2016/03/29 - Amazon Inspector - 32 new api methods
Registers the IAM role that Inspector uses to list your EC2 instances at the start of the assessment run or when you call the PreviewAgents action.
Request Syntax
client.register_cross_account_access_role( roleArn='string' )
string
[REQUIRED]
The ARN of the IAM role that Inspector uses to list your EC2 instances during the assessment run or when you call the PreviewAgents action.
None
Describes the assessment run(s) specified by the assessment run ARN(s).
Request Syntax
client.describe_assessment_runs( assessmentRunArns=[ 'string', ] )
list
[REQUIRED]
The ARN(s) specifying the assessment run(s) that you want to describe.
(string) --
dict
Response Syntax
{ 'assessmentRuns': [ { 'arn': 'string', 'name': 'string', 'assessmentTemplateArn': 'string', 'state': 'CREATED'|'START_DATA_COLLECTION_PENDING'|'START_DATA_COLLECTION_IN_PROGRESS'|'COLLECTING_DATA'|'STOP_DATA_COLLECTION_PENDING'|'DATA_COLLECTED'|'EVALUATING_RULES'|'FAILED'|'COMPLETED'|'COMPLETED_WITH_ERRORS', 'durationInSeconds': 123, 'rulesPackageArns': [ 'string', ], 'userAttributesForFindings': [ { 'key': 'string', 'value': 'string' }, ], 'createdAt': datetime(2015, 1, 1), 'startedAt': datetime(2015, 1, 1), 'completedAt': datetime(2015, 1, 1), 'stateChangedAt': datetime(2015, 1, 1), 'dataCollected': True|False, 'stateChanges': [ { 'stateChangedAt': datetime(2015, 1, 1), 'state': 'CREATED'|'START_DATA_COLLECTION_PENDING'|'START_DATA_COLLECTION_IN_PROGRESS'|'COLLECTING_DATA'|'STOP_DATA_COLLECTION_PENDING'|'DATA_COLLECTED'|'EVALUATING_RULES'|'FAILED'|'COMPLETED'|'COMPLETED_WITH_ERRORS' }, ], 'notifications': [ { 'date': datetime(2015, 1, 1), 'event': 'ASSESSMENT_RUN_STARTED'|'ASSESSMENT_RUN_COMPLETED'|'ASSESSMENT_RUN_STATE_CHANGED'|'FINDING_REPORTED'|'OTHER', 'message': 'string', 'error': True|False, 'snsTopicArn': 'string', 'snsPublishStatusCode': 'SUCCESS'|'TOPIC_DOES_NOT_EXIST'|'ACCESS_DENIED'|'INTERNAL_ERROR' }, ] }, ], 'failedItems': { 'string': { 'failureCode': 'INVALID_ARN'|'DUPLICATE_ARN'|'ITEM_DOES_NOT_EXIST'|'ACCESS_DENIED'|'LIMIT_EXCEEDED'|'INTERNAL_ERROR', 'retryable': True|False } } }
Response Structure
(dict) --
assessmentRuns (list) --
Information about the assessment run(s).
(dict) --
A snapshot of an Inspector assessment run that contains the assessment run's findings.
This data type is used as the response element in the DescribeAssessmentRuns action.
arn (string) --
The ARN of the assessment run.
name (string) --
The auto-generated name for the assessment run.
assessmentTemplateArn (string) --
The ARN of the assessment template that is associated with the assessment run.
state (string) --
The state of the assessment run.
durationInSeconds (integer) --
The duration of the assessment run.
rulesPackageArns (list) --
Rules packages selected for the assessment run.
(string) --
userAttributesForFindings (list) --
The user-defined attributes that are assigned to every generated finding.
(dict) --
This data type is used as a request parameter in the AddAttributesToFindings and CreateAssessmentTemplate actions.
key (string) --
The attribute key.
value (string) --
The value assigned to the attribute key.
createdAt (datetime) --
The time when StartAssessmentRun API was called.
startedAt (datetime) --
The time when StartAssessmentRun API was called.
completedAt (datetime) --
Assessment run completion time that corresponds to the rules packages evaluation completion time or failure.
stateChangedAt (datetime) --
The last time when the assessment run's state changed.
dataCollected (boolean) --
Boolean value (true or false) specifying whether the process of collecting data from the agents is completed.
stateChanges (list) --
A list of the assessment run state changes.
(dict) --
This data type is used as one of the elements of the AssessmentRun data type.
stateChangedAt (datetime) --
The last time the assessment run state changed.
state (string) --
The assessment run state.
notifications (list) --
A list of notifications for the event subscriptions. A notification about a particular generated finding is only added to this list once.
(dict) --
This data type is used as one of the elements of the AssessmentRun data type.
date (datetime) --
The date of the notification.
event (string) --
The event for which a notification is sent.
message (string) --
error (boolean) --
The Boolean value that specifies whether the notification represents an error.
snsTopicArn (string) --
The SNS topic to which the SNS notification is sent.
snsPublishStatusCode (string) --
The status code of the SNS notification.
failedItems (dict) --
Assessment run details that cannot be described. An error code is provided for each failed item.
(string) --
(dict) --
Includes details about the failed items.
failureCode (string) --
The status code of a failed item.
retryable (boolean) --
Indicates whether you can immediately retry a request for this item for a specified resource.
Lists all available Inspector rules packages.
Request Syntax
client.list_rules_packages( nextToken='string', maxResults=123 )
string
You can use this parameter when paginating results. Set the value of this parameter to 'null' on your first call to the ListRulesPackages action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from previous response to continue listing data.
integer
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 10. The maximum value is 500.
dict
Response Syntax
{ 'rulesPackageArns': [ 'string', ], 'nextToken': 'string' }
Response Structure
(dict) --
rulesPackageArns (list) --
The list of ARNs specifying the rules packages returned by the action.
(string) --
nextToken (string) --
When a response is generated, if there is more data to be listed, this parameter is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to 'null'.
Lists the assessments run corresponding to assessment template(s) specified by the assessment template(s)' ARN(s).
Request Syntax
client.list_assessment_runs( assessmentTemplateArns=[ 'string', ], filter={ 'namePattern': 'string', 'states': [ 'CREATED'|'START_DATA_COLLECTION_PENDING'|'START_DATA_COLLECTION_IN_PROGRESS'|'COLLECTING_DATA'|'STOP_DATA_COLLECTION_PENDING'|'DATA_COLLECTED'|'EVALUATING_RULES'|'FAILED'|'COMPLETED'|'COMPLETED_WITH_ERRORS', ], 'durationRange': { 'minSeconds': 123, 'maxSeconds': 123 }, 'rulesPackageArns': [ 'string', ], 'startTimeRange': { 'beginDate': datetime(2015, 1, 1), 'endDate': datetime(2015, 1, 1) }, 'completionTimeRange': { 'beginDate': datetime(2015, 1, 1), 'endDate': datetime(2015, 1, 1) }, 'stateChangeTimeRange': { 'beginDate': datetime(2015, 1, 1), 'endDate': datetime(2015, 1, 1) } }, nextToken='string', maxResults=123 )
list
ARN(s) specifying the assessment template(s) whose assessment run(s) you want to list.
(string) --
dict
You can use this parameter to specify a subset of data to be included in the action's response.
For a record to match a filter, all specified filter attributes must match. When multiple values are specified for a filter attribute, any of the values can match.
namePattern (string) --
For a record to match a filter, an explicit value or a string containing a wildcard specified for this data type property must match the value of the assessmentRunName property of the AssessmentRun data type.
states (list) --
For a record to match a filter, one of the values specified for this data type property must be the exact match of the value of the assessmentRunState property of the AssessmentRun data type.
(string) --
durationRange (dict) --
For a record to match a filter, the value specified for this data type property must inclusively match any value between the specified minimum and maximum values of the durationInSeconds property of the AssessmentRun data type.
minSeconds (integer) --
The minimum value of the duration range. Must be greater than zero.
maxSeconds (integer) --
The maximum value of the duration range. Must be less than or equal to 604800 seconds (1 week).
rulesPackageArns (list) --
For a record to match a filter, the value specified for this data type property must be contained in the list of values of the rulesPackages property of the AssessmentRun data type.
(string) --
startTimeRange (dict) --
For a record to match a filter, the value specified for this data type property must inclusively match any value between the specified minimum and maximum values of the startTime property of the AssessmentRun data type.
beginDate (datetime) --
The minimum value of the timestamp range.
endDate (datetime) --
The maximum value of the timestamp range.
completionTimeRange (dict) --
For a record to match a filter, the value specified for this data type property must inclusively match any value between the specified minimum and maximum values of the completedAt property of the AssessmentRun data type.
beginDate (datetime) --
The minimum value of the timestamp range.
endDate (datetime) --
The maximum value of the timestamp range.
stateChangeTimeRange (dict) --
For a record to match a filter, the value specified for this data type property must match the stateChangedAt property of the AssessmentRun data type.
beginDate (datetime) --
The minimum value of the timestamp range.
endDate (datetime) --
The maximum value of the timestamp range.
string
You can use this parameter when paginating results. Set the value of this parameter to 'null' on your first call to the ListAssessmentRuns action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from previous response to continue listing data.
integer
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 10. The maximum value is 500.
dict
Response Syntax
{ 'assessmentRunArns': [ 'string', ], 'nextToken': 'string' }
Response Structure
(dict) --
assessmentRunArns (list) --
A list of ARNs specifying the assessment run(s) returned by the action.
(string) --
nextToken (string) --
When a response is generated, if there is more data to be listed, this parameter is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to 'null'.
Sets tags (key and value pairs) to the assessment template specified by the assessment template ARN.
Request Syntax
client.set_tags_for_resource( resourceArn='string', tags=[ { 'key': 'string', 'value': 'string' }, ] )
string
[REQUIRED]
The ARN of the assessment template that you want to set tags to.
list
A collection of key and value pairs that you want to set to the assessment template.
(dict) --
A key and value pair. This data type is used as a request parameter in the SetTagsForResource action and a response element in the ListTagsForResource action.
key (string) -- [REQUIRED]
A tag key.
value (string) --
A value assigned to a tag key.
None
Describes the assessment template(s) specified by the assessment template(s) ARN(s).
Request Syntax
client.describe_assessment_templates( assessmentTemplateArns=[ 'string', ] )
list
[REQUIRED]
The ARN(s) specifying the assessment template(s) that you want to describe.
(string) --
dict
Response Syntax
{ 'assessmentTemplates': [ { 'arn': 'string', 'name': 'string', 'assessmentTargetArn': 'string', 'durationInSeconds': 123, 'rulesPackageArns': [ 'string', ], 'userAttributesForFindings': [ { 'key': 'string', 'value': 'string' }, ], 'createdAt': datetime(2015, 1, 1) }, ], 'failedItems': { 'string': { 'failureCode': 'INVALID_ARN'|'DUPLICATE_ARN'|'ITEM_DOES_NOT_EXIST'|'ACCESS_DENIED'|'LIMIT_EXCEEDED'|'INTERNAL_ERROR', 'retryable': True|False } } }
Response Structure
(dict) --
assessmentTemplates (list) --
Information about the assessment template(s).
(dict) --
Contains information about an Inspector assessment template. This data type is used as the response element in the DescribeAssessmentTemplates action.
arn (string) --
The ARN of the assessment template.
name (string) --
The name of the assessment template.
assessmentTargetArn (string) --
The ARN of the assessment target that corresponds to this assessment template.
durationInSeconds (integer) --
The duration in seconds specified for this assessment tempate. The default value is 3600 seconds (one hour). The maximum value is 86400 seconds (one day).
rulesPackageArns (list) --
Rules packages specified for this assessment template.
(string) --
userAttributesForFindings (list) --
The user-defined attributes that are assigned to every generated finding from the assessment run that uses this assessment template.
(dict) --
This data type is used as a request parameter in the AddAttributesToFindings and CreateAssessmentTemplate actions.
key (string) --
The attribute key.
value (string) --
The value assigned to the attribute key.
createdAt (datetime) --
The time at which the assessment template is created.
failedItems (dict) --
Assessment template details that cannot be described. An error code is provided for each failed item.
(string) --
(dict) --
Includes details about the failed items.
failureCode (string) --
The status code of a failed item.
retryable (boolean) --
Indicates whether you can immediately retry a request for this item for a specified resource.
Deletes the assessment run specified by the assessment run ARN.
Request Syntax
client.delete_assessment_run( assessmentRunArn='string' )
string
[REQUIRED]
The ARN specifying the assessment run that you want to delete.
None
Describes the IAM role that enables Inspector to access your AWS account.
Request Syntax
client.describe_cross_account_access_role()
dict
Response Syntax
{ 'roleArn': 'string', 'valid': True|False, 'registeredAt': datetime(2015, 1, 1) }
Response Structure
(dict) --
roleArn (string) --
The ARN specifying the IAM role that Inspector uses to access your AWS account.
valid (boolean) --
A Boolean value that specifies whether the IAM role has the necessary policies attached to enable Inspector to access your AWS account.
registeredAt (datetime) --
The date when the cross account access role was registered.
Lists all the event subscriptions for the assessment template specified by the assessment template ARN. For more information, see SubscribeToEvent and UnsubscribeFromEvent.
Request Syntax
client.list_event_subscriptions( resourceArn='string', nextToken='string', maxResults=123 )
string
The ARN of the assessment template for which you want to list the existing event subscriptions.
string
You can use this parameter when paginating results. Set the value of this parameter to 'null' on your first call to the ListEventSubscriptions action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from previous response to continue listing data.
integer
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 10. The maximum value is 500.
dict
Response Syntax
{ 'subscriptions': [ { 'resourceArn': 'string', 'topicArn': 'string', 'eventSubscriptions': [ { 'event': 'ASSESSMENT_RUN_STARTED'|'ASSESSMENT_RUN_COMPLETED'|'ASSESSMENT_RUN_STATE_CHANGED'|'FINDING_REPORTED'|'OTHER', 'subscribedAt': datetime(2015, 1, 1) }, ] }, ], 'nextToken': 'string' }
Response Structure
(dict) --
subscriptions (list) --
Details of the returned event subscriptions.
(dict) --
This data type is used as a response element in the ListEventSubscriptions action.
resourceArn (string) --
The ARN of the assessment template that is used during the event for which the SNS notification is sent.
topicArn (string) --
The ARN of the Amazon Simple Notification Service (SNS) topic to which the SNS notifications are sent.
eventSubscriptions (list) --
The list of existing event subscriptions.
(dict) --
This data type is used in the Subscription data type.
event (string) --
The event for which Amazon Simple Notification Service (SNS) notifications are sent.
subscribedAt (datetime) --
The time at which the SubscribeToEvent API is called.
nextToken (string) --
When a response is generated, if there is more data to be listed, this parameter is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to 'null'.
Lists the ARN(s) of the assessment target(s) within this AWS account. For more information about assessment targets, see Amazon Inspector Assessment Targets.
Request Syntax
client.list_assessment_targets( filter={ 'assessmentTargetNamePattern': 'string' }, nextToken='string', maxResults=123 )
dict
You can use this parameter to specify a subset of data to be included in the action's response.
For a record to match a filter, all specified filter attributes must match. When multiple values are specified for a filter attribute, any of the values can match.
assessmentTargetNamePattern (string) --
For a record to match a filter, an explicit value or a string containing a wildcard specified for this data type property must match the value of the assessmentTargetName property of the AssessmentTarget data type.
string
You can use this parameter when paginating results. Set the value of this parameter to 'null' on your first call to the ListAssessmentTargets action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from previous response to continue listing data.
integer
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 10. The maximum value is 500.
dict
Response Syntax
{ 'assessmentTargetArns': [ 'string', ], 'nextToken': 'string' }
Response Structure
(dict) --
assessmentTargetArns (list) --
A list of ARNs specifying the assessment targets returned by the action.
(string) --
nextToken (string) --
When a response is generated, if there is more data to be listed, this parameter is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to 'null'.
Creates a new assessment target using the resource group ARN generated by CreateResourceGroup. You can create up to 50 assessment targets per AWS account. You can run up to 500 concurrent agents per AWS account. For more information, see Amazon Inspector Assessment Targets.
Request Syntax
client.create_assessment_target( assessmentTargetName='string', resourceGroupArn='string' )
string
[REQUIRED]
The user-defined name identifying the assessment target that you want to create. The name must be unique within the AWS account.
string
[REQUIRED]
The ARN specifying the resource group that is used to create the assessment target.
dict
Response Syntax
{ 'assessmentTargetArn': 'string' }
Response Structure
(dict) --
assessmentTargetArn (string) --
The ARN specifying the assessment target that is created.
Deletes the assessment target specified by the assessment target ARN.
Request Syntax
client.delete_assessment_target( assessmentTargetArn='string' )
string
[REQUIRED]
The ARN specifying the assessment target that you want to delete.
None
Lists the agents of the assessment run specified by the assessment run ARN.
Request Syntax
client.list_assessment_run_agents( assessmentRunArn='string', filter={ 'agentHealths': [ 'HEALTHY'|'UNHEALTHY', ], 'agentHealthCodes': [ 'IDLE'|'RUNNING'|'SHUTDOWN'|'UNHEALTHY'|'THROTTLED'|'UNKNOWN', ] }, nextToken='string', maxResults=123 )
string
[REQUIRED]
The ARN specifying the assessment run whose agents you want to list.
dict
You can use this parameter to specify a subset of data to be included in the action's response.
For a record to match a filter, all specified filter attributes must match. When multiple values are specified for a filter attribute, any of the values can match.
agentHealths (list) -- [REQUIRED]
The current health state of the agent. Values can be set to HEALTHY or UNHEALTHY.
(string) --
agentHealthCodes (list) -- [REQUIRED]
The detailed health state of the agent. Values can be set to IDLE, RUNNING, SHUTDOWN, UNHEALTHY, THROTTLED, and UNKNOWN.
(string) --
string
You can use this parameter when paginating results. Set the value of this parameter to 'null' on your first call to the ListAssessmentRunAgents action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from previous response to continue listing data.
integer
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 10. The maximum value is 500.
dict
Response Syntax
{ 'assessmentRunAgents': [ { 'agentId': 'string', 'assessmentRunArn': 'string', 'agentHealth': 'HEALTHY'|'UNHEALTHY', 'agentHealthCode': 'IDLE'|'RUNNING'|'SHUTDOWN'|'UNHEALTHY'|'THROTTLED'|'UNKNOWN', 'agentHealthDetails': 'string', 'autoScalingGroup': 'string', 'telemetryMetadata': [ { 'messageType': 'string', 'count': 123, 'dataSize': 123 }, ] }, ], 'nextToken': 'string' }
Response Structure
(dict) --
assessmentRunAgents (list) --
A list of ARNs specifying the agents returned by the action.
(dict) --
Contains information about an Inspector agent. This data type is used as a response element in the ListAssessmentRunAgents action.
agentId (string) --
AWS account of the EC2 instance where the agent is installed.
assessmentRunArn (string) --
The ARN of the assessment run that is associated with the agent.
agentHealth (string) --
The current health state of the agent.
agentHealthCode (string) --
The detailed health state of the agent.
agentHealthDetails (string) --
The description for the agent health code.
autoScalingGroup (string) --
The auto-scaling group of the EC2 instance specified by the agent ID.
telemetryMetadata (list) --
The Inspector application data metrics collected by the agent.
(dict) --
The metadata about the Inspector application data metrics collected by the agent. This data type is used as the response element in the GetTelemetryMetadata action.
messageType (string) --
A specific type of behavioral data that is collected by the agent.
count (integer) --
The count of messages that the agent sends to the Inspector service.
dataSize (integer) --
The data size of messages that the agent sends to the Inspector service.
nextToken (string) --
When a response is generated, if there is more data to be listed, this parameter is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to 'null'.
Deletes the assessment template specified by the assessment template ARN.
Request Syntax
client.delete_assessment_template( assessmentTemplateArn='string' )
string
[REQUIRED]
The ARN specifying the assessment template that you want to delete.
None
Describes the assessment target(s) specified by the assessment target ARN(s).
Request Syntax
client.describe_assessment_targets( assessmentTargetArns=[ 'string', ] )
list
[REQUIRED]
The ARN(s) specifying the assessment target(s) that you want to describe.
(string) --
dict
Response Syntax
{ 'assessmentTargets': [ { 'arn': 'string', 'name': 'string', 'resourceGroupArn': 'string', 'createdAt': datetime(2015, 1, 1), 'updatedAt': datetime(2015, 1, 1) }, ], 'failedItems': { 'string': { 'failureCode': 'INVALID_ARN'|'DUPLICATE_ARN'|'ITEM_DOES_NOT_EXIST'|'ACCESS_DENIED'|'LIMIT_EXCEEDED'|'INTERNAL_ERROR', 'retryable': True|False } } }
Response Structure
(dict) --
assessmentTargets (list) --
Information about the assessment target(s).
(dict) --
Contains information about an Inspector application. This data type is used as the response element in the DescribeAssessmentTargets action.
arn (string) --
The ARN specifying the Inspector assessment target.
name (string) --
The name of the Inspector assessment target.
resourceGroupArn (string) --
The ARN specifying the resource group that is associated with the assessment target.
createdAt (datetime) --
The time at which the assessment target is created.
updatedAt (datetime) --
The time at which UpdateAssessmentTarget API is called.
failedItems (dict) --
Assessment target details that cannot be described. An error code is provided for each failed item.
(string) --
(dict) --
Includes details about the failed items.
failureCode (string) --
The status code of a failed item.
retryable (boolean) --
Indicates whether you can immediately retry a request for this item for a specified resource.
Removes entire attributes (key and value pairs) from the findings specified by the finding ARNs where an attribute with the specified key exists.
Request Syntax
client.remove_attributes_from_findings( findingArns=[ 'string', ], attributeKeys=[ 'string', ] )
list
[REQUIRED]
The ARNs specifying the findings that you want to remove attributes from.
(string) --
list
[REQUIRED]
The array of attribute keys that you want to remove from specified findings.
(string) --
dict
Response Syntax
{ 'failedItems': { 'string': { 'failureCode': 'INVALID_ARN'|'DUPLICATE_ARN'|'ITEM_DOES_NOT_EXIST'|'ACCESS_DENIED'|'LIMIT_EXCEEDED'|'INTERNAL_ERROR', 'retryable': True|False } } }
Response Structure
(dict) --
failedItems (dict) --
Attributes details that cannot be described. An error code is provided for each failed item.
(string) --
(dict) --
Includes details about the failed items.
failureCode (string) --
The status code of a failed item.
retryable (boolean) --
Indicates whether you can immediately retry a request for this item for a specified resource.
Creates an assessment template for the assessment target specified by the assessment target ARN.
Request Syntax
client.create_assessment_template( assessmentTargetArn='string', assessmentTemplateName='string', durationInSeconds=123, rulesPackageArns=[ 'string', ], userAttributesForFindings=[ { 'key': 'string', 'value': 'string' }, ] )
string
[REQUIRED]
The ARN specifying the assessment target for which you want to create the assessment template.
string
[REQUIRED]
The user-defined name identifying the assessment template that you want to create. You can create several assessment templates for an assessment target. The names of the assessment templates corresponding to a particular assessment target must be unique.
integer
[REQUIRED]
The duration of the assessment run in seconds. The default value is 3600 seconds (one hour).
list
[REQUIRED]
The ARNs specifying the rules packages that you want to attach to the assessment template.
(string) --
list
The user-defined attributes that are assigned to every finding generated by the assessment run that uses this assessment template.
(dict) --
This data type is used as a request parameter in the AddAttributesToFindings and CreateAssessmentTemplate actions.
key (string) -- [REQUIRED]
The attribute key.
value (string) --
The value assigned to the attribute key.
dict
Response Syntax
{ 'assessmentTemplateArn': 'string' }
Response Structure
(dict) --
assessmentTemplateArn (string) --
The ARN specifying the assessment template that is created.
Disables the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified topic.
Request Syntax
client.unsubscribe_from_event( resourceArn='string', event='ASSESSMENT_RUN_STARTED'|'ASSESSMENT_RUN_COMPLETED'|'ASSESSMENT_RUN_STATE_CHANGED'|'FINDING_REPORTED'|'OTHER', topicArn='string' )
string
[REQUIRED]
The ARN of the assessment template used during the event for which you want to stop recieving SNS notifications.
string
[REQUIRED]
The event for which you want to stop receiving SNS notifications.
string
[REQUIRED]
The ARN of the SNS topic to which SNS notifications are sent.
None
Assigns attributes (key and value pair) to the findings specified by the findings' ARNs.
Request Syntax
client.add_attributes_to_findings( findingArns=[ 'string', ], attributes=[ { 'key': 'string', 'value': 'string' }, ] )
list
[REQUIRED]
The ARNs specifying the findings that you want to assign attributes to.
(string) --
list
[REQUIRED]
The array of attributes that you want to assign to specified findings.
(dict) --
This data type is used as a request parameter in the AddAttributesToFindings and CreateAssessmentTemplate actions.
key (string) -- [REQUIRED]
The attribute key.
value (string) --
The value assigned to the attribute key.
dict
Response Syntax
{ 'failedItems': { 'string': { 'failureCode': 'INVALID_ARN'|'DUPLICATE_ARN'|'ITEM_DOES_NOT_EXIST'|'ACCESS_DENIED'|'LIMIT_EXCEEDED'|'INTERNAL_ERROR', 'retryable': True|False } } }
Response Structure
(dict) --
failedItems (dict) --
Attributes details that cannot be described. An error code is provided for each failed item.
(string) --
(dict) --
Includes details about the failed items.
failureCode (string) --
The status code of a failed item.
retryable (boolean) --
Indicates whether you can immediately retry a request for this item for a specified resource.
Starts the assessment run specified by the assessment template ARN. For this API to function properly, you must not exceed the limit of running up to 500 concurrent agents per AWS account.
Request Syntax
client.start_assessment_run( assessmentTemplateArn='string', assessmentRunName='string' )
string
[REQUIRED]
The assessment template ARN of the assessment run that you want to start.
string
You can specify the name for the assessment run, or it is auto-generated based on the assessment template name. Must be unique for the assessment template.
dict
Response Syntax
{ 'assessmentRunArn': 'string' }
Response Structure
(dict) --
assessmentRunArn (string) --
The ARN of the assessment run that has been started.
Enables the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified topic.
Request Syntax
client.subscribe_to_event( resourceArn='string', event='ASSESSMENT_RUN_STARTED'|'ASSESSMENT_RUN_COMPLETED'|'ASSESSMENT_RUN_STATE_CHANGED'|'FINDING_REPORTED'|'OTHER', topicArn='string' )
string
[REQUIRED]
The ARN of the assessment template used during the event for which you want to recieve SNS notifications.
string
[REQUIRED]
The event for which you want to receive SNS notifications.
string
[REQUIRED]
The ARN of the SNS topic to which the SNS notifications are sent.
None
Describes resource group(s) specified by the resource group ARN(s).
Request Syntax
client.describe_resource_groups( resourceGroupArns=[ 'string', ] )
list
[REQUIRED]
The ARN(s) specifying the resource group(s) that you want to describe.
(string) --
dict
Response Syntax
{ 'resourceGroups': [ { 'arn': 'string', 'tags': [ { 'key': 'string', 'value': 'string' }, ], 'createdAt': datetime(2015, 1, 1) }, ], 'failedItems': { 'string': { 'failureCode': 'INVALID_ARN'|'DUPLICATE_ARN'|'ITEM_DOES_NOT_EXIST'|'ACCESS_DENIED'|'LIMIT_EXCEEDED'|'INTERNAL_ERROR', 'retryable': True|False } } }
Response Structure
(dict) --
resourceGroups (list) --
Information about the resource group(s).
(dict) --
Contains information about a resource group. The resource group defines a set of tags that, when queried, identify the AWS resources that comprise the assessment target. This data type is used as the response element in the DescribeResourceGroups action.
arn (string) --
The ARN of the resource group.
tags (list) --
The tags (key and value pairs) of the resource group. This data type property is used in the CreateResourceGroup action.
(dict) --
This data type is used as one of the elements of the ResourceGroup data type.
key (string) --
A tag key.
value (string) --
The value assigned to a tag key.
createdAt (datetime) --
The time at which resource group is created.
failedItems (dict) --
Resource group details that cannot be described. An error code is provided for each failed item.
(string) --
(dict) --
Includes details about the failed items.
failureCode (string) --
The status code of a failed item.
retryable (boolean) --
Indicates whether you can immediately retry a request for this item for a specified resource.
Lists all tags associated with an assessment template.
Request Syntax
client.list_tags_for_resource( resourceArn='string' )
string
[REQUIRED]
The ARN specifying the assessment template whose tags you want to list.
dict
Response Syntax
{ 'tags': [ { 'key': 'string', 'value': 'string' }, ] }
Response Structure
(dict) --
tags (list) --
A collection of key and value pairs.
(dict) --
A key and value pair. This data type is used as a request parameter in the SetTagsForResource action and a response element in the ListTagsForResource action.
key (string) --
A tag key.
value (string) --
A value assigned to a tag key.
Updates the assessment target specified by the assessment target ARN.
Request Syntax
client.update_assessment_target( assessmentTargetArn='string', assessmentTargetName='string', resourceGroupArn='string' )
string
[REQUIRED]
The ARN of the assessment target that you want to update.
string
[REQUIRED]
The name of the assessment target that you want to update.
string
[REQUIRED]
The resource group ARN that is used to specify the new resource group to associate with the assessment target.
None
Creates a resource group using the specified set of tags (key and value pairs) that are used to select the EC2 instances to be included in an Inspector assessment target. The created resource group is then used to create an Inspector assessment target.
Request Syntax
client.create_resource_group( resourceGroupTags=[ { 'key': 'string', 'value': 'string' }, ] )
list
[REQUIRED]
A collection of keys and an array of possible values, '[{"key":"key1","values":["Value1","Value2"]},{"key":"Key2","values":["Value3"]}]'.
For example,'[{"key":"Name","values":["TestEC2Instance"]}]'.
(dict) --
This data type is used as one of the elements of the ResourceGroup data type.
key (string) -- [REQUIRED]
A tag key.
value (string) --
The value assigned to a tag key.
dict
Response Syntax
{ 'resourceGroupArn': 'string' }
Response Structure
(dict) --
resourceGroupArn (string) --
The ARN specifying the resource group that is created.
Previews the agents installed on the EC2 instances that are part of the specified assessment target.
Request Syntax
client.preview_agents( previewAgentsArn='string', nextToken='string', maxResults=123 )
string
[REQUIRED]
The ARN of the assessment target whose agents you want to preview.
string
You can use this parameter when paginating results. Set the value of this parameter to 'null' on your first call to the PreviewAgents action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from previous response to continue listing data.
integer
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 10. The maximum value is 500.
dict
Response Syntax
{ 'agentPreviews': [ { 'agentId': 'string', 'autoScalingGroup': 'string' }, ], 'nextToken': 'string' }
Response Structure
(dict) --
agentPreviews (list) --
The resulting list of agents.
(dict) --
This data type is used as a response element in the PreviewAgents action.
agentId (string) --
The id of the EC2 instance where the agent is intalled.
autoScalingGroup (string) --
The autoscaling group for the EC2 instance where the agent is installed.
nextToken (string) --
When a response is generated, if there is more data to be listed, this parameter is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to 'null'.
Describes the rules package(s) specified by the rules package ARN(s).
Request Syntax
client.describe_rules_packages( rulesPackageArns=[ 'string', ], locale='EN_US' )
list
[REQUIRED]
The ARN(s) specifying the rules package(s) that you want to describe.
(string) --
string
The locale that you want to translate a rules package description(s) into.
dict
Response Syntax
{ 'rulesPackages': [ { 'arn': 'string', 'name': 'string', 'version': 'string', 'provider': 'string', 'description': 'string' }, ], 'failedItems': { 'string': { 'failureCode': 'INVALID_ARN'|'DUPLICATE_ARN'|'ITEM_DOES_NOT_EXIST'|'ACCESS_DENIED'|'LIMIT_EXCEEDED'|'INTERNAL_ERROR', 'retryable': True|False } } }
Response Structure
(dict) --
rulesPackages (list) --
Information about the rules package(s).
(dict) --
Contains information about an Inspector rules package. This data type is used as the response element in the DescribeRulesPackages action.
arn (string) --
The ARN of the rules package.
name (string) --
The name of the rules package.
version (string) --
The version id of the rules package.
provider (string) --
The provider of the rules package.
description (string) --
The description of the rules package.
failedItems (dict) --
Rules package details that cannot be described. An error code is provided for each failed item.
(string) --
(dict) --
Includes details about the failed items.
failureCode (string) --
The status code of a failed item.
retryable (boolean) --
Indicates whether you can immediately retry a request for this item for a specified resource.
Lists the assessment template(s) corresponding to the assessment target(s) specified by the assessment targets' ARN(s).
Request Syntax
client.list_assessment_templates( assessmentTargetArns=[ 'string', ], filter={ 'namePattern': 'string', 'durationRange': { 'minSeconds': 123, 'maxSeconds': 123 }, 'rulesPackageArns': [ 'string', ] }, nextToken='string', maxResults=123 )
list
A list of ARN(s) specifying the assessment target(s) whose assessment template(s) you want to list.
(string) --
dict
You can use this parameter to specify a subset of data to be included in the action's response.
For a record to match a filter, all specified filter attributes must match. When multiple values are specified for a filter attribute, any of the values can match.
namePattern (string) --
For a record to match a filter, an explicit value or a string containing a wildcard specified for this data type property must match the value of the assessmentTemplateName property of the AssessmentTemplate data type.
durationRange (dict) --
For a record to match a filter, the value specified for this data type property must inclusively match any value between the specified minimum and maximum values of the durationInSeconds property of the AssessmentTemplate data type.
minSeconds (integer) --
The minimum value of the duration range. Must be greater than zero.
maxSeconds (integer) --
The maximum value of the duration range. Must be less than or equal to 604800 seconds (1 week).
rulesPackageArns (list) --
For a record to match a filter, the value(s) specified for this data type property must be contained in the list of values of the rulesPackageArns property of the AssessmentTemplate data type.
(string) --
string
You can use this parameter when paginating results. Set the value of this parameter to 'null' on your first call to the ListAssessmentTemplates action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from previous response to continue listing data.
integer
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 10. The maximum value is 500.
dict
Response Syntax
{ 'assessmentTemplateArns': [ 'string', ], 'nextToken': 'string' }
Response Structure
(dict) --
assessmentTemplateArns (list) --
A list of ARN(s) specifying the assessment template(s) returned by the action.
(string) --
nextToken (string) --
When a response is generated, if there is more data to be listed, this parameter is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to 'null'.
Information about the data collected for the specified assessment run.
Request Syntax
client.get_telemetry_metadata( assessmentRunArn='string' )
string
[REQUIRED]
The ARN specifying the assessment run the telemetry of which you want to obtain.
dict
Response Syntax
{ 'telemetryMetadata': [ { 'messageType': 'string', 'count': 123, 'dataSize': 123 }, ] }
Response Structure
(dict) --
telemetryMetadata (list) --
Telemetry details.
(dict) --
The metadata about the Inspector application data metrics collected by the agent. This data type is used as the response element in the GetTelemetryMetadata action.
messageType (string) --
A specific type of behavioral data that is collected by the agent.
count (integer) --
The count of messages that the agent sends to the Inspector service.
dataSize (integer) --
The data size of messages that the agent sends to the Inspector service.
Lists findings generated by the assessment run(s) specified by the assessment run ARN(s).
Request Syntax
client.list_findings( assessmentRunArns=[ 'string', ], filter={ 'agentIds': [ 'string', ], 'autoScalingGroups': [ 'string', ], 'ruleNames': [ 'string', ], 'severities': [ 'Low'|'Medium'|'High'|'Informational'|'Undefined', ], 'rulesPackageArns': [ 'string', ], 'attributes': [ { 'key': 'string', 'value': 'string' }, ], 'userAttributes': [ { 'key': 'string', 'value': 'string' }, ], 'creationTimeRange': { 'beginDate': datetime(2015, 1, 1), 'endDate': datetime(2015, 1, 1) } }, nextToken='string', maxResults=123 )
list
The ARNs of the assessment run(s) that generate the findings that you want to list.
(string) --
dict
You can use this parameter to specify a subset of data to be included in the action's response.
For a record to match a filter, all specified filter attributes must match. When multiple values are specified for a filter attribute, any of the values can match.
agentIds (list) --
For a record to match a filter, one of the values specified for this data type property must be the exact match of the value of the agentId property of the Finding data type.
(string) --
autoScalingGroups (list) --
For a record to match a filter, one of the values specified for this data type property must be the exact match of the value of the autoScalingGroup property of the Finding data type.
(string) --
ruleNames (list) --
For a record to match a filter, one of the values specified for this data type property must be the exact match of the value of the ruleName property of the Finding data type.
(string) --
severities (list) --
For a record to match a filter, one of the values specified for this data type property must be the exact match of the value of the severity property of the Finding data type.
(string) --
rulesPackageArns (list) --
For a record to match a filter, one of the values specified for this data type property must be the exact match of the value of the rulesPackageArn property of the Finding data type.
(string) --
attributes (list) --
For a record to match a filter, the list of values specified for this data type property must be contained in the list of values of the attributes property of the Finding data type.
(dict) --
This data type is used as a request parameter in the AddAttributesToFindings and CreateAssessmentTemplate actions.
key (string) -- [REQUIRED]
The attribute key.
value (string) --
The value assigned to the attribute key.
userAttributes (list) --
For a record to match a filter, the value specified for this data type property must be contained in the list of values of the userAttributes property of the Finding data type.
(dict) --
This data type is used as a request parameter in the AddAttributesToFindings and CreateAssessmentTemplate actions.
key (string) -- [REQUIRED]
The attribute key.
value (string) --
The value assigned to the attribute key.
creationTimeRange (dict) --
The time range during which the finding is generated.
beginDate (datetime) --
The minimum value of the timestamp range.
endDate (datetime) --
The maximum value of the timestamp range.
string
You can use this parameter when paginating results. Set the value of this parameter to 'null' on your first call to the ListFindings action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from previous response to continue listing data.
integer
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 10. The maximum value is 500.
dict
Response Syntax
{ 'findingArns': [ 'string', ], 'nextToken': 'string' }
Response Structure
(dict) --
findingArns (list) --
A list of ARN(s) specifying the finding(s) returned by the action.
(string) --
nextToken (string) --
When a response is generated, if there is more data to be listed, this parameter is present in the response and contains the value to use for the nextToken parameter in a subsequent pagination request. If there is no more data to be listed, this parameter is set to 'null'.
Stops the assessment run specified by the assessment run ARN.
Request Syntax
client.stop_assessment_run( assessmentRunArn='string' )
string
[REQUIRED]
The ARN of the assessment run that you want to stop.
None
Describes the finding(s) specified by the finding ARN(s).
Request Syntax
client.describe_findings( findingArns=[ 'string', ], locale='EN_US' )
list
[REQUIRED]
The ARN(s) specifying the finding(s) that you want to describe.
(string) --
string
The locale that you want to translate a finding description(s), recommendation(s), and the short description(s) that identify the finding(s) into.
dict
Response Syntax
{ 'findings': [ { 'arn': 'string', 'schemaVersion': 123, 'service': 'string', 'serviceAttributes': { 'schemaVersion': 123, 'assessmentRunArn': 'string', 'rulesPackageArn': 'string' }, 'assetType': 'ec2-instance', 'assetAttributes': { 'schemaVersion': 123, 'agentId': 'string', 'autoScalingGroup': 'string', 'amiId': 'string', 'hostname': 'string', 'ipv4Addresses': [ 'string', ] }, 'id': 'string', 'title': 'string', 'description': 'string', 'recommendation': 'string', 'severity': 'Low'|'Medium'|'High'|'Informational'|'Undefined', 'numericSeverity': 123.0, 'confidence': 123, 'indicatorOfCompromise': True|False, 'attributes': [ { 'key': 'string', 'value': 'string' }, ], 'userAttributes': [ { 'key': 'string', 'value': 'string' }, ], 'createdAt': datetime(2015, 1, 1), 'updatedAt': datetime(2015, 1, 1) }, ], 'failedItems': { 'string': { 'failureCode': 'INVALID_ARN'|'DUPLICATE_ARN'|'ITEM_DOES_NOT_EXIST'|'ACCESS_DENIED'|'LIMIT_EXCEEDED'|'INTERNAL_ERROR', 'retryable': True|False } } }
Response Structure
(dict) --
findings (list) --
Information about the finding(s).
(dict) --
Contains information about an Inspector finding. This data type is used as the response element in the DescribeFindings action.
arn (string) --
The ARN specifying the finding.
schemaVersion (integer) --
The schema version of this data type.
service (string) --
The data element is set to "Inspector".
serviceAttributes (dict) --
This data type is used in the Finding data type.
schemaVersion (integer) --
The schema version of this data type.
assessmentRunArn (string) --
The ARN of the assessment run during which the fidning is generated.
rulesPackageArn (string) --
The ARN of the rules package used to generate the finding.
assetType (string) --
The type of the host from which the finding is generated.
assetAttributes (dict) --
A collection of attributes of the host from which the finding is generated.
schemaVersion (integer) --
The schema version of this data type.
agentId (string) --
The id of the agent that is installed on the EC2 instance where the finding is generated.
autoScalingGroup (string) --
The auto-scaling group of the EC2 instance where the finding is generated.
amiId (string) --
Amazon Machine Image(AMI) ID installed on the EC2 instance where the finding is generated.
hostname (string) --
The hostname of the EC2 instance where the finding is generated.
ipv4Addresses (list) --
The list of IP v4 addresses of the EC2 instance where the finding is generated.
(string) --
id (string) --
The ID of the finding.
title (string) --
The name of the finding.
description (string) --
The description of the finding.
recommendation (string) --
The recommendation for the finding.
severity (string) --
The finding severity. Values can be set to High, Medium, Low, and Informational.
numericSeverity (float) --
The numeric value of the finding severity.
confidence (integer) --
This data element is currently not used.
indicatorOfCompromise (boolean) --
This data element is currently not used.
attributes (list) --
The system-defined attributes for the finding.
(dict) --
This data type is used as a request parameter in the AddAttributesToFindings and CreateAssessmentTemplate actions.
key (string) --
The attribute key.
value (string) --
The value assigned to the attribute key.
userAttributes (list) --
The user-defined attributes that are assigned to the finding.
(dict) --
This data type is used as a request parameter in the AddAttributesToFindings and CreateAssessmentTemplate actions.
key (string) --
The attribute key.
value (string) --
The value assigned to the attribute key.
createdAt (datetime) --
The time when the finding was generated.
updatedAt (datetime) --
The time when AddAttributesToFindings API is called.
failedItems (dict) --
Finding details that cannot be described. An error code is provided for each failed item.
(string) --
(dict) --
Includes details about the failed items.
failureCode (string) --
The status code of a failed item.
retryable (boolean) --
Indicates whether you can immediately retry a request for this item for a specified resource.