by CSV
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public.cloud.accounts |
CREATE, UPDATE |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.cloud.accounts:CREATE, UPDATE |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/accounts/import
Request Body - text/csv
accountId,accountProvider,accountName,accountOwnerName,accountOwnerEmail,environment,credentialRoleArn,credentialExternalId,regions\r\n
1234567890,AWS,AWS Account 1,Test,test@testorg.com,DEV,arn:aws:iam::1234567890:user/test@testorg.com,QWERTY,us-east-1Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successful import request. | application/json | |
| 400 | The csv file is malformed | N/A | |
| 401 | Unauthorized | N/A | |
| 403 | Forbidden | N/A | |
| 500 | Internal Server Error | N/A | |
Examples
Request
Request Headers
Request Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/public-cloud/account-management/v1/orgs/ABCD1234/accounts/importX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "text/csv"accountId,accountProvider,accountName,accountOwnerName,accountOwnerEmail,environment,credentialRoleArn,credentialExternalId,regions\r\n
1234567890,AWS,AWS Account 1,Test,test@testorg.com,DEV,arn:aws:iam::1234567890:user/test@testorg.com,QWERTY,us-east-1{
"success": true,
"message": "Accounts uploaded successfully"
}Create Provision Template
Create provision template detail for given account and region and keeping others unchanged.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public.cloud.ingestion.events |
CREATE |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.Cloud.Ingestion.Events:CREATE |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/cloud_providers/{cloud_provider}/accounts/{account_id}/regions/{region}/provision_template
Request Body - application/json
{
"event_channel_template_version": "<string>"
}
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
| event_channel_template_version | Version of event channel template for region - e.g. 1.0.0 | String | N/A |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Provision template details created. | application/json | Example Response Below |
| 400 | Invalid Request | application/json | |
| 401 | Not Authenticated | application/json | |
| 403 | Forbidden | application/json | |
| 404 | OrgKey not found in service | application/json | |
| 500 | Internal Server Error | application/json | |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/public-cloud/account-management/v1/orgs/ABCD1234/cloud_providers/{cloud_provider}/accounts/{account_id}/regions/{region}/provision_templateX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"event_channel_template_version": "1.0.0"
}{
"error_code": null,
"follow_up_api": null,
"message": "Successful",
"success": true
}Delete Provision Template
Delete provision template detail for given account and region and keeping others unchanged.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public.cloud.ingestion.events |
DELETE |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.Cloud.Ingestion.Events:DELETE |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
DELETE {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/cloud_providers/{cloud_provider}/accounts/{account_id}/regions/{region}/provision_template
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully deleted | application/json | Example Response Below |
| 400 | Invalid Request | application/json | |
| 401 | Not Authenticated | application/json | |
| 403 | Forbidden | application/json | |
| 404 | OrgKey not found in service | application/json | |
| 500 | Internal Server Error | application/json | |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
DELETE https://defense.conferdeploy.net/public-cloud/account-management/v1/orgs/ABCD1234/cloud_providers/{cloud_provider}/accounts/{account_id}/regions/{region}/provision_templateX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"{
"error_code": null,
"follow_up_api": null,
"message": "Successful",
"success": true
}Add SSM Document
Add ssm document creation details for given account and region and keeping others unchanged.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public.cloud.ingestion.events |
CREATE |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.Cloud.Ingestion.Events:CREATE |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/cloud_providers/{cloud_provider}/accounts/{account_id}/regions/{region}/ssm_document
Request Body - application/json
{
"ssm_document_version": "<string>"
}
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
| ssm_document_version | Version of ssm document for region | String | N/A |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | SSM document details created. | application/json | Example Response Below |
| 400 | Invalid Request | application/json | |
| 401 | Not Authenticated | application/json | |
| 403 | Forbidden | application/json | |
| 404 | OrgKey not found in service | application/json | |
| 500 | Internal Server Error | application/json | |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/public-cloud/account-management/v1/orgs/ABCD1234/cloud_providers/{cloud_provider}/accounts/{account_id}/regions/{region}/ssm_documentX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"ssm_document_version": "1.0.0"
}{
"error_code": null,
"follow_up_api": null,
"message": "Successful",
"success": true
}Delete SSM Document
Delete ssm document create detail for given account and region and keeping others unchanged.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public.cloud.ingestion.events |
DELETE |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.Cloud.Ingestion.Events |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
DELETE {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/cloud_providers/{cloud_provider}/accounts/{account_id}/regions/{region}/ssm_document
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully deleted | application/json | Example Response Below |
| 401 | Not Authenticated | application/json | |
| 403 | Forbidden | application/json | |
| 404 | OrgKey not found in service | application/json | |
| 500 | Internal Server Error | application/json | |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
DELETE https://defense.conferdeploy.net/public-cloud/account-management/v1/orgs/ABCD1234/cloud_providers/{cloud_provider}/accounts/{account_id}/regions/{region}/ssm_documentX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"{
"error_code": null,
"follow_up_api": null,
"message": "Successful",
"success": true
}Download Cloud Account Import Template
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public.cloud.accounts |
CREATE, UPDATE |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.cloud.accounts:CREATE, UPDATE |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
GET {cbc-hostname}/public-cloud/account-management/v1/accounts/import/template
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully retrieved template. | text/csv | View example response below |
| 401 | Unauthorized | N/A | |
| 403 | Forbidden | N/A | |
| 500 | Internal Server Error | N/A | |
Examples
Request
Request Headers
Response Body
GET https://defense.conferdeploy.net/public-cloud/account-management/v1/accounts/import/templateX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"accountId,accountProvider,accountName,accountOwnerName,accountOwnerEmail,environment,credentialRoleArn,credentialExternalId,regionsGet Details of a Cloud Provider
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public.cloud.accounts |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.cloud.accounts:READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
GET {cbc-hostname}/public-cloud/account-management/v1/cloud_providers/{cloud_provider}
Response
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Information successfully retrieved. | application/json | View example response below |
| 400 | Cloud Provider Not Found | N/A | |
| 401 | Unauthorized | N/A | |
| 403 | Forbidden | N/A | |
| 500 | Internal Server Error | N/A | |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/public-cloud/account-management/v1/cloud_providers/AWSX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"{
"environments": [
"DEV",
"STAGING",
"TEST",
"PROD"
],
"onboarding_powershell_script_url": "https://.../aws/powershell/Setup-cbc-events-stream.ps1",
"onboarding_shell_script_url": "https://.../aws/shell/setup-cbc-event-stream.sh",
"regions": [
{
"id": "us-east-1",
"name": "US East (N. Virginia)"
},
{
"id": "us-east-2",
"name": "US East (Ohio)"
},
...
],
"trust_relationship_setup_details": {
"aws_collector_arn": "arn:aws:iam::...",
"powershell_script_url": "https://.../aws/trust-relationship/powershell/Setup-trust-relationship.ps1",
"shell_script_url": "https://.../aws/trust-relationship/shell/setup-trust-relationship.sh"
}
}Get External ID for AWS Account
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | public.cloud.accounts |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Public.Cloud:Public.cloud.accounts:READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
GET {cbc-hostname}/public-cloud/account-management/v1/orgs/{org_key}/external_id
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | External ID successfully retrieved | application/json | Example Response Below |
| 403 | Forbidden | N/A | |
| 500 | Internal Server Error | N/A | |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/public-cloud/account-management/v1/orgs/ABCD1234/external_idX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"{
"external_id": "QWERTY-12345"
}Fields
Account
| Field | Definition | Data Type | Values |
|---|---|---|---|
cloud_provider_account_id REQUIRED
|
Account id of the cloud provider | String | N/A |
cloud_provider REQUIRED
|
Public cloud provider (e.g. AWS) | String | N/A |
name REQUIRED
|
Name for the account | String | N/A |
owner_name REQUIRED
|
Owner name | String | N/A |
owner_email REQUIRED
|
Owner email | String | N/A |
environment REQUIRED
|
Environment | String | DEV, STAGING, TEST, PROD |
credential REQUIRED
|
Credential of account to access customer environment | Object | Credential |
regions REQUIRED
|
List of region ids for account | Array | Possible regions can be retrieved with Get Details of a Cloud Provider |
created_by |
String | N/A | |
updated_by |
String | N/A | |
event_stream_status |
Event stream setup status | String | ENABLED, DISABLED, PARTIALLY_ENABLED |
last_updated_time |
Timestamp of the last update | String | N/A |
ssm_document_status |
SSM document status status | String | ENABLED, DISABLED, PARTIALLY_ENABLED |
parent_id |
Parent id of the cloud provider account. Parent could be AWS Organization/GCP Folder/Azure Management Group. | String | N/A |
parent_account_id |
Account Id of the parent account | String | N/A |
aws_account_joined_method |
AWS account joined method | String | INVITED, CREATED |
new_accounts_discovered |
Flag to identify if new accounts have been added under the parent. | Boolean | N/A |
aws_account_type |
AWS account type | String | MANAGEMENT, MEMBER, INDEPENDENT |
is_onboarded |
Flag to identify if the account has been onboarded | Boolean | N/A |
account_discovery_status |
Account discovery status | String | NOT_STARTED, IN_PROGRESS, SUCCESS, FAIL, TIMED_OUT |
Account Action
| Field | Definition | Data Type | Values |
|---|---|---|---|
cloud_provider_account_id REQUIRED
|
Account id of the cloud provider | String | N/A |
cloud_provider REQUIRED
|
Public cloud provider (e.g. AWS) | String | N/A |
regions |
List of region ids for account | Array | Possible regions can be retrieved with Get Regions for a Cloud Account |
Account Action Response
| Field | Definition | Data Type | Values |
|---|---|---|---|
cloud_provider_account_id |
Account id of the cloud provider | String | N/A |
cloud_provider |
Public cloud provider (e.g. AWS) | String | N/A |
regions |
List of region ids for account | Array | N/A |
action_status |
Result of the action performed | Boolean | true, false |
action_message |
Message for the result of the action performed | String | N/A |
Account Id
| Field | Definition | Data Type | Values |
|---|---|---|---|
cloud_provider_account_id REQUIRED
|
Account id of the cloud provider | String | N/A |
cloud_provider REQUIRED
|
Public cloud provider (e.g. AWS) | String | N/A |
Account Validate Role
| Field | Definition | Data Type | Values |
|---|---|---|---|
cloud_provider_account_id REQUIRED
|
Account id of the cloud provider | String | N/A |
cloud_provider REQUIRED
|
Public cloud provider (e.g. AWS) | String | N/A |
saved_credentials REQUIRED
|
Flag whether to save the credentials | Boolean | true, false |
role_arn |
AWS related credential connector property | String | N/A |
external_id |
AWS related credential unique external id. Generated by Carbon Black Cloud | String | N/A |
application_id |
Azure related credential connector property | String | N/A |
tenant_id |
Azure related Application (client) ID | String | N/A |
secret_id |
Azure related Secret ID | String | N/A |
secret |
Azure related Secret | String | N/A |
secret_expiry |
Azure related secret expiry date | String | N/A |
identity_provider_project_no |
Project Number where GCP Identity federation pool configured. | String | N/A |
service_account_email |
GCP related Service account email | String | N/A |
identity_pool_id |
GCP related Identity Pool Name | String | N/A |
identity_provider_id |
GCP related aws provider id | String | N/A |
Cloud Provider Response
| Field | Definition | Data Type | Values |
|---|---|---|---|
regions |
List of available regions | Array | N/A |
environments |
Environments | Array | DEV, STAGING, TEST, PROD |
onboarding_shell_script_url |
Onboarding shell script URL | String | N/A |
onboarding_powershell_script_url |
Onboarding powershell script URL | String | N/A |
trust_relationship_setup_details |
Details to setup trust relationship between customer AWS account and CB account | Object | Trust Relationship Setup Details |
Credential
AWS
| Field | Definition | Data Type | Values |
|---|---|---|---|
role_arn |
AWS related credential connector property | String | N/A |
external_id |
AWS related credential unique external id. AWS related credential unique external id. Generated by Carbon Black Cloud and ignored if it is included in the Onboard New Cloud Account request | String | N/A |
Azure
| Field | Definition | Data Type | Values |
|---|---|---|---|
application_id |
Azure related credential connector property | String | N/A |
tenant_id |
Azure related Application (client) ID | String | N/A |
secret_id |
Azure related Secret ID | String | N/A |
secret |
Azure related Secret | String | N/A |
secret_expiry |
Azure related secret expiry date | String | N/A |
GCP
| Field | Definition | Data Type | Values |
|---|---|---|---|
identity_provider_project_no |
Project Number where GCP Identity federation pool configured. | String | N/A |
service_account_email |
GCP related Service account email | String | N/A |
identity_pool_id |
GCP related Identity Pool Name | String | N/A |
identity_provider_id |
GCP related aws provider id | String | N/A |
Credential Response
| Field | Definition | Data Type | Values |
|---|---|---|---|
role_arn |
AWS related credential connector property | String | N/A |
external_id |
AWS related credential unique external . Generated by Carbon Black Cloud | String | N/A |
verification_status |
Verification status of the creation of the account | String | NOT_STARTED, IN_PROGRESS, SUCCESS, FAIL, TIMED_OUT |
verification_code |
Verification code of the creation of the account | String | N/A |
verification_message |
Verification message of the creation of the account | String | N/A |
last_verified_time |
Last verified time | String | N/A |
Event Channel Setup
| Field | Definition | Data Type | Values |
|---|---|---|---|
template_version |
Version of event channel template deployed on the region | String | N/A |
connected |
connected flag | String | true, false |
last_connected_time |
Last connected time | String | N/A |
create_time |
Create time | String | N/A |
update_time |
Update time | String | N/A |
Inventory Sync Details
| Field | Definition | Data Type | Values |
|---|---|---|---|
status |
Status of the inventory sync | String | NOT_STARTED, IN_PROGRESS, SUCCESS, FAIL, TIMED_OUT |
message |
Message for the status of the operation | String | N/A |
code |
Code for the status of the operation | N/A | |
synced_by |
Synced by | String | N/A |
last_sync_time |
Last sync time | String | N/A |
Parent Account Id
| Field | Definition | Data Type | Values |
|---|---|---|---|
cloud_provider_account_id |
Account id of the cloud provider | string | |
cloud_provider |
Public cloud provider (e.g. AWS) | string |
Region Details Response
| Field | Definition | Data Type | Values |
|---|---|---|---|
id |
Unique id of the region (provided by cloud provider) | String | N/A |
name |
Name of the region (provided by cloud provider) | String | N/A |
event_channel |
Details of event channel setup | Object | Event Channel Setup |
inventory_sync |
Inventory sync details | Object | Inventory Sync Details |
create_time |
create time | String | N/A |
created_by |
User id or connector id of the one who added this region to the account | String | N/A |
Trust Relationship Setup Details
| Field | Definition | Data Type | Values |
|---|---|---|---|
shell_script_url |
Shell script URL for the script that can setup trust relationship | String | N/A |
powershell_script_url |
PowerShell script URL for the script that can setup trust relationship | String | N/A |
aws_collector_arn |
Environment specific ARN of AWS | String | N/A |
Last modified on October 19, 2023