Support Open Console


Managing Conformity events.

List All Events


This endpoint allows you to collect events that you have access to.

IMPORTANT:    Some guidelines about using this endpoint:

  1. If accountIds are not provided, events are returned from all accounts you have access to. If you are ADMIN, organisation-level events are also returned.
  2. If you provide an accountId to an account you do not have at least ReadOnly access to, you will receive a 403 Forbidden error.
  3. You can pull 3 types of events from this endpoint. By defuault, you will receive all events if you don't provide the any event type.
    • aws=true&azure=false&cc=false or azure=false&cc=false will only return AWS events;
    • aws=false&azure=false&cc=true or aws=false&azure=false will only return Cloud Conformity activity-events;
    • aws=true&azure=true&cc=false or cc=false will return AWS and Azure events. For more information, see example below.
  4. All events have a name attribute. Some important Cloud Conformity events are listed in the Event Names Table.
    Using the filter[name] as part of your query will get a history of that specific event. filter[name] also supports wildcards.
    • Asterisk at the end: filter[name]* will get all events where the name starts with
    • Asterisk in the middle:filter[name]=account.*.update* will match all account updating events like and account.rule.update.
    • Use of question marks: filter[name]=a??.check.create will match api.check.created and not account.check.created. Each ? is a character wildcard.


The filter query parameter is reserved to be used as the basis for filtering. Any plural filter parameters (e.g. filter[region s]) accepts a comma-separated list. E.g. filter[regions]=us-east-1,us-east-2

The table below give more information about filter options:

Name Values
filter[regions] global | us-east-2 | us-east-1 | us-west-1 | us-west-2 | ap-south-1 | ap-northeast-2 |
ap-southeast-1 | ap-southeast-2 | ap-northeast-1 | ca-central-1 | eu-central-1 | eu-west-1 |
eu-west-2 | sa-east-1

The region filter is only available for AWS events. For more information about regions, please refer to Cloud Conformity Region Endpoint
filter[services] AutoScaling | CloudConformity |CloudFormation | CloudFront | CloudTrail | CloudWatch |
CloudWatchEvents | CloudWatchLogs | Config | DynamoDB | EBS | EC2 | ElastiCache | Elasticsearch | ELB | IAM | KMS | RDS | Redshift | ResourceGroup | Route53 | S3 | SES |
SNS | SQS | VPC | WAF | ACM | Inspector | TrustedAdvisor | Shield | EMR | Lambda |
Support | Organizations | Kinesis | EFS
Subscriptions | ActivityLog | Network

For more information about services, please refer to Cloud Conformity Services Endpoint

Additionally, events we receive from AWS may have different service labels such as ""
filter[userIds] A comma-separated list of Cloud Conformity userIds. Only activity-events will have userIds.
filter[name] String, name of event. Supports wild cards (see point 4 above )
filter[identities] Only incoming AWS and Azure events will have identities.
filter[since] Refers to the start of the time range you want to query for events.

The numeric value of the specified time as the number of milliseconds since January 1, 1970, 00:00:00 UTC
filter[until] Refers to the end of the time range you want to query for events.

The numeric value of the specified date as the number of milliseconds since January 1, 1970, 00:00:00 UTC

For example, the following is a request for static-deployer events within a specified time frame on one account:

curl -g -H "Content-Type: application/vnd.api+json" \
     -H "Authorization: ApiKey S1YnrbQuWagQS0MvbSchNHDO73XHqdAqH52RxEPGAggOYiXTxrwPfmiTNqQkTq3p" \[identities]=static-deployer&filter[since]=1519919272016&filter[until]=1519932055819

Example Response:

Each event can be quite large and the example below is purposefully truncated.

    "data": [
            "type": "events",
            "id": "rkTkAsr_GSJlpyCoB_M",
            "attributes": {
                "name": "account.monitoring.activity",
                "time": 1519922649000,
                "service": "",
                "identity": "static-deployer",
                "region": "us-east-1",
                "description": "",
                "hasChildren": true
            "relationships": {
                "account": {
                    "data": {
                        "type": "account",
                        "id": "ryi9NPivK"
    "meta": {
        "total-pages": 1

Event Names Information
account.monitoring.activity All AWS events have this name
azure.activity.logs All Azure events have this name
ACCOUNT LEVEL delay between automatic conformity bot run has been increased delay between automatic conformity bot run has been decreased account bot was enabled and is now temporarily disabled until a set time. account bot was enabled and was disabled indefinitely some previously enabled regions are now disabled account bot was disabled and is now enabled some previously disabled regions are now enabled
account.rule.update.disabled some previously enabled rule is now disabled
account.rule.update.enabled some previously disabled rule is now enabled
account.rule.update.riskLevel rule risk level has been changed
account.rule.update.exceptions.tags.added There were no exception tags and now some have been added
account.rule.update.exceptions.tags.removed There were some exception tags and now all have been removed
account.rule.update.exceptions.tags.updated List of exception tags has been updated
account.rule.update.exceptions.resources.added There were no exception resources and now some have been added
account.rule.update.exceptions.resources.removed There were some exception resources and now all have been removed
account.rule.update.exceptions.resources.updated List of exception resources has been updated
organisation.acl.updated A user's role and/or account access settings has been changed.
account.check.update.suppressed.until An account level check was temporarily suppressed until a set time.
account.check.update.suppressed An account level check was suppressed indefinitely.
account.check.update.unsuppressed An account level check has been unsuppressed indefinitely

query Parameters

A comma-separated list of Cloud Conformity accountIds.

Default: true

If true returns AWS events.

Default: true

If true returns Azure events.

Default: true

If true returns Cloud Conformity activity-events.


Optional parameter including regions, services, userIds, name, identities, since, until


Optional parameter including page size, and page number returned




Bad Request. Cannot process request due to a client error.


Unauthorized. The requesting user does not have enough privilege.


Organisation is not currently accessible via the API


Internal Server Error

Response samples
  • "data": [