Cloud Security: New Cloud Account Management Endpoints
New endpoints have been added to the Tenable Cloud Security API to allow customers to onboard and manage their cloud accounts. You can now onboard Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) accounts and assign them to projects via the API.
The new endpoints are described in the following table:
| Endpoint | Name | Description |
|---|---|---|
| POST /cns/api/v1/account/create | Create cloud account | Creates a cloud account. |
| POST /cns/api/v1/account/fetch | List cloud accounts | Returns a list of cloud accounts. |
| POST /cns/api/v1/account/configure | Configure accounts | Assigns the specified accounts to the specified project. This endpoint can also be used to update existing cloud accounts. |
| POST /cns/api/v1/account/update | Update cloud account | Updates the specified cloud accounts. |
Example: Onboarding an AWS Account
For example, to onboard an AWS account, you could use the following cURL request:
curl --request POST \
--url https://cloud.tenable.com/cns/api/v1/account/create \
--header 'accept: application/json' \
--header 'authorization: Bearer <YOUR_BEARER_TOKEN>' \
--header 'content-type: application/json' \
--data '
[
{
"provider": "aws",
"credential": {
"external_id": "<AWS_EXTERNAL_ID>",
"role_arn": "<AWS_READ_ONLY_ROLE_ARN>"
},
"name": "Example Account",
"email": "[email protected]",
"managementGroup": "uv5dh"
}
]
'
Example: Assigning Multiple Cloud Accounts to a Project
You can assign multiple cloud accounts to a project by specifying the project ID and the account IDs you want to add to the project. The account IDs are specified in an array of objects within the accounts object.
For example, to assign an AWS account with an ID of df48d5f4-3d59-4886-811a-ab2001c74fe1 and an Azure account with an ID of 57ac086e-6f8b-41f0-95ba-e273094116a4 to a project with an ID of 1855a6a6-b9a4-4ae4-929d-2d06fc62a5d1, you could use the following cURL request:
Note
The associated credentials for each cloud account must be specified along with the account ID.
curl --request PUT \
--url https://cloud.tenable.com/cns/api/v1/account/update \
--header 'accept: application/json' \
--header 'authorization: Bearer <YOUR_BEARER_TOKEN>' \
--header 'content-type: application/json'
--data '
[
{
"project_id": "1855a6a6-b9a4-4ae4-929d-2d06fc62a5d1",
"accounts": [
{
"id": "df48d5f4-3d59-4886-811a-ab2001c74fe1",
"credential": {
"externalId": "<AWS_EXTERNAL_ID>",
"rolearn": "<AWS_READ_ONLY_ROLE_ARN>"
}
},
{
"id": "57ac086e-6f8b-41f0-95ba-e273094116a4",
"credential": {
"client_id": "<AZURE_CLIENT_ID>",
"client_secret": "<AZURE_CLIENT_SECRET>",
"tenant_id": "<AZURE_TENANT_ID>",
"subscription_id": "<AZURE_SUBSCRIPTION_ID>"
}
}
]
}
]
'