Assets Manager API (1.0.0)

Download OpenAPI specification:Download

The assets management service. The service provides additional validation layer in front of assets to ensure the user supplied configuration is consistent. The service also provides different utility functions.

Authentication

x-aims-auth-token

AIMS Authentication Token

Security Scheme Type API Key
Header parameter name: x-aims-auth-token

Protection Scope Management

Export protection scope

Endpoint for exporting the protection scope of a deployment along with asset metadata. By default the endpoints returns data in CSV format if no Accept header specified. cURL example:

Authorizations:
path Parameters
account_id
required
string

The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an HTTP 404 Not Found or HTTP 403 Forbidden, depending on the client's access level.

deployment_id
required
string

The ID of the deployment source as represented in the deployments service (uppercase UUID).

Responses

Request samples

alcli assets_manager export_scope \
--account_id 134235158 \
--deployment_id 843BD5F3-583D-48D7-B929-616B100D6B7B \
> scope.csv

Response samples

Content type
type,key,name,protection_level,cidr_block,region,network,subnet,cidr_ranges
vpc,/aws/us-west-2/vpc/vpc-43f82c3a,vpc-43f82c3a,inherited,172.31.0.0/16,us-west-2,,,"[""172.31.0.0/16""]"
subnet,/aws/us-west-2/subnet/subnet-094f8853,subnet-094f8853,inherited,172.31.0.0/20,us-west-2,,,
subnet,/aws/us-west-2/subnet/subnet-78f2e71e,subnet-78f2e71e,inherited,172.31.16.0/20,us-west-2,,,
subnet,/aws/us-west-2/subnet/subnet-94ccb0bc,subnet-94ccb0bc,inherited,172.31.48.0/20,us-west-2,,,
subnet,/aws/us-west-2/subnet/subnet-974c78df,subnet-974c78df,inherited,172.31.32.0/20,us-west-2,,,

Import protection scope

Endpoint for importing the protection scope of a deployment.

Authorizations:
path Parameters
account_id
required
string

The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an HTTP 404 Not Found or HTTP 403 Forbidden, depending on the client's access level.

deployment_id
required
string

The ID of the deployment source as represented in the deployments service (uppercase UUID).

query Parameters
write
boolean
Default: false

The option is used to perform write operation if specified as true. Otherwise the endpoint works in dry-run mode. If no option specified the false is assumed.

Request Body schema:

By default If no Content-Type header specified the CSV format assumed. The data format is the same as returned by the export endpoint. The required fields are: type, key and protection_level. All other fields are ignored. Any invalid items are ignored. The protection scope policy id to protection_level mapping:

  • D12D5E67-166C-474F-87AA-6F86FC9FB9BC - professional
  • A8E8B104-8F45-411D-A240-A30EA5FE25B0 - essentials
  • EC735B49-2517-4D98-BB9D-BEBC1E75D56D - enterprise
  • A562D3E4-ECBE-426E-B2CF-78D2336E5D63 - lm_essentials
  • 7E184449-FB15-4693-807F-C01A1ECD7E66 - lmpro
  • D2A589A9-EA56-456C-844E-65843B483D68 - tmpro
Array
type
required
string (AssetType)

Asset type

key
required
string (AssetKey)

Asset key

protection_level
required
string (ProtectionLevel)
Enum: "professional" "essentials" "enterprise" "lm_essentials" "lmpro" "tmpro" "excluded" "inherited"
name
string (AssetName)

Asset Name

cidr_block
string (CidrBlock)

The subnet cidr_block

region
string

The region asset name containing the asset. Informational only.

network
string

The vpc/network asset name containing the asset. Informational only.

cidr_ranges
Array of strings (CidrBlock)

The network list of CIDRs

Responses

Request samples

Content type
type,key,name,protection_level,cidr_block,region,network,subnet,cidr_ranges
vpc,/aws/us-west-2/vpc/vpc-43f82c3a,vpc-43f82c3a,inherited,172.31.0.0/16,us-west-2,,,"[""172.31.0.0/16""]"
subnet,/aws/us-west-2/subnet/subnet-094f8853,subnet-094f8853,inherited,172.31.0.0/20,us-west-2,,,
subnet,/aws/us-west-2/subnet/subnet-78f2e71e,subnet-78f2e71e,inherited,172.31.16.0/20,us-west-2,,,
subnet,/aws/us-west-2/subnet/subnet-94ccb0bc,subnet-94ccb0bc,inherited,172.31.48.0/20,us-west-2,,,
subnet,/aws/us-west-2/subnet/subnet-974c78df,subnet-974c78df,inherited,172.31.32.0/20,us-west-2,,,

Response samples

Content type
application/json
{
  • "new_scope": {
    },
  • "included": [
    ],
  • "excluded": [
    ]
}

Network Operations

Create Network

Create network

Authorizations:
path Parameters
account_id
required
string

The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an HTTP 404 Not Found or HTTP 403 Forbidden, depending on the client's access level.

deployment_id
required
string

The ID of the deployment source as represented in the deployments service (uppercase UUID).

query Parameters
force_large_network
boolean
Default: false

The option is used to suppress the network size validation if specified as true. By default the service checks if the number of IP addresses is that big for a typical appliance to complete network discovery scans within a reasonable time.

Request Body schema: application/json
network_name
required
string (AssetName)

Asset Name

cidr_ranges
required
Array of strings (CidrBlock)
public_cidr_ranges
Array of strings (CidrBlock)
span_port_enabled
boolean (SpanPortEnabled)
Default: false

Responses

Request samples

Content type
application/json
{
  • "network_name": "Network",
  • "cidr_ranges": [
    ]
}

Response samples

Content type
application/json
{
  • "key": "/dc/network/2C6B298D-B6C6-4798-B498-2180FC1F4996",
  • "network_name": "Network",
  • "network_uuid": "88FCC8F6-EEE8-EE07-6AC5-3E88E85AE310",
  • "cidr_ranges": [
    ],
  • "claim_key": "e318c8e213d3accf26aa07fc33e6154b055135862c49b8c5e1",
  • "span_port_enabled": false
}

Update Network

Update network

Authorizations:
path Parameters
account_id
required
string

The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an HTTP 404 Not Found or HTTP 403 Forbidden, depending on the client's access level.

deployment_id
required
string

The ID of the deployment source as represented in the deployments service (uppercase UUID).

network_uuid
required
string

The UUID of the network asset as represented in the assets service (uppercase UUID).

query Parameters
force_large_network
boolean
Default: false

The option is used to suppress the network size validation if specified as true. By default the service checks if the number of IP addresses is that big for a typical appliance to complete network discovery scans within a reasonable time.

Request Body schema: application/json
network_name
string (AssetName)

Asset Name

cidr_ranges
Array of strings (CidrBlock)
public_cidr_ranges
Array of strings (CidrBlock)
span_port_enabled
boolean (SpanPortEnabled)
Default: false

Responses

Request samples

Content type
application/json
{
  • "cidr_ranges": [
    ]
}

Response samples

Content type
application/json
{
  • "key": "/dc/network/2C6B298D-B6C6-4798-B498-2180FC1F4996",
  • "network_name": "Network",
  • "network_uuid": "88FCC8F6-EEE8-EE07-6AC5-3E88E85AE310",
  • "cidr_ranges": [
    ],
  • "claim_key": "e318c8e213d3accf26aa07fc33e6154b055135862c49b8c5e1",
  • "span_port_enabled": false
}