AWS

Operations using AWS

Add an AWS cloud account

post/api/cloudaccounts/aws

Provided valid authorization and AWS account details, adds the AWS cloud account to the Trend Micro Cloud One account.

SecuritycloudOneAPIKey
Request
header Parameters
Api-Version
required
string

The API version used in this request.

Value: "v1"
Request Body schema: application/json
alias
string

The friendly identifier of the cloud account

description
string

The description of the AWS account

features
Array of strings

If present, represents the set of Features to be enabled for the cloud account. Please refer to the /api/cloudaccounts/aws/features endpoint for a description of what Features are and their usage.

roleARN
required
string

The ARN for the role in the AWS account that Trend Micro Cloud One should assume

Responses
201

AWS Cloud account created

400

Bad Request + specific error message

401

Valid authentication was not provided

403

Unauthorized

409

This indicates a request conflict with the current state of the target resource

429

You have made too many requests too quickly. Check the Retry-After header for an indication of when you might be able to try again.

500

Internal server error

503

The service is temporarily unavailable, likely due to maintenance. It should be available soon, check the Retry-After header for an indication of when you might be able to try again.

Request samples
application/json
{
  • "roleARN": "arn:aws:iam::012345678910:role/role-name",
  • "alias": "production EU account",
  • "description": "The production account in the EU region",
  • "features": [
    ]
}
Response samples
application/json
{
  • "id": "012345678910",
  • "roleARN": "arn:aws:iam::012345678910:role/role-name",
  • "created": "2020-07-10T07:02:10Z",
  • "lastModified": "2020-07-10T07:02:10Z",
  • "alias": "production account",
  • "description": "Corp ABC production account",
  • "state": "managed",
  • "features": [
    ],
  • "missingPermissions": {
    },
  • "parentStackName": "Cloud-One-Cloud-Account-Management",
  • "lastSyncTime": "2020-07-10T07:02:10Z"
}

List all AWS cloud accounts managed by Trend Micro Cloud One

get/api/cloudaccounts/aws

Provided valid authorization, lists all AWS cloud accounts managed by Trend Micro Cloud One

SecuritycloudOneAPIKey
Request
query Parameters
cursor
string

An encoded value used to retrieve the next set of results for a query that returns more results than the provided limit. It uses the next value from the previous response.

Example: cursor=eyJrIjoiMXVLa2lsb3B2RnhsS0FuYUU0bThqUmVjZDdCIiwibiI6IkJUY2hRU2pOVDBSUjc0cHUifQ.EilR0MPcmh9JdsQ1omPx1cJQvh_RjDwI_AnHAWu-G1YSN9ZTjoKswEhDObUaefE8nf97AlccfogXrvrcjfpE7gDJCz4oI-6rfM43E9T_Or3uyOG3OgHoK9eyUX-qv8WTYwnf1tzwVN1e1D4B0Kr81yQBi2Y-MdeIH60rkOFI42w6I9fEJRDnPRoFqRn2Hw70ehjrCRpkeRKS9emduCL_YNZmjNEst1i6heg5-sqtkBYrYaqWecKJ5rqskQN_apfrX-BEfh6Ph2j7hYKJ6s32j3dOGR9paTFikewtKWMXBcy6kW5uZqGwO05sVW1Wy6HavxpNm5ha50WKotoEndvzuW0RasT9YLbCry1qRYt3X8NKybpERt2u7lRHNSY3DuVtbXbeR9oUzsO1Br31ywH0dBkn3WsfPYFOaEt0htVo0_DlDZh-0oH4PdzvCkzDQn-EM8u9PCxzvxSMGtQ_UXcDxEZcUgfgnLQy4Fu2AHumF136tXZyTh8GAd-mLqC6xtvOXJTDF7s0TxQ7A57d9C1EDrEJOBuq
limit
integer

The maximum numbers of records to return. It accepts an integer ranging from 1 to 25. Otherwise, the request will be rejected.

Example: limit=25
header Parameters
Api-Version
required
string

The API version used in this request.

Value: "v1"
Responses
200

List of AWS cloud accounts

400

Bad Request + specific error message

401

Valid authentication was not provided

403

Unauthorized

429

You have made too many requests too quickly. Check the Retry-After header for an indication of when you might be able to try again.

500

Internal server error

503

The service is temporarily unavailable, likely due to maintenance. It should be available soon, check the Retry-After header for an indication of when you might be able to try again.

Response samples
application/json
{
  • "cloudAccounts": [
    ],
  • "next": "dGhpcyB2YWx1ZSBpcyBvcGFxdWUsIGRlY29kaW5nIGl0IHdvbid0IGJlIHVzZWZ1bAo="
}

Lists all available AWS cloud account Features

get/api/cloudaccounts/aws/features

Provided valid authorization, lists all AWS cloud account Features offered by Trend Micro Cloud One. AWS Cloud Account Features configure additional IAM Policy Actions within the CloudFormation Template returned by the /api/cloudaccounts/aws/templates endpoint to enable security services to deliver additional security value. For additional information on a specific Cloud Account Feature, please refer to the documentation URL provided within the response of this API endpoint.

SecuritycloudOneAPIKey
Request
header Parameters
Api-Version
required
string

The API version used in this request.

Value: "v1"
Responses
200

Available AWS cloud account Features listed

400

Bad Request + specific error message

401

Valid authentication was not provided

403

Unauthorized

429

You have made too many requests too quickly. Check the Retry-After header for an indication of when you might be able to try again.

500

Internal server error

503

The service is temporarily unavailable, likely due to maintenance. It should be available soon, check the Retry-After header for an indication of when you might be able to try again.

Response samples
application/json
{}

Modify an AWS cloud account

post/api/cloudaccounts/aws/{id}

Provided valid authorization and AWS account details, modifies the AWS cloud account details stored in the Trend Micro Cloud One account.

SecuritycloudOneAPIKey
Request
path Parameters
id
required
string

The AWS account ID

Example: 012345678910
header Parameters
Api-Version
required
string

The API version used in this request.

Value: "v1"
Request Body schema: application/json
alias
string

The friendly identifier of the cloud account

description
string

The description of the AWS account

features
Array of strings

If present, represents the set of Features to be enabled for the cloud account. Please refer to the /api/cloudaccounts/aws/features endpoint for a description of what Features are and their usage.

roleARN
string

The ARN for the role in the AWS account that Trend Micro Cloud One should assume

Responses
200

AWS cloud account modified

400

Bad Request + specific error message

401

Valid authentication was not provided

403

Unauthorized

404

Not Found

429

You have made too many requests too quickly. Check the Retry-After header for an indication of when you might be able to try again.

500

Internal server error

503

The service is temporarily unavailable, likely due to maintenance. It should be available soon, check the Retry-After header for an indication of when you might be able to try again.

Request samples
application/json
{
  • "roleARN": "arn:aws:iam::012345678910:role/role-name",
  • "alias": "production EU account",
  • "description": "The production account in the EU region"
}
Response samples
application/json
{
  • "id": "012345678910",
  • "roleARN": "arn:aws:iam::012345678910:role/role-name",
  • "created": "2020-07-10T07:02:10Z",
  • "lastModified": "2020-07-10T07:02:10Z",
  • "alias": "production account",
  • "description": "Corp ABC production account",
  • "state": "managed",
  • "features": [
    ],
  • "missingPermissions": {
    },
  • "parentStackName": "Cloud-One-Cloud-Account-Management",
  • "lastSyncTime": "2020-07-10T07:02:10Z"
}

Remove an AWS cloud account

delete/api/cloudaccounts/aws/{id}

Provided valid authorization and AWS account details, removes the AWS cloud account from the Trend Micro Cloud One account.

SecuritycloudOneAPIKey
Request
path Parameters
id
required
string

The AWS account ID

Example: 012345678910
header Parameters
Api-Version
required
string

The API version used in this request.

Value: "v1"
Responses
204

AWS cloud account deleted

400

Bad Request + specific error message

401

Valid authentication was not provided

403

Unauthorized

429

You have made too many requests too quickly. Check the Retry-After header for an indication of when you might be able to try again.

500

Internal server error

503

The service is temporarily unavailable, likely due to maintenance. It should be available soon, check the Retry-After header for an indication of when you might be able to try again.

Response samples
application/json
{
  • "code": "invalid-feature",
  • "message": "There was a problem with your request. Review the indicated field for more details.",
  • "fields": {
    }
}

Get AWS CloudFormation template

get/api/cloudaccounts/aws/templates

Provided valid authorization, returns the AWS CloudFormation stack template, along with it's parameters, which are required to use this service. The template contains the role and policies needed for Cloud One to access resources stored in your AWS account.

SecuritycloudOneAPIKey
Request
query Parameters
awsRegion
string

The AWS region to use in the "create stack" URL. If not provided, defaults to an AWS region in the same country as your Cloud One account's home region.

Example: awsRegion=us-east-1
featureAWSRegions
string

The AWS Regions where the Cloud Sentry feature will be deployed to. Please refer to the /api/cloudaccounts/aws/features endpoint for a description of what Features are and their usage. A list of the currently available Features can be obtained by making a request to /api/cloudaccounts/aws/features.

Example: featureAWSRegions=us-east-1,ca-central-1
features
string

Optional set of Features to be enabled for the cloud account. Please refer to the /api/cloudaccounts/aws/features endpoint for a description of what Features are and their usage. A list of the currently available Features can be obtained by making a request to /api/cloudaccounts/aws/features.

Example: features=cloud-sentry,example-feature-2
header Parameters
Api-Version
required
string

The API version used in this request.

Value: "v1"
Responses
200

Details for creating an AWS CloudFormation stack

400

Bad Request + specific error message

401

Valid authentication was not provided

403

Unauthorized

404

Not Found

429

You have made too many requests too quickly. Check the Retry-After header for an indication of when you might be able to try again.

500

Internal server error

503

The service is temporarily unavailable, likely due to maintenance. It should be available soon, check the Retry-After header for an indication of when you might be able to try again.