2018/06/26 - Amazon Inspector - 4 new api methods
Changes Introduce four new APIs to view and preview Exclusions. Exclusions show which intended security checks are excluded from an assessment, along with reasons and recommendations to fix. The APIs are CreateExclusionsPreview, GetExclusionsPreview, ListExclusions, and DescribeExclusions.
List exclusions that are generated by the assessment run.
See also: AWS API Documentation
Request Syntax
client.list_exclusions(
assessmentRunArn='string',
nextToken='string',
maxResults=123
)
string
[REQUIRED]
The ARN of the assessment run that generated the exclusions that you want to list.
string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListExclusionsRequest action. Subsequent calls to the action fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
integer
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 100. The maximum value is 500.
dict
Response Syntax
{
'exclusionArns': [
'string',
],
'nextToken': 'string'
}
Response Structure
(dict) --
exclusionArns (list) --
A list of exclusions' ARNs returned by the action.
(string) --
nextToken (string) --
When a response is generated, if there is more data to be listed, this parameters is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to null.
Starts the generation of an exclusions preview for the specified assessment template. The exclusions preview lists the potential exclusions (ExclusionPreview) that Inspector can detect before it runs the assessment.
See also: AWS API Documentation
Request Syntax
client.create_exclusions_preview(
assessmentTemplateArn='string'
)
string
[REQUIRED]
The ARN that specifies the assessment template for which you want to create an exclusions preview.
dict
Response Syntax
{
'previewToken': 'string'
}
Response Structure
(dict) --
previewToken (string) --
Specifies the unique identifier of the requested exclusions preview. You can use the unique identifier to retrieve the exclusions preview when running the GetExclusionsPreview API.
Retrieves the exclusions preview (a list of ExclusionPreview objects) specified by the preview token. You can obtain the preview token by running the CreateExclusionsPreview API.
See also: AWS API Documentation
Request Syntax
client.get_exclusions_preview(
assessmentTemplateArn='string',
previewToken='string',
nextToken='string',
maxResults=123,
locale='EN_US'
)
string
[REQUIRED]
The ARN that specifies the assessment template for which the exclusions preview was requested.
string
[REQUIRED]
The unique identifier associated of the exclusions preview.
string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the GetExclusionsPreviewRequest action. Subsequent calls to the action fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
integer
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 100. The maximum value is 500.
string
The locale into which you want to translate the exclusion's title, description, and recommendation.
dict
Response Syntax
{
'previewStatus': 'WORK_IN_PROGRESS'|'COMPLETED',
'exclusionPreviews': [
{
'title': 'string',
'description': 'string',
'recommendation': 'string',
'scopes': [
{
'key': 'INSTANCE_ID'|'RULES_PACKAGE_ARN',
'value': 'string'
},
],
'attributes': [
{
'key': 'string',
'value': 'string'
},
]
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
previewStatus (string) --
Specifies the status of the request to generate an exclusions preview.
exclusionPreviews (list) --
Information about the exclusions included in the preview.
(dict) --
Contains information about what is excluded from an assessment run given the current state of the assessment template.
title (string) --
The name of the exclusion preview.
description (string) --
The description of the exclusion preview.
recommendation (string) --
The recommendation for the exclusion preview.
scopes (list) --
The AWS resources for which the exclusion preview pertains.
(dict) --
This data type contains key-value pairs that identify various Amazon resources.
key (string) --
The type of the scope.
value (string) --
The resource identifier for the specified scope type.
attributes (list) --
The system-defined attributes for the exclusion preview.
(dict) --
This data type is used as a request parameter in the AddAttributesToFindings and CreateAssessmentTemplate actions.
key (string) --
The attribute key.
value (string) --
The value assigned to the attribute key.
nextToken (string) --
When a response is generated, if there is more data to be listed, this parameters is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to null.
Describes the exclusions that are specified by the exclusions' ARNs.
See also: AWS API Documentation
Request Syntax
client.describe_exclusions(
exclusionArns=[
'string',
],
locale='EN_US'
)
list
[REQUIRED]
The list of ARNs that specify the exclusions that you want to describe.
(string) --
string
The locale into which you want to translate the exclusion's title, description, and recommendation.
dict
Response Syntax
{
'exclusions': {
'string': {
'arn': 'string',
'title': 'string',
'description': 'string',
'recommendation': 'string',
'scopes': [
{
'key': 'INSTANCE_ID'|'RULES_PACKAGE_ARN',
'value': 'string'
},
],
'attributes': [
{
'key': 'string',
'value': 'string'
},
]
}
},
'failedItems': {
'string': {
'failureCode': 'INVALID_ARN'|'DUPLICATE_ARN'|'ITEM_DOES_NOT_EXIST'|'ACCESS_DENIED'|'LIMIT_EXCEEDED'|'INTERNAL_ERROR',
'retryable': True|False
}
}
}
Response Structure
(dict) --
exclusions (dict) --
Information about the exclusions.
(string) --
(dict) --
Contains information about what was excluded from an assessment run.
arn (string) --
The ARN that specifies the exclusion.
title (string) --
The name of the exclusion.
description (string) --
The description of the exclusion.
recommendation (string) --
The recommendation for the exclusion.
scopes (list) --
The AWS resources for which the exclusion pertains.
(dict) --
This data type contains key-value pairs that identify various Amazon resources.
key (string) --
The type of the scope.
value (string) --
The resource identifier for the specified scope type.
attributes (list) --
The system-defined attributes for the exclusion.
(dict) --
This data type is used as a request parameter in the AddAttributesToFindings and CreateAssessmentTemplate actions.
key (string) --
The attribute key.
value (string) --
The value assigned to the attribute key.
failedItems (dict) --
Exclusion details that cannot be described. An error code is provided for each failed item.
(string) --
(dict) --
Includes details about the failed items.
failureCode (string) --
The status code of a failed item.
retryable (boolean) --
Indicates whether you can immediately retry a request for this item for a specified resource.