AWS CloudFormation

2025/03/27 - AWS CloudFormation - 3 updated api methods

Changes  Adding support for the new parameter "ScanFilters" in the CloudFormation StartResourceScan API. When this parameter is included, the StartResourceScan API will initiate a scan limited to the resource types specified by the parameter.

DescribeResourceScan (updated) Link ¶
Changes (response)
{'ScanFilters': [{'Types': ['string']}]}

Describes details of a resource scan.

See also: AWS API Documentation

Request Syntax

client.describe_resource_scan(
    ResourceScanId='string'
)
type ResourceScanId:

string

param ResourceScanId:

[REQUIRED]

The Amazon Resource Name (ARN) of the resource scan.

rtype:

dict

returns:

Response Syntax

{
    'ResourceScanId': 'string',
    'Status': 'IN_PROGRESS'|'FAILED'|'COMPLETE'|'EXPIRED',
    'StatusReason': 'string',
    'StartTime': datetime(2015, 1, 1),
    'EndTime': datetime(2015, 1, 1),
    'PercentageCompleted': 123.0,
    'ResourceTypes': [
        'string',
    ],
    'ResourcesScanned': 123,
    'ResourcesRead': 123,
    'ScanFilters': [
        {
            'Types': [
                'string',
            ]
        },
    ]
}

Response Structure

  • (dict) --

    • ResourceScanId (string) --

      The Amazon Resource Name (ARN) of the resource scan. The format is arn:${Partition}:cloudformation:${Region}:${Account}:resourceScan/${Id}. An example is ``arn:aws:cloudformation:us-east-1:123456789012:resourceScan/f5b490f7-7ed4-428a-aa06-31ff25db0772 ``.

    • Status (string) --

      Status of the resource scan.

      IN_PROGRESS

      The resource scan is still in progress.

      COMPLETE

      The resource scan is complete.

      EXPIRED

      The resource scan has expired.

      FAILED

      The resource scan has failed.

    • StatusReason (string) --

      The reason for the resource scan status, providing more information if a failure happened.

    • StartTime (datetime) --

      The time that the resource scan was started.

    • EndTime (datetime) --

      The time that the resource scan was finished.

    • PercentageCompleted (float) --

      The percentage of the resource scan that has been completed.

    • ResourceTypes (list) --

      The list of resource types for the specified scan. Resource types are only available for scans with a Status set to COMPLETE or ``FAILED ``.

      • (string) --

    • ResourcesScanned (integer) --

      The number of resources that were listed. This is only available for scans with a Status set to COMPLETE, EXPIRED, or ``FAILED ``.

    • ResourcesRead (integer) --

      The number of resources that were read. This is only available for scans with a Status set to COMPLETE, EXPIRED, or FAILED.

    • ScanFilters (list) --

      The scan filters that were used.

      • (dict) --

        A filter that is used to specify which resource types to scan.

        • Types (list) --

          An array of strings where each string represents an Amazon Web Services resource type you want to scan. Each string defines the resource type using the format AWS::ServiceName::ResourceType, for example, AWS::DynamoDB::Table. For the full list of supported resource types, see the Resource type support table in the CloudFormation User Guide.

          To scan all resource types within a service, you can use a wildcard, represented by an asterisk ( *). You can place a asterisk at only the end of the string, for example, AWS::S3::*.

          • (string) --

ListResourceScans (updated) Link ¶
Changes (request, response)
Request
{'ScanTypeFilter': 'FULL | PARTIAL'}
Response
{'ResourceScanSummaries': {'ScanType': 'FULL | PARTIAL'}}

List the resource scans from newest to oldest. By default it will return up to 10 resource scans.

See also: AWS API Documentation

Request Syntax

client.list_resource_scans(
    NextToken='string',
    MaxResults=123,
    ScanTypeFilter='FULL'|'PARTIAL'
)
type NextToken:

string

param NextToken:

A string that identifies the next page of resource scan results.

type MaxResults:

integer

param MaxResults:

If the number of available results exceeds this maximum, the response includes a NextToken value that you can use for the NextToken parameter to get the next set of results. The default value is 10. The maximum value is 100.

type ScanTypeFilter:

string

param ScanTypeFilter:

The scan type that you want to get summary information about. The default is FULL.

rtype:

dict

returns:

Response Syntax

{
    'ResourceScanSummaries': [
        {
            'ResourceScanId': 'string',
            'Status': 'IN_PROGRESS'|'FAILED'|'COMPLETE'|'EXPIRED',
            'StatusReason': 'string',
            'StartTime': datetime(2015, 1, 1),
            'EndTime': datetime(2015, 1, 1),
            'PercentageCompleted': 123.0,
            'ScanType': 'FULL'|'PARTIAL'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • ResourceScanSummaries (list) --

      The list of scans returned.

      • (dict) --

        A summary of the resource scan. This is returned by the ListResourceScan API action.

        • ResourceScanId (string) --

          The Amazon Resource Name (ARN) of the resource scan.

        • Status (string) --

          Status of the resource scan.

          IN_PROGRESS

          The resource scan is still in progress.

          COMPLETE

          The resource scan is complete.

          EXPIRED

          The resource scan has expired.

          FAILED

          The resource scan has failed.

        • StatusReason (string) --

          The reason for the resource scan status, providing more information if a failure happened.

        • StartTime (datetime) --

          The time that the resource scan was started.

        • EndTime (datetime) --

          The time that the resource scan was finished.

        • PercentageCompleted (float) --

          The percentage of the resource scan that has been completed.

        • ScanType (string) --

          The scan type that has been completed.

    • NextToken (string) --

      If the request doesn't return all the remaining results, NextToken is set to a token. To retrieve the next set of results, call ListResourceScans again and use that value for the NextToken parameter. If the request returns all results, NextToken is set to an empty string.

StartResourceScan (updated) Link ¶
Changes (request)
{'ScanFilters': [{'Types': ['string']}]}

Starts a scan of the resources in this account in this Region. You can the status of a scan using the ListResourceScans API action.

See also: AWS API Documentation

Request Syntax

client.start_resource_scan(
    ClientRequestToken='string',
    ScanFilters=[
        {
            'Types': [
                'string',
            ]
        },
    ]
)
type ClientRequestToken:

string

param ClientRequestToken:

A unique identifier for this StartResourceScan request. Specify this token if you plan to retry requests so that CloudFormation knows that you're not attempting to start a new resource scan.

type ScanFilters:

list

param ScanFilters:

The scan filters to use.

  • (dict) --

    A filter that is used to specify which resource types to scan.

    • Types (list) --

      An array of strings where each string represents an Amazon Web Services resource type you want to scan. Each string defines the resource type using the format AWS::ServiceName::ResourceType, for example, AWS::DynamoDB::Table. For the full list of supported resource types, see the Resource type support table in the CloudFormation User Guide.

      To scan all resource types within a service, you can use a wildcard, represented by an asterisk ( *). You can place a asterisk at only the end of the string, for example, AWS::S3::*.

      • (string) --

rtype:

dict

returns:

Response Syntax

{
    'ResourceScanId': 'string'
}

Response Structure

  • (dict) --

    • ResourceScanId (string) --

      The Amazon Resource Name (ARN) of the resource scan. The format is arn:${Partition}:cloudformation:${Region}:${Account}:resourceScan/${Id}. An example is ``arn:aws:cloudformation:us-east-1:123456789012:resourceScan/f5b490f7-7ed4-428a-aa06-31ff25db0772 ``.