DocumentationAPI ExplorerRecipesCommunityChangelogRSSSubscribe
Changelog
Back to All
added

Cloud Security: New Cloud Account Management Endpoints

over 1 year ago by Lance Duvall

New endpoints have been added to the Tenable Cloud Security API to allow customers to onboard and manage their cloud accounts. You can now onboard Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) accounts and assign them to projects via the API.

The new endpoints are described in the following table:

EndpointNameDescription
POST /cns/api/v1/account/createCreate cloud accountCreates a cloud account.
POST /cns/api/v1/account/fetchList cloud accountsReturns a list of cloud accounts.
POST /cns/api/v1/account/configureConfigure accountsAssigns the specified accounts to the specified project. This endpoint can also be used to update existing cloud accounts.
POST /cns/api/v1/account/updateUpdate cloud accountUpdates the specified cloud accounts.

Example: Onboarding an AWS Account

For example, to onboard an AWS account, you could use the following cURL request:

curl --request POST \
     --url https://cloud.tenable.com/cns/api/v1/account/create \
     --header 'accept: application/json' \
     --header 'authorization: Bearer <YOUR_BEARER_TOKEN>' \
     --header 'content-type: application/json' \
     --data '
[
  {
    "provider": "aws",
    "credential": {
      "external_id": "<AWS_EXTERNAL_ID>",
      "role_arn": "<AWS_READ_ONLY_ROLE_ARN>"
    },
    "name": "Example Account",
    "email": "[email protected]",
    "managementGroup": "uv5dh"
  }
]
'

Example: Assigning Multiple Cloud Accounts to a Project

You can assign multiple cloud accounts to a project by specifying the project ID and the account IDs you want to add to the project. The account IDs are specified in an array of objects within the accounts object.

For example, to assign an AWS account with an ID of df48d5f4-3d59-4886-811a-ab2001c74fe1 and an Azure account with an ID of 57ac086e-6f8b-41f0-95ba-e273094116a4 to a project with an ID of 1855a6a6-b9a4-4ae4-929d-2d06fc62a5d1, you could use the following cURL request:

📘

Note

The associated credentials for each cloud account must be specified along with the account ID.

curl --request PUT \
     --url https://cloud.tenable.com/cns/api/v1/account/update \
     --header 'accept: application/json' \
     --header 'authorization: Bearer <YOUR_BEARER_TOKEN>' \
     --header 'content-type: application/json'
     --data '
[
  {
    "project_id": "1855a6a6-b9a4-4ae4-929d-2d06fc62a5d1",
    "accounts": [
      {
        "id": "df48d5f4-3d59-4886-811a-ab2001c74fe1",
        "credential": {
          "externalId": "<AWS_EXTERNAL_ID>",
          "rolearn": "<AWS_READ_ONLY_ROLE_ARN>"
        }
      },
      {
        "id": "57ac086e-6f8b-41f0-95ba-e273094116a4",
        "credential": {
          "client_id": "<AZURE_CLIENT_ID>",
          "client_secret": "<AZURE_CLIENT_SECRET>",
          "tenant_id": "<AZURE_TENANT_ID>",
          "subscription_id": "<AZURE_SUBSCRIPTION_ID>"
        }
      }
    ]
  }
]
'