Add stacks to File Storage Security using the API

Recommendation

Before using the API, we recommend you run through the stack deployment using the web interfaces of File Storage Security and Azure. The web interfaces provide a user-friendly introduction to the deployment parameters, concepts, and processes.

For instructions on deploying through the web interfaces, see Get started.


Prerequisites

  1. Install the Azure command-line interface (CLI). All versions are supported.
  2. Create Stacks.
  3. Create an API Key.
  4. Each request that you make requires an authorization and API version in the header.

    • Authorization Header
      • For Trend Micro Cloud One API Key:
        • Key: Authorization
        • Value: ApiKey <your api key value>
      • For Legacy API Key (DEPRECATED):
        • Key: api-secret-key
        • Value: <your api key value>
    • API version header:
      • Key: api-version
      • Value: v1

Example for Trend Micro Cloud One API Key:

GET /api/external-id HTTP/1.1
Authorization: ApiKey YOUR-API-KEY
Api-Version: v1

Example for Legacy API Key:

GET /api/filestorage/external-id HTTP/1.1
api-secret-key: YOUR-API-KEY
Api-Version: v1

where YOUR-API-KEY is replaced with the API key you generated previously.

If the API key is valid, the API call is allowed. If not, a 403 code is returned.


Deploy an all-in-one stack using the API

To deploy the all-in-one stack:

  1. Create all-in-one stack using template link or using CLI

  2. Obtain the resource ID of the scanner and storage stacks

    • Option 1 - Through the Azure console:

      • Go to Subscriptions > your subscription > Deployments > your all-in-one stack > Outputs.
      • Take note of the tenantID, scannerStackResourceGroupID and storageStackResourceGroupID values.
    • Option 2 - Through the Azure CLI:

      • Enter the following Azure CLI command:
        az deployment sub show \
            --name ALLINONE-STACK-NAME \
            --query 'properties.outputs'
        

      where...

      ALLINONE-STACK-NAME is replaced with the name of your all-in-one stack.

      • In the command output, take note of the tenantID, scannerStackResourceGroupID and storageStackResourceGroupID output values:
        "scannerStackResourceGroupID": {
            "type": "String",
            "value": "/subscriptions/1234abcd-3c6d-4347-9019-123456789012/resourceGroups/Scanner-TM-FileStorageSecurity"
        },
        "storageStackResourceGroupID": {
            "type": "String",
            "value": "/subscriptions/1234abcd-3c6d-4347-9019-123456789012/resourceGroups/Storage-TM-FileStorageSecurity"
        },
        "tenantID": {
            "type": "String",
            "value": "753c8097-3abc-4567-1234-123456789012"
        }
        
  3. Add the scanner and storage stacks to File Storage Security

    First, add the scanner stack:

    • Call Create Stack and include the scannerStackResourceGroupID and tenantID output value in the request body.

      The creation of the scanner stack will begin.

    • Take note of stackID in the API response, which is the scanner stack’s ID.

    • Call Describe Stack using the scanner stack's stackID noted in the previous step, and continue calling until the status in the response body becomes ok.

      You have now added the scanner stack.

    Now add the storage stack:

    • Call Create Stack, and include the previously-noted scanner stack stackID, storage stack storageStackResourceGroupID and tenantID output value in the request body.

    The creation of the storage stack will begin.

    • Take note of stackID in the API response, which is the storage stack’s ID.
    • Call Describe Stack using the storage stack's stackID noted in the previous step, and continue calling until the status in the response body becomes ok.

    The stacks must be added separately, and the scanner stack must be added prior to the storage stack, as described above.


Deploy a scanner stack using the API

To deploy the scanner stack:

  1. Create a scanner stack using template link or using CLI

  2. Obtain the resource ID of the scanner stack

    • Option 1 - Through the Azure console:

      • Go to Resource groups > your scanner stack resource group > Deployments > your scanner stack deployment > Outputs.
      • Take note of the tenantID, and scannerStackResourceGroupID output value.
    • Option 2 - Through the Azure CLI:

      • Enter the following Azure CLI command:

        az deployment group show \
            --name scannerStack \
            --resource-group SCANNER-STACK-NAME \
            --query 'properties.outputs'
        

        where...

        SCANNER-STACK-NAME is replaced with the name of your scanner stack.

      • In the command output, take note of the tenantID and scannerStackResourceGroupID output value:

        "scannerStackResourceGroupID": {
            "type": "String",
            "value": "/subscriptions/1234abcd-3c6d-4347-9019-123456789012/resourceGroups/FSSScanner2"
        },
        "tenantID": {
            "type": "String",
            "value": "753c8097-3abc-4567-1234-123456789012"
        }
        
  3. Add the scanner stack to File Storage Security

    • Call Create Stack and include the scanner stack scannerStackResourceGroupID and tenantID output value in the request body.

      The creation of the scanner stack will begin.

    • Take note of the stackID in the API response, which is the scanner stack’s ID.

    • Call Describe Stack using the scanner stack's stackID noted in the previous step, and continue calling until the status in the response body becomes ok.

      You have now added the scanner stack.


Deploy a storage stack using the API

To deploy the storage stack:

  1. Create a storage stack using template link or using CLI

  2. Obtain the resource ID of the storage stack

    • Option 1 - Through the Azure portal:

      • Go to Resource groups > your storage stack resource group > Deployments > your storage stack deployment > Outputs.
      • Take note of the tenantID, and storageStackResourceGroupID output value.
    • Option 2 - Through the Azure CLI:

      • Enter the following Azure CLI command:

        az deployment group show \
            --name storageStack \
            --resource-group STORAGE-STACK-NAME \
            --query 'properties.outputs'
        

        where...

        STORAGE-STACK-NAME is replaced with the name of your storage stack.

      • In the command output, take note of the tenantID and storageStackResourceGroupID output value:

        "storageStackResourceGroupID": {
            "type": "String",
            "value": "/subscriptions/1234abcd-3c6d-4347-9019-123456789012/resourceGroups/FSSStorage2"
        },
        "tenantID": {
            "type": "String",
            "value": "753c8097-3abc-4567-1234-123456789012"
        }
        
  3. Add the storage stack to File Storage Security

    • Call List Stacks to retrieve the scanner stack’s stackID.
    • Call Create Stack and include the scanner stack stackID, the storage stack storageStackResourceGroupID, and tenantID output value in the request body.

      The creation of the storage stack will begin.

    • Take note of the stackID in the API response, which is the storage stack’s ID.

    • Call Describe Stack using the storage stack's stackID noted in the previous step, and continue calling until the status in the response body becomes ok.

      You have now added the storage stack.