Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Prerequisites

To onboard a new AWS environment into Data Theorem using the API, you will need the following information:

Instructions on how to create the AWS ARN and the external ID are available in the following article at Cloud Integration: On-board AWS.

Onboarding an AWS environment via API

Using the command line

The API endpoint to onboard a new cloud environment is available at https://api.securetheorem.com/apis/api_security/results/v1beta1/cloud_authenticators.

The following sample curl request shows how to call this API to onboard an AWS environment:

$ curl -X POST -H "Content-Type: application/json" -H "Authorization: APIKey YOUR_API_KEY" \ 
https://api.securetheorem.com/apis/api_security/results/v1beta1/cloud_authenticators \
-d '{"cloud_authenticator_type": 3, \
"aws_credential": {"role_arn": "REPLACE WITH YOUR ROLE ARN", \
"external_id": "REPLACE WITH YOUR EXTERNAL ID"}}'

Look at https://bitbucket.org/datatheorem/dt-api-security-results/src/fb50aaca1fcb7e13b64f7368b890d4b56285d975/dt_api_security_results/models/cloud_authenticators.py#lines-11 to find the cloud_authenticator_type's value and the credential’s data structure that needed to call this API.

Using our Python library

In dt-api-security-results, a sample script to onboard an AWS environment is available here:

""" Example script showing how to onboard an AWS environment.
"""
import logging

from dt_api_security_results.client import ApiSecurityResultsClient
from dt_api_security_results.messages import CloudAuthenticatorCreateRequest
from dt_api_security_results.models.cloud_authenticators import AwsAuthenticator, CloudAuthenticatorTypesEnum

# TODO: Replace these values
API_KEY = "MDAwMDAwMDAwMDAwMDAwMA=="
ROLE_ARN = "arn:aws:iam::12345678:role/DataTheoremAccess"
EXTERNAL_ID = "z96hmxdd96fm37sfeyavnbmu4pz510qx"

logging.basicConfig(level=logging.INFO, format="%(asctime)s %(levelname)s %(message)s")

if __name__ == "__main__":
    client = ApiSecurityResultsClient(api_key=API_KEY, base_url="https://dev-horizon.appspot.com/customer/beta")

    request = CloudAuthenticatorCreateRequest(
        cloud_authenticator_type=CloudAuthenticatorTypesEnum.AMAZON_WEB_SERVICES,
        aws_credential=AwsAuthenticator(role_arn=ROLE_ARN, external_id=EXTERNAL_ID),
    )
    try:
        response = client.cloud_authenticator_create(authenticator_request=request)
    except Exception:
        logging.exception("An error occurred.")
    else:
        logging.info(f"Successfully added cloud authenticator: {response.json()}")
    logging.info("All done.")
  • No labels